#215 Can now create roles with permissions that refer to itself and non-created roles

Author: rjrudin

src/main/java/com/marklogic/appdeployer/command/AbstractCommand.java

@@ -133,13 +133,27 @@ protected String copyFileToString(File f, CommandContext context) {
     protected SaveReceipt saveResource(ResourceManager mgr, CommandContext context, File f) {
 		String payload = copyFileToString(f, context);
 		mgr = adjustResourceManagerForPayload(mgr, context, payload);
+		payload = adjustPayloadBeforeSavingResource(mgr, context, f, payload);
         SaveReceipt receipt = mgr.save(payload);
         if (storeResourceIdsAsCustomTokens) {
             storeTokenForResourceId(receipt, context);
         }
         return receipt;
     }
 
+	/**
+	 * Allow subclass to override this in order to fiddle with the payload before it's saved; called by saveResource.
+	 *
+	 * @param mgr
+	 * @param context
+	 * @param f
+	 * @param payload
+	 * @return
+	 */
+    protected String adjustPayloadBeforeSavingResource(ResourceManager mgr, CommandContext context, File f, String payload) {
+    	return payload;
+    }
+
 	/**
 	 * A subclass can override this when the ResourceManager needs to be adjusted based on data in the payload.
 	 *

src/main/java/com/marklogic/appdeployer/command/security/DeployRolesCommand.java

@@ -1,106 +1,61 @@
 package com.marklogic.appdeployer.command.security;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.marklogic.appdeployer.command.AbstractResourceCommand;
 import com.marklogic.appdeployer.command.CommandContext;
 import com.marklogic.appdeployer.command.SortOrderConstants;
-import com.marklogic.mgmt.PayloadParser;
-import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.api.API;
 import com.marklogic.mgmt.api.security.Role;
+import com.marklogic.mgmt.mapper.DefaultResourceMapper;
+import com.marklogic.mgmt.mapper.ResourceMapper;
+import com.marklogic.mgmt.resource.ResourceManager;
 import com.marklogic.mgmt.resource.security.RoleManager;
-import com.marklogic.rest.util.Fragment;
 
 import java.io.File;
-import java.util.*;
 
 public class DeployRolesCommand extends AbstractResourceCommand {
 
-	private int maxSortAttempts = 100;
+	// Used internally
+	private boolean removeRolesAndPermissionsDuringDeployment = false;
+	private ResourceMapper resourceMapper;
 
 	public DeployRolesCommand() {
 		setExecuteSortOrder(SortOrderConstants.DEPLOY_ROLES);
 		setUndoSortOrder(SortOrderConstants.DELETE_ROLES);
 	}
 
 	/**
-	 * Overriding this so we can list the files based on role dependencies.
+	 * The set of roles is processed twice. The first time, the roles are saved without any permissions or dependent roles.
+	 * This is to avoid issues where the roles depend on each other or on themselves. The second time, the roles are
+	 * saved with permissions and dependent roles, which is guaranteed to work now that the roles have all been created.
 	 *
-	 * @param dir
-	 * @return
+	 * @param context
 	 */
 	@Override
-	protected File[] listFilesInDirectory(File dir, CommandContext context) {
-		File[] files = super.listFilesInDirectory(dir);
-
-		if (context.getAppConfig().isSortRolesByDependencies() && files != null && files.length > 0) {
-			if (logger.isInfoEnabled()) {
-				logger.info("Sorting role files by role dependencies");
-			}
-			List<RoleFile> roleFiles = sortFilesBasedOnRoleDependencies(files, context);
-			files = new File[files.length];
-			for (int i = 0; i < roleFiles.size(); i++) {
-				files[i] = roleFiles.get(i).file;
-			}
+	public void execute(CommandContext context) {
+		removeRolesAndPermissionsDuringDeployment = true;
+		if (logger.isInfoEnabled()) {
+			logger.info("Deploying roles without any permissions or dependent roles");
 		}
-
-		return files;
+		super.execute(context);
+		if (logger.isInfoEnabled()) {
+			logger.info("Deploying roles with permissions and dependent roles");
+		}
+		removeRolesAndPermissionsDuringDeployment = false;
+		super.execute(context);
 	}
 
-	protected List<RoleFile> sortFilesBasedOnRoleDependencies(File[] files, CommandContext context) {
-		List<RoleFile> roleFiles = new ArrayList<>();
-		if (files == null || files.length < 1) {
-			return roleFiles;
-		}
-		PayloadParser parser = new PayloadParser();
-		for (File f : files) {
-			RoleFile rf = new RoleFile(f);
-			String payload = copyFileToString(f, context);
-			if (parser.isJsonPayload(payload)) {
-				JsonNode json = parser.parseJson(payload);
-				rf.role.setRoleName(json.get("role-name").asText());
-				if (json.has("role")) {
-					ArrayNode roles = (ArrayNode) json.get("role");
-					Iterator<JsonNode> iter = roles.elements();
-					while (iter.hasNext()) {
-						rf.role.getRole().add(iter.next().asText());
-					}
-				}
-			} else {
-				Fragment frag = new Fragment(payload);
-				rf.role.setRoleName(frag.getElementValue("/node()/m:role-name"));
-				rf.role.setRole(frag.getElementValues("/node()/m:roles/m:role"));
+	@Override
+	protected String adjustPayloadBeforeSavingResource(ResourceManager mgr, CommandContext context, File f, String payload) {
+		if (removeRolesAndPermissionsDuringDeployment) {
+			if (resourceMapper == null) {
+				API api = new API(context.getManageClient(), context.getAdminManager());
+				resourceMapper = new DefaultResourceMapper(api);
 			}
-			roleFiles.add(rf);
+			Role role = resourceMapper.readResource(payload, Role.class);
+			role.clearPermissionsAndRoles();
+			return role.getJson();
 		}
-
-		return keepSortingRoleFilesUntilOrderDoesntChange(roleFiles);
-	}
-
-	/**
-	 * Some sets of role files require multiple sorts until the order no longer changes. The maxSortAttempts class
-	 * attribute controls how many times this command will try to sort the roles.
-	 *
-	 * @param roleFiles
-	 * @return
-	 */
-	protected List<RoleFile> keepSortingRoleFilesUntilOrderDoesntChange(List<RoleFile> roleFiles) {
-		List<RoleFile> previousRoleFiles;
-		int counter = 0;
-		do {
-			previousRoleFiles = roleFiles;
-			roleFiles = new ArrayList<>();
-			roleFiles.addAll(previousRoleFiles);
-			roleFiles = sortRoleFiles(roleFiles);
-			counter++;
-		} while (!previousRoleFiles.equals(roleFiles) && counter < maxSortAttempts);
-		return roleFiles;
-	}
-
-	protected List<RoleFile> sortRoleFiles(List<RoleFile> roleFiles) {
-		RoleFileComparator comparator = new RoleFileComparator(roleFiles);
-		Collections.sort(roleFiles, comparator);
-		return roleFiles;
+		return payload;
 	}
 
 	protected File[] getResourceDirs(CommandContext context) {
@@ -111,104 +66,5 @@ protected File[] getResourceDirs(CommandContext context) {
 	protected ResourceManager getResourceManager(CommandContext context) {
 		return new RoleManager(context.getManageClient());
 	}
-
-	public void setMaxSortAttempts(int maxSortAttempts) {
-		this.maxSortAttempts = maxSortAttempts;
-	}
-}
-
-/**
- * Simple data structure for associating a File that defines a role, and the parsed Role that is used for
- * sorting the role files.
- */
-class RoleFile {
-
-	File file;
-	Role role;
-
-	public RoleFile(File file) {
-		this.file = file;
-		this.role = new Role();
-		this.role.setRole(new ArrayList<String>());
-	}
-
-	@Override
-	public int hashCode() {
-		return role.getRoleName().hashCode();
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		return role.getRoleName().equals(((RoleFile)obj).role.getRoleName());
-	}
 }
 
-/**
- * This comparator is designed to handle a scenario where two roles are next to each other, but they don't have any
- * dependencies in common, nor does one depend on the other. In this scenario, we need to know which role has a
- * dependency on a role furthest to the end of the list of roles. In order to know that, we first build up a data
- * structure that tracks the highest position of a dependency in the list of roles for each role.
- */
-class RoleFileComparator implements Comparator<RoleFile> {
-
-	private Map<String, Integer> highestDependencyPositionMap;
-
-	public RoleFileComparator(List<RoleFile> roleFiles) {
-		Map<String, Integer> rolePositions = new HashMap<>();
-		for (int i = 0; i < roleFiles.size(); i++) {
-			rolePositions.put(roleFiles.get(i).role.getRoleName(), i);
-		}
-
-		highestDependencyPositionMap = new HashMap<>();
-		for (RoleFile rf : roleFiles) {
-			String roleName = rf.role.getRoleName();
-			int highest = -1;
-			for (String role : rf.role.getRole()) {
-				if (rolePositions.containsKey(role)) {
-					int pos = rolePositions.get(role);
-					if (pos > highest) {
-						highest = pos;
-					}
-				}
-			}
-			highestDependencyPositionMap.put(roleName, highest);
-		}
-	}
-
-	@Override
-	public int compare(RoleFile o1, RoleFile o2) {
-		if (o1.role.getRole().isEmpty() && o2.role.getRole().isEmpty()) {
-			return 0;
-		}
-		if (o1.role.getRole().isEmpty()) {
-			return -1;
-		}
-		if (o2.role.getRole().isEmpty()) {
-			return 1;
-		}
-		if (o2.role.getRole().contains(o1.role.getRoleName())) {
-			return -1;
-		}
-		if (o1.role.getRole().contains(o2.role.getRoleName())) {
-			return 1;
-		}
-
-		/**
-		 * If the roles aren't dependent on each other, then we want to base this on which role has a dependency further
-		 * to the right.
-		 */
-		int o1Pos = highestDependencyPositionMap.get(o1.role.getRoleName());
-		int o2Pos = highestDependencyPositionMap.get(o2.role.getRoleName());
-		if (o1Pos > o2Pos) {
-			return 1;
-		}
-		if (o2Pos > o1Pos) {
-			return -1;
-		}
-
-		/**
-		 * This would be for two roles that depend on the same other role.
-		 */
-		return 0;
-	}
-}

src/main/java/com/marklogic/mgmt/api/security/Role.java

@@ -55,10 +55,23 @@ public Role(API api, String roleName) {
 		this.roleName = roleName;
 	}
 
+	public void clearPermissionsAndRoles() {
+		if (role != null) {
+			role.clear();
+		}
+		if (permission != null) {
+			permission.clear();
+		}
+	}
+
 	public boolean hasPermissionWithOwnRoleName() {
-		if (permission != null && roleName != null) {
+		return hasPermissionWithRoleName(this.roleName);
+	}
+
+	public boolean hasPermissionWithRoleName(String someRoleName) {
+		if (permission != null && someRoleName != null) {
 			for (Permission perm : permission) {
-				if (roleName.equals(perm.getRoleName())) {
+				if (someRoleName.equals(perm.getRoleName())) {
 					return true;
 				}
 			}

src/test/java/com/marklogic/appdeployer/command/security/DeployRolesWithDependenciesTest.java

@@ -1,31 +1,42 @@
 package com.marklogic.appdeployer.command.security;
 
 import com.marklogic.appdeployer.AbstractAppDeployerTest;
-import com.marklogic.appdeployer.command.CommandContext;
 import com.marklogic.mgmt.resource.security.RoleManager;
 import org.junit.Test;
 
 import java.io.File;
 
+/**
+ * Each of these tests verifies that the roles in the given config dir can be deployed successfully based on their
+ * dependencies with one another.
+ */
 public class DeployRolesWithDependenciesTest extends AbstractAppDeployerTest {
 
+	@Test
+	public void roleWithPermissions() {
+		appConfig.getConfigDir().setBaseDir(new File("src/test/resources/sample-app/roles-with-permissions"));
+
+		initializeAppDeployer(new DeployRolesCommand());
+		try {
+			deploySampleApp();
+		} finally {
+			undeploySampleApp();
+		}
+	}
+
 	/**
 	 * This scenario has a mix of XML/JSON files (to verify that we parse each correctly) and a big jumble of roles.
 	 */
 	@Test
 	public void testSorting() {
 		appConfig.getConfigDir().setBaseDir(new File("src/test/resources/sample-app/roles-with-dependencies"));
 
-		DeployRolesCommand command = new DeployRolesCommand();
-		File[] files = command.listFilesInDirectory(appConfig.getConfigDir().getRolesDir(),
-			new CommandContext(appConfig, manageClient, null));
-
-		assertEquals("role3.json", files[0].getName());
-		assertEquals("role2.xml", files[1].getName());
-		assertEquals("role1.json", files[2].getName());
-		assertEquals("role4.xml", files[3].getName());
-		assertEquals("role5.json", files[4].getName());
-		assertEquals("role0.json", files[5].getName());
+		initializeAppDeployer(new DeployRolesCommand());
+		try {
+			deploySampleApp();
+		} finally {
+			undeploySampleApp();
+		}
 	}
 
 	/**
@@ -36,19 +47,12 @@ public void testSorting() {
 	public void testEvenMoreRoles() {
 		appConfig.getConfigDir().setBaseDir(new File("src/test/resources/sample-app/even-more-roles-with-dependencies"));
 
-		DeployRolesCommand command = new DeployRolesCommand();
-		File[] files = command.listFilesInDirectory(appConfig.getConfigDir().getRolesDir(),
-			new CommandContext(appConfig, manageClient, null));
-
-		assertEquals("abc-login-role.json", files[0].getName());
-		assertEquals("abc-ui-developer.json", files[1].getName());
-		assertEquals("xyz-reader.json", files[2].getName());
-		assertEquals("xyz-writer.json", files[3].getName());
-		assertEquals("xyz-admin.json", files[4].getName());
-		assertEquals("abc-sss-ui-role.json", files[5].getName());
-		assertEquals("abc-ui-offline-user.json", files[6].getName());
-		assertEquals("abc-ui-offline-admin.json", files[7].getName());
-		assertEquals("abc-ui-admin.json", files[8].getName());
+		initializeAppDeployer(new DeployRolesCommand());
+		try {
+			deploySampleApp();
+		} finally {
+			undeploySampleApp();
+		}
 	}
 
 	/**
@@ -59,14 +63,12 @@ public void testEvenMoreRoles() {
 	public void anotherSortingTest() {
 		appConfig.getConfigDir().setBaseDir(new File("src/test/resources/sample-app/more-roles-with-dependencies"));
 
-		DeployRolesCommand command = new DeployRolesCommand();
-		File[] files = command.listFilesInDirectory(appConfig.getConfigDir().getRolesDir(),
-			new CommandContext(appConfig, manageClient, null));
-
-		assertEquals("role0.json", files[0].getName());
-		assertEquals("role2.json", files[1].getName());
-		assertEquals("role3.json", files[2].getName());
-		assertEquals("role1.json", files[3].getName());
+		initializeAppDeployer(new DeployRolesCommand());
+		try {
+			deploySampleApp();
+		} finally {
+			undeploySampleApp();
+		}
 	}
 
 	@Test