aem-easy-content-upgrade icon indicating copy to clipboard operation
aem-easy-content-upgrade copied to clipboard
verified publisher icon valtech

Clarify underlying JCR session in documentation

Open kwin opened this issue 2 years ago • 2 comments

For each of the execution possibilities the underlying JCR session/resource resolver should be clarified. I guess this is

  1. Startup hook: service resolver (which one, which permissions by default?)
  2. Install hook: service resolver (which one, which permissions by default?)
  3. Manual execution: requests based resolver (bound to the user session)

kwin avatar Sep 05 '23 14:09 kwin

Particularly it is not clear when which of the three service users from https://github.com/valtech/aem-easy-content-upgrade/blob/c5bce3e529dffe77683f7873f896472f78d861ef/complete/src/main/content/jcr_root/apps/valtech/aecu-complete/config/org.apache.sling.jcr.repoinit.RepositoryInitializer~setacls.config#L14-L24 are used from where.

kwin avatar Sep 05 '23 14:09 kwin

Hi @kwin First of all sorry for the late answer. You are right, there are some improvements to do not only on the documentation side but also implementation side. For the startup hook more permissions are required so the aecu-admin is used. For the manual execution within groovy indeed the user session should be used but it is not right now the case and instead a service user is used. There is also protection on the Groovyconsole itself, usually a user with administration rights is able to execute groovyscripts only ( see https://github.com/orbinson/aem-groovy-console#osgi-configuration / Script Execution Allowed Groups). Best, Nicolas

nhirrle avatar Oct 17 '23 10:10 nhirrle