You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by GitBox <gi...@apache.org> on 2021/01/13 15:20:35 UTC

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls opened a new pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

karlpauls opened a new pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50


   …lationException


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556663465



##########
File path: src/test/resources/org/apache/sling/feature/cpconverter/accesscontrol/asd/not/.content.xml
##########
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with this
+ work for additional information regarding copyright ownership. The ASF
+ licenses this file to You under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations under
+ the License.
+-->
+<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
+          jcr:mixinTypes="[rep:AccessControllable]"

Review comment:
       makes sense - I'll add a second type




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] anchela commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

anchela commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556615483



##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/MixinParser.java
##########
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.accesscontrol;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+
+final class MixinParser extends AbstractJcrNodeParser<String> {
+
+    private String detectedPrimaryType;

Review comment:
       detectedPrimaryType field is not used as far as i saw..... copy-paste-leftover?

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -31,18 +31,9 @@
 import javax.jcr.NamespaceException;
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.Formatter;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;

Review comment:
       are * imports ok in sling?

##########
File path: src/test/resources/org/apache/sling/feature/cpconverter/accesscontrol/asd/not/.content.xml
##########
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with this
+ work for additional information regarding copyright ownership. The ASF
+ licenses this file to You under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations under
+ the License.
+-->
+<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
+          jcr:mixinTypes="[rep:AccessControllable]"
+          jcr:primaryType="any:Type"/>

Review comment:
       there is no namespace defined for any prefix... it might not fail the test now but might cause odd exceptions a some point in the future. i would suggest to use an existing node type name... nt:unstructured or some sling node type.

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/MixinParser.java
##########
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.accesscontrol;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+
+final class MixinParser extends AbstractJcrNodeParser<String> {
+
+    private String detectedPrimaryType;
+    private String mixins;
+
+    public MixinParser(@NotNull String primaryType) {

Review comment:
       why does that constructor need a primary type? that looks a bit confusing.

##########
File path: src/test/resources/org/apache/sling/feature/cpconverter/accesscontrol/asd/not/.content.xml
##########
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with this
+ work for additional information regarding copyright ownership. The ASF
+ licenses this file to You under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations under
+ the License.
+-->
+<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
+          jcr:mixinTypes="[rep:AccessControllable]"

Review comment:
       i would suggest to add a second mixin types here (or create a separate test with multiple mixins) to verify that it's handled properly.... for example mix:referenceable or mix:title or mix:created. namespace for mix is <mix='http://www.jcp.org/jcr/mix/1.0'>)

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -164,49 +166,43 @@ public void reset() {
         privilegeDefinitions = null;
     }
 
-    private void addPaths(@NotNull List<AccessControlEntry> authorizations, @NotNull List<VaultPackageAssembler> packageAssemblers, @NotNull Formatter formatter) {
-        if (authorizations.isEmpty()) {
-            return;
-        }
-
-        Set<RepoPath> paths = new TreeSet<>();
-        for (AccessControlEntry authorization : authorizations) {
-            RepoPath rp = authorization.getRepositoryPath();
-            // exclude special paths: user/group home nodes and subtrees therein, repository-level marker path
-            if (!(rp.isRepositoryPath())) {
-                addPath(authorization.getRepositoryPath(), paths);
-            }
-        }
-
-        for (RepoPath path : paths) {
-            String type = computePathType(path, packageAssemblers);
-
-            formatter.format("create path (%s) %s%n", type, path);
-        }
-    }
-
-	private static @NotNull String computePathType(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
+    private static @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
         path = new RepoPath(PlatformNameFormat.getPlatformPath(path.toString()));
 
-        for (VaultPackageAssembler packageAssembler: packageAssemblers) {
-            File currentDir = packageAssembler.getEntry(path.toString());
-
-            if (currentDir.exists()) {
-                File currentContent = new File(currentDir, CONTENT_XML_FILE_NAME);
-                if (currentContent.exists()) {
-                    try (FileInputStream input = new FileInputStream(currentContent)) {
-                        return new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+        boolean type = false;
+        String current = "";
+        for (String part : path.toString().substring(1).split("/")) {
+            current += current.isEmpty() ? part : "/" + part;
+            for (VaultPackageAssembler packageAssembler : packageAssemblers) {
+                File currentContent = packageAssembler.getEntry(current + "/" + CONTENT_XML_FILE_NAME);
+                if (currentContent.isFile()) {
+                    String primary;
+                    String mixin;
+                    try (FileInputStream input = new FileInputStream(currentContent);
+                        FileInputStream input2 = new FileInputStream(currentContent)) {
+                        primary = new PrimaryTypeParser(DEFAULT_TYPE).parse(input);

Review comment:
       no sure about the usage of DEFAULT_TYPE.... IMO there should be no default used.... maybe changing the constructor to not take any primary type name?

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -164,49 +166,43 @@ public void reset() {
         privilegeDefinitions = null;
     }
 
-    private void addPaths(@NotNull List<AccessControlEntry> authorizations, @NotNull List<VaultPackageAssembler> packageAssemblers, @NotNull Formatter formatter) {
-        if (authorizations.isEmpty()) {
-            return;
-        }
-
-        Set<RepoPath> paths = new TreeSet<>();
-        for (AccessControlEntry authorization : authorizations) {
-            RepoPath rp = authorization.getRepositoryPath();
-            // exclude special paths: user/group home nodes and subtrees therein, repository-level marker path
-            if (!(rp.isRepositoryPath())) {
-                addPath(authorization.getRepositoryPath(), paths);
-            }
-        }
-
-        for (RepoPath path : paths) {
-            String type = computePathType(path, packageAssemblers);
-
-            formatter.format("create path (%s) %s%n", type, path);
-        }
-    }
-
-	private static @NotNull String computePathType(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
+    private static @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
         path = new RepoPath(PlatformNameFormat.getPlatformPath(path.toString()));
 
-        for (VaultPackageAssembler packageAssembler: packageAssemblers) {
-            File currentDir = packageAssembler.getEntry(path.toString());
-
-            if (currentDir.exists()) {
-                File currentContent = new File(currentDir, CONTENT_XML_FILE_NAME);
-                if (currentContent.exists()) {
-                    try (FileInputStream input = new FileInputStream(currentContent)) {
-                        return new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+        boolean type = false;
+        String current = "";
+        for (String part : path.toString().substring(1).split("/")) {
+            current += current.isEmpty() ? part : "/" + part;
+            for (VaultPackageAssembler packageAssembler : packageAssemblers) {
+                File currentContent = packageAssembler.getEntry(current + "/" + CONTENT_XML_FILE_NAME);
+                if (currentContent.isFile()) {
+                    String primary;
+                    String mixin;
+                    try (FileInputStream input = new FileInputStream(currentContent);
+                        FileInputStream input2 = new FileInputStream(currentContent)) {
+                        primary = new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+                        mixin = new MixinParser(DEFAULT_TYPE).parse(input2);

Review comment:
       same here... no sure why a default type is needed




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls merged pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls merged pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556661971



##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -31,18 +31,9 @@
 import javax.jcr.NamespaceException;
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.Formatter;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;

Review comment:
       IDEs - what can you do :-)




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] sonarcloud[bot] removed a comment on pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

sonarcloud[bot] removed a comment on pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#issuecomment-759553032


   Kudos, SonarCloud Quality Gate passed!
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug.png' alt='Bug' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability.png' alt='Vulnerability' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot.png' alt='Security Hotspot' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell.png' alt='Code Smell' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL)
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60.png' alt='89.2%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list) [89.2% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3.png' alt='0.0%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list)
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] sonarcloud[bot] commented on pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

sonarcloud[bot] commented on pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#issuecomment-759553032


   Kudos, SonarCloud Quality Gate passed!
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug.png' alt='Bug' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability.png' alt='Vulnerability' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot.png' alt='Security Hotspot' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell.png' alt='Code Smell' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL)
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60.png' alt='89.2%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list) [89.2% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3.png' alt='0.0%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list)
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556661659



##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/MixinParser.java
##########
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.accesscontrol;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+
+final class MixinParser extends AbstractJcrNodeParser<String> {
+
+    private String detectedPrimaryType;
+    private String mixins;
+
+    public MixinParser(@NotNull String primaryType) {

Review comment:
       I agree

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/MixinParser.java
##########
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.accesscontrol;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+
+final class MixinParser extends AbstractJcrNodeParser<String> {
+
+    private String detectedPrimaryType;

Review comment:
       yup




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556662870



##########
File path: src/test/resources/org/apache/sling/feature/cpconverter/accesscontrol/asd/not/.content.xml
##########
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with this
+ work for additional information regarding copyright ownership. The ASF
+ licenses this file to You under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations under
+ the License.
+-->
+<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
+          jcr:mixinTypes="[rep:AccessControllable]"
+          jcr:primaryType="any:Type"/>

Review comment:
       I wanted to underline that we don't check but I agree that is confusing - I'll use  nt:unstructured

##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -164,49 +166,43 @@ public void reset() {
         privilegeDefinitions = null;
     }
 
-    private void addPaths(@NotNull List<AccessControlEntry> authorizations, @NotNull List<VaultPackageAssembler> packageAssemblers, @NotNull Formatter formatter) {
-        if (authorizations.isEmpty()) {
-            return;
-        }
-
-        Set<RepoPath> paths = new TreeSet<>();
-        for (AccessControlEntry authorization : authorizations) {
-            RepoPath rp = authorization.getRepositoryPath();
-            // exclude special paths: user/group home nodes and subtrees therein, repository-level marker path
-            if (!(rp.isRepositoryPath())) {
-                addPath(authorization.getRepositoryPath(), paths);
-            }
-        }
-
-        for (RepoPath path : paths) {
-            String type = computePathType(path, packageAssemblers);
-
-            formatter.format("create path (%s) %s%n", type, path);
-        }
-    }
-
-	private static @NotNull String computePathType(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
+    private static @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
         path = new RepoPath(PlatformNameFormat.getPlatformPath(path.toString()));
 
-        for (VaultPackageAssembler packageAssembler: packageAssemblers) {
-            File currentDir = packageAssembler.getEntry(path.toString());
-
-            if (currentDir.exists()) {
-                File currentContent = new File(currentDir, CONTENT_XML_FILE_NAME);
-                if (currentContent.exists()) {
-                    try (FileInputStream input = new FileInputStream(currentContent)) {
-                        return new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+        boolean type = false;
+        String current = "";
+        for (String part : path.toString().substring(1).split("/")) {
+            current += current.isEmpty() ? part : "/" + part;
+            for (VaultPackageAssembler packageAssembler : packageAssemblers) {
+                File currentContent = packageAssembler.getEntry(current + "/" + CONTENT_XML_FILE_NAME);
+                if (currentContent.isFile()) {
+                    String primary;
+                    String mixin;
+                    try (FileInputStream input = new FileInputStream(currentContent);
+                        FileInputStream input2 = new FileInputStream(currentContent)) {
+                        primary = new PrimaryTypeParser(DEFAULT_TYPE).parse(input);

Review comment:
       yup




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] sonarcloud[bot] commented on pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

sonarcloud[bot] commented on pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#issuecomment-759553989


   Kudos, SonarCloud Quality Gate passed!
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug.png' alt='Bug' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=BUG)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability.png' alt='Vulnerability' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=VULNERABILITY)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot.png' alt='Security Hotspot' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=SECURITY_HOTSPOT)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell.png' alt='Code Smell' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&resolved=false&types=CODE_SMELL)
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90.png' alt='91.2%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list) [91.2% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_coverage&view=list)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3.png' alt='0.0%' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter&pullRequest=50&metric=new_duplicated_lines_density&view=list)
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] anchela commented on pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

anchela commented on pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#issuecomment-759583293


   lgtm


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [sling-org-apache-sling-feature-cpconverter] karlpauls commented on a change in pull request #50: SLING-9962: DefaultAclManager#addPaths prone to causing ConstraintVio…

Posted by GitBox <gi...@apache.org>.

karlpauls commented on a change in pull request #50:
URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/50#discussion_r556663200



##########
File path: src/main/java/org/apache/sling/feature/cpconverter/accesscontrol/DefaultAclManager.java
##########
@@ -164,49 +166,43 @@ public void reset() {
         privilegeDefinitions = null;
     }
 
-    private void addPaths(@NotNull List<AccessControlEntry> authorizations, @NotNull List<VaultPackageAssembler> packageAssemblers, @NotNull Formatter formatter) {
-        if (authorizations.isEmpty()) {
-            return;
-        }
-
-        Set<RepoPath> paths = new TreeSet<>();
-        for (AccessControlEntry authorization : authorizations) {
-            RepoPath rp = authorization.getRepositoryPath();
-            // exclude special paths: user/group home nodes and subtrees therein, repository-level marker path
-            if (!(rp.isRepositoryPath())) {
-                addPath(authorization.getRepositoryPath(), paths);
-            }
-        }
-
-        for (RepoPath path : paths) {
-            String type = computePathType(path, packageAssemblers);
-
-            formatter.format("create path (%s) %s%n", type, path);
-        }
-    }
-
-	private static @NotNull String computePathType(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
+    private static @Nullable String computePathWithTypes(@NotNull RepoPath path, @NotNull List<VaultPackageAssembler> packageAssemblers) {
         path = new RepoPath(PlatformNameFormat.getPlatformPath(path.toString()));
 
-        for (VaultPackageAssembler packageAssembler: packageAssemblers) {
-            File currentDir = packageAssembler.getEntry(path.toString());
-
-            if (currentDir.exists()) {
-                File currentContent = new File(currentDir, CONTENT_XML_FILE_NAME);
-                if (currentContent.exists()) {
-                    try (FileInputStream input = new FileInputStream(currentContent)) {
-                        return new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+        boolean type = false;
+        String current = "";
+        for (String part : path.toString().substring(1).split("/")) {
+            current += current.isEmpty() ? part : "/" + part;
+            for (VaultPackageAssembler packageAssembler : packageAssemblers) {
+                File currentContent = packageAssembler.getEntry(current + "/" + CONTENT_XML_FILE_NAME);
+                if (currentContent.isFile()) {
+                    String primary;
+                    String mixin;
+                    try (FileInputStream input = new FileInputStream(currentContent);
+                        FileInputStream input2 = new FileInputStream(currentContent)) {
+                        primary = new PrimaryTypeParser(DEFAULT_TYPE).parse(input);
+                        mixin = new MixinParser(DEFAULT_TYPE).parse(input2);

Review comment:
       I'll add an empty constructor




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org