DHFPROD-3874:Setting document permissions correctly during ingestion

Author: ssambasu

marklogic-data-hub/src/main/java/com/marklogic/hub/step/impl/WriteStepRunner.java

@@ -23,6 +23,8 @@
 import com.marklogic.client.DatabaseClient;
 import com.marklogic.client.datamovement.*;
 import com.marklogic.client.document.ServerTransform;
+import com.marklogic.client.ext.util.DefaultDocumentPermissionsParser;
+import com.marklogic.client.ext.util.DocumentPermissionsParser;
 import com.marklogic.client.io.DocumentMetadataHandle;
 import com.marklogic.client.io.Format;
 import com.marklogic.client.io.InputStreamHandle;
@@ -94,6 +96,7 @@ public class WriteStepRunner implements StepRunner {
     private AtomicBoolean isStopped = new AtomicBoolean(false);
     private IngestionStepDefinitionImpl stepDef;
     private Map<String, Object> stepConfig = new HashMap<>();
+    private DocumentPermissionsParser documentPermissionsParser = new DefaultDocumentPermissionsParser();
 
     public WriteStepRunner(HubConfig hubConfig) {
         this.hubConfig = hubConfig;
@@ -513,7 +516,7 @@ private RunStepResponse runIngester(RunStepResponse runStepResponse, Collection<
         //Apply permissions
         if(StringUtils.isNotEmpty(outputPermissions)) {
             try{
-                applyPermissions(outputPermissions, metadataHandle);
+                documentPermissionsParser.parsePermissions(outputPermissions, metadataHandle.getPermissions());
             }
             catch (Exception e){
                 throw e;
@@ -661,7 +664,7 @@ private void processCsv(JacksonHandle jacksonHandle, File file) {
     private void addToBatcher(File file, Format fileFormat) throws IOException {
         // Coverity is saying that the docStream is a resource leak, but the comment below this indicates that it must
         // not be closed. Because this is for DHFPROD-3695 and we're close to releasing 5.1.0, leaving this as-is for now.
-        
+
         // This docStream must not be closed, or use try-resource due to WriteBatcher needing the stream open
         FileInputStream docStream = new FileInputStream(file);
         //note these ORs are for forward compatibility if we swap out the filecollector for another lib
@@ -707,34 +710,6 @@ private String generateAndEncodeURI(String path) throws  URISyntaxException {
         return uri.toString();
     }
 
-    private void applyPermissions(String permissions, DocumentMetadataHandle metadataHandle) {
-        String[] perms = permissions.split(",");
-        if (perms != null && perms.length > 0) {
-            if (perms.length % 2 != 0) {
-                throw new IllegalArgumentException(
-                    "Permissions are expected to be in <role, capability> pairs.");
-            }
-            int i = 0;
-            while (i + 1 < perms.length) {
-                String roleName = perms[i++];
-                if (roleName == null || roleName.isEmpty()) {
-                    throw new IllegalArgumentException(
-                        "Illegal role name: " + roleName);
-                }
-                String perm = perms[i].trim();
-                if (!DocumentMetadataHandle.Capability.READ.toString().equalsIgnoreCase(perm) &&
-                    !DocumentMetadataHandle.Capability.EXECUTE.toString().equalsIgnoreCase(perm) &&
-                    !DocumentMetadataHandle.Capability.INSERT.toString().equalsIgnoreCase(perm) &&
-                    !DocumentMetadataHandle.Capability.UPDATE.toString().equalsIgnoreCase(perm) &&
-                    !DocumentMetadataHandle.Capability.NODE_UPDATE.toString().equalsIgnoreCase(perm)) {
-                    throw new IllegalArgumentException("Illegal capability: " + perm);
-                }
-                metadataHandle.withPermission(roleName, DocumentMetadataHandle.Capability.getValueOf(perm));
-                i++;
-            }
-        }
-    }
-
     private String outputURIReplace(String uri) {
         if (StringUtils.isNotEmpty(outputURIReplacement)) {
             String[] replace = outputURIReplacement.split(",");

marklogic-data-hub/src/test/java/com/marklogic/hub/flow/FlowRunnerTest.java

@@ -18,8 +18,10 @@
 
 import com.marklogic.bootstrap.Installer;
 import com.marklogic.client.DatabaseClient;
+import com.marklogic.client.document.XMLDocumentManager;
 import com.marklogic.client.eval.EvalResult;
 import com.marklogic.client.eval.EvalResultIterator;
+import com.marklogic.client.io.DocumentMetadataHandle;
 import com.marklogic.client.io.StringHandle;
 import com.marklogic.hub.ApplicationConfig;
 import com.marklogic.hub.HubConfig;
@@ -99,6 +101,11 @@ public void testRunFlow(){
         Assertions.assertTrue(getDocCount(HubConfig.DEFAULT_FINAL_NAME, "json-map") == 1);
         Assertions.assertTrue(getDocCount(HubConfig.DEFAULT_FINAL_NAME, "xml-map") == 1);
         Assertions.assertTrue(JobStatus.FINISHED.toString().equalsIgnoreCase(resp.getJobStatus()));
+        XMLDocumentManager docMgr = stagingClient.newXMLDocumentManager();
+        DocumentMetadataHandle metadataHandle = new DocumentMetadataHandle();
+        docMgr.readMetadata("/ingest-xml.xml", metadataHandle);
+        DocumentMetadataHandle.DocumentPermissions perms = metadataHandle.getPermissions();
+        Assertions.assertEquals(2, perms.get("flow-developer-role").size());
         Assertions.assertNotNull(resp.getUser());
         Assertions.assertNotNull(resp.getStartTime());
         Assertions.assertNotNull(resp.getEndTime());

marklogic-data-hub/src/test/resources/flow-runner-test/flows/testFlow.flow.json

@@ -18,6 +18,7 @@
       "threadCount" : null,
       "options": {
         "outputFormat": "xml",
+        "permissions": "flow-developer-role,read,flow-developer-role,update",
         "collections": ["xml-coll"]
       }
     },