jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tri...@apache.org
Subject svn commit: r1866426 - in /jackrabbit/commons/filevault/trunk/vault-core: ./ src/main/java/org/apache/jackrabbit/vault/fs/impl/io/ src/main/java/org/apache/jackrabbit/vault/fs/io/ src/test/java/org/apache/jackrabbit/vault/packaging/integration/ src/tes...
Date Thu, 05 Sep 2019 00:18:11 GMT
Author: tripod
Date: Thu Sep  5 00:18:11 2019
New Revision: 1866426

URL: http://svn.apache.org/viewvc?rev=1866426&view=rev
Log:
JCRVLT-359 Provide separate option to control handling of rep:cugPolicy nodes (closes #56)

Added:
    jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestCugHandling.java
    jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-1.zip
    jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-2.zip
Modified:
    jackrabbit/commons/filevault/trunk/vault-core/pom.xml
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/AbstractArtifactHandler.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/FileArtifactHandler.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/GenericArtifactHandler.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/ImportOptions.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java

Modified: jackrabbit/commons/filevault/trunk/vault-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/pom.xml?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/pom.xml (original)
+++ jackrabbit/commons/filevault/trunk/vault-core/pom.xml Thu Sep  5 00:18:11 2019
@@ -266,6 +266,12 @@
             <scope>test</scope>
         </dependency>
         <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>oak-authorization-cug</artifactId>
+            <version>1.16.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
             <groupId>org.xmlunit</groupId>
             <artifactId>xmlunit-core</artifactId>
             <version>2.6.0</version>

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/AbstractArtifactHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/AbstractArtifactHandler.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/AbstractArtifactHandler.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/AbstractArtifactHandler.java
Thu Sep  5 00:18:11 2019
@@ -48,6 +48,13 @@ public abstract class AbstractArtifactHa
     protected AccessControlHandling acHandling = AccessControlHandling.OVERWRITE;
 
     /**
+     * Closed user group (CUG) handling. <code>null</code> indicates that
+     * the handling is governed by acHandling values.
+     * todo: would be better to pass via some kind of import context
+     */
+    protected AccessControlHandling cugHandling = null;
+
+    /**
      * acl management
      */
     private ACLManagement aclManagement;
@@ -69,6 +76,24 @@ public abstract class AbstractArtifactHa
     }
 
     /**
+     * Returns closed user group (CUG) handling defined for this handler
+     * @return the access control handling.
+     */
+    public AccessControlHandling getCugHandling() {
+        return cugHandling;
+    }
+
+    /**
+     * Sets closed user group (CUG) handling used for importing.
+     * @param cugHandling the access control handling
+     *                    When <code>null</code> value is specified
+     *                    CUG handling is controled by acHandling value.
+     */
+    public void setCugHandling(AccessControlHandling cugHandling) {
+        this.cugHandling = cugHandling;
+    }
+
+    /**
      * Returns the ACL management
      * @return the ACL management
      */

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
Thu Sep  5 00:18:11 2019
@@ -29,6 +29,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 
+import javax.annotation.Nonnull;
 import javax.jcr.ImportUUIDBehavior;
 import javax.jcr.Item;
 import javax.jcr.ItemNotFoundException;
@@ -222,6 +223,12 @@ public class DocViewSAXImporter extends
     private AccessControlHandling aclHandling = AccessControlHandling.IGNORE;
 
     /**
+     * Closed user group handling to apply by default (when set to <code>null</code>)
+     * falls back to using aclHandling
+     */
+    private AccessControlHandling cugHandling = null;
+
+    /**
      * flag indicating if SNS are supported by the underlying repository
      */
     private final boolean snsSupported;
@@ -281,6 +288,25 @@ public class DocViewSAXImporter extends
         this.aclHandling = aclHandling;
     }
 
+    /**
+     * returns closed user group handling
+     * @return either current cugHandling value or <code>null</code>
+     * if undefined and aclHandling is used instead
+     */
+    public AccessControlHandling getCugHandling() {
+        return cugHandling;
+    }
+
+    /**
+     * Sets closed user group handling for this importer
+     * For backwards compatibility, if <code>null</code> is specified
+     * then importer falls back to using aclHandling value instead.
+     * @param cugHandling
+     */
+    public void setCugHandling(AccessControlHandling cugHandling) {
+        this.cugHandling = cugHandling;
+    }
+
     private void registerBinary(Artifact a, String rootPath)
             throws RepositoryException {
         String path = rootPath + a.getRelativePath();
@@ -626,9 +652,10 @@ public class DocViewSAXImporter extends
                     stack = stack.push();
                 } else {
                     try {
+                        AccessControlHandling acHandling = getAcHandling(label);
                         DocViewNode ni = new DocViewNode(name, label, attributes, npResolver);
                         if (aclManagement.isACLNodeType(ni.primary)) {
-                            if (aclHandling != AccessControlHandling.CLEAR && aclHandling
!= AccessControlHandling.IGNORE) {
+                            if (acHandling != AccessControlHandling.CLEAR && acHandling
!= AccessControlHandling.IGNORE) {
                                 log.trace("Access control policy element detected. starting
special transformation {}/{}", node.getPath(), name);
                                 if (aclManagement.ensureAccessControllable(node, ni.primary))
{
                                     log.debug("Adding access control policy element to non
access-controllable parent - adding mixin: {}", node.getPath());
@@ -636,13 +663,13 @@ public class DocViewSAXImporter extends
                                 stack = stack.push();
                                 if ("rep:repoPolicy".equals(name)) {
                                     if (node.getDepth() == 0) {
-                                        stack.adapter = new JackrabbitACLImporter(session,
aclHandling);
+                                        stack.adapter = new JackrabbitACLImporter(session,
acHandling);
                                         stack.adapter.startNode(ni);
                                     } else {
                                         log.debug("ignoring invalid location for repository
level ACL: {}", node.getPath());
                                     }
                                 } else {
-                                    stack.adapter = new JackrabbitACLImporter(node, aclHandling);
+                                    stack.adapter = new JackrabbitACLImporter(node, acHandling);
                                     stack.adapter.startNode(ni);
                                 }
                             } else {
@@ -903,11 +930,12 @@ public class DocViewSAXImporter extends
             // adjust mixins
             Set<String> newMixins = new HashSet<String>();
             boolean isAtomicCounter = false;
+            AccessControlHandling acHandling = getAcHandling(ni.name);
             if (ni.mixins != null) {
                 for (String mixin : ni.mixins) {
                     // omit name if mix:AccessControllable and CLEAR
                     if (!aclManagement.isAccessControllableMixin(mixin)
-                            || aclHandling != AccessControlHandling.CLEAR) {
+                            || acHandling != AccessControlHandling.CLEAR) {
                         newMixins.add(mixin);
 
                         if ("mix:atomicCounter".equals(mixin)) {
@@ -922,8 +950,8 @@ public class DocViewSAXImporter extends
                 if (!newMixins.remove(name)) {
                     // special check for mix:AccessControllable
                     if (!aclManagement.isAccessControllableMixin(name)
-                            || aclHandling == AccessControlHandling.CLEAR
-                            || aclHandling == AccessControlHandling.OVERWRITE) {
+                            || acHandling == AccessControlHandling.CLEAR
+                            || acHandling == AccessControlHandling.OVERWRITE) {
                         vs.ensureCheckedOut();
                         node.removeMixin(name);
                         modified = true;
@@ -1172,14 +1200,15 @@ public class DocViewSAXImporter extends
                     Node child = iter.nextNode();
                     String path = child.getPath();
                     String label = Text.getName(path);
+                    AccessControlHandling acHandling = getAcHandling(child.getName());
                     if (!childNames.contains(label)
                             && !hints.contains(path)
                             && isIncluded(child, child.getDepth() - rootDepth)) {
                         // if the child is in the filter, it belongs to
                         // this aggregate and needs to be removed
                         if (aclManagement.isACLNode(child)) {
-                            if (aclHandling == AccessControlHandling.OVERWRITE
-                                    || aclHandling == AccessControlHandling.CLEAR) {
+                            if (acHandling == AccessControlHandling.OVERWRITE
+                                    || acHandling == AccessControlHandling.CLEAR) {
                                 importInfo.onDeleted(path);
                                 aclManagement.clearACL(node);
                             }
@@ -1196,7 +1225,7 @@ public class DocViewSAXImporter extends
                                 }
                             }
                         }
-                    } else if (aclHandling == AccessControlHandling.CLEAR
+                    } else if (acHandling == AccessControlHandling.CLEAR
                             && aclManagement.isACLNode(child)
                             && isIncluded(child, child.getDepth() - rootDepth)) {
                         importInfo.onDeleted(path);
@@ -1239,6 +1268,22 @@ public class DocViewSAXImporter extends
         }
     }
 
+    /**
+     * Returns proper access control handling value based on the node
+     * name.
+     * @param nodeName name of the access control node
+     * @return cugHandling for CUG related nodes, aclHandling for
+     * everything else
+     */
+    @Nonnull
+    private AccessControlHandling getAcHandling(@Nonnull String nodeName) {
+        if (cugHandling != null && "rep:cugPolicy".equals(nodeName)) {
+            return cugHandling;
+        } else {
+            return aclHandling;
+        }
+    }
+
     /**
      * Helper class that stores information about attachments
      */

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/FileArtifactHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/FileArtifactHandler.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/FileArtifactHandler.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/FileArtifactHandler.java
Thu Sep  5 00:18:11 2019
@@ -227,6 +227,7 @@ public class FileArtifactHandler extends
                         try {
                             DocViewSAXImporter handler = new DocViewSAXImporter(newParent,
newName, newSet, wspFilter);
                             handler.setAclHandling(getAcHandling());
+                            handler.setCugHandling(getCugHandling());
                             SAXParserFactory factory = SAXParserFactory.newInstance();
                             factory.setNamespaceAware(true);
                             factory.setFeature("http://xml.org/sax/features/namespace-prefixes",
false);
@@ -325,6 +326,7 @@ public class FileArtifactHandler extends
         }
         DocViewSAXImporter handler = new DocViewSAXImporter(parent, rootName, artifacts,
wspFilter);
         handler.setAclHandling(getAcHandling());
+        handler.setCugHandling(getCugHandling());
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
             factory.setNamespaceAware(true);

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/GenericArtifactHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/GenericArtifactHandler.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/GenericArtifactHandler.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/GenericArtifactHandler.java
Thu Sep  5 00:18:11 2019
@@ -92,6 +92,7 @@ public class GenericArtifactHandler exte
             try {
                 DocViewSAXImporter handler = new DocViewSAXImporter(parent, name, artifacts,
wspFilter);
                 handler.setAclHandling(getAcHandling());
+                handler.setCugHandling(getCugHandling());
                 SAXParserFactory factory = SAXParserFactory.newInstance();
                 factory.setNamespaceAware(true);
                 factory.setFeature("http://xml.org/sax/features/namespace-prefixes", false);

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/ImportOptions.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/ImportOptions.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/ImportOptions.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/ImportOptions.java
Thu Sep  5 00:18:11 2019
@@ -51,6 +51,8 @@ public class ImportOptions {
 
     private AccessControlHandling acHandling = null;
 
+    private AccessControlHandling cugHandling = null;
+
     private ImportMode importMode;
 
     private Pattern cndPattern = Pattern.compile("^/(apps|libs)/([^/]+/){1,2}nodetypes/.+\\.cnd$");
@@ -86,6 +88,7 @@ public class ImportOptions {
             dryRun = base.dryRun;
             autoSave = base.autoSave;
             acHandling = base.acHandling;
+            cugHandling = base.cugHandling;
             importMode = base.importMode;
             cndPattern = base.cndPattern;
             filter = base.filter;
@@ -110,6 +113,7 @@ public class ImportOptions {
         ret.dryRun = dryRun;
         ret.autoSave = autoSave;
         ret.acHandling = acHandling;
+        ret.cugHandling = cugHandling;
         ret.importMode = importMode;
         ret.cndPattern = cndPattern;
         ret.filter = filter;
@@ -220,6 +224,24 @@ public class ImportOptions {
     }
 
     /**
+     * Returns closed user group handling.
+     * @return CUG handling value. <code>null</code> value indicates that CUG
+     * handling is controlled by acHandling value which maintains backwards compatibility.
+     */
+    public AccessControlHandling getCugHandling() {
+        return cugHandling;
+    }
+
+    /**
+     * Sets closed user group handling. For backwards compatibility, when cugHandling is
set to
+     * null <code>null</code> then acHandling is used is used to control handling
of CUG nodes.
+     * @param cugHandling the CUG handling.
+     */
+    public void setCugHandling(AccessControlHandling cugHandling) {
+        this.cugHandling = cugHandling;
+    }
+
+    /**
      * Defines the package installation should recursively install sub packages. Note that
if this flag is enabled,
      * the {@link org.apache.jackrabbit.vault.packaging.SubPackageHandling} configuration
has no effect, as sub packages
      * are not evaluated at all.

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java?rev=1866426&r1=1866425&r2=1866426&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java
Thu Sep  5 00:18:11 2019
@@ -372,8 +372,11 @@ public class Importer {
             opts.setAccessControlHandling(AccessControlHandling.IGNORE);
         }
         fileHandler.setAcHandling(opts.getAccessControlHandling());
+        fileHandler.setCugHandling(opts.getCugHandling());
         genericHandler.setAcHandling(opts.getAccessControlHandling());
+        genericHandler.setCugHandling(opts.getCugHandling());
         folderHandler.setAcHandling(opts.getAccessControlHandling());
+        folderHandler.setCugHandling(opts.getCugHandling());
 
         filter = opts.getFilter();
         if (filter == null) {
@@ -415,6 +418,7 @@ public class Importer {
         }
 
         log.debug("Access control handling set to {}", opts.getAccessControlHandling());
+        log.debug("CUG handling set to {}", opts.getCugHandling());
         if (opts.isDryRun()) {
             track("Dry Run: Skipping node types installation (might lead to errors).", "");
             track("Simulating content import...", "");
@@ -870,6 +874,8 @@ public class Importer {
                 Node node = session.getNode(info.path);
                 imp = new ImportInfoImpl();
                 if (aclManagement.isACLNode(node)) {
+                    // Judging from isACLNode behavior, this part only applies
+                    // to "rep:Policy" nodes so no need for special handling of CUG case.
                     if (opts.getAccessControlHandling() == AccessControlHandling.OVERWRITE
                             || opts.getAccessControlHandling() == AccessControlHandling.CLEAR)
{
                         imp.onDeleted(info.path);

Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestCugHandling.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestCugHandling.java?rev=1866426&view=auto
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestCugHandling.java
(added)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestCugHandling.java
Thu Sep  5 00:18:11 2019
@@ -0,0 +1,290 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jackrabbit.vault.packaging.integration;
+
+import org.apache.jackrabbit.api.JackrabbitRepository;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.jcr.Jcr;
+import org.apache.jackrabbit.oak.query.QueryEngineSettings;
+import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
+import org.apache.jackrabbit.oak.security.internal.SecurityProviderHelper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.vault.fs.io.AccessControlHandling;
+import org.apache.jackrabbit.vault.fs.io.Archive;
+import org.apache.jackrabbit.vault.fs.io.FileArchive;
+import org.apache.jackrabbit.vault.fs.io.ImportOptions;
+import org.apache.jackrabbit.vault.fs.io.ZipArchive;
+import org.apache.jackrabbit.vault.packaging.PackageException;
+import org.apache.jackrabbit.vault.packaging.VaultPackage;
+import org.apache.jackrabbit.vault.packaging.impl.ZipVaultPackage;
+
+import javax.jcr.Node;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Value;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.apache.jackrabbit.vault.fs.io.AccessControlHandling.IGNORE;
+import static org.apache.jackrabbit.vault.fs.io.AccessControlHandling.MERGE;
+import static org.apache.jackrabbit.vault.fs.io.AccessControlHandling.OVERWRITE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public final class TestCugHandling {
+
+    private static final String TEST_ROOT = "/testroot";
+
+    /**
+     * contains cugPolicy with rep:principalNames=[principal-1,principal-2]
+     */
+    private static final String CUG_PACKAGE_1 = "testpackages/cug-test-1.zip";
+
+    /**
+     * contains cugPolicy with rep:principalNames=[principal-2,principal-3]
+     */
+    private static final String CUG_PACKAGE_2 = "testpackages/cug-test-2.zip";
+
+    private Repository repository;
+
+    private Session adminSession;
+
+    /**
+     * When cugHandling is set to IGNORE, rep:cugPolicy node should not be created.
+     */
+    @Test
+    public void testCugIgnore() throws Exception {
+       extractVaultPackage(CUG_PACKAGE_1, IGNORE);
+       Node testRoot = adminSession.getNode(TEST_ROOT);
+       assertNodeExists(testRoot, "node_with_cug");
+       Node nodeWithCug = testRoot.getNode("node_with_cug");
+       assertProperty(nodeWithCug, "jcr:mixinTypes", asSet("rep:CugMixin"));
+       assertNodeMissing(nodeWithCug, "rep:cugPolicy");
+    }
+
+    /**
+     * When cugHandling is set to MERGE, existing principals should be combined with installed
principals
+     */
+    @Test
+    public void testCugMerge() throws Exception {
+        extractVaultPackage(CUG_PACKAGE_2, OVERWRITE);
+        extractVaultPackage(CUG_PACKAGE_1, MERGE);
+        Node testRoot = adminSession.getNode(TEST_ROOT);
+        assertNodeExists(testRoot, "node_with_cug");
+        Node nodeWithCug = testRoot.getNode("node_with_cug");
+        assertProperty(nodeWithCug, "jcr:mixinTypes", asSet("rep:CugMixin"));
+        assertNodeExists(nodeWithCug, "rep:cugPolicy");
+        Node cugNode = nodeWithCug.getNode("rep:cugPolicy");
+        assertProperty(cugNode, "jcr:primaryType", "rep:CugPolicy");
+        assertProperty(cugNode,"rep:principalNames", asSet("principal-1", "principal-2",
"principal-3"));
+    }
+
+    /**
+     * When cugHandling is set to MERGE_PRESERVE, existing principals should be combined
with installed principals
+     * same behavior as with MERGE
+     */
+    @Test
+    public void testCugMergePreserve() throws Exception {
+        extractVaultPackage(CUG_PACKAGE_2, OVERWRITE);
+        extractVaultPackage(CUG_PACKAGE_1, AccessControlHandling.MERGE_PRESERVE);
+        Node testRoot = adminSession.getNode(TEST_ROOT);
+        assertNodeExists(testRoot, "node_with_cug");
+        Node nodeWithCug = testRoot.getNode("node_with_cug");
+        assertProperty(nodeWithCug, "jcr:mixinTypes", asSet("rep:CugMixin"));
+        assertNodeExists(nodeWithCug, "rep:cugPolicy");
+        Node cugNode = nodeWithCug.getNode("rep:cugPolicy");
+        assertProperty(cugNode, "jcr:primaryType", "rep:CugPolicy");
+        assertProperty(cugNode,"rep:principalNames", asSet("principal-1", "principal-2",
"principal-3"));
+    }
+
+    /**
+     * When cugHandling is set to OVERWRITE installed principals should completely owerwrite
existing ones.
+     */
+    @Test
+    public void testCugOverwrite() throws Exception {
+        extractVaultPackage(CUG_PACKAGE_1, OVERWRITE);
+        extractVaultPackage(CUG_PACKAGE_2, OVERWRITE);
+        Node testRoot = adminSession.getNode(TEST_ROOT);
+        assertNodeExists(testRoot, "node_with_cug");
+        Node nodeWithCug = testRoot.getNode("node_with_cug");
+        assertProperty(nodeWithCug, "jcr:mixinTypes", asSet("rep:CugMixin"));
+        assertNodeExists(nodeWithCug, "rep:cugPolicy");
+        Node cugNode = nodeWithCug.getNode("rep:cugPolicy");
+        assertProperty(cugNode, "jcr:primaryType", "rep:CugPolicy");
+        assertProperty(cugNode,"rep:principalNames", asSet("principal-2", "principal-3"));
+    }
+
+    /**
+     * When cugHandling is not set (or set to <code>null</code>), cugHandling
should be governed by aclHandling
+     */
+    @Test
+    public void testCugSameAsAclByDefault() throws Exception {
+        extractVaultPackage(CUG_PACKAGE_1, OVERWRITE);
+        ImportOptions opts = new ImportOptions();
+        opts.setAccessControlHandling(MERGE);
+        extractVaultPackage(CUG_PACKAGE_2, opts);
+        Node testRoot = adminSession.getNode(TEST_ROOT);
+        assertNodeExists(testRoot, "node_with_cug");
+        Node nodeWithCug = testRoot.getNode("node_with_cug");
+        assertProperty(nodeWithCug, "jcr:mixinTypes", asSet("rep:CugMixin"));
+        assertNodeExists(nodeWithCug, "rep:cugPolicy");
+        Node cugNode = nodeWithCug.getNode("rep:cugPolicy");
+        assertProperty(cugNode, "jcr:primaryType", "rep:CugPolicy");
+        assertProperty(cugNode,"rep:principalNames", asSet("principal-1", "principal-2",
"principal-3"));
+    }
+
+    //*********************************************
+    // Custom assertions
+    //*********************************************
+
+    private static void assertHasProperty(Node node, String propName) throws RepositoryException
{
+        if (!node.hasProperty(propName)) {
+            fail("Node [" + node.getPath() + "] doesn't have property [" + propName + "]");
+        }
+    }
+
+    private static void assertProperty(Node node, String propName, String value) throws RepositoryException
{
+        assertHasProperty(node, propName);
+        assertEquals(node.getPath() + "/" + propName + " should contain " + value, value,
node.getProperty(propName).getString());
+    }
+
+    public static void assertProperty(Node node, String name, Set<String> values) throws
RepositoryException {
+        Set<String> strings = new HashSet();
+        for (Value v: node.getProperty(name).getValues()) {
+            strings.add(v.getString());
+        }
+        assertEquals(node.getPath() + "/" + name + " should contain " + values, values, strings);
+    }
+
+    public static void assertNodeExists(Node parent, String relPath) throws RepositoryException
{
+        assertTrue(parent.getPath() + "/" + relPath + " should exist", parent.hasNode(relPath));
+    }
+
+    public static void assertNodeMissing(Node parent, String relPath) throws RepositoryException
{
+        assertFalse(parent.getPath() + "/" + relPath + " should not exist", parent.hasNode(relPath));
+    }
+    
+    //*********************************************
+    // Helpers
+    //*********************************************
+
+    private Archive getFileArchive(String name) {
+        final URL packageURL = getClass().getResource(name);
+        final String filename = packageURL.getFile();
+        final File file = new File(filename);
+        if (file.isDirectory()) {
+            return new FileArchive(file);
+        } else {
+            return new ZipArchive(file);
+        }
+    }
+
+    private void extractVaultPackage(String name, AccessControlHandling cugHandling) throws
PackageException, RepositoryException, IOException {
+        ImportOptions opts = new ImportOptions();
+        opts.setCugHandling(cugHandling);
+        extractVaultPackage(name, opts);
+    }
+
+    private void extractVaultPackage(String name, ImportOptions opts) throws PackageException,
RepositoryException, IOException {
+        VaultPackage pack = new ZipVaultPackage(getFileArchive(name), true);
+        pack.extract(adminSession, opts);
+    }
+
+    private static Set<String> asSet(String ... values) {
+        return new TreeSet<>(Arrays.asList(values));
+    }
+
+    //*********************************************
+    // setUp/tearDown
+    //*********************************************
+
+    @Before
+    public void setUp() throws Exception {
+        repository = createRepository();
+        adminSession = repository.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID,
UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
+        createUsers(adminSession);
+        adminSession.save();
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        try {
+            adminSession.refresh(false);
+            if (adminSession.nodeExists(TEST_ROOT)) {
+                adminSession.getNode(TEST_ROOT).remove();
+            }
+            adminSession.save();
+        } finally {
+            adminSession.logout();
+            if (repository instanceof JackrabbitRepository) {
+                ((JackrabbitRepository) repository).shutdown();
+            }
+            repository = null;
+        }
+    }
+
+    private static SecurityProvider createSecirityProvider() {
+        ConfigurationParameters params = ConfigurationParameters.of(
+                "cugSupportedPaths", TEST_ROOT,
+                "cugEnabled", true
+        );
+        CugConfiguration cugConfiguration = new CugConfiguration();
+        cugConfiguration.setParameters(params);
+        SecurityProvider result = SecurityProviderBuilder.newBuilder()
+                                                         .with(ConfigurationParameters.of(params))
+                                                         .build();
+        SecurityProviderHelper.updateConfig(result, cugConfiguration, AuthorizationConfiguration.class);
+        return result;
+    }
+
+    private static void createUsers(Session session) throws RepositoryException {
+        UserManager userManager = ((JackrabbitSession) session).getUserManager();
+        userManager.createUser("principal-1", "pwd-1");
+        userManager.createUser("principal-2", "pwd-2");
+        userManager.createUser("principal-3", "pwd-3");
+    }
+
+    private static Repository createRepository() {
+        SecurityProvider securityProvider = createSecirityProvider();
+        QueryEngineSettings queryEngineSettings = new QueryEngineSettings();
+        queryEngineSettings.setFailTraversal(true);
+        Jcr jcr = new Jcr();
+        jcr.with(securityProvider);
+        jcr.with(queryEngineSettings);
+        return jcr.createRepository();
+    }
+
+}

Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-1.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-1.zip?rev=1866426&view=auto
==============================================================================
Binary files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-1.zip
(added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-1.zip
Thu Sep  5 00:18:11 2019 differ

Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-2.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-2.zip?rev=1866426&view=auto
==============================================================================
Binary files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-2.zip
(added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/cug-test-2.zip
Thu Sep  5 00:18:11 2019 differ



Mime
View raw message