CR - Write all nodes under authorizables + more coverage to JCRNodeDecorator

Author: Jeff Bornemann

gradle.properties

@@ -33,6 +33,7 @@ jcr_version = 2.0
 jms_version = 3.1.1
 jsr305_version = 2.0.0
 logback_version = 1.0.4
+oak_version = 1.2.2
 objenesis_version = 2.1
 protobuf_gradle_plugin_version = 0.9.1
 protobuf_version = 2.6.1

gradle/dependencies.gradle

@@ -35,6 +35,7 @@ dependencies {
     compile "javax.jcr:jcr:${jcr_version}"
     compile "org.apache.jackrabbit:jackrabbit-jcr-commons:${jackrabbit_version}"
     compile "org.apache.jackrabbit:jackrabbit-api:${jackrabbit_version}"
+    compile "org.apache.jackrabbit:oak-core:${oak_version}"
     compile "org.apache.sling:org.apache.sling.jcr.api:${sling_commons_version}"
 
     // Logging

gradle/packageExclusions.gradle

@@ -29,8 +29,9 @@ configurations.cq_package {
     exclude group: 'org.apache.felix', module: 'org.osgi.compendium'
 
     exclude group: 'org.apache.commons', module: 'commons-lang3'
-    exclude group: 'org.apache.jackrabbit', module:'jackrabbit-jcr-commons'
-    exclude group: 'org.apache.jackrabbit', module:'jackrabbit-api'
+    exclude group: 'org.apache.jackrabbit', module: 'jackrabbit-jcr-commons'
+    exclude group: 'org.apache.jackrabbit', module: 'jackrabbit-api'
+    exclude group: 'org.apache.jackrabbit', module: 'oak-core'
     exclude group: 'commons-io', module: 'commons-io'
 
     //Exclude Apache Sling Libraries

src/main/groovy/com/twcable/grabbit/jcr/AuthorizableProtoNodeDecorator.groovy

@@ -58,8 +58,7 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
         }
         Authorizable existingAuthorizable = findAuthorizable(session)
         Authorizable newAuthorizable = existingAuthorizable ? updateAuthorizable(existingAuthorizable, session) : createNewAuthorizable(session)
-        updateProfile(newAuthorizable, session)
-        updatePreferences(newAuthorizable, session)
+        writeAuthorizablePieces(newAuthorizable, session)
         return new JCRNodeDecorator(session.getNode(newAuthorizable.getPath()))
     }
 
@@ -107,25 +106,14 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
 
 
     /**
-     * Profile nodes live with authorizables as a way of collecting personal information such as email, and first and last name.
-     * This gets sent with the authorizable node instead of streamed independently because we do not know the client's new
-     * authorizable UUID node name at runtime. In other words, authorizables live under different node names from server to server
+     * Authorizable pieces (nodes that live under Authorizables - profile, preferences, etc) get sent with the authorizable node instead of streamed independently because we do not know the client's new
+     * authorizable UUID node name at runtime. In other words, authorizables can live under different node names from server to server
      */
-    private void updateProfile(final Authorizable authorizable, final Session session) {
-        final ProtoNode incomingProfileNode = innerProtoNode.mandatoryChildNodeList.find { it.name.contains('profile') }
-        if(!incomingProfileNode) return
-        createFrom(incomingProfileNode, "${authorizable.getPath()}/profile").writeToJcr(session)
-        session.save()
-    }
-
-
-    /**
-     * @see this.updateProfile() for a related explanation to this method.
-     */
-    private void updatePreferences(final Authorizable authorizable, final Session session) {
-        final ProtoNode incomingPreferencesNode = innerProtoNode.mandatoryChildNodeList.find { it.name.contains('preferences') }
-        if(!incomingPreferencesNode) return
-        createFrom(incomingPreferencesNode, "${authorizable.getPath()}/preferences").writeToJcr(session)
+    private void writeAuthorizablePieces(final Authorizable authorizable, final Session session) {
+        innerProtoNode.mandatoryChildNodeList.each {
+            //We replace the incoming server authorizable path, with the new authorizable path
+            createFrom(it, it.name.replaceFirst(getName(), authorizable.getPath())).writeToJcr(session)
+        }
         session.save()
     }
 

src/main/groovy/com/twcable/grabbit/jcr/DefaultProtoNodeDecorator.groovy

@@ -19,11 +19,11 @@ import com.twcable.grabbit.proto.NodeProtos.Node as ProtoNode
 import com.twcable.grabbit.proto.NodeProtos.Value as ProtoValue
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
-import org.apache.jackrabbit.commons.JcrUtils
-
 import javax.annotation.Nonnull
 import javax.jcr.Node as JCRNode
 import javax.jcr.Session
+import org.apache.jackrabbit.commons.JcrUtils
+
 
 import static org.apache.jackrabbit.JcrConstants.JCR_MIXINTYPES
 import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE
@@ -54,7 +54,8 @@ class DefaultProtoNodeDecorator extends ProtoNodeDecorator {
 
         if(innerProtoNode.mandatoryChildNodeList && innerProtoNode.mandatoryChildNodeList.size() > 0) {
             for(ProtoNode childNode: innerProtoNode.mandatoryChildNodeList) {
-                createFrom(childNode).writeToJcr(session)
+                //Mandatory children must inherit any name overrides from their parent (if they exist)
+                createFrom(childNode, childNode.getName().replaceFirst(innerProtoNode.name, getName())).writeToJcr(session)
             }
         }
         return new JCRNodeDecorator(jcrNode)

src/main/groovy/com/twcable/grabbit/jcr/JCRNodeDecorator.groovy

@@ -22,17 +22,24 @@ import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
 import javax.annotation.Nonnull
 import javax.annotation.Nullable
+import javax.jcr.ItemNotFoundException
 import javax.jcr.Node as JCRNode
 import javax.jcr.PathNotFoundException
 import javax.jcr.Property as JcrProperty
 import javax.jcr.RepositoryException
 import javax.jcr.nodetype.ItemDefinition
+import org.apache.jackrabbit.commons.flat.TreeTraverser
 import org.apache.jackrabbit.value.DateValue
 
 
 import static org.apache.jackrabbit.JcrConstants.JCR_CREATED
 import static org.apache.jackrabbit.JcrConstants.JCR_LASTMODIFIED
 import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE
+import static org.apache.jackrabbit.commons.flat.TreeTraverser.ErrorHandler
+import static org.apache.jackrabbit.commons.flat.TreeTraverser.InclusionPolicy
+import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.ACE_PROPERTY_NAMES
+import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.AC_NODETYPE_NAMES
+import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.POLICY_NODE_NAMES
 
 @CompileStatic
 @Slf4j
@@ -45,6 +52,7 @@ class JCRNodeDecorator {
 
     //Evaluated in a lazy fashion
     private Collection<JCRNodeDecorator> immediateChildNodes
+    private List<JCRNodeDecorator> childNodeList
 
 
     JCRNodeDecorator(@Nonnull JCRNode node) {
@@ -68,6 +76,19 @@ class JCRNodeDecorator {
     }
 
 
+    List<JCRNodeDecorator> getChildNodeList() {
+        if(!childNodeList) {
+            childNodeList = (getChildNodeIterator().collect { JCRNode node -> new JCRNodeDecorator(node) } ?: []) as List<JCRNodeDecorator>
+        }
+        return childNodeList
+    }
+
+
+    Iterator<JCRNode> getChildNodeIterator() {
+        return TreeTraverser.nodeIterator(innerNode, ErrorHandler.IGNORE, new NoRootInclusionPolicy(this))
+    }
+
+
     void setLastModified() {
         final lastModified = new DateValue(Calendar.instance)
         try {
@@ -89,20 +110,13 @@ class JCRNodeDecorator {
     */
     @Nullable
     Collection<JCRNodeDecorator> getRequiredChildNodes() {
-        return isAuthorizableType() ? getAuthorizablePieceChildren() : getMandatoryChildren()
+        if(isAuthorizableType()){
+            return getChildNodeList().findAll { JCRNodeDecorator childJcrNode -> !childJcrNode.isLoginToken() && !childJcrNode.isACType() }
+        }
+        return getMandatoryChildren()
     }
 
 
-    /**
-     * Some child nodes must be transported with authorizables. This is because authorizable nodes have different UUID names from server to server
-     */
-    @Nonnull
-    private Collection<JCRNodeDecorator> getAuthorizablePieceChildren() {
-        final Collection<JCRNodeDecorator> authorizableParts = getImmediateChildNodes().findAll { JCRNodeDecorator childJcrNode -> childJcrNode.isAuthorizablePart()}
-        //We don't send login tokens, because it's not a great idea from a security perspective; and we have no great way of writing them anyway
-        return authorizableParts.findAll { JCRNodeDecorator childJcrNode -> !childJcrNode.isLoginToken() }
-    }
-
     /**
      * Some nodes must be saved together, per node definition
      */
@@ -174,23 +188,19 @@ class JCRNodeDecorator {
 
 
     /**
-     * Authorizable nodes are unique on each server, so associated profiles, preferences, etc need to be sent with.
-     * @return true if this node is part of an authorizable node conglomerate
+     * Authorizable nodes can be unique from server to server, so associated profiles, preferences, etc need to be sent with.
+     * @return true if this node lives under an authorizable
      */
     boolean isAuthorizablePart() {
-        if(isLoginToken()) {
-            return true
-        }
-        final String resourceType
         try {
-            resourceType = getProperty('sling:resourceType')?.string
-        }
-        catch(PathNotFoundException ex) {
+            JCRNodeDecorator parent = new JCRNodeDecorator(getParent())
+            while(!parent.isAuthorizableType()) {
+                parent = new JCRNodeDecorator(parent.getParent())
+            }
+            return true
+        } catch(PathNotFoundException | ItemNotFoundException ex) {
             return false
         }
-        final String name = innerNode.getName()
-        return (name == 'preferences' && resourceType == 'cq:Preferences') ||
-                (name == 'profile' && resourceType == 'cq/security/components/profile')
     }
 
 
@@ -203,10 +213,14 @@ class JCRNodeDecorator {
         return primaryType == 'rep:User' || primaryType == 'rep:Group'
     }
 
+    boolean isACType() {
+        (AC_NODETYPE_NAMES + ACE_PROPERTY_NAMES + POLICY_NODE_NAMES).contains(primaryType)
+    }
+
 
     boolean isLoginToken() {
         final primaryType = getPrimaryType()
-        return (primaryType == 'rep:Unstructured' && name == '.tokens') || primaryType == 'rep:Token'
+        return (primaryType == 'rep:Unstructured' && name.tokenize('/')[-1] == '.tokens') || primaryType == 'rep:Token'
     }
 
 
@@ -218,4 +232,37 @@ class JCRNodeDecorator {
             super.asType(clazz)
         }
     }
+
+    @Override
+    boolean equals(Object obj) {
+        if (this.is(obj)) return true
+        if (getClass() != obj.class) return false
+
+        JCRNodeDecorator that = (JCRNodeDecorator)obj
+
+        return this.hashCode() == that.hashCode()
+    }
+
+    @Override
+    int hashCode() {
+        return innerNode.getName().hashCode()
+    }
+
+    @CompileStatic
+    private static class NoRootInclusionPolicy implements InclusionPolicy<JCRNode> {
+
+        final JCRNodeDecorator rootNode
+
+        NoRootInclusionPolicy(JCRNode rootNode) {
+            this.rootNode = new JCRNodeDecorator(rootNode)
+        }
+
+
+        @Override
+        boolean include(JCRNode node) {
+            final JCRNodeDecorator candidateNode = new JCRNodeDecorator(node)
+            //Don't include the root, and dont' include mandatory nodes as they are held within their parent
+            return (!rootNode.equals(candidateNode)) && (!candidateNode.isMandatoryNode())
+        }
+    }
 }

src/main/groovy/com/twcable/grabbit/server/batch/steps/jcrnodes/JcrNodesProcessor.groovy

@@ -50,7 +50,7 @@ class JcrNodesProcessor implements ItemProcessor<JcrNode, ProtoNode> {
         JCRNodeDecorator decoratedNode = new JCRNodeDecorator(jcrNode)
 
         //TODO: Access Control Lists nodes are not supported right now.
-        if (decoratedNode.path.contains("rep:policy")) {
+        if (decoratedNode.isACType()) {
             log.info "Ignoring current node ${decoratedNode.innerNode}"
             return null
         }

src/test/groovy/com/twcable/grabbit/jcr/AuthorizableProtoNodeDecoratorSpec.groovy

@@ -43,7 +43,7 @@ class AuthorizableProtoNodeDecoratorSpec extends Specification {
 
     AuthorizableProtoNodeDecorator theProtoNodeDecorator(boolean forUser, boolean hasProfile, boolean hasPreferences, Closure configuration = null){
         ProtoNodeBuilder nodeBuilder = ProtoNode.newBuilder()
-        nodeBuilder.setName(forUser ? "user1" : "group1")
+        nodeBuilder.setName(forUser ? "/home/users/u/user1" : "/home/groups/g/group1")
 
         ProtoProperty primaryTypeProperty = ProtoProperty
                 .newBuilder()
@@ -91,15 +91,15 @@ class AuthorizableProtoNodeDecoratorSpec extends Specification {
         nodeBuilder.addProperties(authorizableCategory)
         if(hasPreferences) {
             ProtoNode preferenceNode = ProtoNode.newBuilder()
-                .setName('preferences')
+                .setName("${nodeBuilder.getName()}/preferences")
                 .addProperties(simplePrimaryType)
                 .build()
             nodeBuilder.addMandatoryChildNode(preferenceNode)
         }
         if(hasProfile) {
             ProtoNode profileNode = ProtoNode
                 .newBuilder()
-                .setName('profile')
+                .setName("${nodeBuilder.getName()}/profile")
                 .addProperties(simplePrimaryType)
                 .build()
             nodeBuilder.addMandatoryChildNode(profileNode)
@@ -276,24 +276,24 @@ class AuthorizableProtoNodeDecoratorSpec extends Specification {
         when:
         final node = Mock(Node) {
             getProperty(JCR_PRIMARYTYPE) >> Mock(Property) {
-                it.getString() >> 'rep:Group'
+                it.getString() >> 'rep:User'
             }
             getProperties() >> Mock(PropertyIterator) {
                 it.toList() >> []
             }
         }
         final session = Mock(Session) {
-            it.getNode('/authpath') >> node
+            it.getNode('/home/users/u/newuser') >> node
         }
         final protoNodeDecorator = theProtoNodeDecorator(false, exists, false) {
             it.getSecurityManager() >> null
             it.getUserManager(session) >> Mock(UserManager) {
                 it.getAuthorizable('authorizableID') >> Mock(Authorizable)
                 it.createGroup('authorizableID', _, _) >> Mock(Group) {
-                    it.getPath() >> '/authpath'
+                    it.getPath() >> '/home/users/u/newuser'
                 }
             }
-            (exists ? 1 : 0) * it.createFrom(_ as ProtoNode, '/authpath/profile')  >> Mock(ProtoNodeDecorator)
+            (exists ? 1 : 0) * it.createFrom(_ as ProtoNode, '/home/users/u/newuser/profile')  >> Mock(ProtoNodeDecorator)
         }
 
         then:
@@ -309,24 +309,24 @@ class AuthorizableProtoNodeDecoratorSpec extends Specification {
         when:
         final node = Mock(Node) {
             getProperty(JCR_PRIMARYTYPE) >> Mock(Property) {
-                it.getString() >> 'rep:Group'
+                it.getString() >> 'rep:User'
             }
             getProperties() >> Mock(PropertyIterator) {
                 it.toList() >> []
             }
         }
         final session = Mock(Session) {
-            it.getNode('/authpath') >> node
+            it.getNode('/home/users/u/newuser') >> node
         }
         final protoNodeDecorator = theProtoNodeDecorator(false, false, exists) {
             it.getSecurityManager() >> null
             it.getUserManager(session) >> Mock(UserManager) {
                 it.getAuthorizable('authorizableID') >> Mock(Authorizable)
                 it.createGroup('authorizableID', _, _) >> Mock(Group) {
-                    it.getPath() >> '/authpath'
+                    it.getPath() >> '/home/users/u/newuser'
                 }
             }
-            (exists ? 1 : 0) * it.createFrom(_ as ProtoNode, '/authpath/preferences')  >> Mock(ProtoNodeDecorator)
+            (exists ? 1 : 0) * it.createFrom(_ as ProtoNode, '/home/users/u/newuser/preferences')  >> Mock(ProtoNodeDecorator)
         }
 
         then: