Merge branch 'release/1.8.0'

README.md

@@ -7,7 +7,7 @@ The Access Control Tool for Adobe Experience Manager (ACTool) is a tool that sim
 
 Building the ACTool requires Java 7 and Maven 3.2.
 
-Installing ACTool requires CQ5.6/AEM 6.0/AEM 6.1.
+Installing ACTool requires CQ5.6.1 (min. SP2)/AEM 6.0/AEM 6.1.
 
 # Installation
 
@@ -25,6 +25,15 @@ The package can be installed using the AEM Package Manager or directly from the
 mvn -PautoInstallPackage install
 ```
 
+## AEM6.x/Oak
+
+The `oakindex-package` contains an optimized Oak index to cover all queries being issued by the Access Control Tool. To build (and optionally deploy) the content-package use the Maven profile oakindex. This package is only compatible with Oak and even there it is optional (as it will only speed up queries).
+
+To use the package, run all commands with profile `oakindex`, e.g.
+ ```
+mvn clean install -Poakindex
+ ```
+
 # Configuration File Format
 
 For better human readability and easy editing the ACL configuration files use the YAML format.
@@ -108,7 +117,7 @@ Overall format
      actions: actions string
      privileges: privileges string  
      repGlob: regex    (optional, path restriction as regular expression)
-     initialContent: <jcr:root jcr:primaryType="sling:Folder">   (optional)
+     initialContent: <jcr:root jcr:primaryType="sling:Folder"/>   (optional)
 ```
 
 Only ACEs for groups which are defined in the same configuration file can be installed! This ensures a consistency between the groups and their ACE definitions per configuration file.
@@ -233,6 +242,54 @@ This will create 12 groups:
 * content-BRAND2-MKT2-reader
 * content-BRAND2-MKT2-writer
 
+### Loops derived from content structure (since 1.8.x)
+
+For some use cases it is useful to dynamically derive the list of possible values from the content structure. FOR ... IN CHILDREN OF will loop over the children of the provided path (skipping 'jcr:content' nodes) and provide an object with the properties name, path, primaryType, jcr:content (a map of all properties of the respective node) and title (./jcr:content/jcr:title added to root map for convenience).
+
+```
+- FOR site IN CHILDREN OF /content/myPrj:
+
+    - content-reader-${site.name}:
+       - name: Content Reader ${site.title}
+         isMemberOf: 
+         path: /home/groups/${site.name}
+```
+
+
+### Conditional entries (since 1.8.x)
+
+When looping over content structures, entries can be applied conditionally using the "IF" keyword:
+
+```
+- FOR site IN CHILDREN OF /content/myPrj:
+
+    - content-reader-${site.name}:
+       - name: Content Reader ${site.title}
+         isMemberOf: 
+         path: /home/groups/${site.name}
+
+    IF ${endsWith(site.name,'-master')}:
+        - content-reader-master-${site.name}:
+           - name: Master Content Reader ${site.title}
+             isMemberOf: 
+             path: /home/groups/global
+```
+
+Expressions are evaluated using javax.el expression language. The following utility functions are made available to any EL expression used in yaml:
+
+- split(str,separator) 
+- join(array,separator)
+- subarray(array,startIndexInclusive,endIndexExclusive)
+- upperCase(str) 
+- lowerCase(str) 
+- substringAfter(str,separator) 
+- substringBefore(str,separator) 
+- substringAfterLast(str,separator) 
+- substringBeforeLast(str,separator) 
+- contains(str,fragmentStr) 
+- endsWith(str,fragmentStr) 
+- startsWith(str,fragmentStr) 
+
 ## Validation
 
 First the validation of the different configuration lines is performed based on regular expressions and gets applied while reading the file. Further validation consists of checking paths for existence as well as for double entries, checks for conflicting ACEs (e.g. allow and deny for same actions on same node), checks whether principals are existing under home. If an invalid parameter or aforementioned issue gets detected, the reading gets aborted and an appropriate error message gets append in the installation history and log.

accesscontroltool-bundle/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.7.0</version>
+        <version>1.8.0</version>
     </parent>
 
     <!-- ====================================================================== -->
@@ -23,10 +23,6 @@
     <name>Access Control Tool Bundle</name>
 
     <dependencies>
-        <dependency>
-            <groupId>com.adobe.aem</groupId>
-            <artifactId>aem-api</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.osgi</groupId>
             <artifactId>org.osgi.compendium</artifactId>
@@ -121,13 +117,62 @@
             <artifactId>hamcrest-library</artifactId>
             <version>1.3</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>jackrabbit-jcr-commons</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.settings</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.day.jcr.vault</groupId>
+            <artifactId>com.day.jcr.vault</artifactId>
+        </dependency>
+
+
+        <dependency>
+          <groupId>org.apache.tomcat</groupId>
+          <artifactId>el-api</artifactId>
+          <version>6.0.41</version>
+        </dependency>
+        <dependency>
+          <groupId>org.apache.tomcat</groupId>
+          <artifactId>jasper-el</artifactId>
+          <version>6.0.41</version>
+        </dependency> 
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>1.7.6</version>
+            <scope>test</scope>
+        </dependency>          
+
+        <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>oak-core</artifactId>
+            <version>1.3.9</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <!-- ====================================================================== -->
     <!-- B U I L D D E F I N I T I O N -->
     <!-- ====================================================================== -->
     <build>
         <plugins>
+
+            <plugin>
+              <groupId>org.apache.felix</groupId>
+              <artifactId>maven-bundle-plugin</artifactId>
+              <configuration>
+                <instructions>
+                    <Embed-Dependency>el-api,jasper-el</Embed-Dependency>
+                </instructions>
+
+              </configuration>
+            </plugin>        
             <plugin>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-scr-plugin</artifactId>

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservice/impl/AceServiceImpl.java

@@ -49,7 +49,6 @@
 import biz.netcentric.cq.tools.actool.configreader.ConfigFilesRetriever;
 import biz.netcentric.cq.tools.actool.configreader.ConfigReader;
 import biz.netcentric.cq.tools.actool.configreader.ConfigurationMerger;
-import biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMerger;
 import biz.netcentric.cq.tools.actool.dumpservice.Dumpservice;
 import biz.netcentric.cq.tools.actool.helper.AcHelper;
 import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
@@ -82,6 +81,9 @@ public class AceServiceImpl implements AceService {
     @Reference
     private ConfigReader configReader;
 
+    @Reference
+    private ConfigurationMerger configurationMerger;
+
     @Reference
     private ConfigFilesRetriever configFilesRetriever;
 
@@ -299,7 +301,6 @@ public void installNewConfigurations(Session session,
 
         if (newestConfigurations != null) {
 
-            ConfigurationMerger configurationMerger = new YamlConfigurationMerger();
             List mergedConfigurations = configurationMerger.getMergedConfigurations(newestConfigurations, history, configReader);
 
             installMergedConfigurations(history, session,
@@ -572,11 +573,9 @@ public Set<String> getAllAuthorizablesFromConfig(Session session)
         AcInstallationHistoryPojo history = new AcInstallationHistoryPojo();
         Node rootNode = session.getNode(configurationPath);
         Map<String, String> newestConfigurations = configFilesRetriever.getConfigFileContentFromNode(rootNode);
-        ConfigurationMerger configurationMeger = new YamlConfigurationMerger();
-        List mergedConfigurations = configurationMeger.getMergedConfigurations(
+        List mergedConfigurations = configurationMerger.getMergedConfigurations(
                 newestConfigurations, history, configReader);
-        return ((Map<String, Set<AceBean>>) mergedConfigurations.get(0))
-                .keySet();
+        return ((Map<String, Set<AceBean>>) mergedConfigurations.get(0)).keySet();
     }
 
 }