Tenant packages do not include ACLs #576
Comments
|
@GastonGonzalez in my opinion this should not be fixed with the current package format. Packages in sling are installed at the oak level and therefore can always cause security and access issues due to the nature of their purpose. In our case we have to start thinking about a different format (and such a format could also be a good candidate for a sling contribution) |
@reusr1 - You make a good point. Are you thinking of a simple DSL or JSON structure that describes the include/exclude paths, then layer on some application logic that inspects the current user's repository access to ensure that they are only able to read/write (export/import) data to which they have access? |
|
@GastonGonzalez I was thinking of a more generic dsl format where one can provide an implementation per project or provide more generic implementations as well in our case we'd like to (as far as I know)
it may also make sense to think about this format as streamable from one server to another (say you'd like to move a website from prod to stage for testing purposes or you are generating a site externally (markdown/other tool to site generation and need to apply a large body of content) |
|
Closing and relocating to: peregrine-cms/enhancements#50 |
Peregrine creates a content package definition when a tenant is created (i.e. sometenant
-full-package-1.0.zip). Currently, the package definition does not set a value for AC handling. This poses a problem if content is migrated between Peregrine instances.Use Case
all_tenantusers (/home/users/tenants) and groups (/home/groups/tenants).Actual Behavior
Expected Behavior
Solution: Update package creation code to set AC handling to merge at time of package definition creation.
The text was updated successfully, but these errors were encountered: