You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by si...@apache.org on 2019/05/08 09:57:59 UTC
[sling-org-apache-sling-feature-cpconverter] branch master updated:
SLING-8390 - Converter not handling serviceusers and acls spread across
multiple packages
This is an automated email from the ASF dual-hosted git repository.
simonetripodi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new a7f50b9 SLING-8390 - Converter not handling serviceusers and acls spread across multiple packages
a7f50b9 is described below
commit a7f50b9be9960979c5f050ba5fb2bad2bc437d8b
Author: stripodi <st...@simos-mbp>
AuthorDate: Wed May 8 11:57:52 2019 +0200
SLING-8390 - Converter not handling serviceusers and acls spread across
multiple packages
ACLs added only for known users also from previous conversions
---
.../sling/feature/cpconverter/acl/AclManager.java | 7 +-
.../feature/cpconverter/acl/AclManagerTest.java | 87 ++++++++++++++++++++++
.../handlers/RepPolicyEntryHandlerTest.java | 8 +-
3 files changed, 93 insertions(+), 9 deletions(-)
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
index 63b0413..5796f16 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
@@ -122,9 +122,12 @@ public final class AclManager {
for (Entry<String, List<Acl>> currentAcls : acls.entrySet()) {
String systemUser = currentAcls.getKey();
- List<Acl> authorizations = currentAcls.getValue();
- addAclStatement(formatter, systemUser, authorizations);
+ if (preProvidedSystemUsers.contains(systemUser)) {
+ List<Acl> authorizations = currentAcls.getValue();
+
+ addAclStatement(formatter, systemUser, authorizations);
+ }
}
String text = formatter.toString();
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
new file mode 100644
index 0000000..8b79165
--- /dev/null
+++ b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.acl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+
+import org.apache.sling.feature.ArtifactId;
+import org.apache.sling.feature.Extension;
+import org.apache.sling.feature.Feature;
+import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class AclManagerTest {
+
+ private AclManager aclManager;
+
+ @Before
+ public void setUp() {
+ aclManager = new AclManager();
+ }
+
+ @After
+ public void tearDown() {
+ aclManager = null;
+ }
+
+ @Test
+ public void makeSureAclsAreCreatedOnlyForKnownUsers() {
+ aclManager.addSystemUser("acs-commons-ensure-oak-index-service");
+
+ // emulate a second iteration of conversion
+ aclManager.reset();
+
+ aclManager.addSystemUser("acs-commons-package-replication-status-event-service");
+
+ aclManager.addAcl("acs-commons-ensure-oak-index-service", "allow", "jcr:read,rep:write,rep:indexDefinitionManagement", "/asd/public");
+ aclManager.addAcl("acs-commons-package-replication-status-event-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+
+ // add an ACL for unknown user
+ aclManager.addAcl("acs-commons-on-deploy-scripts-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+
+ VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
+ when(assembler.getEntry(anyString())).thenReturn(new File(System.getProperty("java.io.tmpdir")));
+ Feature feature = new Feature(new ArtifactId("org.apache.sling", "org.apache.sling.cp2fm", "0.0.1", null, null));
+
+ aclManager.addRepoinitExtension(assembler, feature);
+
+ Extension repoinitExtension = feature.getExtensions().getByName(Extension.EXTENSION_NAME_REPOINIT);
+ assertNotNull(repoinitExtension);
+
+ // acs-commons-on-deploy-scripts-service will be missed
+ String expected = "create path (sling:Folder) /asd\n" +
+ "create path (sling:Folder) /asd/public\n" +
+ "create service user acs-commons-package-replication-status-event-service\n" +
+ "set ACL for acs-commons-package-replication-status-event-service\n" +
+ "allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" +
+ "end\n" +
+ "set ACL for acs-commons-ensure-oak-index-service\n" +
+ "allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public\n" +
+ "end\n";
+ String actual = repoinitExtension.getText();
+ assertEquals(expected, actual);
+ }
+
+}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
index 80bc525..188c747 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
@@ -109,7 +109,7 @@ public final class RepPolicyEntryHandlerTest {
}
@Test
- public void notDeclaredSystemUsersWillHaveAclSettings() throws Exception {
+ public void notDeclaredSystemUsersWillNotHaveAclSettings() throws Exception {
Extension repoinitExtension = parseAndSetRepoinit("acs-commons-package-replication-status-event-service",
"acs-commons-ensure-service-user-service",
"acs-commons-automatic-package-replicator-service",
@@ -134,12 +134,6 @@ public final class RepPolicyEntryHandlerTest {
"create service user acs-commons-on-deploy-scripts-service\n" +
"set ACL for acs-commons-on-deploy-scripts-service\n" +
"allow jcr:read on /asd/public\n" +
- "end\n" +
- "set ACL for acs-commons-dispatcher-flush-service\n" +
- "allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" +
- "end\n" +
- "set ACL for acs-commons-ensure-oak-index-service\n" +
- "allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public restriction(*/oak:index/*)\n" +
"end\n";
String actual = repoinitExtension.getText();
assertEquals(expected, actual);