Updated deprecated user mapping

CID15 / aem-groovy-console

The AEM Groovy Console provides an interface for running Groovy scripts in the AEM container. Scripts can be created to manipulate content in the JCR, call OSGi services, or execute arbitrary code using the CQ, Sling, or JCR APIs.

Other

26 stars 16 forks source link

Updated deprecated user mapping #16

Closed kele23 closed 3 weeks ago

kele23 commented 3 months ago

Deprecated Service User Mapping Format Detected

The deprecated format service:subservice=userId is still in use and needs to be updated. Please refactor the mapping to use the supported format service:subservice=[userId].

For best practices, please visit Best Practices for Sling Service User Mapping and Service User Definition. https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/best-practices-for-sling-service-user-mapping-and-service-user-definition

Thanks M

basilkohler commented 3 months ago

We are running into the same topic. We received a mail from Adobe to improve on this. Would be great if this can be merged and released. Thanks for the PR.

anchela commented 3 weeks ago

@markdaugherty , the PR looks good to me.

i check if the change would alter the effective permissions as group membeship will not be resolved, but groovy-console-system-user is essentially an admin as it has jcr:all granted on the root node. so changing the format is not expected to cause issues... although it's not ideal from a security pov.

markdaugherty commented 3 weeks ago

Closing in favor of https://github.com/CID15/aem-groovy-console/pull/17