src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPrincipalPolicyEntryHandlerTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with this
 * work for additional information regarding copyright ownership. The ASF
 * licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.sling.feature.cpconverter.handlers;

import org.apache.sling.feature.Extension;
import org.apache.sling.feature.cpconverter.accesscontrol.AclManager;
import org.apache.sling.feature.cpconverter.accesscontrol.DefaultAclManager;
import org.apache.sling.feature.cpconverter.accesscontrol.SystemUser;
import org.apache.sling.feature.cpconverter.shared.RepoPath;
import org.apache.sling.repoinit.parser.RepoInitParser;
import org.apache.sling.repoinit.parser.impl.RepoInitParserService;
import org.apache.sling.repoinit.parser.operations.Operation;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.StringReader;
import java.util.List;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

public final class RepPrincipalPolicyEntryHandlerTest {

    private RepPrincipalPolicyEntryHandler handler;

    @Before
    public void setUp() {
        handler = new RepPrincipalPolicyEntryHandler();
    }

    @After
    public void tearDown() {
        handler = null;
    }

    @Test
    public void doesNotMatch() {
        assertFalse(handler.matches("/this/is/a/path/not/pointing/to/a/valid/_rep_principalPolicy.xml"));
        assertFalse(handler.matches("/home/users/system/asd-share-commons/asd-index-definition-reader/_rep_principalPolicy.xml"));
        assertFalse(handler.matches("/jcr_root/home/users/system/services/feature/random1/_rep_policy.xml"));
    }

    @Test
    public void matches() {
        assertTrue(handler.matches("/jcr_root/home/users/system/services/random1/_rep_principalPolicy.xml"));
    }

    @Test
    public void parseSimplePolicy() throws Exception {
        Extension repoinitExtension = parseAndSetRepoinit("service1", "random1").getRepoinitExtension();
        String expected =
                "create service user service1 with path /home/users/system/services" + System.lineSeparator() +
                "set principal ACL for service1\n" +
                "allow jcr:read,jcr:readAccessControl on /asd/public\n" +
                "end\n";

        String actual = repoinitExtension.getText();
        assertEquals(expected, actual);

        RepoInitParser repoInitParser = new RepoInitParserService();
        List<Operation> operations = repoInitParser.parse(new StringReader(actual));
        assertFalse(operations.isEmpty());
    }

    @Test
    public void parseMvRestrictions() throws Exception {
        Extension repoinitExtension = parseAndSetRepoinit("service2", "random2").getRepoinitExtension();
        String expected =
                "create service user service2 with path /home/users/system/services" + System.lineSeparator() +
                        "set principal ACL for service2\n" +
                        "allow jcr:read on /asd/public restriction(rep:ntNames,nt:folder,sling:Folder)\n" +
                        "end\n";

        String actual = repoinitExtension.getText();
        assertEquals(expected, actual);

        RepoInitParser repoInitParser = new RepoInitParserService();
        List<Operation> operations = repoInitParser.parse(new StringReader(actual));
        assertFalse(operations.isEmpty());
    }

    @Test(expected = IllegalStateException.class)
    public void parsePolicyInSubtree() throws Exception {
        parseAndSetRepoinit("service3", "random3");
    }

    @Test
    public void parseOtherUserHomeMissing() throws Exception {
        SystemUser systemUser4 = createSystemUser("service4", "random4");

        Extension repoinitExtension = parseAndSetRepoinit(getPolicyPath(systemUser4), systemUser4).getRepoinitExtension();
        String expected =
                "create service user service4 with path /home/users/system/services" + System.lineSeparator() +
                "set principal ACL for service4" + System.lineSeparator() +
                // since service3 is not known to the AclManager it treats the effective path as a regular node.
                "allow jcr:read,rep:userManagement on /home/users/system/services/random3" + System.lineSeparator() +
                "end"+ System.lineSeparator();

        String actual = repoinitExtension.getText();
        assertEquals(expected, actual);

        RepoInitParser repoInitParser = new RepoInitParserService();
        List<Operation> operations = repoInitParser.parse(new StringReader(actual));
        assertFalse(operations.isEmpty());
    }

    @Test
    public void parseOtherUserHome() throws Exception {
        SystemUser systemUser3 = createSystemUser("service3", "random3");
        SystemUser systemUser4 = createSystemUser("service4", "random4");

        Extension repoinitExtension = parseAndSetRepoinit(getPolicyPath(systemUser4), systemUser4, systemUser3).getRepoinitExtension();
        String expected =
                "create service user service4 with path /home/users/system/services" + System.lineSeparator() +
                "create service user service3 with path /home/users/system/services" + System.lineSeparator() +
                "set principal ACL for service4" + System.lineSeparator() +
                "allow jcr:read,rep:userManagement on home(service3)" + System.lineSeparator() +
                "end"+ System.lineSeparator();

        String actual = repoinitExtension.getText();
        assertEquals(expected, actual);

        RepoInitParser repoInitParser = new RepoInitParserService();
        List<Operation> operations = repoInitParser.parse(new StringReader(actual));
        assertFalse(operations.isEmpty());
    }

    @NotNull
    private static SystemUser createSystemUser(@NotNull String systemUsersName, @NotNull String nodeName) {
        RepoPath repoPath = new RepoPath("/home/users/system/services/"+nodeName);
        return new SystemUser(systemUsersName, repoPath, new RepoPath("/home/users/system/services"));
    }

    @NotNull
    private static String getPolicyPath(@NotNull SystemUser systemUser) {
        return "/jcr_root"+systemUser.getPath().toString() + "/_rep_principalPolicy.xml";
    }

    private ParseResult parseAndSetRepoinit(@NotNull String systemUsersName, @NotNull String nodeName) throws Exception {
        SystemUser systemUser = createSystemUser(systemUsersName, nodeName);

        return parseAndSetRepoinit(getPolicyPath(systemUser), systemUser);
    }

    private ParseResult parseAndSetRepoinit(@NotNull String path, @NotNull SystemUser... systemUsers) throws Exception {
        AclManager aclManager = new DefaultAclManager();
        for (SystemUser systemUser : systemUsers) {
            aclManager.addSystemUser(systemUser);
        }

        InputStream is = getClass().getResourceAsStream(path.substring(1));
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        return new ParseResult(TestUtils.createRepoInitExtension(handler, aclManager, path, is, baos), new String(baos.toByteArray()));
    }

}