Acl comparator updated to ignore domainFormat

src/com/google/enterprise/adaptor/Acl.java

@@ -100,6 +100,7 @@ private <P extends Principal> Set<P> cmpWrap(Set<P> unwrapped) {
   private static class CaseInsensitiveCmp<P extends Principal>
       implements Comparator<P> {
     /** Does not differentiate between UserPrincipal and GroupPrincipal */
+    @Override
     public int compare(P p1, P p2) {
       String ns1 = p1.getNamespace().toLowerCase(CASE_LOCALE);
       String ns2 = p2.getNamespace().toLowerCase(CASE_LOCALE);
@@ -108,12 +109,21 @@ public int compare(P p1, P p2) {
         return nscmp;
       }
       // OK, same namespace
-
-      String n1 = p1.getName().toLowerCase(CASE_LOCALE);
-      String n2 = p2.getName().toLowerCase(CASE_LOCALE);
+
+      String d1 = p1.parse().domain.toLowerCase(CASE_LOCALE);
+      String d2 = p2.parse().domain.toLowerCase(CASE_LOCALE);
+      int dcmp = d1.compareTo(d2);
+      if (0 != dcmp) {
+        return dcmp;
+      }
+      // OK, same domain
+
+      String n1 = p1.parse().plainName.toLowerCase(CASE_LOCALE);
+      String n2 = p2.parse().plainName.toLowerCase(CASE_LOCALE);
       return n1.compareTo(n2);
     }
 
+    @Override
     public boolean equals(Object o) {
       return o instanceof CaseInsensitiveCmp;
     }
@@ -251,6 +261,7 @@ public AuthzStatus isAuthorizedLocal(AuthnIdentity userIdentity) {
     commonGroups.clear();
     commonGroups.addAll(permitGroups);
     commonGroups.retainAll(userGroups);
+
     if (permitUsers.contains(userIdentifier) || !commonGroups.isEmpty()) {
       return AuthzStatus.PERMIT;
     }
@@ -770,7 +781,7 @@ public Builder setInheritFrom(DocId inheritFrom) {
     }
 
     /**
-     * Set the parent to inherit ACLs from. 
+     * Set the parent to inherit ACLs from.
      * Note that the parent's {@code InheritanceType}
      * determines how to combine results with this ACL.
      * <p>

src/com/google/enterprise/adaptor/Principal.java

@@ -96,19 +96,13 @@ public int compareTo(Principal other) {
     }
     // OK, same namespace and same type
 
-    // We need to compare domain name and plainName separately
-    // for users.
-    if (isUser()) {
-      int domainCmp = parse().domain.compareTo(other.parse().domain);
-      if (0 != domainCmp) {
-        return domainCmp;
-      }
-      // OK, same domain
-
-      return parse().plainName.compareTo(other.parse().plainName);
+    int domainCmp = parse().domain.compareTo(other.parse().domain);
+    if (0 != domainCmp) {
+      return domainCmp;
     }
+    // OK, same domain
 
-    return name.compareTo(other.name);
+    return parse().plainName.compareTo(other.parse().plainName);
   }
 
   ParsedPrincipal parse() {

test/com/google/enterprise/adaptor/AclTest.java

@@ -21,6 +21,7 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.Sets;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -136,9 +137,9 @@ public void testAccessors() {
     final Acl.InheritanceType goldenInheritType
         = Acl.InheritanceType.CHILD_OVERRIDES;
 
-    Set<GroupPrincipal> denyGroups 
+    Set<GroupPrincipal> denyGroups
         = new HashSet<GroupPrincipal>(goldenDenyGroups);
-    Set<GroupPrincipal> permitGroups 
+    Set<GroupPrincipal> permitGroups
         = new HashSet<GroupPrincipal>(goldenPermitGroups);
     Set<UserPrincipal> denyUsers
         = new HashSet<UserPrincipal>(goldenDenyUsers);
@@ -339,11 +340,11 @@ public void testEquals() {
     builder.setPermitUsers(U("testing"));
     builder.setDenyUsers(U("testing"));
     Acl withCase = builder.build();
-    Acl noCase = builder.setEverythingCaseInsensitive().build(); 
+    Acl noCase = builder.setEverythingCaseInsensitive().build();
     Acl caseAgain = builder.setEverythingCaseSensitive().build();
     builder.setEverythingCaseInsensitive();
-    Acl noCase2 = builder.setPermitUsers(U("TeSTiNg")).build(); 
-    Acl noCase3 = builder.setPermitUsers(U("tEstInG")).build(); 
+    Acl noCase2 = builder.setPermitUsers(U("TeSTiNg")).build();
+    Acl noCase3 = builder.setPermitUsers(U("tEstInG")).build();
     assertEquals(withCase, caseAgain);
     assertEquals(noCase2, noCase);
     assertEquals(noCase2, noCase3);
@@ -1105,6 +1106,114 @@ public void testCaseInsensitiveUsage() {
         createIdentity("unknownUser")));
   }
 
+  @Test
+  public void testDomainFormatUserCaseInsensitive() {
+    Acl acl = new Acl.Builder()
+        .setPermitUsers(U("PermiTUser@Domain", "BotHUser"))
+        .setDenyUsers(U("DenYUser@Domain", "BotHUser"))
+        .setEverythingCaseInsensitive()
+        .build();
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("domain\\permituser")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("domain/permituser")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("denyuser@domain")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("domain\\denyuser")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("domain/denyuser")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@nb-domain")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("nb-domain\\permituser")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("nb-domain/permituser")));
+  }
+
+  @Test
+  public void testDomainFormatGroupCaseInsensitive() {
+    Acl acl = new Acl.Builder()
+        .setPermitGroups(G("PermiTGroup@Domain"))
+        .setDenyGroups(G("DenYGroup@Domain"))
+        .setEverythingCaseInsensitive()
+        .build();
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "permitgroup@domain")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain\\permitgroup")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain/permitgroup")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "denygroup@domain")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain\\denygroup")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain/denygroup")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "permitgroup@nb-domain")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "nb-domain\\permitgroup")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "nb-domain/permitgroup")));
+  }
+
+  @Test
+  public void testDomainFormatUserCaseSensitive() {
+    Acl acl = new Acl.Builder()
+        .setPermitUsers(U("PermiTUser@Domain", "BotHUser"))
+        .setDenyUsers(U("DenYUser@Domain", "BotHUser"))
+        .setEverythingCaseSensitive()
+        .build();
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("PermiTUser@Domain")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("Domain\\PermiTUser")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("Domain/PermiTUser")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("DenYUser@Domain")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("Domain\\DenYUser")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("Domain/DenYUser")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("domain\\permituser")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("domain/permituser")));
+  }
+
+  @Test
+  public void testDomainFormatGroupCaseSensitive() {
+    Acl acl = new Acl.Builder()
+        .setPermitGroups(G("PermiTGroup@Domain"))
+        .setDenyGroups(G("DenYGroup@Domain"))
+        .setEverythingCaseSensitive()
+        .build();
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "PermiTGroup@Domain")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "Domain\\PermiTGroup")));
+    assertEquals(AuthzStatus.PERMIT, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "Domain/PermiTGroup")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "DenYGroup@Domain")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "Domain\\DenYGroup")));
+    assertEquals(AuthzStatus.DENY, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "Domain/DenYGroup")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "permitgroup@domain")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain\\permitgroup")));
+    assertEquals(AuthzStatus.INDETERMINATE, acl.isAuthorizedLocal(
+        createIdentity("permituser@domain", "domain/permitgroup")));
+  }
+
   private AuthnIdentity createIdentity(String username, String... groups) {
     return createIdentity(username, Arrays.asList(groups));
   }