Author: tomekr Date: Fri Mar 15 06:51:52 2019 New Revision: 1855571 URL: http://svn.apache.org/viewvc?rev=1855571&view=rev Log: OAK-8124: Sidegrade operation doesn't run security-related commit hooks
Modified: jackrabbit/oak/branches/1.10/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositorySidegrade.java jackrabbit/oak/branches/1.10/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/IncludeExcludeSidegradeTest.java Modified: jackrabbit/oak/branches/1.10/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositorySidegrade.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.10/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositorySidegrade.java?rev=1855571&r1=1855570&r2=1855571&view=diff ============================================================================== --- jackrabbit/oak/branches/1.10/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositorySidegrade.java (original) +++ jackrabbit/oak/branches/1.10/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositorySidegrade.java Fri Mar 15 06:51:52 2019 @@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.plugins import org.apache.jackrabbit.oak.plugins.migration.report.LoggingReporter; import org.apache.jackrabbit.oak.plugins.migration.report.ReportingNodeState; import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; +import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.segment.SegmentNodeState; import org.apache.jackrabbit.oak.segment.file.FileStore; import org.apache.jackrabbit.oak.spi.commit.CommitHook; @@ -47,6 +48,8 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider; import org.apache.jackrabbit.oak.spi.commit.EditorHook; import org.apache.jackrabbit.oak.spi.commit.EmptyHook; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.state.ApplyDiff; import org.apache.jackrabbit.oak.spi.state.ChildNodeEntry; import org.apache.jackrabbit.oak.spi.state.NodeBuilder; @@ -407,6 +410,8 @@ public class RepositorySidegrade { private void migrateWithoutCheckpoints() throws CommitFailedException, RepositoryException { final List<CommitHook> hooks = new ArrayList<>(); + final String workspaceName = getWorkspaceName(); + if (customCommitHooks != null) { hooks.addAll(customCommitHooks); } @@ -423,7 +428,12 @@ public class RepositorySidegrade { if (!versionCopyConfiguration.skipOrphanedVersionsCopy()) { copyVersionStorage(targetRoot, getVersionStorage(sourceRoot), versionStorage, versionCopyConfiguration); } - hooks.add(new EditorHook(new VersionableEditor.Provider(sourceRoot, getWorkspaceName(), versionCopyConfiguration))); + hooks.add(new EditorHook(new VersionableEditor.Provider(sourceRoot, workspaceName, versionCopyConfiguration))); + } + + SecurityProvider security = SecurityProviderBuilder.newBuilder().build(); + for (SecurityConfiguration securityConfig : security.getConfigurations()) { + hooks.addAll(securityConfig.getCommitHooks(workspaceName)); } // type validation, reference and indexing hooks hooks.add(new EditorHook(new CompositeEditorProvider( Modified: jackrabbit/oak/branches/1.10/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/IncludeExcludeSidegradeTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.10/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/IncludeExcludeSidegradeTest.java?rev=1855571&r1=1855570&r2=1855571&view=diff ============================================================================== --- jackrabbit/oak/branches/1.10/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/IncludeExcludeSidegradeTest.java (original) +++ jackrabbit/oak/branches/1.10/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/IncludeExcludeSidegradeTest.java Fri Mar 15 06:51:52 2019 @@ -16,75 +16,207 @@ */ package org.apache.jackrabbit.oak.upgrade; -import static org.apache.jackrabbit.oak.segment.file.FileStoreBuilder.fileStoreBuilder; - -import java.io.File; -import java.io.IOException; - +import javax.jcr.Credentials; import javax.jcr.RepositoryException; import javax.jcr.Session; +import javax.jcr.SimpleCredentials; +import org.apache.jackrabbit.JcrConstants; +import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.commons.JcrUtils; +import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; import org.apache.jackrabbit.oak.Oak; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl; -import org.apache.jackrabbit.oak.segment.SegmentNodeStore; -import org.apache.jackrabbit.oak.segment.SegmentNodeStoreBuilders; -import org.apache.jackrabbit.oak.segment.file.FileStore; -import org.apache.jackrabbit.oak.segment.file.InvalidFileStoreVersionException; +import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore; +import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.state.NodeStore; import org.junit.Before; +import org.junit.Test; + +import java.util.Arrays; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class IncludeExcludeSidegradeTest { + + public static final Credentials CREDENTIALS = new SimpleCredentials("admin", "admin".toCharArray()); -public class IncludeExcludeSidegradeTest extends IncludeExcludeUpgradeTest { + private NodeStore sourceNodeStore; + + private NodeStore targetNodeStore; + + private RepositoryImpl targetRepository; + + private Session targetSession; @Before - public synchronized void upgradeRepository() throws Exception { - if (targetNodeStore == null) { - File directory = getTestDirectory(); - File source = new File(directory, "source"); - source.mkdirs(); - FileStore fileStore = fileStoreBuilder(source).build(); - SegmentNodeStore segmentNodeStore = SegmentNodeStoreBuilders.builder(fileStore).build(); - RepositoryImpl repository = (RepositoryImpl) new Jcr(new Oak(segmentNodeStore)).createRepository(); - Session session = repository.login(CREDENTIALS); - try { - createSourceContent(session); - } finally { - session.save(); - session.logout(); - repository.shutdown(); - fileStore.close(); - } - final NodeStore target = getTargetNodeStore(); - doUpgradeRepository(source, target); - targetNodeStore = target; - } + public void prepareNodeStores() throws RepositoryException { + sourceNodeStore = new MemoryNodeStore(); + withSession(sourceNodeStore, s -> { + createCommonContent(s); + createSourceContent(s); + }); + + targetNodeStore = new MemoryNodeStore(); + withSession(targetNodeStore, s -> { + createCommonContent(s); + }); + + performSidegrade(); + + targetRepository = getRepository(targetNodeStore); + targetSession = targetRepository.login(CREDENTIALS); } - @Override - protected void doUpgradeRepository(File source, NodeStore target) throws RepositoryException, IOException { - FileStore fileStore; - try { - fileStore = fileStoreBuilder(source).build(); - } catch (InvalidFileStoreVersionException e) { - throw new IllegalStateException(e); + public void cleanup() { + targetRepository.shutdown(); + } + + @Test + public void shouldHaveIncludedPaths() throws RepositoryException { + assertExists( + "/content/foo/en", + "/content/assets/foo/2015/02", + "/content/assets/foo/2015/01", + "/content/assets/foo/2014" + ); + } + + @Test + public void shouldLackPathsThatWereNotIncluded() throws RepositoryException { + assertMissing( + "/content/foo/de", + "/content/foo/fr", + "/content/foo/it" + ); + } + + @Test + public void shouldLackExcludedPaths() throws RepositoryException { + assertMissing( + "/content/assets/foo/2013", + "/content/assets/foo/2012", + "/content/assets/foo/2011", + "/content/assets/foo/2010" + ); + } + + @Test + public void testPermissions() throws RepositoryException { + Session aliceSession = targetRepository.login(new SimpleCredentials("alice", "bar".toCharArray())); + Session bobSession = targetRepository.login(new SimpleCredentials("bob", "bar".toCharArray())); + + assertExists(aliceSession, + "/content/assets/foo/2015/02", + "/content/assets/foo/2015/01", + "/content/assets/foo/2014" + ); + + assertMissing(aliceSession, + "/content/foo/en" + ); + + assertExists(bobSession, + "/content/foo/en" + ); + + assertMissing(bobSession, + "/content/assets/foo/2015/02", + "/content/assets/foo/2015/01", + "/content/assets/foo/2014" + ); + } + + private void createCommonContent(JackrabbitSession session) throws RepositoryException { + UserManager um = session.getUserManager(); + um.createUser("alice", "bar"); + um.createUser("bob", "bar"); + session.save(); + } + + private void createSourceContent(JackrabbitSession session) throws RepositoryException { + for (String p : Arrays.asList( + "/content/foo/de", + "/content/foo/en", + "/content/foo/fr", + "/content/foo/it", + "/content/assets/foo", + "/content/assets/foo/2015", + "/content/assets/foo/2015/02", + "/content/assets/foo/2015/01", + "/content/assets/foo/2014", + "/content/assets/foo/2013", + "/content/assets/foo/2012", + "/content/assets/foo/2011", + "/content/assets/foo/2010/12")) { + JcrUtils.getOrCreateByPath(p, JcrConstants.NT_FOLDER, JcrConstants.NT_FOLDER, session, false); } - SegmentNodeStore segmentNodeStore = SegmentNodeStoreBuilders.builder(fileStore).build(); + + AccessControlUtils.denyAllToEveryone(session, "/content/foo/en"); + AccessControlUtils.allow(session.getNode("/content/foo/en"), "bob", "jcr:read"); + + AccessControlUtils.denyAllToEveryone(session,"/content/assets/foo"); + AccessControlUtils.allow(session.getNode("/content/assets/foo"), "alice", "jcr:read"); + } + + private void performSidegrade() throws RepositoryException { + RepositorySidegrade sidegrade = new RepositorySidegrade(sourceNodeStore, targetNodeStore); + sidegrade.setIncludes( + "/content/foo/en", + "/content/assets/foo", + "/content/other" + ); + sidegrade.setExcludes( + "/content/assets/foo/2013", + "/content/assets/foo/2012", + "/content/assets/foo/2011", + "/content/assets/foo/2010" + ); + sidegrade.copy(); + } + + private static RepositoryImpl getRepository(NodeStore nodeStore) { + return (RepositoryImpl) new Jcr(new Oak(nodeStore).with(SecurityProviderBuilder.newBuilder().build())).createRepository(); + } + + private static void withSession(NodeStore nodeStore, SessionConsumer sessionConsumer) throws RepositoryException { + RepositoryImpl repository = getRepository(nodeStore); + Session session = repository.login(CREDENTIALS); try { - final RepositorySidegrade sidegrade = new RepositorySidegrade(segmentNodeStore, target); - sidegrade.setIncludes( - "/content/foo/en", - "/content/assets/foo", - "/content/other" - ); - sidegrade.setExcludes( - "/content/assets/foo/2013", - "/content/assets/foo/2012", - "/content/assets/foo/2011", - "/content/assets/foo/2010" - ); - sidegrade.copy(); + sessionConsumer.accept((JackrabbitSession) session); + session.save(); } finally { - fileStore.close(); + session.logout(); + repository.shutdown(); } } + + private void assertExists(String... paths) throws RepositoryException { + assertExists(targetSession, paths); + + } + + private void assertExists(Session session, String... paths) throws RepositoryException { + for (String path : paths) { + assertTrue("node " + path + " should exist", session.nodeExists(path)); + } + } + + private void assertMissing(String... paths) throws RepositoryException { + assertMissing(targetSession, paths); + } + + private void assertMissing(Session session, String... paths) throws RepositoryException { + for (String path : paths) { + assertFalse("node " + path + " should not exist", session.nodeExists(path)); + } + } + + private interface SessionConsumer { + void accept(JackrabbitSession session) throws RepositoryException; + } + }