This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new 321f779 SLING-9959: SystemUser.getPath must reveal the path of the
original u… (#40)
321f779 is described below
commit 321f77979c605a47aca65f68e86c7a5c839c037c
Author: Karl Pauls <[email protected]>
AuthorDate: Wed Dec 9 18:09:32 2020 +0100
SLING-9959: SystemUser.getPath must reveal the path of the original u… (#40)
---
.../cpconverter/accesscontrol/DefaultAclManager.java | 6 +++---
.../feature/cpconverter/accesscontrol/SystemUser.java | 13 ++++++++++++-
.../cpconverter/handlers/SystemUsersEntryHandler.java | 17 +++++++++++++----
.../cpconverter/accesscontrol/AclManagerTest.java | 6 +++---
.../cpconverter/handlers/RepPolicyEntryHandlerTest.java | 7 ++++---
5 files changed, 35 insertions(+), 14 deletions(-)
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
index 63084f2..f348c02 100644
---
a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
+++
b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
@@ -102,11 +102,11 @@ public final class DefaultAclManager implements
AclManager {
for (SystemUser systemUser : systemUsers) {
// TODO does it harm?!?
- addSystemUserPath(formatter, systemUser.getPath());
+ addSystemUserPath(formatter, systemUser.getIntermediatePath());
// make sure all users are created first
- formatter.format("create service user %s with path %s%n",
systemUser.getId(), systemUser.getPath());
+ formatter.format("create service user %s with path %s%n",
systemUser.getId(), systemUser.getIntermediatePath());
// clean the unneeded ACLs, see SLING-8561
@@ -149,7 +149,7 @@ public final class DefaultAclManager implements AclManager {
while (authorizationsIterator.hasNext()) {
AccessControlEntry acl = authorizationsIterator.next();
- if (acl.getRepositoryPath().startsWith(systemUser.getPath())) {
+ if
(acl.getRepositoryPath().startsWith(systemUser.getIntermediatePath())) {
authorizationsIterator.remove();
}
}
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java
b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java
index 3d58b8b..d467259 100644
---
a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java
+++
b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/SystemUser.java
@@ -25,10 +25,17 @@ public class SystemUser {
private final String id;
private final RepoPath path;
+ private final RepoPath intermediatePath;
- public SystemUser(String id, RepoPath path) {
+ /**
+ * @param id - the authorizableId to use.
+ * @param path - the original repository path of the user in the
content-package.
+ * @param intermediatePath - the intermediate path the user should have -
most likely the (direct) parent of the path.
+ */
+ public SystemUser(String id, RepoPath path, RepoPath intermediatePath) {
this.id = id;
this.path = path;
+ this.intermediatePath = intermediatePath;
}
public String getId() {
@@ -39,6 +46,10 @@ public class SystemUser {
return path;
}
+ public RepoPath getIntermediatePath() {
+ return intermediatePath;
+ }
+
@Override
public int hashCode() {
final int prime = 31;
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
index 091ffe9..4162b16 100644
---
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
+++
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
@@ -43,9 +43,10 @@ public final class SystemUsersEntryHandler extends
AbstractRegexEntryHandler {
path = matcher.group(1);
}
- RepoPath currentPath = new
RepoPath(PlatformNameFormat.getRepositoryPath(path)).getParent();
+ RepoPath originalPath = new
RepoPath(PlatformNameFormat.getRepositoryPath(path));
+ RepoPath intermediatePath = originalPath.getParent();
- SystemUserParser systemUserParser = new SystemUserParser(converter,
currentPath);
+ SystemUserParser systemUserParser = new SystemUserParser(converter,
originalPath, intermediatePath);
try (InputStream input = archive.openInputStream(entry)) {
systemUserParser.parse(input);
}
@@ -61,17 +62,25 @@ public final class SystemUsersEntryHandler extends
AbstractRegexEntryHandler {
private final RepoPath path;
- public SystemUserParser(ContentPackage2FeatureModelConverter
converter, RepoPath path) {
+ private final RepoPath intermediatePath;
+
+ /**
+ * @param converter - the converter to use.
+ * @param path - the original repository path of the user in the
content-package.
+ * @param intermediatePath - the intermediate path the user should
have - most likely the (direct) parent of the path.
+ */
+ public SystemUserParser(ContentPackage2FeatureModelConverter
converter, RepoPath path, RepoPath intermediatePath) {
super(REP_SYSTEM_USER);
this.converter = converter;
this.path = path;
+ this.intermediatePath = intermediatePath;
}
@Override
protected void onJcrRootElement(String uri, String localName, String
qName, Attributes attributes) {
String authorizableId = attributes.getValue(REP_AUTHORIZABLE_ID);
if (authorizableId != null && !authorizableId.isEmpty()) {
- converter.getAclManager().addSystemUser(new
SystemUser(authorizableId, path));
+ converter.getAclManager().addSystemUser(new
SystemUser(authorizableId, path, intermediatePath));
}
}
diff --git
a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
index 41823c1..4254ab7 100644
---
a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
+++
b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
@@ -71,12 +71,12 @@ public class AclManagerTest {
@Test
public void makeSureAclsAreCreatedOnlyoutsideSytemUsersPaths() throws
Exception {
- aclManager.addSystemUser(new
SystemUser("acs-commons-ensure-oak-index-service", new
RepoPath("/asd/public")));
+ aclManager.addSystemUser(new
SystemUser("acs-commons-ensure-oak-index-service", new
RepoPath("/asd/public/foo"), new RepoPath("/asd/public")));
// emulate a second iteration of conversion
aclManager.reset();
- aclManager.addSystemUser(new
SystemUser("acs-commons-package-replication-status-event-service", new
RepoPath("/asd/public")));
+ aclManager.addSystemUser(new
SystemUser("acs-commons-package-replication-status-event-service", new
RepoPath("/asd/public/foo"), new RepoPath("/asd/public")));
aclManager.addAcl("acs-commons-ensure-oak-index-service", newAcl(true,
"jcr:read,rep:write,rep:indexDefinitionManagement",
"/asd/not/system/user/path"));
aclManager.addAcl("acs-commons-package-replication-status-event-service",
newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/asd/public"));
@@ -122,7 +122,7 @@ public class AclManagerTest {
@Test
public void pathWithSpecialCharactersTest() throws
RepoInitParsingException {
- aclManager.addSystemUser(new SystemUser("sys-usr", new
RepoPath("/home/users/system")));
+ aclManager.addSystemUser(new SystemUser("sys-usr", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
aclManager.addAcl("sys-usr", newAcl(true, "jcr:read",
"/content/_cq_tags"));
aclManager.addAcl("sys-usr", newAcl(true, "jcr:write",
"/content/cq:tags"));
VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
diff --git
a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
index 41f42a9..3417800 100644
---
a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
+++
b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
@@ -183,7 +183,7 @@ public final class RepPolicyEntryHandlerTest {
@Test
public void systemUserAclSetNotForUserPath() throws Exception {
ParseResult result = parseAndSetRepoinit(new
SystemUser("acs-commons-package-replication-status-event-service",
- new RepoPath("/this/is/a/completely/different/path")));
+ new RepoPath("/this/is/a/completely/different/path/foo"), new
RepoPath("/this/is/a/completely/different/path")));
Extension repoinitExtension = result.getRepoinitExtension();
assertNotNull(repoinitExtension);
assertEquals(ExtensionType.TEXT, repoinitExtension.getType());
@@ -225,11 +225,12 @@ public final class RepPolicyEntryHandlerTest {
}
private ParseResult parseAndSetRepoinit(String...systemUsersNames) throws
Exception {
- RepoPath alwaysTheSamePath = new RepoPath("/asd/public");
+ RepoPath alwaysTheSameOrgPath = new RepoPath("/asd/public/foo");
+ RepoPath alwaysTheSameInterPath = new RepoPath("/asd/public");
SystemUser[] systemUsers = new SystemUser[systemUsersNames.length];
for (int i = 0; i < systemUsersNames.length; i++) {
- systemUsers[i] = new SystemUser(systemUsersNames[i],
alwaysTheSamePath);
+ systemUsers[i] = new SystemUser(systemUsersNames[i],
alwaysTheSameOrgPath, alwaysTheSameInterPath);
}
return parseAndSetRepoinit(systemUsers);
