This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new 6e98f62 SLING-9967:
AclManagerTest.makeSureAclsAreCreatedOnlyoutsideSytemUser… (#43)
6e98f62 is described below
commit 6e98f62412970ff1aa59ebbbfe08bacfce62f9c6
Author: Karl Pauls <[email protected]>
AuthorDate: Thu Dec 10 18:07:38 2020 +0100
SLING-9967: AclManagerTest.makeSureAclsAreCreatedOnlyoutsideSytemUser… (#43)
---
.../cpconverter/accesscontrol/AclManagerTest.java | 78 ++++++++++++++++++----
1 file changed, 65 insertions(+), 13 deletions(-)
diff --git
a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
index 4b5d880..710d0d7 100644
---
a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
+++
b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java
@@ -41,9 +41,7 @@ import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.*;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -71,19 +69,11 @@ public class AclManagerTest {
@Test
public void makeSureAclsAreCreatedOnlyoutsideSytemUsersPaths() throws
Exception {
- aclManager.addSystemUser(new
SystemUser("acs-commons-ensure-oak-index-service", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
-
- // emulate a second iteration of conversion
- aclManager.reset();
-
aclManager.addSystemUser(new
SystemUser("acs-commons-package-replication-status-event-service", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
- aclManager.addAcl("acs-commons-ensure-oak-index-service", newAcl(true,
"jcr:read,rep:write,rep:indexDefinitionManagement",
"/asd/not/system/user/path"));
+
aclManager.addAcl("acs-commons-package-replication-status-event-service",
newAcl(true, "jcr:read,rep:write,rep:indexDefinitionManagement",
"/asd/not/system/user/path"));
aclManager.addAcl("acs-commons-package-replication-status-event-service",
newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/home/users/system"));
- // add an ACL for unknown user
- aclManager.addAcl("acs-commons-on-deploy-scripts-service",
newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/home/users/system"));
-
VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
when(assembler.getEntry(anyString())).thenReturn(new
File(System.getProperty("java.io.tmpdir")));
Feature feature = new Feature(new ArtifactId("org.apache.sling",
"org.apache.sling.cp2fm", "0.0.1", null, null));
@@ -109,7 +99,7 @@ public class AclManagerTest {
// "set ACL for
acs-commons-package-replication-status-event-service\n" +
// "allow jcr:read,crx:replicate,jcr:removeNode on
/asd/public\n" +
// "end\n" +
- "set ACL for acs-commons-ensure-oak-index-service" +
System.lineSeparator() +
+ "set ACL for
acs-commons-package-replication-status-event-service" + System.lineSeparator() +
"allow jcr:read,rep:write,rep:indexDefinitionManagement on
/asd/not/system/user/path" + System.lineSeparator() +
"end" + System.lineSeparator();
String actual = repoinitExtension.getText();
@@ -121,6 +111,68 @@ public class AclManagerTest {
}
@Test
+ public void testReset() throws RepoInitParsingException {
+ // We assume this user will not be in the result because of the reset
in the next line
+ aclManager.addSystemUser(new
SystemUser("acs-commons-ensure-oak-index-service", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
+
+ // emulate a second iteration of conversion
+ aclManager.reset();
+
+ aclManager.addSystemUser(new
SystemUser("acs-commons-package-replication-status-event-service", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
+
aclManager.addAcl("acs-commons-package-replication-status-event-service",
newAcl(true, "jcr:read,rep:write,rep:indexDefinitionManagement",
"/asd/not/system/user/path"));
+
+ VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
+ when(assembler.getEntry(anyString())).thenReturn(new
File(System.getProperty("java.io.tmpdir")));
+ Feature feature = new Feature(new ArtifactId("org.apache.sling",
"org.apache.sling.cp2fm", "0.0.1", null, null));
+
+ FeaturesManager fm = Mockito.spy(new
DefaultFeaturesManager(tempDir.toFile()));
+ when(fm.getTargetFeature()).thenReturn(feature);
+
+ aclManager.addRepoinitExtension(Arrays.asList(assembler), fm);
+
+
+ Extension repoinitExtension =
feature.getExtensions().getByName(Extension.EXTENSION_NAME_REPOINIT);
+ assertNotNull(repoinitExtension);
+
+ // aacs-commons-ensure-oak-index-service will be missed
+ String expected = "create path (rep:AuthorizableFolder)
/home/users/system" + System.lineSeparator() + // SLING-8586
+ "create service user
acs-commons-package-replication-status-event-service with path
/home/users/system" + System.lineSeparator() +
+ "create path (sling:Folder) /asd" + System.lineSeparator() +
+ "create path (sling:Folder) /asd/not" + System.lineSeparator()
+
+ "create path (sling:Folder) /asd/not/system" +
System.lineSeparator() +
+ "create path (sling:Folder) /asd/not/system/user" +
System.lineSeparator() +
+ "create path (sling:Folder) /asd/not/system/user/path" +
System.lineSeparator() +
+ "set ACL for
acs-commons-package-replication-status-event-service" + System.lineSeparator() +
+ "allow jcr:read,rep:write,rep:indexDefinitionManagement on
/asd/not/system/user/path" + System.lineSeparator() +
+ "end" + System.lineSeparator();
+ String actual = repoinitExtension.getText();
+ assertEquals(expected, actual);
+
+ RepoInitParser repoInitParser = new RepoInitParserService();
+ List<Operation> operations = repoInitParser.parse(new
StringReader(actual));
+ assertFalse(operations.isEmpty());
+ }
+
+ @Test
+ public void testAddACLforUnknownUser() throws RepoInitParsingException {
+ // we expect this acl to not show up because the user is unknown
+ aclManager.addAcl("acs-commons-on-deploy-scripts-service",
newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/home/users/system"));
+
+ VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
+ when(assembler.getEntry(anyString())).thenReturn(new
File(System.getProperty("java.io.tmpdir")));
+ Feature feature = new Feature(new ArtifactId("org.apache.sling",
"org.apache.sling.cp2fm", "0.0.1", null, null));
+
+ FeaturesManager fm = Mockito.spy(new
DefaultFeaturesManager(tempDir.toFile()));
+ when(fm.getTargetFeature()).thenReturn(feature);
+
+ aclManager.addRepoinitExtension(Arrays.asList(assembler), fm);
+
+
+ Extension repoinitExtension =
feature.getExtensions().getByName(Extension.EXTENSION_NAME_REPOINIT);
+ assertNull(repoinitExtension);
+ }
+
+ @Test
public void pathWithSpecialCharactersTest() throws
RepoInitParsingException {
aclManager.addSystemUser(new SystemUser("sys-usr", new
RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system")));
aclManager.addAcl("sys-usr", newAcl(true, "jcr:read",
"/content/_cq_tags"));
