fix migration with unknown permissions

2025-11-13 00:45:44 +01:00 · 2019-07-18 12:17:20 +02:00
parent 0840109d56
commit a4cb2f7caa
3 changed files with 75 additions and 43 deletions
--- a/scm-webapp/src/main/java/sonia/scm/update/security/XmlSecurityV1UpdateStep.java
+++ b/scm-webapp/src/main/java/sonia/scm/update/security/XmlSecurityV1UpdateStep.java
@@ -23,6 +23,8 @@ import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.List;
 import java.util.function.Consumer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 import static java.util.Optional.ofNullable;
 import static sonia.scm.version.Version.parse;
@@ -30,6 +32,8 @@ import static sonia.scm.version.Version.parse;
@Extension
 public class XmlSecurityV1UpdateStep implements UpdateStep {

+  private static final Pattern v1PermissionPattern = Pattern.compile("^repository:\\*:(READ|WRITE|OWNER)$");
+
  private static final Logger LOG = LoggerFactory.getLogger(XmlSecurityV1UpdateStep.class);

  private final SCMContextProvider contextProvider;
@@ -63,11 +67,21 @@ public class XmlSecurityV1UpdateStep implements UpdateStep {
    V1Security v1Security = (V1Security) jaxbContext.createUnmarshaller().unmarshal(v1SecurityFile.toFile());

    v1Security.entries.forEach(assignedPermission -> {
+      Matcher matcher = v1PermissionPattern.matcher(assignedPermission.value.permission);
+      if (matcher.matches()) {
+        String newPermission = convertRole(matcher.group(1));
+        securityStore.put(new AssignedPermission(
+          assignedPermission.value.name,
+          Boolean.parseBoolean(assignedPermission.value.groupPermission),
+          newPermission
+        ));
+      }
+    });
+  }

-      String newPermission = "";
-      if (assignedPermission.value.permission != null && !assignedPermission.value.permission.isEmpty()) {
-        String[] splitPermission = assignedPermission.value.permission.split(":");
-        switch(splitPermission[2]) {
+  private String convertRole(String role) {
+    String newPermission;
+    switch (role) {
      case "OWNER":
        newPermission = "repository:*";
        break;
@@ -76,15 +90,11 @@ public class XmlSecurityV1UpdateStep implements UpdateStep {
        break;
      case "READ":
        newPermission = "repository:read,pull:*";
+        break;
+      default:
+        newPermission = "";
    }
-      }
-
-      securityStore.put(new AssignedPermission(
-        assignedPermission.value.name,
-        Boolean.parseBoolean(assignedPermission.value.groupPermission),
-        newPermission
-      ));
-    });
+    return newPermission;
  }

  private void forAllAdmins(Consumer<String> userConsumer, Consumer<String> groupConsumer) throws JAXBException {
--- a/scm-webapp/src/test/java/sonia/scm/update/security/XmlSecurityV1UpdateStepTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/update/security/XmlSecurityV1UpdateStepTest.java
@@ -56,13 +56,6 @@ class XmlSecurityV1UpdateStepTest {
      copyTestDatabaseFile(configDir, "config.xml");
    }

-    @BeforeEach
-    void createSecurityV1XML(@TempDirectory.TempDir Path tempDir) throws IOException {
-      Path configDir = tempDir.resolve("config");
-      Files.createDirectories(configDir);
-      copyTestDatabaseFile(configDir, "securityV1.xml");
-    }
-
    @Test
    void shouldCreatePermissionForUsersConfiguredAsAdmin() throws JAXBException {
      updateStep.doUpdate();
@@ -89,6 +82,18 @@ class XmlSecurityV1UpdateStepTest {
      assertThat(assignedPermission).contains("admins", "vogons");
    }

+  }
+
+  @Nested
+  class WithExistingSecurityXml {
+
+    @BeforeEach
+    void createSecurityV1XML(@TempDirectory.TempDir Path tempDir) throws IOException {
+      Path configDir = tempDir.resolve("config");
+      Files.createDirectories(configDir);
+      copyTestDatabaseFile(configDir, "securityV1.xml");
+    }
+
    @Test
    void shouldMapV1PermissionsFromSecurityV1XML() throws JAXBException {
      updateStep.doUpdate();
@@ -101,6 +106,7 @@ class XmlSecurityV1UpdateStepTest {
      assertThat(assignedPermission).contains("scmadmin");
      assertThat(assignedPermission).contains("test");
    }
+
  }

  private void copyTestDatabaseFile(Path configDir, String fileName) throws IOException {
--- a/scm-webapp/src/test/resources/sonia/scm/update/security/securityV1.xml
+++ b/scm-webapp/src/test/resources/sonia/scm/update/security/securityV1.xml
@@ -16,4 +16,20 @@
      <permission>repository:*:OWNER</permission>
    </value>
  </entry>
+  <entry>
+    <key>CfRWOAANM2</key>
+    <value>
+      <group-permission>true</group-permission>
+      <name>test</name>
+      <permission>invalid:permission</permission>
+    </value>
+  </entry>
+  <entry>
+    <key>CfRWOAANM2</key>
+    <value>
+      <group-permission>true</group-permission>
+      <name>test</name>
+      <permission>repository:*:STRANGE</permission>
+    </value>
+  </entry>
 </configuration>