You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2021/01/29 14:27:38 UTC
[sling-org-apache-sling-feature-cpconverter] 01/01: SLING-10081:
adjust generated repo-init statements for service user creation to be with
forced path.
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch issues/SLING-10081
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
commit d32ab5f3696d0d39784ba3008f78d0f1607af6a2
Author: Karl Pauls <ka...@gmail.com>
AuthorDate: Fri Jan 29 15:27:17 2021 +0100
SLING-10081: adjust generated repo-init statements for service user creation to be with forced path.
---
pom.xml | 2 +-
.../feature/cpconverter/accesscontrol/DefaultAclManager.java | 4 +++-
.../cpconverter/accesscontrol/EnforcePrincipalBasedTest.java | 8 ++++----
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 735da3a..a47161c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -244,7 +244,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.repoinit.parser</artifactId>
- <version>1.6.2</version>
+ <version>1.6.3-SNAPSHOT</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
index 456e884..fc252ec 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
@@ -152,7 +152,9 @@ public class DefaultAclManager implements AclManager {
private void addUsersAndGroups(@NotNull Formatter formatter) {
for (SystemUser systemUser : systemUsers) {
// make sure all system users are created first
- formatter.format("create service user %s with path %s%n", systemUser.getId(), calculateIntermediatePath(systemUser));
+ String forced = (enforcePrincipalBased(systemUser) ? "forced " : "");
+ formatter.format("create service user %s with %spath %s%n", systemUser.getId(), forced, calculateIntermediatePath(systemUser));
+
if (aclIsBelow(systemUser.getPath())) {
throw new IllegalStateException("Detected policy on subpath of system-user: " + systemUser);
}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java
index 13955dc..091e604 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/EnforcePrincipalBasedTest.java
@@ -126,7 +126,7 @@ public class EnforcePrincipalBasedTest {
Extension repoinitExtension = getRepoInitExtension(aclManager, accessControlledPath, systemUser, false);
String expected =
- "create service user user1 with path " + remappedIntermediatePath + System.lineSeparator() +
+ "create service user user1 with forced path " + remappedIntermediatePath + System.lineSeparator() +
"set principal ACL for user1" + System.lineSeparator() +
"allow jcr:read on /content/feature" + System.lineSeparator() +
"end" + System.lineSeparator();
@@ -145,7 +145,7 @@ public class EnforcePrincipalBasedTest {
Extension repoinitExtension = getRepoInitExtension(aclManager, accessControlledPath, systemUser, true);
String expected =
- "create service user user1 with path " + remappedIntermediatePath + System.lineSeparator() +
+ "create service user user1 with forced path " + remappedIntermediatePath + System.lineSeparator() +
"set principal ACL for user1" + System.lineSeparator() +
"allow jcr:read on /content/feature" + System.lineSeparator() +
"end" + System.lineSeparator();
@@ -164,7 +164,7 @@ public class EnforcePrincipalBasedTest {
Extension repoinitExtension = getRepoInitExtension(aclManager, accessControlledPath, systemUser, true);
String expected =
- "create service user user1 with path " + remappedIntermediatePath + System.lineSeparator() +
+ "create service user user1 with forced path " + remappedIntermediatePath + System.lineSeparator() +
"set principal ACL for user1" + System.lineSeparator() +
"allow jcr:read on home(user1)" + System.lineSeparator() +
"end" + System.lineSeparator();
@@ -202,7 +202,7 @@ public class EnforcePrincipalBasedTest {
Extension repoinitExtension = getRepoInitExtension(aclManager, accessControlledPath, systemUser, false);
String expected =
- "create service user user1 with path " + remappedIntermediatePath + System.lineSeparator() +
+ "create service user user1 with forced path " + remappedIntermediatePath + System.lineSeparator() +
"set principal ACL for user1" + System.lineSeparator() +
"allow jcr:read on /content/feature" + System.lineSeparator() +
"end" + System.lineSeparator();