SLING-11160 : Repoinit does not allow to remove individual ACEs (rename ACL to ACE)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
index 8094f0a..c202f4e 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
@@ -34,9 +34,9 @@
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipals;
import org.apache.sling.repoinit.parser.operations.PathSegmentDefinition;
import org.apache.sling.repoinit.parser.operations.DeleteAclPaths;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPaths;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPrincipalBased;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPrincipals;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePaths;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipalBased;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipals;
import org.apache.sling.repoinit.parser.operations.RestrictionClause;
import org.apache.sling.repoinit.parser.operations.SetAclPaths;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased;
@@ -140,7 +140,7 @@
}
@Override
- public void visitRemoveAclPrincipal(RemoveAclPrincipals s) {
+ public void visitRemoveAcePrincipal(RemoveAcePrincipals s) {
final List<String> principals = s.getPrincipals();
for (AclLine line : s.getLines()) {
final List<String> paths = line.getProperty(PROP_PATHS);
@@ -153,7 +153,7 @@
}
@Override
- public void visitRemoveAclPaths(RemoveAclPaths s) {
+ public void visitRemoveAcePaths(RemoveAcePaths s) {
final List<String> paths = s.getPaths();
for (AclLine line : s.getLines()) {
try {
@@ -165,7 +165,7 @@
}
@Override
- public void visitRemoveAclPrincipalBased(RemoveAclPrincipalBased s) {
+ public void visitRemoveAcePrincipalBased(RemoveAcePrincipalBased s) {
for (String principalName : s.getPrincipals()) {
try {
log.info("Removing principal-based access control entries for {}", principalName);
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/DoNothingVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/DoNothingVisitor.java
index 0946455..9f254ca 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/DoNothingVisitor.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/DoNothingVisitor.java
@@ -34,9 +34,9 @@
import org.apache.sling.repoinit.parser.operations.RegisterPrivilege;
import org.apache.sling.repoinit.parser.operations.DeleteAclPaths;
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipalBased;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPaths;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPrincipalBased;
-import org.apache.sling.repoinit.parser.operations.RemoveAclPrincipals;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePaths;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipalBased;
+import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipals;
import org.apache.sling.repoinit.parser.operations.RemoveGroupMembers;
import org.apache.sling.repoinit.parser.operations.SetAclPaths;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased;
@@ -103,22 +103,22 @@
}
@Override
- public void visitRemoveAclPrincipal(RemoveAclPrincipals s) {
- }
-
- @Override
- public void visitRemoveAclPaths(RemoveAclPaths s) {
- }
-
- @Override
- public void visitRemoveAclPrincipalBased(RemoveAclPrincipalBased s) {
- }
-
- @Override
public void visitSetAclPrincipalBased(SetAclPrincipalBased operation) {
}
@Override
+ public void visitRemoveAcePrincipal(RemoveAcePrincipals s) {
+ }
+
+ @Override
+ public void visitRemoveAcePaths(RemoveAcePaths s) {
+ }
+
+ @Override
+ public void visitRemoveAcePrincipalBased(RemoveAcePrincipalBased s) {
+ }
+
+ @Override
public void visitDeleteAclPrincipals(DeleteAclPrincipals s) {
}
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
index d21e547..e1cba8e 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
@@ -695,7 +695,7 @@
@Test
public void testRemoveNoExistingPolicy() throws Exception {
- String setup = "remove principal ACL for " + U.username + "\n"
+ String setup = "remove principal ACE for " + U.username + "\n"
+ "allow jcr:read on " + path + "\n"
+ "end";
U.parseAndExecute(setup);
@@ -711,21 +711,21 @@
assertPolicy(principal, U.adminSession, 1);
// privilege mismatch
- setup = "remove principal ACL for " + U.username + "\n"
+ setup = "remove principal ACE for " + U.username + "\n"
+ "allow jcr:read,jcr:write on " + path + "\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(principal, U.adminSession, 1);
// path mismatch
- setup = "remove principal ACL for " + U.username + "\n"
+ setup = "remove principal ACE for " + U.username + "\n"
+ "allow jcr:write on " + path + "/mismatch\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(principal, U.adminSession, 1);
// restriction mismatch
- setup = "remove principal ACL for " + U.username + "\n"
+ setup = "remove principal ACE for " + U.username + "\n"
+ "allow jcr:write on " + path + " restriction(rep:glob, /*/jcr:content/*)\n"
+ "end";
U.parseAndExecute(setup);
@@ -741,7 +741,7 @@
U.parseAndExecute(setup);
assertPolicy(principal, U.adminSession, 1);
- setup = "remove principal ACL for " + U.username + "\n"
+ setup = "remove principal ACE for " + U.username + "\n"
+ "allow jcr:read on " + path + "\n"
+ "end";
assertPolicy(principal, U.adminSession, 1);
@@ -749,7 +749,7 @@
@Test(expected = RepoInitException.class)
public void testRemoveNonExistingPrincipal() throws Exception {
- String setup = "remove principal ACL for nonExistingPrincipal\n"
+ String setup = "remove principal ACE for nonExistingPrincipal\n"
+ "deny jcr:write on " + path + "\n"
+ "end";
U.parseAndExecute(setup);
@@ -764,7 +764,7 @@
U.parseAndExecute("create service user otherSystemPrincipal");
assertPolicy(getPrincipal(U.username), U.adminSession, 1);
- setup = "remove principal ACL for otherSystemPrincipal\n"
+ setup = "remove principal ACE for otherSystemPrincipal\n"
+ "allow jcr:write on " + path + "\n"
+ "end";
U.parseAndExecute(setup);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/RemoveTest.java b/src/test/java/org/apache/sling/jcr/repoinit/RemoveTest.java
index cd48117..aa13145 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/RemoveTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/RemoveTest.java
@@ -174,21 +174,21 @@
@Test
public void testRemoveByPath() throws RepoInitParsingException, RepositoryException {
// non-matching ACE (path-mismatch) -> not removed (and no exception)
- String setup = "remove ACL for " + U.username + "\n"
+ String setup = "remove ACE for " + U.username + "\n"
+ "deny jcr:read on /\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(path, U.adminSession, 2);
// non-matching ACE (privilege-mismatch) -> not removed (and no exception)
- setup = "remove ACL for " + U.username + "\n"
+ setup = "remove ACE for " + U.username + "\n"
+ "deny jcr:read,jcr:write on "+path+"\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(path, U.adminSession, 2);
// matching ACE -> removed
- setup = "remove ACL for " + U.username + "\n"
+ setup = "remove ACE for " + U.username + "\n"
+ "deny jcr:read on "+path+"\n"
+ "end";
U.parseAndExecute(setup);
@@ -198,14 +198,14 @@
@Test
public void testRemoveByRepository() throws RepoInitParsingException, RepositoryException {
// non-matching ACE (allow mismatch) -> not removed (and no exception)
- String setup = "remove ACL for " + groupPrincipalName + "\n"
+ String setup = "remove ACE for " + groupPrincipalName + "\n"
+ "deny jcr:namespaceManagement on :repository\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(null, U.adminSession, 2);
// matching ACE -> removed
- setup = "remove ACL for " + groupPrincipalName + "\n"
+ setup = "remove ACE for " + groupPrincipalName + "\n"
+ "allow jcr:namespaceManagement on :repository\n"
+ "end";
U.parseAndExecute(setup);
@@ -215,14 +215,14 @@
@Test
public void testRemoveByPrincipalRepositoryPath() throws RepoInitParsingException, RepositoryException {
// non-matching ACE (privilege mismatch) -> not removed (and no exception)
- String setup = "remove ACL for " + groupPrincipalName + "\n"
+ String setup = "remove ACE for " + groupPrincipalName + "\n"
+ "allow jcr:versionManagement on :repository\n"
+ "end";
U.parseAndExecute(setup);
assertPolicy(null, U.adminSession, 2);
// matching ACE -> removed
- setup = "remove ACL for " + groupPrincipalName + "\n"
+ setup = "remove ACE for " + groupPrincipalName + "\n"
+ "allow jcr:namespaceManagement on :repository\n"
+ "end";
U.parseAndExecute(setup);
@@ -232,13 +232,13 @@
@Test
public void testRemoveByHomePath() throws RepoInitParsingException, RepositoryException {
// no-matching ACE (restriction mismatch) -> not removed
- String setup = "remove ACL on home("+U.username+")\n"
+ String setup = "remove ACE on home("+U.username+")\n"
+ "allow jcr:read for "+U.username+" restriction(rep:itemNames, prop1)\n" +
"end";
U.parseAndExecute(setup);
assertPolicy(userHomePath, U.adminSession, 2);
- setup = "remove ACL on home("+U.username+")\n"
+ setup = "remove ACE on home("+U.username+")\n"
+ "allow jcr:read for "+U.username+"\n" +
"end";
U.parseAndExecute(setup);
@@ -247,7 +247,7 @@
@Test
public void testRemoveEntryWithRestriction() throws Exception {
- String setup = "remove ACL for " + groupPrincipalName + "\n"
+ String setup = "remove ACE for " + groupPrincipalName + "\n"
+ "allow jcr:read on "+path+" restriction(rep:glob, /*/foo/*)\n"
+ "end";
U.parseAndExecute(setup);