From 0161f18ec603c9812d2a78e1289025e72b181fa8 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Sun, 15 Mar 2015 23:48:58 +0000 Subject: [PATCH] RM-2058: RM Manager can't access Users and Groups (after upgarde) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.2@99471 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../security/rm-default-roles-bootstrap.json | 7 +- .../patch/v22/RMv22CapabilityPatch.java | 8 +- .../patch/v22/RMv22HoldCapabilityPatch.java | 2 +- .../v22/RMv22CapabilityPatchUnitTest.java | 124 ++++++++++++++++++ .../test/AllUnitTestSuite.java | 4 +- 5 files changed, 139 insertions(+), 6 deletions(-) create mode 100644 rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatchUnitTest.java diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json index 486c1fd0ba..faaeb7c1a2 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json @@ -73,7 +73,8 @@ "RequestRecordInformation", "FileUnfiledRecords", "RejectRecords", - "LinkToRecords" + "LinkToRecords", + "ManageAccessControls" ] }, { @@ -124,7 +125,6 @@ "DeleteRecords", "TriggerAnEvent", "CreateModifyDestroyRoles", - "CreateModifyDestroyUsersAndGroups", "PasswordControl", "EnableDisableAuditByTypes", "SelectAuditMetadata", @@ -143,7 +143,8 @@ "RemoveFromHold", "FileHoldReport", "DeleteHold", - "EditHold" + "EditHold", + "ManageAccessControls" ] }, { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatch.java index 824a06098e..1226edf1ee 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatch.java @@ -35,7 +35,7 @@ public class RMv22CapabilityPatch extends CapabilityPatch */ protected void applyCapabilityPatch(NodeRef filePlan) { - // add new capability + // add new capbilities addCapability(filePlan, "FileDestructionReport", FilePlanRoleService.ROLE_ADMIN, @@ -52,5 +52,11 @@ public class RMv22CapabilityPatch extends CapabilityPatch "RemoveFromHold", FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.ROLE_RECORDS_MANAGER); + + // @see https://issues.alfresco.com/jira/browse/RM-2058 + addCapability(filePlan, + "ManageAccessControls", + FilePlanRoleService.ROLE_SECURITY_OFFICER, + FilePlanRoleService.ROLE_RECORDS_MANAGER); } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22HoldCapabilityPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22HoldCapabilityPatch.java index c0582e0f26..a3967cc1c5 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22HoldCapabilityPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22HoldCapabilityPatch.java @@ -23,7 +23,7 @@ import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.service.cmr.repository.NodeRef; /** - * RM v2.2 patch to add new hold releated capabilities. + * RM v2.2 patch to update capabilities. * * @author Roy Wetherall * @since 2.2 diff --git a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatchUnitTest.java b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatchUnitTest.java new file mode 100644 index 0000000000..aa080f0977 --- /dev/null +++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22CapabilityPatchUnitTest.java @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2005-2014 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.patch.v22; + +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import java.util.Collections; + +import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest; +import org.alfresco.service.cmr.security.AuthorityType; +import org.junit.Test; +import org.mockito.InjectMocks; + +/** + * Unit test for RMv22CapabilityPatch + * + * @author Roy Wetherall + */ +public class RMv22CapabilityPatchUnitTest extends BaseUnitTest +{ + /** patch */ + private @InjectMocks RMv22CapabilityPatch patch; + + /** + * Given that I am upgrading an existing repository to v2.2 + * When I execute the patch + * Then the capabilities are updated + */ + @Test + public void executePatch() + { + when(mockedFilePlanService.getFilePlans()) + .thenReturn(Collections.singleton(filePlan)); + when(mockedAuthorityService.getName(eq(AuthorityType.GROUP), anyString())) + .thenReturn( + FilePlanRoleService.ROLE_ADMIN, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + FilePlanRoleService.ROLE_ADMIN, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + FilePlanRoleService.ROLE_ADMIN, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + FilePlanRoleService.ROLE_ADMIN, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + FilePlanRoleService.ROLE_SECURITY_OFFICER, + FilePlanRoleService.ROLE_RECORDS_MANAGER); + + // execute patch + patch.applyInternal(); + + // verify that the correct capabilities have been added + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_ADMIN, + "FileDestructionReport", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + "FileDestructionReport", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_ADMIN, + "CreateHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + "CreateHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_ADMIN, + "AddToHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + "AddToHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_ADMIN, + "RemoveFromHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + "RemoveFromHold", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_RECORDS_MANAGER, + "ManageAccessControls", + true); + verify(mockedPermissionService, times(1)).setPermission( + filePlan, + FilePlanRoleService.ROLE_SECURITY_OFFICER, + "ManageAccessControls", + true); + } + +} diff --git a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java index c034f95cdb..de7b7120b9 100644 --- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java +++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java @@ -26,6 +26,7 @@ import org.alfresco.module.org_alfresco_module_rm.job.DispositionLifecycleJobExe import org.alfresco.module.org_alfresco_module_rm.jscript.app.evaluator.FrozenEvaluatorUnitTest; import org.alfresco.module.org_alfresco_module_rm.jscript.app.evaluator.TransferEvaluatorUnitTest; import org.alfresco.module.org_alfresco_module_rm.model.compatibility.DictionaryBootstrapPostProcessorUnitTest; +import org.alfresco.module.org_alfresco_module_rm.patch.v22.RMv22CapabilityPatchUnitTest; import org.alfresco.module.org_alfresco_module_rm.patch.v22.RMv22RemoveInPlaceRolesFromAllPatchUnitTest; import org.alfresco.module.org_alfresco_module_rm.record.RecordMetadataBootstrapUnitTest; import org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImplUnitTest; @@ -75,7 +76,8 @@ import org.junit.runners.Suite.SuiteClasses; FileReportActionUnitTest.class, // patches - RMv22RemoveInPlaceRolesFromAllPatchUnitTest.class + RMv22RemoveInPlaceRolesFromAllPatchUnitTest.class, + RMv22CapabilityPatchUnitTest.class }) public class AllUnitTestSuite {