[sling-org-apache-sling-repoinit-parser] 01/01: SLING-10277 : Privilege aggregates cannot have namespaced name but AC-Lines require namespaced privilege names

Wed, 07 Apr 2021 09:02:28 -0700 

This is an automated email from the ASF dual-hosted git repository.

angela pushed a commit to branch SLING-10277
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-repoinit-parser.git

commit 86557dc1afa4fb8e1059e807486c8b2bd940255d
Author: angela <[email protected]>
AuthorDate: Wed Apr 7 18:01:43 2021 +0200

    SLING-10277 : Privilege aggregates cannot have namespaced name but AC-Lines 
require namespaced privilege names
---
 src/main/javacc/RepoInitGrammar.jjt             | 19 +++++++++++++++----
 src/test/resources/testcases/test-42-output.txt |  4 ++--
 src/test/resources/testcases/test-42.txt        |  4 ++--
 src/test/resources/testcases/test-99-output.txt |  6 +++++-
 src/test/resources/testcases/test-99.txt        | 10 ++++++++--
 5 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/src/main/javacc/RepoInitGrammar.jjt 
b/src/main/javacc/RepoInitGrammar.jjt
index 9bb7004..101c096 100644
--- a/src/main/javacc/RepoInitGrammar.jjt
+++ b/src/main/javacc/RepoInitGrammar.jjt
@@ -226,6 +226,17 @@ List<String> namespacedItemsList() :
     { return priv; }
 }
 
+List<String> privilegesList() :
+{
+    Token t = null;
+    List<String> privilegeNames = new ArrayList<String>();
+}
+{
+    ( t=<NAMESPACED_ITEM> | t=<STRING> ) { privilegeNames.add(t.image); }
+    ( <COMMA> ( t=<NAMESPACED_ITEM> | t=<STRING> ) { 
privilegeNames.add(t.image); } )*
+    { return privilegeNames; }
+}
+
 String usernameList() :
 {
     List<String> names = new ArrayList<String>();
@@ -361,7 +372,7 @@ void userPrivilegesLine(List<AclLine> lines) :
 }
 {
     line = privilegesLineOperation()
-    tmp = namespacedItemsList() { line.setProperty(AclLine.PROP_PRIVILEGES, 
tmp); }
+    tmp = privilegesList() { line.setProperty(AclLine.PROP_PRIVILEGES, tmp); }
     <FOR>
     tmp = principalsList() { line.setProperty(AclLine.PROP_PRINCIPALS, tmp); }
     restrictions = restrictions()  { line.setRestrictions(restrictions); }
@@ -442,7 +453,7 @@ void pathPrivilegesLine(List<AclLine> lines) :
 }
 {
     line = privilegesLineOperation()
-    tmp = namespacedItemsList() { line.setProperty(AclLine.PROP_PRIVILEGES, 
tmp); } 
+    tmp = privilegesList() { line.setProperty(AclLine.PROP_PRIVILEGES, tmp); }
     <ON> tmp = pathsList() { line.setProperty(AclLine.PROP_PATHS, tmp); }
     ( <NODETYPES> tmp = namespacedItemsList() { 
line.setProperty(AclLine.PROP_NODETYPES, tmp); }) ?
      restrictions = restrictions()  { line.setRestrictions(restrictions); }
@@ -492,7 +503,7 @@ void setAclRepository(List<Operation> result) :
                 line = new AclLine(AclLine.Action.REMOVE_ALL);
                 lines.add(line);
             }
-        | ( line = privilegesLineOperation() privileges = 
namespacedItemsList() )
+        | ( line = privilegesLineOperation() privileges = privilegesList() )
             {
                 line.setProperty(AclLine.PROP_PRIVILEGES, privileges);
                 lines.add(line);
@@ -565,7 +576,7 @@ void registerPrivilegeStatement(List<Operation> result) :
     List<String> aggregates = new ArrayList<String>();
 }
 {
-    <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
<STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
principalsList())?
+    <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
<STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
privilegesList())?
     {
         result.add(new RegisterPrivilege(privilege.image, isAbstract, 
aggregates));
     }
diff --git a/src/test/resources/testcases/test-42-output.txt 
b/src/test/resources/testcases/test-42-output.txt
index 3fc8e0c..227a054 100644
--- a/src/test/resources/testcases/test-42-output.txt
+++ b/src/test/resources/testcases/test-42-output.txt
@@ -1,6 +1,6 @@
 register privilege withoutabstract_withoutaggregates
 register abstract privilege withabstract_withoutaggregates
 register privilege withoutabstract_withaggregate with bla
-register privilege withoutabstract_withaggregates with bla,blub
+register privilege withoutabstract_withaggregates with bla,jcr:read
 register abstract privilege withabstract_withaggregate with foo
-register abstract privilege withabstract_withaggregates with foo,bar
\ No newline at end of file
+register abstract privilege withabstract_withaggregates with foo,jcr:read
\ No newline at end of file
diff --git a/src/test/resources/testcases/test-42.txt 
b/src/test/resources/testcases/test-42.txt
index 3fc8e0c..227a054 100644
--- a/src/test/resources/testcases/test-42.txt
+++ b/src/test/resources/testcases/test-42.txt
@@ -1,6 +1,6 @@
 register privilege withoutabstract_withoutaggregates
 register abstract privilege withabstract_withoutaggregates
 register privilege withoutabstract_withaggregate with bla
-register privilege withoutabstract_withaggregates with bla,blub
+register privilege withoutabstract_withaggregates with bla,jcr:read
 register abstract privilege withabstract_withaggregate with foo
-register abstract privilege withabstract_withaggregates with foo,bar
\ No newline at end of file
+register abstract privilege withabstract_withaggregates with foo,jcr:read
\ No newline at end of file
diff --git a/src/test/resources/testcases/test-99-output.txt 
b/src/test/resources/testcases/test-99-output.txt
index f721235..2aefa24 100644
--- a/src/test/resources/testcases/test-99-output.txt
+++ b/src/test/resources/testcases/test-99-output.txt
@@ -52,8 +52,12 @@ CreateServiceUser BF with forced path /path/service/BF
 CreateGroup GF with forced path /path/group/GF
 SetAclPaths on :home:alice# 
   AclLine ALLOW {principals=[alice, bob, carol], privileges=[jcr:one]}
+  AclLine ALLOW {principals=[larry], privileges=[priv]}
 SetAclPrincipals for bob 
-  AclLine ALLOW {paths=[:home:alice#, /another/path, :home:larry#], 
privileges=[jcr:two]}
+  AclLine ALLOW {paths=[:home:alice#, /another/path], privileges=[jcr:two]}
+  AclLine ALLOW {paths=[:home:larry#], privileges=[priv]}
+SetAclPrincipalBased for bob 
+  AclLine ALLOW {paths=[:home:alice#, /another/path], privileges=[priv]}
 SetAclPaths on :home:alice#/sub/folder/of/their/homes 
   AclLine ALLOW {principals=[fred], privileges=[jcr:three]}
 AddGroupMembers user1 user2 in group grpA
diff --git a/src/test/resources/testcases/test-99.txt 
b/src/test/resources/testcases/test-99.txt
index d95637c..45a14ed 100644
--- a/src/test/resources/testcases/test-99.txt
+++ b/src/test/resources/testcases/test-99.txt
@@ -93,11 +93,17 @@ create group GF with forced path /path/group/GF
 # Home function maps to user and group home folders
 set ACL on home(alice)
   allow jcr:one for alice, bob, carol
+  allow priv for larry
 end
 
 set ACL for bob
-  allow jcr:two on home(alice), /another/path, home(larry)
-end  
+  allow jcr:two on home(alice), /another/path
+  allow priv on home(larry)
+end
+
+set principal ACL for bob
+  allow priv on home(alice), /another/path
+end
 
 set ACL on home(alice)/sub/folder/of/their/homes
   allow jcr:three for fred

Reply via email to