mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-13 17:05:43 +01:00
Migrate verbs to roles if possible
This commit is contained in:
René Pfeuffer
@@ -0,0 +1,15 @@
|
||||
package sonia.scm.repository.xml;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import java.nio.file.Path;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
public class SingleRepositoryUpdateProcessor {
|
||||
|
||||
@Inject
|
||||
private PathBasedRepositoryLocationResolver locationResolver;
|
||||
|
||||
public void doUpdate(BiConsumer<String, Path> forEachRepository) {
|
||||
locationResolver.forAllPaths(forEachRepository);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,143 @@
|
||||
package sonia.scm.repository.update;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.migration.UpdateException;
|
||||
import sonia.scm.migration.UpdateStep;
|
||||
import sonia.scm.plugin.Extension;
|
||||
import sonia.scm.repository.HealthCheckFailure;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.RepositoryPermission;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.xml.SingleRepositoryUpdateProcessor;
|
||||
import sonia.scm.security.SystemRepositoryPermissionProvider;
|
||||
import sonia.scm.version.Version;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Marshaller;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlElementWrapper;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
@Extension
|
||||
public class MigrateVerbsToPermissionRoles extends RepositoryUpdates.RepositoryUpdateType implements UpdateStep {
|
||||
|
||||
public static final Logger LOG = LoggerFactory.getLogger(MigrateVerbsToPermissionRoles.class);
|
||||
|
||||
private final SingleRepositoryUpdateProcessor updateProcessor;
|
||||
private final SystemRepositoryPermissionProvider systemRepositoryPermissionProvider;
|
||||
|
||||
@Inject
|
||||
public MigrateVerbsToPermissionRoles(SingleRepositoryUpdateProcessor updateProcessor, SystemRepositoryPermissionProvider systemRepositoryPermissionProvider) {
|
||||
this.updateProcessor = updateProcessor;
|
||||
this.systemRepositoryPermissionProvider = systemRepositoryPermissionProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doUpdate() {
|
||||
updateProcessor.doUpdate(this::update);
|
||||
}
|
||||
|
||||
void update(String repositoryId, Path path) {
|
||||
LOG.info("updating repository {}", repositoryId);
|
||||
OldRepository oldRepository = readOldRepository(path);
|
||||
Repository newRepository = createNewRepository(oldRepository);
|
||||
writeNewRepository(path, newRepository);
|
||||
}
|
||||
|
||||
private void writeNewRepository(Path path, Repository newRepository) {
|
||||
try {
|
||||
JAXBContext jaxbContext = JAXBContext.newInstance(Repository.class);
|
||||
Marshaller marshaller = jaxbContext.createMarshaller();
|
||||
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
|
||||
marshaller.marshal(newRepository, path.resolve("metadata.xml").toFile());
|
||||
} catch (JAXBException e) {
|
||||
throw new UpdateException("could not read old repository structure", e);
|
||||
}
|
||||
}
|
||||
|
||||
private OldRepository readOldRepository(Path path) {
|
||||
try {
|
||||
JAXBContext jaxbContext = JAXBContext.newInstance(OldRepository.class);
|
||||
return (OldRepository) jaxbContext.createUnmarshaller().unmarshal(path.resolve("metadata.xml").toFile());
|
||||
} catch (JAXBException e) {
|
||||
throw new UpdateException("could not read old repository structure", e);
|
||||
}
|
||||
}
|
||||
|
||||
private Repository createNewRepository(OldRepository oldRepository) {
|
||||
Repository repository = new Repository(
|
||||
oldRepository.id,
|
||||
oldRepository.type,
|
||||
oldRepository.namespace,
|
||||
oldRepository.name,
|
||||
oldRepository.contact,
|
||||
oldRepository.description,
|
||||
oldRepository.permissions.stream().map(this::updatePermission).toArray(RepositoryPermission[]::new)
|
||||
);
|
||||
repository.setCreationDate(oldRepository.creationDate);
|
||||
repository.setHealthCheckFailures(oldRepository.healthCheckFailures);
|
||||
repository.setLastModified(oldRepository.lastModified);
|
||||
repository.setPublicReadable(oldRepository.publicReadable);
|
||||
repository.setArchived(oldRepository.archived);
|
||||
return repository;
|
||||
}
|
||||
|
||||
private RepositoryPermission updatePermission(RepositoryPermission repositoryPermission) {
|
||||
return findMatchingRole(repositoryPermission.getVerbs())
|
||||
.map(roleName -> copyRepositoryPermissionWithRole(repositoryPermission, roleName))
|
||||
.orElse(repositoryPermission);
|
||||
}
|
||||
|
||||
private RepositoryPermission copyRepositoryPermissionWithRole(RepositoryPermission repositoryPermission, String roleName) {
|
||||
return new RepositoryPermission(repositoryPermission.getName(), roleName, repositoryPermission.isGroupPermission());
|
||||
}
|
||||
|
||||
private Optional<String> findMatchingRole(Collection<String> verbs) {
|
||||
return systemRepositoryPermissionProvider.availableRoles()
|
||||
.stream()
|
||||
.filter(r -> roleMatchesVerbs(verbs, r))
|
||||
.map(RepositoryRole::getName)
|
||||
.findFirst();
|
||||
}
|
||||
|
||||
private boolean roleMatchesVerbs(Collection<String> verbs, RepositoryRole r) {
|
||||
return verbs.size() == r.getVerbs().size() && r.getVerbs().containsAll(verbs);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Version getTargetVersion() {
|
||||
return Version.parse("1");
|
||||
}
|
||||
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
@XmlRootElement(name = "repositories")
|
||||
private static class OldRepository {
|
||||
private String contact;
|
||||
private Long creationDate;
|
||||
private String description;
|
||||
@XmlElement(name = "healthCheckFailure")
|
||||
@XmlElementWrapper(name = "healthCheckFailures")
|
||||
private List<HealthCheckFailure> healthCheckFailures;
|
||||
private String id;
|
||||
private Long lastModified;
|
||||
private String namespace;
|
||||
private String name;
|
||||
@XmlElement(name = "permission")
|
||||
private final Set<RepositoryPermission> permissions = new HashSet<>();
|
||||
@XmlElement(name = "public")
|
||||
private boolean publicReadable = false;
|
||||
private boolean archived = false;
|
||||
private String type;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
package sonia.scm.repository.update;
|
||||
|
||||
public class RepositoryUpdates {
|
||||
|
||||
static class RepositoryUpdateType {
|
||||
public String getAffectedDataType() {
|
||||
return "repository";
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -25,7 +25,7 @@ import java.util.Set;
|
||||
import static java.util.Collections.unmodifiableCollection;
|
||||
import static java.util.stream.Collectors.toList;
|
||||
|
||||
class SystemRepositoryPermissionProvider {
|
||||
public class SystemRepositoryPermissionProvider {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(SystemRepositoryPermissionProvider.class);
|
||||
private static final String REPOSITORY_PERMISSION_DESCRIPTOR = "META-INF/scm/repository-permissions.xml";
|
||||
|
||||
@@ -0,0 +1,76 @@
|
||||
package sonia.scm.repository.update;
|
||||
|
||||
import com.google.common.io.Resources;
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.junitpioneer.jupiter.TempDirectory;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.xml.SingleRepositoryUpdateProcessor;
|
||||
import sonia.scm.security.SystemRepositoryPermissionProvider;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.doAnswer;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@ExtendWith(TempDirectory.class)
|
||||
class MigrateVerbsToPermissionRolesTest {
|
||||
|
||||
private static final String EXISTING_REPOSITORY_ID = "id";
|
||||
|
||||
@Mock
|
||||
private SingleRepositoryUpdateProcessor singleRepositoryUpdateProcessor;
|
||||
@Mock
|
||||
private SystemRepositoryPermissionProvider systemRepositoryPermissionProvider;
|
||||
|
||||
@InjectMocks
|
||||
private MigrateVerbsToPermissionRoles migration;
|
||||
|
||||
@BeforeEach
|
||||
void init(@TempDirectory.TempDir Path tempDir) throws IOException {
|
||||
URL metadataUrl = Resources.getResource("sonia/scm/repository/update/metadataWithoutRoles.xml");
|
||||
Files.copy(metadataUrl.openStream(), tempDir.resolve("metadata.xml"));
|
||||
doAnswer(invocation -> {
|
||||
((BiConsumer<String, Path>) invocation.getArgument(0)).accept(EXISTING_REPOSITORY_ID, tempDir);
|
||||
return null;
|
||||
}).when(singleRepositoryUpdateProcessor).doUpdate(any());
|
||||
when(systemRepositoryPermissionProvider.availableRoles()).thenReturn(Collections.singletonList(new RepositoryRole("ROLE", asList("read", "write"), "")));
|
||||
}
|
||||
|
||||
@Test
|
||||
void x(@TempDirectory.TempDir Path tempDir) throws IOException {
|
||||
migration.doUpdate();
|
||||
|
||||
List<String> newMetadata = Files.readAllLines(tempDir.resolve("metadata.xml"));
|
||||
Assertions.assertThat(newMetadata.stream().map(String::trim)).
|
||||
containsSubsequence(
|
||||
"<groupPermission>false</groupPermission>",
|
||||
"<name>user</name>",
|
||||
"<role>ROLE</role>"
|
||||
)
|
||||
.containsSubsequence(
|
||||
"<groupPermission>true</groupPermission>",
|
||||
"<name>group</name>",
|
||||
"<verb>special</verb>"
|
||||
)
|
||||
.doesNotContain(
|
||||
"<verb>read</verb>",
|
||||
"<verb>write</verb>"
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<repositories>
|
||||
<properties/>
|
||||
<contact>ich@du.er</contact>
|
||||
<creationDate>1557729536519</creationDate>
|
||||
<description/>
|
||||
<id>B3RQKYNzo2</id>
|
||||
<lastModified>1557825677782</lastModified>
|
||||
<namespace>scmadmin</namespace>
|
||||
<name>git</name>
|
||||
<permission>
|
||||
<groupPermission>false</groupPermission>
|
||||
<name>user</name>
|
||||
<verb>read</verb>
|
||||
<verb>write</verb>
|
||||
</permission>
|
||||
<permission>
|
||||
<groupPermission>true</groupPermission>
|
||||
<name>group</name>
|
||||
<verb>special</verb>
|
||||
</permission>
|
||||
<public>false</public>
|
||||
<archived>false</archived>
|
||||
<type>git</type>
|
||||
</repositories>
|
||||
Reference in New Issue
Block a user