More progress

Author: Jeff Bornemann

src/main/groovy/com/twcable/grabbit/client/batch/steps/jcrnodes/JcrNodesWriter.groovy

@@ -90,12 +90,6 @@ class JcrNodesWriter implements ItemWriter<ProtoNode>, ItemWriteListener {
     private static void writeToJcr(ProtoNode nodeProto, Session session) {
         JcrNodeDecorator jcrNode = ProtoNodeDecorator.createFrom(nodeProto).writeToJcr(session)
         jcrNode.setLastModified()
-        // This will processed all mandatory child nodes only
-        if(nodeProto.mandatoryChildNodeList && nodeProto.mandatoryChildNodeList.size() > 0) {
-            for(ProtoNode childNode: nodeProto.mandatoryChildNodeList) {
-                writeToJcr(childNode, session)
-            }
-        }
     }
 
     private Session theSession() {

src/main/groovy/com/twcable/grabbit/jcr/AuthorizableProtoNodeDecorator.groovy

@@ -3,20 +3,21 @@ package com.twcable.grabbit.jcr
 import com.twcable.grabbit.proto.NodeProtos.Node as ProtoNode
 import com.twcable.grabbit.security.AuthorizablePrincipal
 import com.twcable.grabbit.security.InsufficientGrabbitPrivilegeException
+import com.twcable.grabbit.util.CryptoUtil
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
+import java.lang.reflect.Field
+import java.lang.reflect.Method
+import java.lang.reflect.ReflectPermission
+import javax.annotation.Nonnull
+import javax.jcr.Session
 import org.apache.jackrabbit.api.security.user.Authorizable
+import org.apache.jackrabbit.api.security.user.Group
 import org.apache.jackrabbit.api.security.user.User
 import org.apache.jackrabbit.api.security.user.UserManager
 import org.apache.jackrabbit.value.StringValue
 import org.apache.sling.jcr.base.util.AccessControlUtil
 
-import javax.annotation.Nonnull
-import javax.jcr.Session
-import java.lang.reflect.Field
-import java.lang.reflect.Method
-import java.lang.reflect.ReflectPermission
-
 /*
  * Copyright 2015 Time Warner Cable, Inc.
  *
@@ -59,9 +60,10 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
             authorizable = createNewAuthorizable(session)
         }
         else {
-            updateAuthorizable(authorizable, session)
+            authorizable = updateAuthorizable(authorizable, session)
         }
-        session.save()
+        updateProfile(authorizable, session)
+        updatePreferences(authorizable, session)
         return new JcrNodeDecorator(session.getNode(authorizable.getPath()))
     }
 
@@ -73,7 +75,8 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
         final UserManager userManager = getUserManager(session)
         if(isUserType()) {
             //We set a temporary password for now, and then set the real password later in setPasswordForUser(). See the method for why.
-            final newUser = userManager.createUser(authorizableID, 'temp', new AuthorizablePrincipal(authorizableID), getIntermediateAuthorizablePath())
+            final newUser = userManager.createUser(authorizableID, Long.toString(CryptoUtil.generateNextId()), new AuthorizablePrincipal(authorizableID), getIntermediateAuthorizablePath())
+            session.save()
             //This is a special protected property for disabling user access
             if(hasProperty('rep:disabled')) {
                 newUser.disable(getStringValueFrom('rep:disabled'))
@@ -83,27 +86,55 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
             if(hasProperty(authorizableCategory)) {
                 newUser.setProperty(authorizableCategory, new StringValue(getStringValueFrom(authorizableCategory)))
             }
+            session.save()
             //Special users may not have passwords, such as anonymous users
             if(hasProperty('rep:password')) {
                 setPasswordForUser(newUser, session)
             }
             return newUser
         }
-        return userManager.createGroup(authorizableID, new AuthorizablePrincipal(authorizableID), getIntermediateAuthorizablePath())
+        final Group group = userManager.createGroup(authorizableID, new AuthorizablePrincipal(authorizableID), getIntermediateAuthorizablePath())
+        session.save()
+        return group
     }
 
 
     /**
-     * From a client API perspective, there is really no way to truely update an existing authorizable node. All of the properties are protected, and there is no
+     * From a client API perspective, there is really no way to truly update an existing authorizable node. All of the properties are protected, and there is no
      * known way to update them. What we do here is essentially remove the existing authorizable as denoted by the authorizableID, and recreate it.
+     * @return new instance of updated authorizable
      */
-    private void updateAuthorizable(final Authorizable authorizable, final Session session) {
+    private Authorizable updateAuthorizable(final Authorizable authorizable, final Session session) {
         authorizable.remove()
         session.save()
         createNewAuthorizable(session)
     }
 
 
+    /**
+     * profile nodes live with authorizables as a way of collecting personal information such as email, and first and last name.
+     * This gets sent with the authorizable node instead of streamed independently because we do not know the client's new
+     * authorizable UUID node name at runtime. In other words, authorizables live under different node names from server to server
+     */
+    private void updateProfile(final Authorizable authorizable, final Session session) {
+        final ProtoNode incomingProfileNode = innerProtoNode.mandatoryChildNodeList.find { it.name.contains('profile') }
+        if(!incomingProfileNode) return
+        createFrom(incomingProfileNode, "${authorizable.getPath()}/profile").writeToJcr(session)
+        session.save()
+    }
+
+
+    /**
+     * @see updateProfile() for a related explanation to this method.
+     */
+    private void updatePreferences(final Authorizable authorizable, final Session session) {
+        final ProtoNode incomingPreferencesNode = innerProtoNode.mandatoryChildNodeList.find { it.name.contains('preferences') }
+        if(!incomingPreferencesNode) return
+        createFrom(incomingPreferencesNode, "${authorizable.getPath()}/preferences").writeToJcr(session)
+        session.save()
+    }
+
+
     private Authorizable findAuthorizable(final Session session) {
         final UserManager userManager = getUserManager(session)
         return userManager.getAuthorizable(getAuthorizableID())
@@ -218,9 +249,9 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
         Method setPasswordMethod = userManagerDelegateClass.getDeclaredMethod('setPassword', Class.forName('org.apache.jackrabbit.oak.api.Tree', true, userManagerDelegateClass.getClassLoader()), String, String, boolean)
         setPasswordMethod.setAccessible(true)
         /**
-         * Step two. We need access to the internal Authorizable object's tree in order to call the internal setPassword method
-         * User is an instance of org.apache.jackrabbit.oak.jcr.delegate.UserDelegator. We need to get the delegate off of this class's super class org.apache.jackrabbit.oak.jcr.delegate.AuthorizableDelegator
-         */
+        * Step two. We need access to the internal Authorizable object's tree in order to call the internal setPassword method
+        * User is an instance of org.apache.jackrabbit.oak.jcr.delegate.UserDelegator. We need to get the delegate off of this class's super class org.apache.jackrabbit.oak.jcr.delegate.AuthorizableDelegator
+        */
         Class authorizableDelegateClass = user.getClass().getSuperclass()
         Field authorizableDelegateField = authorizableDelegateClass.getDeclaredField('delegate')
         authorizableDelegateField.setAccessible(true)
@@ -230,9 +261,19 @@ class AuthorizableProtoNodeDecorator extends ProtoNodeDecorator {
         getTreeMethod.setAccessible(true)
 
         /**
-         * The last argument where we are passing in 'false' in the secret sauce we need. This parameter is forceHash. As long as forceHash is false, and the password is not
-         * clear-text, which it isn't since we got it from another Jackrabbit instance, we can set the password as-is.
-         */
+        * The last argument where we are passing in 'false' in the secret sauce we need. This parameter is forceHash. As long as forceHash is false, and the password is not
+        * clear-text, which it isn't since we got it from another Jackrabbit instance, we can set the password as-is.
+        */
         setPasswordMethod.invoke(userManagerDelegate, getTreeMethod.invoke(authorizable), getAuthorizableID(), getStringValueFrom('rep:password'), false)
+        session.save()
+    }
+
+
+    /**
+     * An instance wrapper for ease of mocking
+     * @see ProtoNodeDecorator.createFrom
+     */
+    ProtoNodeDecorator createFrom(final ProtoNode protoNode, final String nameOverride) {
+        super.createFrom(protoNode, nameOverride)
     }
 }

src/main/groovy/com/twcable/grabbit/jcr/DefaultProtoNodeDecorator.groovy

@@ -32,10 +32,12 @@ import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE
 @Slf4j
 class DefaultProtoNodeDecorator extends ProtoNodeDecorator {
 
+    private final String nameOverride
 
-    protected DefaultProtoNodeDecorator(@Nonnull ProtoNode node, @Nonnull Collection<ProtoPropertyDecorator> protoProperties) {
+    protected DefaultProtoNodeDecorator(@Nonnull ProtoNode node, @Nonnull Collection<ProtoPropertyDecorator> protoProperties, String nameOverride) {
         this.innerProtoNode = node
         this.protoProperties = protoProperties
+        this.nameOverride = nameOverride
     }
 
 
@@ -50,6 +52,12 @@ class DefaultProtoNodeDecorator extends ProtoNodeDecorator {
         //Then add other properties
         writableProperties.each { it.writeToNode(jcrNode) }
 
+        if(innerProtoNode.mandatoryChildNodeList && innerProtoNode.mandatoryChildNodeList.size() > 0) {
+            for(ProtoNode childNode: innerProtoNode.mandatoryChildNodeList) {
+                createFrom(childNode).writeToJcr(session)
+            }
+        }
+
         return new JcrNodeDecorator(jcrNode)
     }
 
@@ -64,14 +72,20 @@ class DefaultProtoNodeDecorator extends ProtoNodeDecorator {
     }
 
 
+    @Override
+    String getName() {
+        nameOverride ?: innerProtoNode.getName()
+    }
+
+
     /**
      * This method is rather succinct, but helps isolate this JcrUtils static method call
      * so that we can get better test coverage.
      * @param session to create or get the node path for
      * @return the newly created, or found node
      */
     JCRNode getOrCreateNode(Session session) {
-        JcrUtils.getOrCreateByPath(innerProtoNode.name, primaryType.getStringValue(), session)
+        JcrUtils.getOrCreateByPath(getName(), primaryType.getStringValue(), session)
     }
 
 

src/main/groovy/com/twcable/grabbit/jcr/JCRNodeDecorator.groovy

@@ -23,6 +23,7 @@ import groovy.util.logging.Slf4j
 import javax.annotation.Nonnull
 import javax.annotation.Nullable
 import javax.jcr.Node as JCRNode
+import javax.jcr.PathNotFoundException
 import javax.jcr.Property as JcrProperty
 import javax.jcr.RepositoryException
 import javax.jcr.nodetype.ItemDefinition
@@ -40,7 +41,7 @@ class JcrNodeDecorator {
     @Delegate
     JCRNode innerNode
 
-    private Collection<JcrPropertyDecorator> properties
+    private final Collection<JcrPropertyDecorator> properties
 
     //Evaluated in a lazy fashion
     private Collection<JcrNodeDecorator> immediateChildNodes
@@ -49,10 +50,9 @@ class JcrNodeDecorator {
     JcrNodeDecorator(@Nonnull JCRNode node) {
         if(!node) throw new IllegalArgumentException("node must not be null!")
         this.innerNode = node
-        String primaryType = node.getProperty(JCR_PRIMARYTYPE).string
         Collection<JcrProperty> innerProperties = node.properties.toList()
         this.properties = innerProperties.collect { JcrProperty property ->
-            new JcrPropertyDecorator(property, primaryType)
+            new JcrPropertyDecorator(property, this)
         }
     }
 
@@ -85,11 +85,19 @@ class JcrNodeDecorator {
 
     /**
     * Identify all required child nodes
-    * @return list of immediate required child nodes that must exist with this node, or null if no children
+    * @return list of immediate required child nodes that must be transported with this node, or null if no required nodes
     */
     @Nullable
     Collection<JcrNodeDecorator> getRequiredChildNodes() {
-        return hasMandatoryChildNodes() ? getImmediateChildNodes().findAll{ JcrNodeDecorator childJcrNode -> childJcrNode.isRequiredNode() } : null
+        Collection<JcrNodeDecorator> requiredNodes
+        if(isAuthorizableType()) {
+            requiredNodes = getImmediateChildNodes().findAll { JcrNodeDecorator childJcrNode -> childJcrNode.isAuthorizablePart()}
+        }
+        else {
+            requiredNodes = hasMandatoryChildNodes() ? getImmediateChildNodes().findAll{ JcrNodeDecorator childJcrNode -> childJcrNode.isRequiredNode() } : null
+        }
+
+        return requiredNodes ?: null
     }
 
 
@@ -154,6 +162,34 @@ class JcrNodeDecorator {
     }
 
 
+    /**
+     * Authorizable nodes are unique on each server, so associated profiles and preferences need to be sent with.
+     * @return true if this node is part of an authorizable node conglomerate
+     */
+    boolean isAuthorizablePart() {
+        final String resourceType
+        try {
+            resourceType = getProperty('sling:resourceType')?.string
+        }
+        catch(PathNotFoundException ex) {
+            return false
+        }
+        final String name = innerNode.getName()
+        return (name == 'preferences' && resourceType == 'cq:Preferences') ||
+                (name == 'profile' && resourceType == 'cq/security/components/profile')
+    }
+
+
+    String getPrimaryType() {
+        innerNode.getProperty(JCR_PRIMARYTYPE).string
+    }
+
+
+    boolean isAuthorizableType() {
+        return primaryType == 'rep:User' || primaryType == 'rep:Group'
+    }
+
+
     Object asType(Class clazz) {
         if(clazz == JCRNode) {
             return innerNode

src/main/groovy/com/twcable/grabbit/jcr/JcrPropertyDecorator.groovy

@@ -37,11 +37,11 @@ class JcrPropertyDecorator {
     @Delegate
     JCRProperty innerProperty
 
-    private final String nodeOwnerPrimaryType
+    private final JcrNodeDecorator nodeOwner
 
-    JcrPropertyDecorator(JCRProperty property, String nodeOwnerPrimaryType) {
+    JcrPropertyDecorator(JCRProperty property, JcrNodeDecorator nodeOwner) {
         this.innerProperty = property
-        this.nodeOwnerPrimaryType = nodeOwnerPrimaryType
+        this.nodeOwner = nodeOwner
     }
 
     /**
@@ -60,7 +60,7 @@ class JcrPropertyDecorator {
             return true
         }
 
-        if(nodeOwnerPrimaryType in ['rep:User', 'rep:Group']) {
+        if(nodeOwner.isAuthorizableType()) {
             return true
         }
         else {

src/main/groovy/com/twcable/grabbit/jcr/ProtoNodeDecorator.groovy

@@ -32,14 +32,14 @@ abstract class ProtoNodeDecorator {
 
     abstract JcrNodeDecorator writeToJcr(@Nonnull Session session)
 
-    static ProtoNodeDecorator createFrom(@Nonnull ProtoNode node) {
+    static ProtoNodeDecorator createFrom(@Nonnull ProtoNode node, String nameOverride = null) {
         if(!node) throw new IllegalArgumentException("node must not be null!")
         final protoProperties = node.propertiesList.collect { new ProtoPropertyDecorator(it) }
         final primaryType = protoProperties.find { it.primaryType }
         if(primaryType.isUserType() || primaryType.isGroupType()) {
             return new AuthorizableProtoNodeDecorator(node, protoProperties)
         }
-        return new DefaultProtoNodeDecorator(node, protoProperties)
+        return new DefaultProtoNodeDecorator(node, protoProperties, nameOverride)
     }
 
     boolean hasProperty(String propertyName) {

src/main/groovy/com/twcable/grabbit/server/batch/steps/jcrnodes/JcrNodesProcessor.groovy

@@ -66,7 +66,7 @@ class JcrNodesProcessor implements ItemProcessor<JcrNode, ProtoNode> {
         }
 
         // Skip this node because it has already been processed by its parent
-        if(decoratedNode.isRequiredNode()) {
+        if(decoratedNode.isRequiredNode() || decoratedNode.isAuthorizablePart()) {
             return null
         } else {
             // Build parent node