You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Julian Reschke (JIRA)" <ji...@apache.org> on 2018/07/17 13:49:00 UTC

[jira] [Commented] (SLING-7613) Remove deprecation of SlingRepository.loginAdministrative()

    [ https://issues.apache.org/jira/browse/SLING-7613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16546626#comment-16546626 ] 

Julian Reschke commented on SLING-7613:
---------------------------------------

"locking and unlocking nodes which have been locked by a different user" imho is incorrect. You can unlock any open-scoped lock if you can get access to the lock token (and unless I'm missing something, you don't need to be admin for that).

> Remove deprecation of SlingRepository.loginAdministrative()
> -----------------------------------------------------------
>
>                 Key: SLING-7613
>                 URL: https://issues.apache.org/jira/browse/SLING-7613
>             Project: Sling
>          Issue Type: New Feature
>          Components: API
>    Affects Versions: JCR API 2.4.0
>            Reporter: Jörg Hoh
>            Assignee: Robert Munteanu
>            Priority: Major
>             Fix For: JCR API 2.4.2
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There was a discussion on the Sling user list [1] about usecases which can only be solved using the deprecated loginAdministrative() call. In the context of Sling and Oak there are indeed a few cases which can be solved best with a true admin session:
> * locking and unlocking nodes which have been locked by a different user.
> * at deployments resources/nodes are deployed at many locations inside the repo, so you can either use an admin session or a system-user with an equivalent set of permissions.
> * the discussions leaves it open if the impersonation feature internally relies on an admin session or can be achieved without it.
> System users should be the preferred, but I would like to have an offical and non-deprecated way to get an admin session in the API. It's ok if I need to configure the explicit whitelisting as it is in place right now. But it should be there.
> Plus there should be proper documentation when to use which approach.
> [1] http://apache-sling.73963.n3.nabble.com/Deprecation-of-SlingRepository-loginAdministrative-td4081024.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)