This is an automated email from the ASF dual-hosted git repository. angela pushed a commit to branch SLING-10268 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
commit cf863861dcabaa82007682bbdd6287dc250bc9be Author: angela <[email protected]> AuthorDate: Wed Mar 31 14:08:50 2021 +0200 SLING-10268 : Use Operation.asRepoInitString instead of hardcoding repo-init statements --- .../accesscontrol/AccessControlEntry.java | 38 +++---- .../cpconverter/accesscontrol/AclManager.java | 2 +- .../accesscontrol/DefaultAclManager.java | 117 +++++++++++---------- .../cpconverter/handlers/AbstractPolicyParser.java | 24 +++-- .../handlers/NodeTypesEntryHandler.java | 20 ++-- .../handlers/RepPrincipalPolicyEntryHandler.java | 3 +- .../cpconverter/shared/AbstractJcrNodeParser.java | 1 - .../feature/cpconverter/shared/NodeTypeUtil.java | 47 --------- .../ContentPackage2FeatureModelConverterTest.java | 1 - .../cpconverter/accesscontrol/AclManagerTest.java | 19 ++-- .../accesscontrol/EnforcePrincipalBasedTest.java | 26 +++-- .../handlers/RepPolicyEntryHandlerTest.java | 34 +++--- .../RepPrincipalPolicyEntryHandlerTest.java | 8 +- .../handlers/RepRepoPolicyEntryHandlerTest.java | 2 +- 14 files changed, 152 insertions(+), 190 deletions(-) diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AccessControlEntry.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AccessControlEntry.java index e1a8472..f862bff 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AccessControlEntry.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AccessControlEntry.java @@ -17,8 +17,11 @@ package org.apache.sling.feature.cpconverter.accesscontrol; import org.apache.sling.feature.cpconverter.shared.RepoPath; +import org.apache.sling.repoinit.parser.operations.AclLine; +import org.apache.sling.repoinit.parser.operations.RestrictionClause; import org.jetbrains.annotations.NotNull; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -29,51 +32,48 @@ public final class AccessControlEntry { private final boolean isAllow; - private final String privileges; + private final List<String> privileges; private final RepoPath repositoryPath; - private final List<String> restrictions = new LinkedList<>(); + private final List<RestrictionClause> restrictions = new LinkedList<>(); private final boolean isPrincipalBased; - public AccessControlEntry(boolean isAllow, @NotNull String privileges, @NotNull RepoPath repositoryPath) { + public AccessControlEntry(boolean isAllow, @NotNull List<String> privileges, @NotNull RepoPath repositoryPath) { this(isAllow, privileges, repositoryPath, false); } - public AccessControlEntry(boolean isAllow, @NotNull String privileges, @NotNull RepoPath repositoryPath, boolean isPrincipalBased) { + public AccessControlEntry(boolean isAllow, @NotNull List<String> privileges, @NotNull RepoPath repositoryPath, boolean isPrincipalBased) { this.isAllow = isAllow; this.privileges = privileges; this.repositoryPath = repositoryPath; this.isPrincipalBased = isPrincipalBased; } - public void addRestriction(@NotNull String restriction) { - if (!restriction.isEmpty()) { - restrictions.add(restriction); + public void addRestriction(@NotNull String restrictionName, List<String> values) { + if (!restrictionName.isEmpty()) { + restrictions.add(new RestrictionClause(restrictionName, values)); } } - public @NotNull String getOperation() { - return isAllow ? "allow" : "deny"; - } - - public @NotNull String getPrivileges() { - return privileges; - } - public @NotNull RepoPath getRepositoryPath() { return repositoryPath; } - public @NotNull List<String> getRestrictions() { - return restrictions; - } - public boolean isPrincipalBased() { return isPrincipalBased; } + @NotNull + public AclLine asAclLine(@NotNull String path) { + AclLine line = new AclLine(isAllow ? AclLine.Action.ALLOW : AclLine.Action.DENY); + line.setProperty(AclLine.PROP_PATHS, Collections.singletonList(path)); + line.setProperty(AclLine.PROP_PRIVILEGES, privileges); + line.setRestrictions(restrictions); + return line; + } + @Override public String toString() { return "Acl [isAllow=" diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java index 4c81b91..8d5ceeb 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java @@ -43,7 +43,7 @@ public interface AclManager { void addRepoinitExtention(@Nullable String repoInitText, @Nullable String runMode, @NotNull FeaturesManager featuresManager); - void addNodetypeRegistrationSentence(@NotNull String nodetypeRegistrationSentence); + void addNodetypeRegistration(@NotNull String cndStatements); void addPrivilegeDefinitions(@NotNull PrivilegeDefinitions privilegeDefinitions); diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java index f04af56..f681e6e 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java @@ -32,6 +32,13 @@ import org.apache.sling.repoinit.parser.RepoInitParsingException; import org.apache.sling.repoinit.parser.impl.RepoInitParserService; import org.apache.sling.repoinit.parser.operations.CreateServiceUser; import org.apache.sling.repoinit.parser.operations.Operation; +import org.apache.sling.repoinit.parser.impl.WithPathOptions; +import org.apache.sling.repoinit.parser.operations.AclLine; +import org.apache.sling.repoinit.parser.operations.CreatePath; +import org.apache.sling.repoinit.parser.operations.RegisterNodetypes; +import org.apache.sling.repoinit.parser.operations.RegisterPrivilege; +import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased; +import org.apache.sling.repoinit.parser.operations.SetAclPrincipals; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.slf4j.Logger; @@ -41,10 +48,13 @@ import javax.jcr.NamespaceException; import java.io.File; import java.io.FileInputStream; import java.io.StringReader; +import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Optional; import java.util.Formatter; import java.util.HashMap; -import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedHashSet; import java.util.LinkedList; @@ -52,7 +62,6 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Objects; -import java.util.Optional; import java.util.Set; import java.util.function.Predicate; import java.util.stream.Collectors; @@ -79,7 +88,7 @@ public class DefaultAclManager implements AclManager, EnforceInfo { private final Map<String, List<AccessControlEntry>> acls = new HashMap<>(); - private final List<String> nodetypeRegistrationSentences = new LinkedList<>(); + private final List<RegisterNodetypes> nodetypeOperations = new LinkedList<>(); private volatile PrivilegeDefinitions privilegeDefinitions; @@ -143,8 +152,8 @@ public class DefaultAclManager implements AclManager, EnforceInfo { registerPrivileges(privilegeDefinitions, formatter); } - for (String nodetypeRegistrationSentence : nodetypeRegistrationSentences) { - formatter.format("%s\n", nodetypeRegistrationSentence); + for (RegisterNodetypes op : nodetypeOperations) { + formatter.format("%s", op.asRepoInitString()); } addUsersAndGroups(formatter); @@ -206,8 +215,8 @@ public class DefaultAclManager implements AclManager, EnforceInfo { private void addUsersAndGroups(@NotNull Formatter formatter) { for (SystemUser systemUser : systemUsers) { // make sure all system users are created first - String forced = (enforcePrincipalBased(systemUser) ? "forced " : ""); - formatter.format("create service user %s with %spath %s\n", systemUser.getId(), forced, calculateIntermediatePath(systemUser)); + CreateServiceUser operation = new CreateServiceUser(systemUser.getId(), new WithPathOptions(calculateIntermediatePath(systemUser), enforcePrincipalBased(systemUser))); + formatter.format("%s", operation.asRepoInitString()); if (aclIsBelow(systemUser.getPath())) { throw new IllegalStateException("Detected policy on subpath of system-user: " + systemUser); @@ -252,10 +261,10 @@ public class DefaultAclManager implements AclManager, EnforceInfo { .filter(((Predicate<RepoPath>)RepoPath::isRepositoryPath).negate()) .filter(path -> Stream.of(systemUsers, users, groups).flatMap(Collection::stream) .noneMatch(user -> user.getPath().startsWith(path))) - .map(path -> computePathWithTypes(path, packageAssemblers)) + .map(path -> getCreatePath(path, packageAssemblers)) .filter(Objects::nonNull) .forEach( - path -> formatter.format("create path %s\n", path) + path -> formatter.format("%s", path.asRepoInitString()) ); } @@ -283,17 +292,21 @@ public class DefaultAclManager implements AclManager, EnforceInfo { }); if (!principalEntries.isEmpty()) { - formatter.format("set principal ACL for %s\n", systemUser.getId()); - principalEntries.forEach((entry, path) -> writeEntry(entry, path, formatter)); - formatter.format("end\n"); + SetAclPrincipalBased operation = new SetAclPrincipalBased(Collections.singletonList(systemUser.getId()), asAcLines(principalEntries)); + formatter.format("%s", operation.asRepoInitString()); } if (!resourceEntries.isEmpty()) { - formatter.format("set ACL for %s\n", systemUser.getId()); - resourceEntries.forEach((entry, path) -> writeEntry(entry, path, formatter)); - formatter.format("end\n"); + SetAclPrincipals operation = new SetAclPrincipals(Collections.singletonList(systemUser.getId()), asAcLines(resourceEntries)); + formatter.format("%s", operation.asRepoInitString()); } } + private List<AclLine> asAcLines(@NotNull Map<AccessControlEntry, String> entries) { + List<AclLine> lines = new ArrayList<>(); + entries.forEach((entry, path) -> lines.add(entry.asAclLine(path))); + return lines; + } + private boolean enforcePrincipalBased() { return enforcePrincipalBasedSupportedPath != null; } @@ -302,26 +315,13 @@ public class DefaultAclManager implements AclManager, EnforceInfo { return enforcePrincipalBased(systemUser.getId()); } - private void writeEntry(@NotNull AccessControlEntry entry, @NotNull String path, @NotNull Formatter formatter) { - formatter.format("%s %s on %s", - entry.getOperation(), - entry.getPrivileges(), - path); - - for (String restriction : entry.getRestrictions()) { - formatter.format(" restriction(%s)", restriction); - } - - formatter.format("\n"); - } - private @NotNull Optional<SystemUser> getSystemUser(@NotNull String id) { return systemUsers.stream().filter(systemUser -> systemUser.getId().equals(id)).findFirst(); } @Override - public void addNodetypeRegistrationSentence(@NotNull String nodetypeRegistrationSentence) { - nodetypeRegistrationSentences.add(nodetypeRegistrationSentence); + public void addNodetypeRegistration(@NotNull String cndStatements) { + nodetypeOperations.add(new RegisterNodetypes(cndStatements)); } @Override @@ -333,7 +333,7 @@ public class DefaultAclManager implements AclManager, EnforceInfo { public void reset() { systemUsers.clear(); acls.clear(); - nodetypeRegistrationSentences.clear(); + nodetypeOperations.clear(); privilegeDefinitions = null; } @@ -401,46 +401,53 @@ public class DefaultAclManager implements AclManager, EnforceInfo { } } - protected @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) { - boolean foundType = false; - String repoinitPath = "/"; + protected @Nullable CreatePath getCreatePath(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) { String platformPath = ""; + boolean foundType = false; + + CreatePath cp = new CreatePath(null); for (String part : path.toString().substring(1).split("/")) { - repoinitPath += "/".equals(repoinitPath) ? part : "/" + part; String platformname = PlatformNameFormat.getPlatformName(part); platformPath += platformPath.isEmpty() ? platformname : "/" + platformname; + boolean segmentAdded = false; for (VaultPackageAssembler packageAssembler : packageAssemblers) { File currentContent = packageAssembler.getEntry(platformPath + "/" + CONTENT_XML_FILE_NAME); if (currentContent.isFile()) { - String typeNames = extractTypeNames(currentContent); - if (typeNames != null) { - repoinitPath += typeNames; + segmentAdded = addSegment(cp, part, currentContent); + if (segmentAdded) { foundType = true; break; } } } + if (!segmentAdded) { + cp.addSegment(part, null); + } } - return foundType ? repoinitPath : null; + return (foundType) ? cp : null; } - @Nullable - private String extractTypeNames(@NotNull File currentContent) { - String typeNames = null; + private boolean addSegment(@NotNull CreatePath cp, @NotNull String part, @NotNull File currentContent) { try (FileInputStream input = new FileInputStream(currentContent); FileInputStream input2 = new FileInputStream(currentContent)) { String primary = new PrimaryTypeParser().parse(input); if (primary != null) { - typeNames = "(" + primary; + List<String> mixins = new ArrayList<>(); String mixin = new MixinParser().parse(input2); if (mixin != null) { mixin = mixin.trim(); if (mixin.startsWith("[")) { mixin = mixin.substring(1, mixin.length() - 1); } - typeNames += " mixin " + mixin; + for (String m : mixin.split(",")) { + String mixinName = m.trim(); + if (!mixinName.isEmpty()) { + mixins.add(mixinName); + } + } } - typeNames += ")"; + cp.addSegment(part, primary, mixins); + return true; } } catch (Exception e) { throw new RuntimeException("A fatal error occurred while parsing the '" @@ -448,7 +455,7 @@ public class DefaultAclManager implements AclManager, EnforceInfo { + "' file, see nested exceptions: " + e); } - return typeNames; + return false; } @NotNull @@ -488,13 +495,8 @@ public class DefaultAclManager implements AclManager, EnforceInfo { NameResolver nameResolver = new DefaultNamePathResolver(definitions.getNamespaceMapping()); for (PrivilegeDefinition privilege : definitions.getDefinitions()) { try { - String name = nameResolver.getJCRName(privilege.getName()); - String aggregates = getAggregatedNames(privilege, nameResolver); - if (privilege.isAbstract()) { - formatter.format("register abstract privilege %s%s\n", name, aggregates); - } else { - formatter.format("register privilege %s%s\n", name, aggregates); - } + RegisterPrivilege operation = new RegisterPrivilege(nameResolver.getJCRName(privilege.getName()), privilege.isAbstract(), getAggregatedNames(privilege, nameResolver)); + formatter.format("%s", operation.asRepoInitString()); } catch (NamespaceException e) { throw new IllegalStateException(e); } @@ -502,19 +504,18 @@ public class DefaultAclManager implements AclManager, EnforceInfo { } @NotNull - private static String getAggregatedNames(@NotNull PrivilegeDefinition definition, @NotNull NameResolver nameResolver) { + private static List<String> getAggregatedNames(@NotNull PrivilegeDefinition definition, @NotNull NameResolver nameResolver) { Set<Name> aggregatedNames = definition.getDeclaredAggregateNames(); if (aggregatedNames.isEmpty()) { - return ""; + return Collections.emptyList(); } else { - Set<String> names = aggregatedNames.stream().map(name -> { + return aggregatedNames.stream().map(name -> { try { return nameResolver.getJCRName(name); } catch (NamespaceException e) { throw new IllegalStateException(e); } - }).collect(Collectors.toSet()); - return " with "+String.join(",", names); + }).collect(Collectors.toList()); } } } diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java index 109a3bb..9cf4e4f 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java @@ -26,6 +26,9 @@ import org.xml.sax.Attributes; import org.xml.sax.SAXException; import javax.xml.transform.sax.TransformerHandler; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; import java.util.Objects; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -54,26 +57,31 @@ abstract class AbstractPolicyParser extends AbstractJcrNodeParser<Boolean> { this.aclManager = aclManager; } - static @Nullable String extractValue(@Nullable String expression) { + static @NotNull List<String> extractValues(@Nullable String expression) { if (expression == null || expression.isEmpty()) { - return expression; + return Collections.emptyList(); } + String valuesString = expression; Matcher matcher = typeIndicatorPattern.matcher(expression); if (matcher.matches()) { - return matcher.group(1); + valuesString = matcher.group(1); } - return expression; + List<String> vs = new ArrayList<>(); + for (String v : valuesString.split(",")) { + vs.add(v.trim()); + } + return vs; } void addRestrictions(@NotNull AccessControlEntry ace, @NotNull Attributes attributes) { for (int i = 0; i < attributes.getLength(); i++) { String name = attributes.getQName(i); if (isRestriction(name)) { - String v = extractValue(attributes.getValue(name)); - if (v != null && !v.isEmpty()) { - ace.addRestriction(name + ',' + v); + List<String> vs = extractValues(attributes.getValue(name)); + if (!vs.isEmpty()) { + ace.addRestriction(name, vs); } } } @@ -84,7 +92,7 @@ abstract class AbstractPolicyParser extends AbstractJcrNodeParser<Boolean> { } AccessControlEntry createEntry(boolean isAllow, @NotNull Attributes attributes) { - return new AccessControlEntry(isAllow, Objects.requireNonNull(extractValue(attributes.getValue(REP_PRIVILEGES))), repositoryPath); + return new AccessControlEntry(isAllow, Objects.requireNonNull(extractValues(attributes.getValue(REP_PRIVILEGES))), repositoryPath); } @Override diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/NodeTypesEntryHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/NodeTypesEntryHandler.java index 7b898f9..77f8a41 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/NodeTypesEntryHandler.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/NodeTypesEntryHandler.java @@ -16,19 +16,18 @@ */ package org.apache.sling.feature.cpconverter.handlers; -import java.io.BufferedReader; -import java.io.InputStreamReader; -import java.util.Objects; -import java.util.regex.Pattern; - +import org.apache.commons.io.IOUtils; import org.apache.jackrabbit.vault.fs.io.Archive; import org.apache.jackrabbit.vault.fs.io.Archive.Entry; import org.apache.jackrabbit.vault.util.Constants; import org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter; -import org.apache.sling.feature.cpconverter.accesscontrol.AclManager; -import org.apache.sling.feature.cpconverter.shared.NodeTypeUtil; import org.jetbrains.annotations.NotNull; +import java.io.InputStreamReader; +import java.io.Reader; +import java.util.Objects; +import java.util.regex.Pattern; + public class NodeTypesEntryHandler extends AbstractRegexEntryHandler { public NodeTypesEntryHandler() { @@ -55,11 +54,8 @@ public class NodeTypesEntryHandler extends AbstractRegexEntryHandler { @Override public void handle(@NotNull String path, @NotNull Archive archive, @NotNull Entry entry, @NotNull ContentPackage2FeatureModelConverter converter) throws Exception { - try (BufferedReader reader = new BufferedReader(new InputStreamReader(Objects.requireNonNull(archive.openInputStream(entry))))) { - AclManager aclManager = Objects.requireNonNull(converter.getAclManager()); - for (String line : NodeTypeUtil.generateRepoInitLines(reader)) { - aclManager.addNodetypeRegistrationSentence(line); - } + try (Reader cndStatements = new InputStreamReader(Objects.requireNonNull(archive.openInputStream(entry)))) { + Objects.requireNonNull(converter.getAclManager()).addNodetypeRegistration(IOUtils.toString(cndStatements)); } } diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandler.java index 73fe351..bbce52a 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandler.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandler.java @@ -24,6 +24,7 @@ import org.xml.sax.Attributes; import org.xml.sax.SAXException; import javax.xml.transform.sax.TransformerHandler; +import java.util.List; import java.util.Stack; import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE; @@ -76,7 +77,7 @@ public final class RepPrincipalPolicyEntryHandler extends AbstractPolicyEntryHan if (principalName == null) { throw new IllegalStateException("isolated principal-based access control entry. no principal found."); } - String privileges = extractValue(attributes.getValue(REP_PRIVILEGES)); + List<String> privileges = extractValues(attributes.getValue(REP_PRIVILEGES)); RepoPath effectivePath = new RepoPath(attributes.getValue(REP_EFFECTIVE_PATH)); AccessControlEntry ace = new AccessControlEntry(true, privileges, effectivePath, true); diff --git a/src/main/java/org/apache/sling/feature/cpconverter/shared/AbstractJcrNodeParser.java b/src/main/java/org/apache/sling/feature/cpconverter/shared/AbstractJcrNodeParser.java index b07497a..be9f812 100644 --- a/src/main/java/org/apache/sling/feature/cpconverter/shared/AbstractJcrNodeParser.java +++ b/src/main/java/org/apache/sling/feature/cpconverter/shared/AbstractJcrNodeParser.java @@ -21,7 +21,6 @@ import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE; import java.io.InputStream; import java.util.Arrays; import java.util.List; -import java.util.Set; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; diff --git a/src/main/java/org/apache/sling/feature/cpconverter/shared/NodeTypeUtil.java b/src/main/java/org/apache/sling/feature/cpconverter/shared/NodeTypeUtil.java deleted file mode 100644 index 635ef0f..0000000 --- a/src/main/java/org/apache/sling/feature/cpconverter/shared/NodeTypeUtil.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sling.feature.cpconverter.shared; - -import org.jetbrains.annotations.NotNull; - -import java.io.BufferedReader; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; - -public final class NodeTypeUtil { - - private NodeTypeUtil() {} - - public static List<String> generateRepoInitLines(@NotNull BufferedReader rawLines) throws IOException { - List<String> lines = new ArrayList<>(); - lines.add("register nodetypes"); - lines.add("<<==="); - - String raw; - while((raw = rawLines.readLine()) != null) { - if (raw.isEmpty()) { - lines.add(""); - } else { - lines.add("<< "+raw); - } - } - lines.add("===>>"); - return lines; - } - -} \ No newline at end of file diff --git a/src/test/java/org/apache/sling/feature/cpconverter/ContentPackage2FeatureModelConverterTest.java b/src/test/java/org/apache/sling/feature/cpconverter/ContentPackage2FeatureModelConverterTest.java index f548d80..0357138 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/ContentPackage2FeatureModelConverterTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/ContentPackage2FeatureModelConverterTest.java @@ -773,7 +773,6 @@ public class ContentPackage2FeatureModelConverterTest { "<< [rep:RepoAccessControllable]\n" + "<< mixin\n" + "<< + rep:repoPolicy (rep:Policy) protected ignore\n" + - "\n" + "===>>\n"; String actual = repoinitExtension.getText(); assertEquals(expected, actual); diff --git a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java index a0f6850..91f4169 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java @@ -37,6 +37,7 @@ import java.io.File; import java.io.StringReader; import java.nio.file.Files; import java.nio.file.Path; +import java.util.Arrays; import java.util.Collections; import java.util.Comparator; import java.util.List; @@ -99,8 +100,8 @@ public class AclManagerTest { "create service user acs-commons-package-replication-status-event-service with path system\n" + "create path /sling:tests/not(nt:unstructured mixin rep:AccessControllable,mix:created)/system/user/path\n" + "set ACL for acs-commons-package-replication-status-event-service\n" + - "allow jcr:read,rep:write,rep:indexDefinitionManagement on /sling:tests/not/system/user/path\n" + - "allow jcr:read,crx:replicate,jcr:removeNode on /home/users/system\n" + + " allow jcr:read,rep:write,rep:indexDefinitionManagement on /sling:tests/not/system/user/path\n" + + " allow jcr:read,crx:replicate,jcr:removeNode on /home/users/system\n" + "end\n"; String actual = repoinitExtension.getText(); assertEquals(expected, actual); @@ -141,7 +142,7 @@ public class AclManagerTest { "create service user acs-commons-package-replication-status-event-service with path system\n" + "create path /sling:tests/not(nt:unstructured mixin rep:AccessControllable,mix:created)/system/user/path\n" + "set ACL for acs-commons-package-replication-status-event-service\n" + - "allow jcr:read,rep:write,rep:indexDefinitionManagement on /sling:tests/not/system/user/path\n" + + " allow jcr:read,rep:write,rep:indexDefinitionManagement on /sling:tests/not/system/user/path\n" + "end\n"; String actual = repoinitExtension.getText(); assertEquals(expected, actual); @@ -190,8 +191,8 @@ public class AclManagerTest { String expected = "create service user sys-usr with path system\n" + "set ACL for sys-usr\n" + - "allow jcr:read on /content/cq:tags\n" + - "allow jcr:write on /content/cq:tags\n" + + " allow jcr:read on /content/cq:tags\n" + + " allow jcr:write on /content/cq:tags\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -241,7 +242,7 @@ public class AclManagerTest { String expected = "create service user sys-usr with path system\n" + "set ACL for sys-usr\n" + - "allow jcr:read on /content/test\n" + + " allow jcr:read on /content/test\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -300,7 +301,7 @@ public class AclManagerTest { String expected = "create service user sys-usr with path system\n" + "set ACL for sys-usr\n" + - "allow jcr:read on /content/test\n" + + " allow jcr:read on /content/test\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -328,7 +329,7 @@ public class AclManagerTest { String expected = "create service user sys-usr with path system\n" + "set ACL for sys-usr\n" + - "allow jcr:read on /home/users/test2\n" + + " allow jcr:read on /home/users/test2\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -366,7 +367,7 @@ public class AclManagerTest { } private static AccessControlEntry newAcl(boolean isAllow, String privileges, String path) { - return new AccessControlEntry(isAllow, privileges, new RepoPath(PlatformNameFormat.getRepositoryPath(path))); + return new AccessControlEntry(isAllow, Arrays.asList(privileges.split(",")), new RepoPath(PlatformNameFormat.getRepositoryPath(path))); } } diff --git a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java index 9e13c13..951604f 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java @@ -24,6 +24,7 @@ import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler; import org.apache.sling.repoinit.parser.RepoInitParser; import org.apache.sling.repoinit.parser.RepoInitParsingException; import org.apache.sling.repoinit.parser.impl.RepoInitParserService; +import org.apache.sling.repoinit.parser.operations.CreatePath; import org.apache.sling.repoinit.parser.operations.Operation; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -103,8 +104,11 @@ public class EnforcePrincipalBasedTest { public void testResourceBasedConversionWithoutForce() throws RepoInitParsingException { AclManager acMgr = new DefaultAclManager(null, "system") { @Override - protected @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) { - return "/content/feature(sling:Folder)"; + protected @Nullable CreatePath getCreatePath(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) { + CreatePath cp = new CreatePath(null); + cp.addSegment("content", null); + cp.addSegment("feature", "sling:Folder"); + return cp; } }; @@ -115,7 +119,7 @@ public class EnforcePrincipalBasedTest { "create service user user1 with path " + relativeIntermediatePath + "\n" + "create path /content/feature(sling:Folder)\n" + "set ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -134,7 +138,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with forced path " + remappedIntermediatePath + "\n" + "set principal ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -153,7 +157,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with forced path " + remappedIntermediatePath + "\n" + "set principal ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -172,7 +176,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with forced path " + remappedIntermediatePath + "\n" + "set principal ACL for user1\n" + - "allow jcr:read on home(user1)\n" + + " allow jcr:read on home(user1)\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -193,7 +197,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with path " +relativeIntermediatePath+ "\n" + "set ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -210,7 +214,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with forced path " + remappedIntermediatePath + "\n" + "set principal ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -235,7 +239,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with path " + relativeIntermediatePath + "\n" + "set ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -260,7 +264,7 @@ public class EnforcePrincipalBasedTest { String expected = "create service user user1 with forced path " + remappedIntermediatePath + "\n" + "set principal ACL for user1\n" + - "allow jcr:read on /content/feature\n" + + " allow jcr:read on /content/feature\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -271,7 +275,7 @@ public class EnforcePrincipalBasedTest { private Extension getRepoInitExtension(@NotNull AclManager aclManager, @NotNull RepoPath accessControlledPath, @NotNull SystemUser systemUser, boolean isPrincipalBased) { aclManager.addSystemUser(systemUser); - AccessControlEntry acl = new AccessControlEntry(true, "jcr:read", accessControlledPath, isPrincipalBased); + AccessControlEntry acl = new AccessControlEntry(true, Collections.singletonList("jcr:read"), accessControlledPath, isPrincipalBased); aclManager.addAcl(systemUser.getId(), acl); aclManager.addRepoinitExtension(Collections.singletonList(assembler), fm); diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java index e5b1fad..49a3cb5 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java @@ -91,24 +91,24 @@ public final class RepPolicyEntryHandlerTest { "create service user acs-commons-automatic-package-replicator-service with path system\n" + "create service user acs-commons-on-deploy-scripts-service with path system\n" + "set ACL for acs-commons-automatic-package-replicator-service\n" + - "allow jcr:read on home(acs-commons-automatic-package-replicator-service)\n" + + " allow jcr:read on home(acs-commons-automatic-package-replicator-service)\n" + "end\n" + "set ACL for acs-commons-package-replication-status-event-service\n" + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-package-replication-status-event-service)\n" + - "deny jcr:write on home(acs-commons-package-replication-status-event-service)\n" + + " allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-package-replication-status-event-service)\n" + + " deny jcr:write on home(acs-commons-package-replication-status-event-service)\n" + "end\n" + "set ACL for acs-commons-dispatcher-flush-service\n" + - "allow jcr:read,crx:replicate,jcr:removeNode on home(acs-commons-dispatcher-flush-service)\n" + - "deny jcr:write on home(acs-commons-dispatcher-flush-service)\n" + + " allow jcr:read,crx:replicate,jcr:removeNode on home(acs-commons-dispatcher-flush-service)\n" + + " deny jcr:write on home(acs-commons-dispatcher-flush-service)\n" + "end\n" + "set ACL for acs-commons-ensure-oak-index-service\n" + - "allow jcr:read,rep:write,rep:indexDefinitionManagement on home(acs-commons-ensure-oak-index-service) restriction(rep:glob,*/oak:index/*)\n" + + " allow jcr:read,rep:write,rep:indexDefinitionManagement on home(acs-commons-ensure-oak-index-service) restriction(rep:glob,*/oak:index/*)\n" + "end\n" + "set ACL for acs-commons-on-deploy-scripts-service\n" + - "allow jcr:read on home(acs-commons-on-deploy-scripts-service)\n" + + " allow jcr:read on home(acs-commons-on-deploy-scripts-service)\n" + "end\n" + "set ACL for acs-commons-ensure-service-user-service\n" + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-ensure-service-user-service)\n" + + " allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-ensure-service-user-service)\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -133,17 +133,17 @@ public final class RepPolicyEntryHandlerTest { "create service user acs-commons-automatic-package-replicator-service with path system\n" + "create service user acs-commons-on-deploy-scripts-service with path system\n" + "set ACL for acs-commons-automatic-package-replicator-service\n" + - "allow jcr:read on home(acs-commons-automatic-package-replicator-service)\n" + + " allow jcr:read on home(acs-commons-automatic-package-replicator-service)\n" + "end\n" + "set ACL for acs-commons-package-replication-status-event-service\n" + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-package-replication-status-event-service)\n" + - "deny jcr:write on home(acs-commons-package-replication-status-event-service)\n" + + " allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-package-replication-status-event-service)\n" + + " deny jcr:write on home(acs-commons-package-replication-status-event-service)\n" + "end\n" + "set ACL for acs-commons-on-deploy-scripts-service\n" + - "allow jcr:read on home(acs-commons-on-deploy-scripts-service)\n" + + " allow jcr:read on home(acs-commons-on-deploy-scripts-service)\n" + "end\n" + "set ACL for acs-commons-ensure-service-user-service\n" + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-ensure-service-user-service)\n" + + " allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on home(acs-commons-ensure-service-user-service)\n" + "end\n"; String actual = repoinitExtension.getText(); assertEquals(expected, actual); @@ -173,8 +173,8 @@ public final class RepPolicyEntryHandlerTest { String expected = "create service user acs-commons-package-replication-status-event-service with path system/some/other\n" + "set ACL for acs-commons-package-replication-status-event-service\n" + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /home/users/system/asd\n" + - "deny jcr:write on /home/users/system/asd\n" + + " allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /home/users/system/asd\n" + + " deny jcr:write on /home/users/system/asd\n" + "end\n"; String actual = repoinitExtension.getText(); assertEquals(expected, actual); @@ -216,7 +216,7 @@ public final class RepPolicyEntryHandlerTest { String expected = "create service user service1 with path system/services\n" + "set ACL for service1\n" + - "allow jcr:read,rep:userManagement on /home/groups/g\n" + + " allow jcr:read,rep:userManagement on /home/groups/g\n" + "end\n"; assertEquals(expected, repoinitExtension.getText()); assertTrue(result.getExcludedAcls().isEmpty()); @@ -265,7 +265,7 @@ public final class RepPolicyEntryHandlerTest { String expected = "create service user service1 with path system/services\n" + "set ACL for service1\n" + - "allow jcr:read on /asd/jr2restrictions restriction(rep:glob,*/subtree/*) restriction(sling:customRestriction,sling:value1,sling:value2)\n" + + " allow jcr:read on /asd/jr2restrictions restriction(rep:glob,*/subtree/*) restriction(sling:customRestriction,sling:value1,sling:value2)\n" + "end\n"; String actual = repoinitExtension.getText(); diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandlerTest.java index a1676bb..31b1642 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandlerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandlerTest.java @@ -70,7 +70,7 @@ public final class RepPrincipalPolicyEntryHandlerTest { String expected = "create service user service1 with path system/services\n" + "set principal ACL for service1\n" + - "allow jcr:read,jcr:readAccessControl on /asd/public\n" + + " allow jcr:read,jcr:readAccessControl on /asd/public\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -87,7 +87,7 @@ public final class RepPrincipalPolicyEntryHandlerTest { String expected = "create service user service2 with path system/services\n" + "set principal ACL for service2\n" + - "allow jcr:read on /asd/public restriction(rep:ntNames,nt:folder,sling:Folder) restriction(sling:customRestriction,customRestrictionValue)\n" + + " allow jcr:read on /asd/public restriction(rep:ntNames,nt:folder,sling:Folder) restriction(sling:customRestriction,customRestrictionValue)\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -112,7 +112,7 @@ public final class RepPrincipalPolicyEntryHandlerTest { "create service user service4 with path system/services\n" + "set principal ACL for service4\n" + // since service3 is not known to the AclManager it treats the effective path as a regular node. - "allow jcr:read,rep:userManagement on /home/users/system/services/random3\n" + + " allow jcr:read,rep:userManagement on /home/users/system/services/random3\n" + "end\n"; String actual = repoinitExtension.getText(); @@ -133,7 +133,7 @@ public final class RepPrincipalPolicyEntryHandlerTest { "create service user service4 with path system/services\n" + "create service user service3 with path system/services\n" + "set principal ACL for service4\n" + - "allow jcr:read,rep:userManagement on home(service3)\n" + + " allow jcr:read,rep:userManagement on home(service3)\n" + "end\n"; String actual = repoinitExtension.getText(); diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepRepoPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepRepoPolicyEntryHandlerTest.java index 8d3d9c6..652d871 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepRepoPolicyEntryHandlerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepRepoPolicyEntryHandlerTest.java @@ -71,7 +71,7 @@ public class RepRepoPolicyEntryHandlerTest { String expectedEnd = "set ACL for repolevel-service\n" + - "allow jcr:namespaceManagement on :repository\n" + + " allow jcr:namespaceManagement on :repository\n" + "end\n"; String actual = repoinitExtension.getText(); assertTrue(actual.endsWith(expectedEnd));
