You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/09/10 15:13:42 UTC

[jira] Closed: (SLING-1411) Add replaceAccessControlEntry method to AccessControlUtil

     [ https://issues.apache.org/jira/browse/SLING-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Justin Edelson closed SLING-1411.
---------------------------------


> Add replaceAccessControlEntry method to AccessControlUtil
> ---------------------------------------------------------
>
>                 Key: SLING-1411
>                 URL: https://issues.apache.org/jira/browse/SLING-1411
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR
>    Affects Versions:  JCR Jackrabbit Access Manager 2.0.4
>            Reporter: Ray Davis
>            Assignee: Eric Norman
>            Priority: Minor
>             Fix For: Launchpad Testing 6, Launchpad Content 2.0.6, JCR Jackrabbit Access Manager 2.0.6, JCR ContentLoader 2.1.0
>
>         Attachments: SLING-1411.patch
>
>
> ModifyAceServlet and DefaultContentCreator both have a need to merge new privileges for a given principal to an existing resource ACL. Doing so involves some rather complex logic which is easy to get wrong, and in the Sakai 3 project, we found that quite a few service developers needed the same functionality. This patch moves the functionality to a shared utility method to eliminate any tempatations to copy-and-paste (or worse, rewrite incorrectly).
> Besides consolidating the logic (and removing it from ModifyAceServlet and DefaultContentCreator), this patch introduces a couple of other changes:
> * The ACE merge is more conservative. SLING-997 broke apart specified and existing aggregated privileges and then tried to recombine them into possibly new combinations. This patch instead maintains exactly what the client specified and (when possible) what was already there, but does not create any new aggregates of its own. This better matches Jackrabbit's default behavior, should minimize client surprises, and eliminates a subtle bug: any candidate aggregate privilege needs to be checked for "isAbstract()".
> * The ModifyAceServlet JavaDoc is corrected and expanded.
> * Some bad logging format is fixed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.