You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2021/01/12 16:06:12 UTC
[sling-org-apache-sling-feature-cpconverter] branch master updated:
SLING-8942 : Support aggregate and abstract privileges (#45)
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new 66383cc SLING-8942 : Support aggregate and abstract privileges (#45)
66383cc is described below
commit 66383ccda81415a260ebb7baf84cadf9ef210230
Author: anchela <an...@apache.org>
AuthorDate: Tue Jan 12 17:06:07 2021 +0100
SLING-8942 : Support aggregate and abstract privileges (#45)
* SLING-8942 : Support aggregate and abstract privileges
Co-authored-by: angela <an...@adobe.com>
---
.../cpconverter/accesscontrol/AclManager.java | 4 +-
.../accesscontrol/DefaultAclManager.java | 55 ++++++++++++++++++----
.../cpconverter/handlers/PrivilegesHandler.java | 45 ++----------------
.../handlers/PrivilegesHandlerTest.java | 13 ++++-
.../handlers/META-INF/vault/privileges.xml | 5 +-
5 files changed, 70 insertions(+), 52 deletions(-)
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java
index 014b8b5..1bc0664 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManager.java
@@ -18,8 +18,10 @@ package org.apache.sling.feature.cpconverter.accesscontrol;
import java.util.List;
+import org.apache.jackrabbit.vault.fs.spi.PrivilegeDefinitions;
import org.apache.sling.feature.cpconverter.features.FeaturesManager;
import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
+import org.jetbrains.annotations.NotNull;
/**
* The Manager able to collect and build System Users and related ACL policies.
@@ -34,7 +36,7 @@ public interface AclManager {
void addNodetypeRegistrationSentence(String nodetypeRegistrationSentence);
- void addPrivilege(String privilege);
+ void addPrivilegeDefinitions(@NotNull PrivilegeDefinitions privilegeDefinitions);
void reset();
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
index f348c02..2975e90 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
@@ -16,11 +16,18 @@
*/
package org.apache.sling.feature.cpconverter.accesscontrol;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.PrivilegeDefinition;
+import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.vault.fs.spi.PrivilegeDefinitions;
import org.apache.jackrabbit.vault.util.PlatformNameFormat;
import org.apache.sling.feature.cpconverter.features.FeaturesManager;
import org.apache.sling.feature.cpconverter.shared.RepoPath;
import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
+import org.jetbrains.annotations.NotNull;
+import javax.jcr.NamespaceException;
import java.io.File;
import java.io.FileInputStream;
import java.util.Formatter;
@@ -55,7 +62,7 @@ public final class DefaultAclManager implements AclManager {
private List<String> nodetypeRegistrationSentences = new LinkedList<>();
- private Set<String> privileges = new LinkedHashSet<>();
+ private PrivilegeDefinitions privilegeDefinitions;
public boolean addSystemUser(SystemUser systemUser) {
if (preProvidedSystemUsers.add(systemUser)) {
@@ -88,10 +95,8 @@ public final class DefaultAclManager implements AclManager {
try {
formatter = new Formatter();
- if (!privileges.isEmpty()) {
- for (String privilege : privileges) {
- formatter.format("register privilege %s%n", privilege);
- }
+ if (privilegeDefinitions != null) {
+ registerPrivileges(privilegeDefinitions, formatter);
}
for (String nodetypeRegistrationSentence : nodetypeRegistrationSentences) {
@@ -187,15 +192,15 @@ public final class DefaultAclManager implements AclManager {
}
@Override
- public void addPrivilege(String privilege) {
- privileges.add(privilege);
+ public void addPrivilegeDefinitions(@NotNull PrivilegeDefinitions privilegeDefinitions) {
+ this.privilegeDefinitions = privilegeDefinitions;
}
public void reset() {
systemUsers.clear();
acls.clear();
nodetypeRegistrationSentences.clear();
- privileges.clear();
+ privilegeDefinitions = null;
}
private void addPaths(List<AccessControlEntry> authorizations, List<VaultPackageAssembler> packageAssemblers, Formatter formatter) {
@@ -266,4 +271,38 @@ public final class DefaultAclManager implements AclManager {
private static boolean areEmpty(List<AccessControlEntry> authorizations) {
return authorizations == null || authorizations.isEmpty();
}
+
+ private static void registerPrivileges(@NotNull PrivilegeDefinitions definitions, @NotNull Formatter formatter) {
+ NameResolver nameResolver = new DefaultNamePathResolver(definitions.getNamespaceMapping());
+ for (PrivilegeDefinition privilege : definitions.getDefinitions()) {
+ try {
+ String name = nameResolver.getJCRName(privilege.getName());
+ String aggregates = getAggregatedNames(privilege, nameResolver);
+ if (privilege.isAbstract()) {
+ formatter.format("register abstract privilege %s%s%n", name, aggregates);
+ } else {
+ formatter.format("register privilege %s%s%n", name, aggregates);
+ }
+ } catch (NamespaceException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ @NotNull
+ private static String getAggregatedNames(@NotNull PrivilegeDefinition definition, @NotNull NameResolver nameResolver) {
+ Set<Name> aggregatedNames = definition.getDeclaredAggregateNames();
+ if (aggregatedNames.isEmpty()) {
+ return "";
+ } else {
+ Set<String> names = aggregatedNames.stream().map(name -> {
+ try {
+ return nameResolver.getJCRName(name);
+ } catch (NamespaceException e) {
+ throw new IllegalStateException(e);
+ }
+ }).collect(Collectors.toSet());
+ return " with "+String.join(",", names);
+ }
+ }
}
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandler.java
index 00c7c40..c26308f 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandler.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandler.java
@@ -16,57 +16,22 @@
*/
package org.apache.sling.feature.cpconverter.handlers;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
-
import org.apache.jackrabbit.vault.fs.io.Archive;
import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
+import org.apache.jackrabbit.vault.fs.spi.PrivilegeDefinitions;
import org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
-import org.apache.sling.feature.cpconverter.accesscontrol.AclManager;
-import org.xml.sax.Attributes;
-import org.xml.sax.SAXException;
-import org.xml.sax.helpers.DefaultHandler;
public class PrivilegesHandler extends AbstractRegexEntryHandler {
- private static final String PRIVILEGE = "privilege";
-
- private static final String NAME = "name";
-
- private final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
-
public PrivilegesHandler() {
super("META-INF/vault/privileges\\.xml");
}
@Override
- public void handle(String path, Archive archive, Entry entry, ContentPackage2FeatureModelConverter converter)
- throws Exception {
- SAXParser saxParser = saxParserFactory.newSAXParser();
- AclManager aclManager = converter.getAclManager();
- PrivilegeHandler handler = new PrivilegeHandler(aclManager);
- saxParser.parse(archive.openInputStream(entry), handler);
- }
-
- private static final class PrivilegeHandler extends DefaultHandler {
-
- private final AclManager aclManager;
-
- public PrivilegeHandler(AclManager aclManager) {
- this.aclManager = aclManager;
- }
-
- @Override
- public void startElement(String uri, String localName, String qName, Attributes attributes)
- throws SAXException {
- if (PRIVILEGE.equals(qName)) {
- String privilege = attributes.getValue(NAME);
- if (privilege != null && !privilege.isEmpty()) {
- aclManager.addPrivilege(privilege);
- }
- }
+ public void handle(String path, Archive archive, Entry entry, ContentPackage2FeatureModelConverter converter) {
+ PrivilegeDefinitions privileges = archive.getMetaInf().getPrivileges();
+ if (privileges != null) {
+ converter.getAclManager().addPrivilegeDefinitions(privileges);
}
-
}
-
}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandlerTest.java
index 3b4309f..bfe3fa3 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandlerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/PrivilegesHandlerTest.java
@@ -25,6 +25,7 @@ import static org.mockito.Mockito.when;
import java.util.Arrays;
+import org.apache.jackrabbit.vault.fs.config.DefaultMetaInf;
import org.apache.jackrabbit.vault.fs.io.Archive;
import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
import org.apache.sling.feature.ArtifactId;
@@ -69,7 +70,11 @@ public class PrivilegesHandlerTest {
Archive archive = mock(Archive.class);
Entry entry = mock(Entry.class);
+ DefaultMetaInf metaInf = new DefaultMetaInf();
+ metaInf.load(getClass().getResourceAsStream(path.substring(1)), "privileges.xml");
+
when(archive.openInputStream(entry)).thenReturn(getClass().getResourceAsStream(path.substring(1)));
+ when(archive.getMetaInf()).thenReturn(metaInf);
VaultPackageAssembler packageAssembler = mock(VaultPackageAssembler.class);
@@ -86,7 +91,13 @@ public class PrivilegesHandlerTest {
Extension repoinitExtension = feature.getExtensions().getByName(Extension.EXTENSION_NAME_REPOINIT);
assertNotNull(repoinitExtension);
- assertTrue(repoinitExtension.getText().contains("register privilege rx:replicate" + System.lineSeparator()));
+ String str = "register privilege sling:replicate" + System.lineSeparator() +
+ "register abstract privilege sling:test with ";
+ String txt = repoinitExtension.getText();
+ assertTrue("Expect '"+txt+"' contains '"+str+"'", txt.contains(str));
+ String aggregation1 = "with sling:replicate,jcr:read" + System.lineSeparator();
+ String aggregation2 = "with jcr:read,sling:replicate" + System.lineSeparator();
+ assertTrue(txt.contains(aggregation1) || txt.contains(aggregation2));
}
}
diff --git a/src/test/resources/org/apache/sling/feature/cpconverter/handlers/META-INF/vault/privileges.xml b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/META-INF/vault/privileges.xml
index 7beb9d2..625a79b 100644
--- a/src/test/resources/org/apache/sling/feature/cpconverter/handlers/META-INF/vault/privileges.xml
+++ b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/META-INF/vault/privileges.xml
@@ -15,6 +15,7 @@
License for the specific language governing permissions and limitations under
the License.
-->
-<privileges xmlns:crx="http://sling.apache.org/rx/1.0">
- <privilege name="rx:replicate"/>
+<privileges xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0">
+ <privilege name="sling:replicate"/>
+ <privilege name="sling:test" abstract="true"><contains name="sling:replicate"/><contains name="jcr:read"/></privilege>
</privileges>