diff --git a/README.md b/README.md
index f40acea21..bf159470a 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[](https://travis-ci.org/Netcentric/accesscontroltool)
+
Access Control Tool for Adobe Experience Manager
================================================
diff --git a/accesscontroltool-bundle/pom.xml b/accesscontroltool-bundle/pom.xml
index 8672a069e..42bb5a5cb 100644
--- a/accesscontroltool-bundle/pom.xml
+++ b/accesscontroltool-bundle/pom.xml
@@ -11,7 +11,7 @@
biz.netcentric.cq.tools.accesscontroltool
accesscontroltool
- 2.0.7
+ 2.0.8
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
index 89f275700..bb1f9443c 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
@@ -180,10 +180,7 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
"Member " + member + " does not exist and cannot be added as external member to group "
+ authorizableConfigBean.getAuthorizableId());
}
- if (!installedGroup.addMember(memberGroup)) {
- throw new IllegalStateException(
- "Member " + member + " cannot be added as external member to group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ installedGroup.addMember(memberGroup);
installLog.addVerboseMessage(LOG,
"Adding " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
}
@@ -195,13 +192,9 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
"Removing " + membersToRemove.size() + " external members to group " + authorizableConfigBean.getAuthorizableId());
for (String member : membersToRemove) {
Authorizable memberGroup = userManager.getAuthorizable(member);
- if (!installedGroup.removeMember(memberGroup)) {
- throw new IllegalStateException(
- "Member " + member + " cannot be removed from group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
- } else {
- installLog.addVerboseMessage(LOG,
+ installedGroup.removeMember(memberGroup);
+ installLog.addVerboseMessage(LOG,
"Removing " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
- }
}
}
}
@@ -302,10 +295,7 @@ private void migrateFromOldGroup(AuthorizableConfigBean authorizableConfigBean,
+ authorizableConfigBean.getMigrateFrom() + " to group " + authorizableId);
Group currentGroup = (Group) userManager.getAuthorizable(authorizableId);
for (Authorizable user : usersFromGroupToTakeOver) {
- if (!currentGroup.addMember(user)) {
- throw new IllegalStateException(
- "Member " + user + " cannot be added as external member to group '" + currentGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ currentGroup.addMember(user);
}
}
@@ -380,10 +370,7 @@ private void handleRecreationOfAuthorizableIfNecessary(final Session session,
Group newGroup = (Group) newAuthorizable;
// add members of deleted group
for (Authorizable authorizable : membersOfDeletedGroup) {
- if (!newGroup.addMember(authorizable)) {
- throw new IllegalStateException(
- "Member " + authorizable + " cannot be added as external member to group '" + newGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ newGroup.addMember(authorizable);
countMovedMembersOfGroup++;
}
}
@@ -554,21 +541,13 @@ void applyGroupMembershipConfigIsMemberOf(AuthorizableConfigBean authorizableCon
for (String groupId : toBeAddedMembers) {
LOG.debug("Membership Change: Adding {} to members of group {} in repository", authorizableId, groupId);
Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
- Group group = (Group) targetAuthorizable;
- if (!(group.addMember(currentAuthorizable))) {
- throw new IllegalStateException(
- "Member " + currentAuthorizable + " cannot be added as external member to group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ ((Group) targetAuthorizable).addMember(currentAuthorizable);
}
for (String groupId : toBeRemovedMembers) {
LOG.debug("Membership Change: Removing {} from members of group {} in repository", authorizableId, groupId);
Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
- Group group = (Group) targetAuthorizable;
- if (!group.removeMember(currentAuthorizable)) {
- throw new IllegalStateException(
- "Member " + currentAuthorizable.getID() + " cannot be removed from group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ ((Group) targetAuthorizable).removeMember(currentAuthorizable);
}
if (!toBeAddedMembers.isEmpty() && !toBeAddedMembers.isEmpty()) {
@@ -745,10 +724,7 @@ private void addMembersToReferencingAuthorizables(Authorizable authorizable, Aut
LOG.debug("start adding {} to assignedGroups", authorizableId);
for (String referencingAuthorizableToBeChangedId : referencingAuthorizablesToBeChanged) {
Group referencingAuthorizableToBeChanged = (Group) userManager.getAuthorizable(referencingAuthorizableToBeChangedId);
- if (!referencingAuthorizableToBeChanged.addMember(authorizable)) {
- throw new IllegalStateException(
- "Member " + authorizable + " cannot be added as external member to group '" + referencingAuthorizableToBeChanged.getID() + "'. Is this maybe a protected group like 'everyone'?");
- }
+ referencingAuthorizableToBeChanged.addMember(authorizable);
LOG.debug("added to {} ", referencingAuthorizableToBeChanged);
}
}
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java
index 5648c0fb6..7f0677a53 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java
@@ -3,13 +3,13 @@
import java.io.InputStream;
import java.io.StringWriter;
import java.util.Collection;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.TreeMap;
import javax.jcr.Node;
import javax.jcr.Session;
@@ -65,7 +65,7 @@ public Map getConfigFileContentFromPackage(Archive archive) thro
}
private Map getConfigurations(PackageEntryOrNode configFileOrDir) throws Exception {
- Map configs = new HashMap();
+ Map configs = new TreeMap();
Set currentRunModes = slingSettingsService.getRunModes();
diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java
index 4d067c77e..956ecee33 100644
--- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java
+++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java
@@ -20,7 +20,6 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
import java.util.Arrays;
import java.util.Collection;
@@ -114,14 +113,9 @@ public static final class BASE_TESTS {
@Mock
private User regularUser1;
- private AuthorizableConfigBean authorizableConfigBean;
-
- private PersistableInstallationLogger history;
-
@Before
public void setup() throws RepositoryException {
- authorizableConfigBean = new AuthorizableConfigBean();
- history = new PersistableInstallationLogger();
+
doReturn(valueFactory).when(session).getValueFactory();
Mockito.when(valueFactory.createValue(anyString())).thenAnswer(new Answer() {
@Override
@@ -150,11 +144,6 @@ private void setupAuthorizable(Authorizable authorizable, String id, boolean isG
doReturn(id).when(authorizable).getID();
doReturn(isGroup).when(authorizable).isGroup();
doReturn("/home/" + (isGroup ? "groups" : "users") + (isSystemUser ? "/system" : "") + "/test").when(authorizable).getPath();
- if (isGroup) {
- Group group = (Group) authorizable;
- when(group.addMember(Matchers.any(Authorizable.class))).thenReturn(true);
- when(group.removeMember(Matchers.any(Authorizable.class))).thenReturn(true);
- }
}
@Test
@@ -173,6 +162,7 @@ public Set answer(InvocationOnMock invocation) throws Throwable {
Set authorizablesInConfig = new HashSet(asList(GROUP1));
+ AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
authorizableConfigBean.setAuthorizableId(TESTGROUP);
cut.applyGroupMembershipConfigIsMemberOf(authorizableConfigBean, acConfiguration, status, userManager, null, configuredGroups,
groupsInRepo,
@@ -191,8 +181,12 @@ public Set answer(InvocationOnMock invocation) throws Throwable {
}
@Test
- public void testApplyGroupMembershipConfigMembersNoChange() throws Exception {
+ public void testApplyGroupMembershipConfigMembers() throws Exception {
+
+ PersistableInstallationLogger history = new PersistableInstallationLogger();
acConfiguration.setGlobalConfiguration(new GlobalConfiguration());
+
+ AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
authorizableConfigBean.setAuthorizableId(TESTGROUP);
Set authorizablesInConfig = new HashSet(asList(GROUP1));
@@ -203,13 +197,7 @@ public void testApplyGroupMembershipConfigMembersNoChange() throws Exception {
cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
verify(testGroup, times(0)).addMember(any(Authorizable.class));
verify(testGroup, times(0)).removeMember(any(Authorizable.class));
- }
-
- @Test
- public void testApplyGroupMembershipConfigMembersRemovedInConfig() throws Exception {
- acConfiguration.setGlobalConfiguration(new GlobalConfiguration());
- authorizableConfigBean.setAuthorizableId(TESTGROUP);
- Set authorizablesInConfig = new HashSet(asList(GROUP1));
+ reset(testGroup);
// test removed in config
authorizableConfigBean.setMembers(new String[] {});
@@ -220,13 +208,9 @@ public void testApplyGroupMembershipConfigMembersRemovedInConfig() throws Except
verify(testGroup).removeMember(group3);
verify(testGroup).removeMember(systemUser1);
verify(testGroup, times(0)).removeMember(regularUser1);// regular user must not be removed
- }
+ reset(testGroup);
- @Test
- public void testApplyGroupMembershipConfigMembersAddedInConfig() throws Exception {
// test to be added as in config but not in repo
- Set authorizablesInConfig = new HashSet(asList(GROUP1));
-
authorizableConfigBean.setMembers(new String[] { GROUP2, GROUP3, SYSTEM_USER1 });
doReturn(asList().iterator()).when(testGroup).getDeclaredMembers();
cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
@@ -235,26 +219,17 @@ public void testApplyGroupMembershipConfigMembersAddedInConfig() throws Exceptio
verify(testGroup).addMember(systemUser1);
verify(testGroup, times(0)).removeMember(any(Authorizable.class));
reset(testGroup);
- }
- @Test
- public void testApplyGroupMembershipConfigMembersNotRemoved() throws Exception {
// test authorizable in config not removed
- Set authorizablesInConfig = new HashSet(asList(GROUP1));
-
authorizableConfigBean.setMembers(new String[] {});
doReturn(asList(group1, group2).iterator()).when(testGroup).getDeclaredMembers();
cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
verify(testGroup, times(0)).addMember(any(Authorizable.class));
verify(testGroup, times(0)).removeMember(group1); // must not be removed since it's contained in config
verify(testGroup).removeMember(group2);
- }
+ reset(testGroup);
- @Test
- public void testApplyGroupMembershipConfigMembersNotRemovedDueToUnmanagedExternalMembers() throws Exception {
// test authorizable in config not removed if defaultUnmanagedExternalMembersRegex is configured
- Set authorizablesInConfig = new HashSet(asList(GROUP1));
-
acConfiguration.getGlobalConfiguration().setDefaultUnmanagedExternalMembersRegex("group2.*");
authorizableConfigBean.setMembers(new String[] {});
doReturn(asList(group1, group2).iterator()).when(testGroup).getDeclaredMembers();
@@ -262,8 +237,11 @@ public void testApplyGroupMembershipConfigMembersNotRemovedDueToUnmanagedExterna
verify(testGroup, times(0)).addMember(any(Authorizable.class));
verify(testGroup, times(0)).removeMember(group1); // must not be removed since it's contained in config
verify(testGroup, times(0)).removeMember(group2); // must not be removed since allowExternalGroupNamesRegEx config
+ reset(testGroup);
+
}
+
@Test
public void testSetAuthorizableProperties() throws Exception {
diff --git a/accesscontroltool-exampleconfig-package/pom.xml b/accesscontroltool-exampleconfig-package/pom.xml
index 73de2bf0b..ec2823ad2 100644
--- a/accesscontroltool-exampleconfig-package/pom.xml
+++ b/accesscontroltool-exampleconfig-package/pom.xml
@@ -15,7 +15,7 @@
biz.netcentric.cq.tools.accesscontroltool
accesscontroltool
- 2.0.7
+ 2.0.8
diff --git a/accesscontroltool-oakindex-package/pom.xml b/accesscontroltool-oakindex-package/pom.xml
index 16175788f..931d92d13 100644
--- a/accesscontroltool-oakindex-package/pom.xml
+++ b/accesscontroltool-oakindex-package/pom.xml
@@ -15,7 +15,7 @@
biz.netcentric.cq.tools.accesscontroltool
accesscontroltool
- 2.0.7
+ 2.0.8
diff --git a/accesscontroltool-package/pom.xml b/accesscontroltool-package/pom.xml
index c568b7e48..fd1a1cfe1 100644
--- a/accesscontroltool-package/pom.xml
+++ b/accesscontroltool-package/pom.xml
@@ -15,7 +15,7 @@
biz.netcentric.cq.tools.accesscontroltool
accesscontroltool
- 2.0.7
+ 2.0.8
diff --git a/docs/Configuration.md b/docs/Configuration.md
index 7f6a24212..00026921d 100644
--- a/docs/Configuration.md
+++ b/docs/Configuration.md
@@ -16,6 +16,8 @@ This example shows three separate project specific configuration subnodes (multi
The project specific configuration files are stored in CRX under a node which can be set in the OSGi configuration of the AcService (system/console/configMgr). Each folder underneath this location may contain `*.yaml` files that contain AC configuration. You can use a normal content package to deploy the files.
+For some features the order of configuration files is relevant - the AC Tool orders the files alphabetically according their full path.
+
## Run modes
In general the parent node may specify required Sling run modes being separated by a dot (```.```). Folder names can contain runmodes in the same way as OSGi configurations ([installation of OSGi bundles through JCR packages in Sling](http://sling.apache.org/documentation/bundles/jcr-installer-provider.html)) using a `.` (e.g. `myproject.author` will only become active on author). Additionally, multiple runmodes combinations can be given separated by comma to avoid duplication of configuration (e.g. `myproject.author.test,author.dev` will be active on authors of dev and test environment only).
diff --git a/pom.xml b/pom.xml
index c1def27cb..4da6f73b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
biz.netcentric.cq.tools.accesscontroltool
accesscontroltool
- 2.0.7
+ 2.0.8
pom
Access Control Tool - Reactor Project