You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by an...@apache.org on 2022/02/25 09:30:32 UTC
[sling-org-apache-sling-repoinit-parser] 01/01: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch SLING-11160
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-repoinit-parser.git
commit 280ac77fede00b258fd969910e26385b664ac1ed
Author: angela <an...@adobe.com>
AuthorDate: Fri Feb 25 10:30:18 2022 +0100
SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
---
.../repoinit/parser/operations/AclGroupBase.java | 12 +++++---
.../sling/repoinit/parser/operations/AclLine.java | 32 +++++++++++++++++++---
.../repoinit/parser/operations/package-info.java | 2 +-
src/main/javacc/RepoInitGrammar.jjt | 14 ++++++----
src/test/resources/testcases/test-11-output.txt | 2 +-
src/test/resources/testcases/test-11.txt | 2 +-
src/test/resources/testcases/test-30-output.txt | 2 +-
src/test/resources/testcases/test-30.txt | 2 +-
src/test/resources/testcases/test-33-output.txt | 2 +-
src/test/resources/testcases/test-33.txt | 2 +-
10 files changed, 51 insertions(+), 21 deletions(-)
diff --git a/src/main/java/org/apache/sling/repoinit/parser/operations/AclGroupBase.java b/src/main/java/org/apache/sling/repoinit/parser/operations/AclGroupBase.java
index 8f1bd85..63cb885 100644
--- a/src/main/java/org/apache/sling/repoinit/parser/operations/AclGroupBase.java
+++ b/src/main/java/org/apache/sling/repoinit/parser/operations/AclGroupBase.java
@@ -68,7 +68,7 @@ abstract class AclGroupBase extends Operation {
try (Formatter formatter = new Formatter()) {
formatter.format("%s",topLine);
for (AclLine line : lines) {
- String action = actionToString(line.getAction());
+ String action = actionToString(line.getAction(), line.isAllow());
String privileges = privilegesToString(line.getAction(), line.getProperty(AclLine.PROP_PRIVILEGES));
String onOrFor;
if (hasPathLines) {
@@ -116,10 +116,14 @@ abstract class AclGroupBase extends Operation {
}
@NotNull
- private static String actionToString(@NotNull AclLine.Action action) {
- if(action.equals(Action.REMOVE_ALL)) {
+ private static String actionToString(@NotNull AclLine.Action action, boolean isAllow) {
+ if (action.equals(Action.REMOVE_ALL)) {
return Action.REMOVE.toString().toLowerCase();
+ } else if (action.equals(Action.REMOVE)) {
+ String allowStr = (isAllow) ? Action.ALLOW.toString().toLowerCase() : Action.DENY.toString().toLowerCase();
+ return Action.REMOVE.toString().toLowerCase() + " " + allowStr;
+ } else {
+ return action.toString().toLowerCase();
}
- return action.toString().toLowerCase();
}
}
diff --git a/src/main/java/org/apache/sling/repoinit/parser/operations/AclLine.java b/src/main/java/org/apache/sling/repoinit/parser/operations/AclLine.java
index 437bea4..5086839 100644
--- a/src/main/java/org/apache/sling/repoinit/parser/operations/AclLine.java
+++ b/src/main/java/org/apache/sling/repoinit/parser/operations/AclLine.java
@@ -45,15 +45,34 @@ public class AclLine {
private final Map<String, List<String>> properties;
private List<RestrictionClause> restrictions;
+ private boolean isAllow = true;
public AclLine(Action a) {
- action = a;
+ this(a, false);
+ }
+
+ public AclLine(Action a, boolean isRemove) {
+ if (isRemove) {
+ if (!(a == Action.ALLOW || a == Action.DENY)) {
+ throw new IllegalArgumentException("Action.REMOVE can only be use in combination with an additional ALLOW or DENY.");
+ }
+ action = Action.REMOVE;
+ } else {
+ action = a;
+ }
properties = new TreeMap<>();
+ if (a == Action.DENY) {
+ isAllow = false;
+ }
}
public Action getAction() {
return action;
}
+
+ public boolean isAllow() {
+ return isAllow;
+ }
/**
* Return the named multi-value property, or an empty list if not found.
@@ -80,8 +99,13 @@ public class AclLine {
@Override
public String toString() {
- return getClass().getSimpleName() + " " + action + " " + properties
- + (restrictions == null || restrictions.isEmpty() ? "" : " restrictions=" + restrictions);
-
+ if (action.equals(Action.REMOVE)) {
+ String allowStr = isAllow ? Action.ALLOW.toString() : Action.DENY.toString();
+ return getClass().getSimpleName() + " " + action + " " + allowStr + " " + properties
+ + (restrictions == null || restrictions.isEmpty() ? "" : " restrictions=" + restrictions);
+ } else {
+ return getClass().getSimpleName() + " " + action + " " + properties
+ + (restrictions == null || restrictions.isEmpty() ? "" : " restrictions=" + restrictions);
+ }
}
}
diff --git a/src/main/java/org/apache/sling/repoinit/parser/operations/package-info.java b/src/main/java/org/apache/sling/repoinit/parser/operations/package-info.java
index 737bebc..b82d630 100644
--- a/src/main/java/org/apache/sling/repoinit/parser/operations/package-info.java
+++ b/src/main/java/org/apache/sling/repoinit/parser/operations/package-info.java
@@ -17,6 +17,6 @@
// DO NOT use version 5.x here, once a major change is
// needed skip directly to 6.x (SLING-10139)
-@org.osgi.annotation.versioning.Version("4.8.0")
+@org.osgi.annotation.versioning.Version("4.9.0")
package org.apache.sling.repoinit.parser.operations;
diff --git a/src/main/javacc/RepoInitGrammar.jjt b/src/main/javacc/RepoInitGrammar.jjt
index 1cf53e4..bf7f95e 100644
--- a/src/main/javacc/RepoInitGrammar.jjt
+++ b/src/main/javacc/RepoInitGrammar.jjt
@@ -360,13 +360,15 @@ void removeStarLine(List<AclLine> lines) :
}
AclLine privilegesLineOperation() :
-{}
{
- (
- <REMOVE> { return new AclLine(AclLine.Action.REMOVE); }
- | ( <ALLOW> { return new AclLine(AclLine.Action.ALLOW); } )
- | ( <DENY> { return new AclLine(AclLine.Action.DENY); } )
- )
+ boolean isRemove = false;
+ AclLine.Action action = null;
+}
+{
+ (<REMOVE> { isRemove = true; })?
+
+ ((<ALLOW> { action = AclLine.Action.ALLOW; })
+ | (<DENY> { action = AclLine.Action.DENY; })) { return new AclLine(action, isRemove); }
}
void userPrivilegesLine(List<AclLine> lines) :
diff --git a/src/test/resources/testcases/test-11-output.txt b/src/test/resources/testcases/test-11-output.txt
index f675cae..6c1bfde 100644
--- a/src/test/resources/testcases/test-11-output.txt
+++ b/src/test/resources/testcases/test-11-output.txt
@@ -3,4 +3,4 @@ SetAclPaths on /libs /apps
AclLine ALLOW {principals=[user1, user2], privileges=[jcr:read]}
AclLine REMOVE_ALL {principals=[another]}
AclLine ALLOW {principals=[another], privileges=[x:y]}
- AclLine REMOVE {principals=[userTestingSpecificRemove], privileges=[jcr:ACL]}
\ No newline at end of file
+ AclLine REMOVE DENY {principals=[userTestingSpecificRemove], privileges=[jcr:ACL]}
\ No newline at end of file
diff --git a/src/test/resources/testcases/test-11.txt b/src/test/resources/testcases/test-11.txt
index 9099e00..c18b035 100644
--- a/src/test/resources/testcases/test-11.txt
+++ b/src/test/resources/testcases/test-11.txt
@@ -10,5 +10,5 @@ set ACL on /libs,/apps
remove * for another
allow x:y for another
- remove jcr:ACL for userTestingSpecificRemove
+ remove deny jcr:ACL for userTestingSpecificRemove
end
\ No newline at end of file
diff --git a/src/test/resources/testcases/test-30-output.txt b/src/test/resources/testcases/test-30-output.txt
index a330041..8748832 100644
--- a/src/test/resources/testcases/test-30-output.txt
+++ b/src/test/resources/testcases/test-30-output.txt
@@ -4,7 +4,7 @@ SetAclPrincipals for user1 u2
AclLine DENY {paths=[/apps], privileges=[jcr:write]}
AclLine DENY {nodetypes=[sling:Folder, nt:unstructured], paths=[/apps, /content], privileges=[jcr:lockManagement]}
AclLine DENY {nodetypes=[sling:Folder, nt:unstructured], paths=[/apps, /content], privileges=[jcr:modifyProperties]} restrictions=[rep:itemNames=[prop1, prop2]]
- AclLine REMOVE {paths=[/apps], privileges=[jcr:understand, some:other]}
+ AclLine REMOVE ALLOW {paths=[/apps], privileges=[jcr:understand, some:other]}
AclLine ALLOW {paths=[/apps], privileges=[jcr:addChildNodes]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured]]
AclLine ALLOW {paths=[/apps], privileges=[jcr:modifyProperties]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured], rep:itemNames=[prop1, prop2]]
AclLine ALLOW {paths=[/apps, /content], privileges=[jcr:addChildNodes]} restrictions=[rep:glob=[/cat, /cat/, cat]]
diff --git a/src/test/resources/testcases/test-30.txt b/src/test/resources/testcases/test-30.txt
index 6631865..4a9e6fd 100644
--- a/src/test/resources/testcases/test-30.txt
+++ b/src/test/resources/testcases/test-30.txt
@@ -10,7 +10,7 @@ set ACL for user1,u2
deny jcr:lockManagement on /apps, /content nodetypes sling:Folder, nt:unstructured
# nodetypes clause with restriction clause
deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
- remove jcr:understand,some:other on /apps
+ remove allow jcr:understand,some:other on /apps
# multi value restriction
allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
diff --git a/src/test/resources/testcases/test-33-output.txt b/src/test/resources/testcases/test-33-output.txt
index cd489cc..9a2f655 100644
--- a/src/test/resources/testcases/test-33-output.txt
+++ b/src/test/resources/testcases/test-33-output.txt
@@ -4,7 +4,7 @@ SetAclPrincipalBased for principal1 principal2
AclLine DENY {paths=[/apps], privileges=[jcr:write]}
AclLine DENY {nodetypes=[sling:Folder, nt:unstructured], paths=[/apps, /content], privileges=[jcr:lockManagement]}
AclLine DENY {nodetypes=[sling:Folder, nt:unstructured], paths=[/apps, /content], privileges=[jcr:modifyProperties]} restrictions=[rep:itemNames=[prop1, prop2]]
- AclLine REMOVE {paths=[/apps], privileges=[jcr:understand, some:other]}
+ AclLine REMOVE ALLOW {paths=[/apps], privileges=[jcr:understand, some:other]}
AclLine ALLOW {paths=[/apps], privileges=[jcr:addChildNodes]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured]]
AclLine ALLOW {paths=[/apps], privileges=[jcr:modifyProperties]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured], rep:itemNames=[prop1, prop2]]
AclLine ALLOW {paths=[/apps, /content], privileges=[jcr:addChildNodes]} restrictions=[rep:glob=[/cat, /cat/, cat]]
diff --git a/src/test/resources/testcases/test-33.txt b/src/test/resources/testcases/test-33.txt
index 846d0b5..c362625 100644
--- a/src/test/resources/testcases/test-33.txt
+++ b/src/test/resources/testcases/test-33.txt
@@ -16,7 +16,7 @@ set principal ACL for principal1,principal2
deny jcr:lockManagement on /apps, /content nodetypes sling:Folder, nt:unstructured
# nodetypes clause with restriction clause
deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
- remove jcr:understand,some:other on /apps
+ remove allow jcr:understand,some:other on /apps
# multi value restriction
allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)