1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" encoding="UTF-8" indent="yes" omit-xml-declaration="yes"/>
<xsl:param name="cib-min-ver" select="'2.0'"/>
<xsl:template match="cib">
<xsl:copy>
<xsl:apply-templates select="@*"/>
<xsl:attribute name="validate-with">
<xsl:value-of select="concat('pacemaker-', $cib-min-ver)"/>
</xsl:attribute>
<xsl:apply-templates select="node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="role_ref">
<xsl:element name="role">
<xsl:apply-templates select="@*|node()"/>
</xsl:element>
</xsl:template>
<xsl:template match="read|write|deny">
<xsl:element name="acl_permission">
<xsl:copy-of select="@id"/>
<xsl:attribute name="kind"><xsl:value-of select="name()"/></xsl:attribute>
<!-- previously, one could have a single element "matched" multiple times,
each time using a different attribute (or no attribute at all), which
would result, after the generalization (stripping @attribute) in
multiple possibly conflicting ACL behaviours for given element(s);
we could take this into account by, at the very least, preferring
the behavior at attribute-less specification, if any -->
<xsl:choose>
<xsl:when test="@ref">
<xsl:attribute name="reference"><xsl:value-of select="@ref"/></xsl:attribute>
<xsl:if test="@attribute">
<!-- alternatively, rephrase (generalized a bit) turning it to @xpath -->
<xsl:message>ACLs: @attribute cannot accompany @ref for upgrade-1.3.xsl purposes, ignoring</xsl:message>
</xsl:if>
</xsl:when>
<xsl:when test="@tag">
<xsl:attribute name="object-type"><xsl:value-of select="@tag"/></xsl:attribute>
<xsl:if test="@attribute">
<xsl:message>ACLs: @attribute (with @tag) handling generalized a bit for upgrade-1.3.xsl purposes</xsl:message>
<xsl:copy-of select="@attribute"/>
</xsl:if>
</xsl:when>
<xsl:otherwise>
<!-- must have been xpath per the schema, then -->
<xsl:choose>
<xsl:when test="@attribute">
<xsl:message>ACLs: @attribute (with @xpath) handling generalized a bit for upgrade-1.3.xsl purposes</xsl:message>
<xsl:attribute name="xpath">
<xsl:value-of select="concat(@xpath,'[@', @attribute, ']')"/>
</xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:copy-of select="@xpath"/>
</xsl:otherwise>
</xsl:choose>
</xsl:otherwise>
</xsl:choose>
</xsl:element>
</xsl:template>
<xsl:template match="acl_user[role_ref]">
<!-- schema disallows role_ref's AND deny/read/write -->
<xsl:element name="acl_target">
<xsl:apply-templates select="@*|node()"/>
</xsl:element>
</xsl:template>
<xsl:template match="acl_user[not(role_ref)]">
<xsl:element name="acl_target">
<xsl:apply-templates select="@*"/>
<xsl:if test="count(deny|read|write)" >
<xsl:element name="role">
<xsl:attribute name="id">
<xsl:value-of select="concat('auto-', @id)"/>
</xsl:attribute>
</xsl:element>
</xsl:if>
</xsl:element>
<xsl:if test="count(deny|read|write)" >
<xsl:element name="acl_role">
<xsl:attribute name="id">
<xsl:value-of select="concat('auto-', @id)"/>
</xsl:attribute>
<xsl:apply-templates select="*"/>
</xsl:element>
</xsl:if>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>
|