Re: Export content as JSON ready to be imported

[Julian Sedding <js...@gmail.com>]

Hi Guillaume

AFAIK Jackrabbit FileVault uses a similar approach. I'm not super
familiar with the code, but you may find interesting details if you
look at the classes JackrabbitACLImporter[0] and/or
JcrACLManagement[1].

The order of ACEs is significant. IIRC later entries "override"
earlier ones (provided the principal matches). However, an ACE for a
principal representing a user always is "stronger" than one
representing a group (not really your concern when importing though).

Further reading regarding access control[2] can be found on the
Jackrabbit Oak website.

Regards
Julian

[0] https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
[1] https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/spi/impl/jcr20/JcrACLManagement.java
[2] http://jackrabbit.apache.org/oak/docs/security/accesscontrol.html

On Tue, Mar 28, 2017 at 4:32 PM, Guillaume Lucazeau <gl...@gmail.com> wrote:
> Hello Bertrand,
>
> Thank you for your reply. I have created SLING-6738 for the ACLs import.
>
> Before adding unit tests and sending a PR, I would like to know if I'm
> going in the right direction.
>
> I've seen that in JsonReader there are already createAce and createAcl
> methods, but they are used to create ACLs from the acl.json servlet.
>
> So, I've modified the handleSecurity method, and if the node is named
> "rep:policy", I call my own method "createAceFromPolicy". This method just
> loops on the subnodes of a "rep:policy" node (i.e. keys starting with
> "allow" or "deny", gather all information and calls
> contentCreator.createAce.
>
> It works fine for my case, but I would be curious to have some feedback and
> make sure I didn't forget anything. At the beginning of the discussion
> Robert was talking about editing the content importer, but I couldn't find
> how I was suppose to do that.
>
> Also, I would like to know if the order of the ACE is important. As there
> is no order property on the JSON returned by the content servlet, and has
> JSON is not ordered, I'm not able so far to keep the original order.
>
> Thank you for your help,
>
> Guillaume
>
> 2017-03-28 11:56 GMT+02:00 Bertrand Delacretaz <bd...@apache.org>:
>
>> Hi,
>>
>> On Tue, Mar 28, 2017 at 11:25 AM, Guillaume Lucazeau
>> <gl...@gmail.com> wrote:
>> > ...Considering the lack of responses, Re-importing exported JSON,
>> including
>> > the priviliges, doesn't seem to be a feature that lots of people need,
>> so I
>> > will try to patch the importer on my own :)..
>>
>> I actually have a use case for this on my list, but that's a long list
>> so I'm not sure when I'll start working on it.
>>
>> > ...I was wondering if pull requests on Github are the best way to submit
>> > patches to Sling, or if you prefer diff files attached to a ticket...
>>
>> We need a jira ticket in any case, but submitting patches as pull
>> requests works.
>>
>> Looking forward to your contributions!
>>
>> (and don't forget the tests ;-)
>>
>> -Bertrand
>>