This is an automated email from the ASF dual-hosted git repository. pauls pushed a commit to branch issues/SLING-9959 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
commit cbab1de766789beced73b56cba1514c4c984c16a Author: Karl Pauls <[email protected]> AuthorDate: Wed Dec 9 15:48:42 2020 +0100 SLING-9959: SystemUser.getPath must reveal the path of the original user node --- .../cpconverter/accesscontrol/DefaultAclManager.java | 6 +++--- .../feature/cpconverter/accesscontrol/SystemUser.java | 8 +++++++- .../cpconverter/handlers/SystemUsersEntryHandler.java | 16 ++++++++++------ .../cpconverter/accesscontrol/AclManagerTest.java | 6 +++--- .../cpconverter/handlers/RepPolicyEntryHandlerTest.java | 7 ++++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java index 63084f2..f348c02 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java @@ -102,11 +102,11 @@ public final class DefaultAclManager implements AclManager { for (SystemUser systemUser : systemUsers) { // TODO does it harm?!? - addSystemUserPath(formatter, systemUser.getPath()); + addSystemUserPath(formatter, systemUser.getIntermediatePath()); // make sure all users are created first - formatter.format("create service user %s with path %s%n", systemUser.getId(), systemUser.getPath()); + formatter.format("create service user %s with path %s%n", systemUser.getId(), systemUser.getIntermediatePath()); // clean the unneeded ACLs, see SLING-8561 @@ -149,7 +149,7 @@ public final class DefaultAclManager implements AclManager { while (authorizationsIterator.hasNext()) { AccessControlEntry acl = authorizationsIterator.next(); - if (acl.getRepositoryPath().startsWith(systemUser.getPath())) { + if (acl.getRepositoryPath().startsWith(systemUser.getIntermediatePath())) { authorizationsIterator.remove(); } } diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java index 3d58b8b..95e30c2 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java @@ -25,10 +25,12 @@ public class SystemUser { private final String id; private final RepoPath path; + private final RepoPath intermediatePath; - public SystemUser(String id, RepoPath path) { + public SystemUser(String id, RepoPath path, RepoPath intermediatePath) { this.id = id; this.path = path; + this.intermediatePath = intermediatePath; } public String getId() { @@ -39,6 +41,10 @@ public class SystemUser { return path; } + public RepoPath getIntermediatePath() { + return intermediatePath; + } + @Override public int hashCode() { final int prime = 31; diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java index 091ffe9..9e680a8 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java @@ -43,9 +43,10 @@ public final class SystemUsersEntryHandler extends AbstractRegexEntryHandler { path = matcher.group(1); } - RepoPath currentPath = new RepoPath(PlatformNameFormat.getRepositoryPath(path)).getParent(); + RepoPath originalPath = new RepoPath(PlatformNameFormat.getRepositoryPath(path)); + RepoPath intermediatePath = originalPath.getParent(); - SystemUserParser systemUserParser = new SystemUserParser(converter, currentPath); + SystemUserParser systemUserParser = new SystemUserParser(converter, originalPath, intermediatePath); try (InputStream input = archive.openInputStream(entry)) { systemUserParser.parse(input); } @@ -59,19 +60,22 @@ public final class SystemUsersEntryHandler extends AbstractRegexEntryHandler { private final ContentPackage2FeatureModelConverter converter; - private final RepoPath path; + private final RepoPath oPath; - public SystemUserParser(ContentPackage2FeatureModelConverter converter, RepoPath path) { + private final RepoPath intermediatePath; + + public SystemUserParser(ContentPackage2FeatureModelConverter converter, RepoPath path, RepoPath intermediatePath) { super(REP_SYSTEM_USER); this.converter = converter; - this.path = path; + this.oPath = path; + this.intermediatePath = intermediatePath; } @Override protected void onJcrRootElement(String uri, String localName, String qName, Attributes attributes) { String authorizableId = attributes.getValue(REP_AUTHORIZABLE_ID); if (authorizableId != null && !authorizableId.isEmpty()) { - converter.getAclManager().addSystemUser(new SystemUser(authorizableId, path)); + converter.getAclManager().addSystemUser(new SystemUser(authorizableId, oPath, intermediatePath)); } } diff --git a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java index 41823c1..4254ab7 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java @@ -71,12 +71,12 @@ public class AclManagerTest { @Test public void makeSureAclsAreCreatedOnlyoutsideSytemUsersPaths() throws Exception { - aclManager.addSystemUser(new SystemUser("acs-commons-ensure-oak-index-service", new RepoPath("/asd/public"))); + aclManager.addSystemUser(new SystemUser("acs-commons-ensure-oak-index-service", new RepoPath("/asd/public/foo"), new RepoPath("/asd/public"))); // emulate a second iteration of conversion aclManager.reset(); - aclManager.addSystemUser(new SystemUser("acs-commons-package-replication-status-event-service", new RepoPath("/asd/public"))); + aclManager.addSystemUser(new SystemUser("acs-commons-package-replication-status-event-service", new RepoPath("/asd/public/foo"), new RepoPath("/asd/public"))); aclManager.addAcl("acs-commons-ensure-oak-index-service", newAcl(true, "jcr:read,rep:write,rep:indexDefinitionManagement", "/asd/not/system/user/path")); aclManager.addAcl("acs-commons-package-replication-status-event-service", newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/asd/public")); @@ -122,7 +122,7 @@ public class AclManagerTest { @Test public void pathWithSpecialCharactersTest() throws RepoInitParsingException { - aclManager.addSystemUser(new SystemUser("sys-usr", new RepoPath("/home/users/system"))); + aclManager.addSystemUser(new SystemUser("sys-usr", new RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system"))); aclManager.addAcl("sys-usr", newAcl(true, "jcr:read", "/content/_cq_tags")); aclManager.addAcl("sys-usr", newAcl(true, "jcr:write", "/content/cq:tags")); VaultPackageAssembler assembler = mock(VaultPackageAssembler.class); diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java index 41f42a9..3417800 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java @@ -183,7 +183,7 @@ public final class RepPolicyEntryHandlerTest { @Test public void systemUserAclSetNotForUserPath() throws Exception { ParseResult result = parseAndSetRepoinit(new SystemUser("acs-commons-package-replication-status-event-service", - new RepoPath("/this/is/a/completely/different/path"))); + new RepoPath("/this/is/a/completely/different/path/foo"), new RepoPath("/this/is/a/completely/different/path"))); Extension repoinitExtension = result.getRepoinitExtension(); assertNotNull(repoinitExtension); assertEquals(ExtensionType.TEXT, repoinitExtension.getType()); @@ -225,11 +225,12 @@ public final class RepPolicyEntryHandlerTest { } private ParseResult parseAndSetRepoinit(String...systemUsersNames) throws Exception { - RepoPath alwaysTheSamePath = new RepoPath("/asd/public"); + RepoPath alwaysTheSameOrgPath = new RepoPath("/asd/public/foo"); + RepoPath alwaysTheSameInterPath = new RepoPath("/asd/public"); SystemUser[] systemUsers = new SystemUser[systemUsersNames.length]; for (int i = 0; i < systemUsersNames.length; i++) { - systemUsers[i] = new SystemUser(systemUsersNames[i], alwaysTheSamePath); + systemUsers[i] = new SystemUser(systemUsersNames[i], alwaysTheSameOrgPath, alwaysTheSameInterPath); } return parseAndSetRepoinit(systemUsers);
