Merge branch 'release/2.0.8'

README.md

@@ -1,3 +1,5 @@
+[![Build Status](https://travis-ci.org/Netcentric/accesscontroltool.svg?branch=develop)](https://travis-ci.org/Netcentric/accesscontroltool)
+
 Access Control Tool for Adobe Experience Manager
 ================================================
 

accesscontroltool-bundle/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.7</version>
+        <version>2.0.8</version>
     </parent>
 
     <!-- ====================================================================== -->

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java

@@ -180,10 +180,7 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
                                 "Member " + member + " does not exist and cannot be added as external member to group "
                                         + authorizableConfigBean.getAuthorizableId());
                     }
-                    if (!installedGroup.addMember(memberGroup)) {
-                        throw new IllegalStateException(
-                                "Member " + member + " cannot be added as external member to group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
-                    }
+                    installedGroup.addMember(memberGroup);
                     installLog.addVerboseMessage(LOG,
                             "Adding " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
                 }
@@ -195,13 +192,9 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
                         "Removing " + membersToRemove.size() + " external members to group " + authorizableConfigBean.getAuthorizableId());
                 for (String member : membersToRemove) {
                     Authorizable memberGroup = userManager.getAuthorizable(member);
-                    if (!installedGroup.removeMember(memberGroup)) {
-                        throw new IllegalStateException(
-                                "Member " + member + " cannot be removed from group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
-                    } else {
-                        installLog.addVerboseMessage(LOG,
+                    installedGroup.removeMember(memberGroup);
+                    installLog.addVerboseMessage(LOG,
                             "Removing " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
-                    }
                 }
             }
         }
@@ -302,10 +295,7 @@ private void migrateFromOldGroup(AuthorizableConfigBean authorizableConfigBean,
                     + authorizableConfigBean.getMigrateFrom() + " to group " + authorizableId);
             Group currentGroup = (Group) userManager.getAuthorizable(authorizableId);
             for (Authorizable user : usersFromGroupToTakeOver) {
-                if (!currentGroup.addMember(user)) {
-                    throw new IllegalStateException(
-                            "Member " + user + " cannot be added as external member to group '" + currentGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
-                }
+                currentGroup.addMember(user);
             }
         }
 
@@ -380,10 +370,7 @@ private void handleRecreationOfAuthorizableIfNecessary(final Session session,
                 Group newGroup = (Group) newAuthorizable;
                 // add members of deleted group
                 for (Authorizable authorizable : membersOfDeletedGroup) {
-                    if (!newGroup.addMember(authorizable)) {
-                        throw new IllegalStateException(
-                                "Member " + authorizable + " cannot be added as external member to group '" + newGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
-                    }
+                    newGroup.addMember(authorizable);
                     countMovedMembersOfGroup++;
                 }
             }
@@ -554,21 +541,13 @@ void applyGroupMembershipConfigIsMemberOf(AuthorizableConfigBean authorizableCon
         for (String groupId : toBeAddedMembers) {
             LOG.debug("Membership Change: Adding {} to members of group {} in repository", authorizableId, groupId);
             Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
-            Group group = (Group) targetAuthorizable;
-            if (!(group.addMember(currentAuthorizable))) {
-                throw new IllegalStateException(
-                        "Member " + currentAuthorizable + " cannot be added as external member to group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
-            }
+            ((Group) targetAuthorizable).addMember(currentAuthorizable);
         }
 
         for (String groupId : toBeRemovedMembers) {
             LOG.debug("Membership Change: Removing {} from members of group {} in repository", authorizableId, groupId);
             Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
-            Group group = (Group) targetAuthorizable;
-            if (!group.removeMember(currentAuthorizable)) {
-                throw new IllegalStateException(
-                        "Member " + currentAuthorizable.getID() + " cannot be removed from group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
-            }
+            ((Group) targetAuthorizable).removeMember(currentAuthorizable);
         }
 
         if (!toBeAddedMembers.isEmpty() && !toBeAddedMembers.isEmpty()) {
@@ -745,10 +724,7 @@ private void addMembersToReferencingAuthorizables(Authorizable authorizable, Aut
                 LOG.debug("start adding {} to assignedGroups", authorizableId);
                 for (String referencingAuthorizableToBeChangedId : referencingAuthorizablesToBeChanged) {
                     Group referencingAuthorizableToBeChanged = (Group) userManager.getAuthorizable(referencingAuthorizableToBeChangedId);
-                    if (!referencingAuthorizableToBeChanged.addMember(authorizable)) {
-                        throw new IllegalStateException(
-                                "Member " + authorizable + " cannot be added as external member to group '" + referencingAuthorizableToBeChanged.getID() + "'. Is this maybe a protected group like 'everyone'?");
-                    }
+                    referencingAuthorizableToBeChanged.addMember(authorizable);
                     LOG.debug("added to {} ", referencingAuthorizableToBeChanged);
                 }
             }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java

@@ -3,13 +3,13 @@
 import java.io.InputStream;
 import java.io.StringWriter;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;
 
 import javax.jcr.Node;
 import javax.jcr.Session;
@@ -65,7 +65,7 @@ public Map<String, String> getConfigFileContentFromPackage(Archive archive) thro
     }
 
     private Map<String, String> getConfigurations(PackageEntryOrNode configFileOrDir) throws Exception {
-        Map<String, String> configs = new HashMap<String, String>();
+        Map<String, String> configs = new TreeMap<String, String>();
 
         Set<String> currentRunModes = slingSettingsService.getRunModes();
 

accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java

@@ -20,7 +20,6 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 import java.util.Arrays;
 import java.util.Collection;
@@ -114,14 +113,9 @@ public static final class BASE_TESTS {
         @Mock
         private User regularUser1;
 
-        private AuthorizableConfigBean authorizableConfigBean;
-
-        private PersistableInstallationLogger history;
-
         @Before
         public void setup() throws RepositoryException {
-            authorizableConfigBean = new AuthorizableConfigBean();
-            history = new PersistableInstallationLogger();
+
             doReturn(valueFactory).when(session).getValueFactory();
             Mockito.when(valueFactory.createValue(anyString())).thenAnswer(new Answer<Value>() {
                 @Override
@@ -150,11 +144,6 @@ private void setupAuthorizable(Authorizable authorizable, String id, boolean isG
             doReturn(id).when(authorizable).getID();
             doReturn(isGroup).when(authorizable).isGroup();
             doReturn("/home/" + (isGroup ? "groups" : "users") + (isSystemUser ? "/system" : "") + "/test").when(authorizable).getPath();
-            if (isGroup) {
-                Group group = (Group) authorizable;
-                when(group.addMember(Matchers.any(Authorizable.class))).thenReturn(true);
-                when(group.removeMember(Matchers.any(Authorizable.class))).thenReturn(true);
-            }
         }
 
         @Test
@@ -173,6 +162,7 @@ public Set<String> answer(InvocationOnMock invocation) throws Throwable {
 
             Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
 
+            AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
             authorizableConfigBean.setAuthorizableId(TESTGROUP);
             cut.applyGroupMembershipConfigIsMemberOf(authorizableConfigBean, acConfiguration, status, userManager, null, configuredGroups,
                     groupsInRepo,
@@ -191,8 +181,12 @@ public Set<String> answer(InvocationOnMock invocation) throws Throwable {
         }
 
         @Test
-        public void testApplyGroupMembershipConfigMembersNoChange() throws Exception {
+        public void testApplyGroupMembershipConfigMembers() throws Exception {
+
+            PersistableInstallationLogger history = new PersistableInstallationLogger();
             acConfiguration.setGlobalConfiguration(new GlobalConfiguration());
+
+            AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
             authorizableConfigBean.setAuthorizableId(TESTGROUP);
 
             Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
@@ -203,13 +197,7 @@ public void testApplyGroupMembershipConfigMembersNoChange() throws Exception {
             cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
             verify(testGroup, times(0)).addMember(any(Authorizable.class));
             verify(testGroup, times(0)).removeMember(any(Authorizable.class));
-        }
-
-        @Test
-        public void testApplyGroupMembershipConfigMembersRemovedInConfig() throws Exception {
-            acConfiguration.setGlobalConfiguration(new GlobalConfiguration());
-            authorizableConfigBean.setAuthorizableId(TESTGROUP);
-            Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
+            reset(testGroup);
 
             // test removed in config
             authorizableConfigBean.setMembers(new String[] {});
@@ -220,13 +208,9 @@ public void testApplyGroupMembershipConfigMembersRemovedInConfig() throws Except
             verify(testGroup).removeMember(group3);
             verify(testGroup).removeMember(systemUser1);
             verify(testGroup, times(0)).removeMember(regularUser1);// regular user must not be removed
-        }
+            reset(testGroup);
 
-        @Test
-        public void testApplyGroupMembershipConfigMembersAddedInConfig() throws Exception {
             // test to be added as in config but not in repo
-            Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
-
             authorizableConfigBean.setMembers(new String[] { GROUP2, GROUP3, SYSTEM_USER1 });
             doReturn(asList().iterator()).when(testGroup).getDeclaredMembers();
             cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
@@ -235,35 +219,29 @@ public void testApplyGroupMembershipConfigMembersAddedInConfig() throws Exceptio
             verify(testGroup).addMember(systemUser1);
             verify(testGroup, times(0)).removeMember(any(Authorizable.class));
             reset(testGroup);
-        }
 
-        @Test
-        public void testApplyGroupMembershipConfigMembersNotRemoved() throws Exception {
             // test authorizable in config not removed
-            Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
-
             authorizableConfigBean.setMembers(new String[] {});
             doReturn(asList(group1, group2).iterator()).when(testGroup).getDeclaredMembers();
             cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
             verify(testGroup, times(0)).addMember(any(Authorizable.class));
             verify(testGroup, times(0)).removeMember(group1); // must not be removed since it's contained in config
             verify(testGroup).removeMember(group2);
-        }
+            reset(testGroup);
 
-        @Test
-        public void testApplyGroupMembershipConfigMembersNotRemovedDueToUnmanagedExternalMembers() throws Exception {
             // test authorizable in config not removed if defaultUnmanagedExternalMembersRegex is configured
-            Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
-
             acConfiguration.getGlobalConfiguration().setDefaultUnmanagedExternalMembersRegex("group2.*");
             authorizableConfigBean.setMembers(new String[] {});
             doReturn(asList(group1, group2).iterator()).when(testGroup).getDeclaredMembers();
             cut.applyGroupMembershipConfigMembers(acConfiguration, authorizableConfigBean, history, TESTGROUP, userManager, authorizablesInConfig);
             verify(testGroup, times(0)).addMember(any(Authorizable.class));
             verify(testGroup, times(0)).removeMember(group1); // must not be removed since it's contained in config
             verify(testGroup, times(0)).removeMember(group2); // must not be removed since allowExternalGroupNamesRegEx config
+            reset(testGroup);
+
         }
 
+
         @Test
         public void testSetAuthorizableProperties() throws Exception {
 

accesscontroltool-exampleconfig-package/pom.xml

@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.7</version>
+        <version>2.0.8</version>
     </parent>
 
     <!-- ====================================================================== -->

accesscontroltool-oakindex-package/pom.xml

@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.7</version>
+        <version>2.0.8</version>
     </parent>
 
     <!-- ====================================================================== -->

accesscontroltool-package/pom.xml

@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.7</version>
+        <version>2.0.8</version>
     </parent>
 
     <!-- ====================================================================== -->

docs/Configuration.md

@@ -16,6 +16,8 @@ This example shows three separate project specific configuration subnodes (multi
 
 The project specific configuration files are stored in CRX under a node which can be set in the OSGi configuration of the AcService (system/console/configMgr). Each folder underneath this location may contain `*.yaml` files that contain AC configuration. You can use a normal content package to deploy the files.
 
+For some features the order of configuration files is relevant - the AC Tool orders the files alphabetically according their full path. 
+
 ## Run modes 
 
 In general the parent node may specify required Sling run modes being separated by a dot (```.```). Folder names can contain runmodes in the same way as OSGi configurations ([installation of OSGi bundles through JCR packages in Sling](http://sling.apache.org/documentation/bundles/jcr-installer-provider.html)) using a `.` (e.g. `myproject.author` will only become active on author). Additionally, multiple runmodes combinations can be given separated by comma to avoid duplication of configuration (e.g. `myproject.author.test,author.dev` will be active on authors of dev and test environment only).

pom.xml

@@ -11,7 +11,7 @@
 
     <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
     <artifactId>accesscontroltool</artifactId>
-    <version>2.0.7</version>
+    <version>2.0.8</version>
     <packaging>pom</packaging>
 
     <name>Access Control Tool - Reactor Project</name>