inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added code so that 'start invite' throws Web Script Exception (http Status 'forbidden') when inviter tries to invite someone to a site that he/she is not the Site Manager of (and added supporting code to Invite Service Unit Tests)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10841 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Glen Johnson
2008-09-07 16:48:42 +00:00
parent 01a5a7edf4
commit 07f84b3914
2 changed files with 91 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
source/java/org/alfresco/repo/web/scripts/invite/Invite.java
View File

@@ -34,6 +34,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao; import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.security.authentication.PasswordGenerator; import org.alfresco.repo.security.authentication.PasswordGenerator;
import org.alfresco.repo.security.authentication.UserNameGenerator; import org.alfresco.repo.security.authentication.UserNameGenerator;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.site.SiteService; import org.alfresco.repo.site.SiteService;
import org.alfresco.repo.workflow.WorkflowModel; import org.alfresco.repo.workflow.WorkflowModel;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
@@ -495,6 +496,16 @@ public class Invite extends DeclarativeWebScript
// - odd reason // - odd reason
String inviterUserName = this.authenticationService.getCurrentUserName(); String inviterUserName = this.authenticationService.getCurrentUserName();
// if inviter is not the site manager then throw web script exception
String inviterRole = this.siteService.getMembersRole(siteShortName, inviterUserName);
if ((inviterRole == null) || (inviterRole.equals(SiteModel.SITE_MANAGER) == false))
{
throw new WebScriptException(Status.STATUS_FORBIDDEN,
"Cannot proceed with invitation. Inviter with user name : '" + inviterUserName
+ "' is not the Site Manager of site: '" + siteShortName + "'. Inviter's role on that site is: '"
+ inviterRole + "'");
}
// //
// if a person already exists who has the given invitee email address // if a person already exists who has the given invitee email address
// //

133
source/java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java
View File

@@ -80,16 +80,18 @@ public class InviteServiceTest extends BaseWebScriptTest
private static final String WF_DEFINITION_INVITE = "jbpm$wf:invite"; private static final String WF_DEFINITION_INVITE = "jbpm$wf:invite";
private static final String USER_ADMIN = "admin";
private static final String USER_INVITER = "InviterUser"; private static final String USER_INVITER = "InviterUser";
private static final String USER_INVITER_2 = "InviterUser2";
private static final String INVITEE_FIRSTNAME = "InviteeFirstName"; private static final String INVITEE_FIRSTNAME = "InviteeFirstName";
private static final String INVITEE_LASTNAME = "InviteeLastName"; private static final String INVITEE_LASTNAME = "InviteeLastName";
private static final String INVITER_EMAIL = "FirstName123.LastName123@email.com"; private static final String INVITER_EMAIL = "FirstName123.LastName123@email.com";
private static final String INVITER_EMAIL_2 = "FirstNameabc.LastNameabc@email.com";
private static final String INVITEE_EMAIL_DOMAIN = "alfrescotesting.com"; private static final String INVITEE_EMAIL_DOMAIN = "alfrescotesting.com";
private static final String INVITEE_EMAIL_PREFIX = "invitee"; private static final String INVITEE_EMAIL_PREFIX = "invitee";
private static final String INVITEE_SITE_ROLE = SiteModel.SITE_COLLABORATOR; private static final String INVITEE_SITE_ROLE = SiteModel.SITE_COLLABORATOR;
private static final String SITE_SHORT_NAME_INVITE_1 = "BananaMilkshakeSite"; private static final String SITE_SHORT_NAME_INVITE_1 = "SiteOneInviteTest";
private static final String SITE_SHORT_NAME_INVITE_2 = "DoubleScoopSite"; private static final String SITE_SHORT_NAME_INVITE_2 = "SiteTwoInviteTest";
private static final String SITE_SHORT_NAME_INVITE_3 = "SiteThreeInviteTest";
private static final String URL_INVITE = "/api/invite"; private static final String URL_INVITE = "/api/invite";
private static final String URL_INVITES = "/api/invites"; private static final String URL_INVITES = "/api/invites";
@@ -103,65 +105,80 @@ public class InviteServiceTest extends BaseWebScriptTest
super.setUp(); super.setUp();
// get references to services // get references to services
this.authorityService = (AuthorityService) getServer() this.authorityService = (AuthorityService) getServer().getApplicationContext().getBean("AuthorityService");
.getApplicationContext().getBean("AuthorityService"); this.authenticationService = (AuthenticationService) getServer().getApplicationContext()
this.authenticationService = (AuthenticationService) getServer() .getBean("AuthenticationService");
.getApplicationContext().getBean("AuthenticationService"); this.authenticationComponent = (AuthenticationComponent) getServer().getApplicationContext()
this.authenticationComponent = (AuthenticationComponent) getServer() .getBean("AuthenticationComponent");
.getApplicationContext().getBean("AuthenticationComponent"); this.personService = (PersonService) getServer().getApplicationContext().getBean("PersonService");
this.personService = (PersonService) getServer() this.siteService = (SiteService) getServer().getApplicationContext().getBean("SiteService");
.getApplicationContext().getBean("PersonService"); this.nodeService = (NodeService) getServer().getApplicationContext().getBean("NodeService");
this.siteService = (SiteService) getServer().getApplicationContext() this.workflowService = (WorkflowService) getServer().getApplicationContext().getBean("WorkflowService");
.getBean("siteService"); this.mutableAuthenticationDao = (MutableAuthenticationDao) getServer().getApplicationContext()
this.nodeService = (NodeService) getServer().getApplicationContext() .getBean("authenticationDao");
.getBean("NodeService");
this.workflowService = (WorkflowService) getServer()
.getApplicationContext().getBean("WorkflowService");
this.mutableAuthenticationDao = (MutableAuthenticationDao) getServer()
.getApplicationContext().getBean("authenticationDao");
// Create new invitee email address list // Create new invitee email address list
this.inviteeEmailAddrs = new ArrayList<String>(); this.inviteeEmailAddrs = new ArrayList<String>();
// //
// various setup operations which need to be run as 'admin' // various setup operations which need to be run as system user
// //
RunAsWork<Object> runAsWork = new RunAsWork<Object>() AuthenticationUtil.runAs(new RunAsWork<Object>()
{ {
public Object doWork() throws Exception public Object doWork() throws Exception
{ {
// Create inviter // Create inviter person
createPerson(USER_INVITER, INVITER_EMAIL); createPerson(USER_INVITER, INVITER_EMAIL);
// Create sites for Inviter to invite Invitee to // Create inviter2 person
SiteInfo siteInfo1 = InviteServiceTest.this.siteService createPerson(USER_INVITER_2, INVITER_EMAIL_2);
.getSite(SITE_SHORT_NAME_INVITE_1);
if (siteInfo1 == null)
{
InviteServiceTest.this.siteService.createSite(
"InviteSitePreset", SITE_SHORT_NAME_INVITE_1,
"InviteSiteTitle", "InviteSiteDescription", true);
InviteServiceTest.this.siteService.setMembership( return null;
SITE_SHORT_NAME_INVITE_1, USER_INVITER, SiteModel.SITE_MANAGER); }
}, AuthenticationUtil.getSystemUserName());
//
// various setup operations which need to be run as inviter user
//
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Create first site for Inviter to invite Invitee to
SiteInfo siteInfo = siteService.getSite(SITE_SHORT_NAME_INVITE_1);
if (siteInfo == null)
{
siteService.createSite("InviteSitePreset", SITE_SHORT_NAME_INVITE_1,
"InviteSiteTitle", "InviteSiteDescription", true);
} }
SiteInfo siteInfo2 = InviteServiceTest.this.siteService // Create second site for inviter to invite invitee to
.getSite(SITE_SHORT_NAME_INVITE_2); siteInfo = siteService.getSite(SITE_SHORT_NAME_INVITE_2);
if (siteInfo2 == null) if (siteInfo == null)
{ {
InviteServiceTest.this.siteService.createSite( siteService.createSite("InviteSitePreset", SITE_SHORT_NAME_INVITE_2,
"InviteSitePreset", SITE_SHORT_NAME_INVITE_2,
"InviteSiteTitle", "InviteSiteDescription", true); "InviteSiteTitle", "InviteSiteDescription", true);
}
InviteServiceTest.this.siteService.setMembership( // Create third site for inviter to invite invitee to
SITE_SHORT_NAME_INVITE_2, USER_INVITER, SiteModel.SITE_MANAGER); siteInfo = InviteServiceTest.this.siteService.getSite(SITE_SHORT_NAME_INVITE_3);
if (siteInfo == null)
{
siteService.createSite(
"InviteSitePreset", SITE_SHORT_NAME_INVITE_3,
"InviteSiteTitle", "InviteSiteDescription", true);
}
// set inviter2's role on third site to collaborator
String inviterSiteRole = siteService.getMembersRole(SITE_SHORT_NAME_INVITE_3, USER_INVITER_2);
if ((inviterSiteRole == null) || (inviterSiteRole.equals(SiteModel.SITE_COLLABORATOR) == false))
{
siteService.setMembership(SITE_SHORT_NAME_INVITE_3, USER_INVITER_2, SiteModel.SITE_COLLABORATOR);
} }
return null; return null;
} }
}; }, USER_INVITER);
AuthenticationUtil.runAs(runAsWork, USER_ADMIN);
// Do tests as inviter user // Do tests as inviter user
this.authenticationComponent.setCurrentUser(USER_INVITER); this.authenticationComponent.setCurrentUser(USER_INVITER);
@@ -210,7 +227,7 @@ public class InviteServiceTest extends BaseWebScriptTest
return null; return null;
} }
}; };
AuthenticationUtil.runAs(runAsWork, USER_ADMIN); AuthenticationUtil.runAs(runAsWork, AuthenticationUtil.getSystemUserName());
// cancel all active invite workflows // cancel all active invite workflows
WorkflowDefinition wfDef = InviteServiceTest.this.workflowService WorkflowDefinition wfDef = InviteServiceTest.this.workflowService
@@ -422,22 +439,30 @@ public class InviteServiceTest extends BaseWebScriptTest
final String inviteeEmailAddr = INVITEE_EMAIL_PREFIX + randomStr final String inviteeEmailAddr = INVITEE_EMAIL_PREFIX + randomStr
+ "@" + INVITEE_EMAIL_DOMAIN; + "@" + INVITEE_EMAIL_DOMAIN;
// create person with invitee user name and invitee email address
AuthenticationUtil.runAs(new RunAsWork<Object>() AuthenticationUtil.runAs(new RunAsWork<Object>()
{ {
public Object doWork() throws Exception public Object doWork() throws Exception
{ {
// create person with invitee user name and invitee email address
createPerson(inviteeUserName, inviteeEmailAddr); createPerson(inviteeUserName, inviteeEmailAddr);
// add invitee person to site: SITE_SHORT_NAME_INVITE
InviteServiceTest.this.siteService.setMembership(
SITE_SHORT_NAME_INVITE_1, inviteeUserName,
INVITEE_SITE_ROLE);
return null; return null;
} }
}, USER_ADMIN); }, AuthenticationUtil.getSystemUserName());
// add invitee person to site: SITE_SHORT_NAME_INVITE
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
public Object doWork() throws Exception
{
InviteServiceTest.this.siteService.setMembership(
SITE_SHORT_NAME_INVITE_1, inviteeUserName,
INVITEE_SITE_ROLE);
return null;
}
}, USER_INVITER);
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmailAddr, INVITEE_SITE_ROLE, JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmailAddr, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CONFLICT); SITE_SHORT_NAME_INVITE_1, Status.STATUS_CONFLICT);
@@ -631,4 +656,12 @@ public class InviteServiceTest extends BaseWebScriptTest
assertEquals(siteShortName, inviteJSONObj.getJSONObject("site").get("shortName")); assertEquals(siteShortName, inviteJSONObj.getJSONObject("site").get("shortName"));
} }
public void testInviteForbiddenWhenInviterNotSiteManager() throws Exception
{
// inviter2 starts invite workflow, but he/she is not the site manager of the given site
AuthenticationUtil.setCurrentUser(USER_INVITER_2);
startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
}
} }