diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index 0c6f276605..57bf16fda8 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -1702,8 +1702,6 @@
-
-
diff --git a/source/java/org/alfresco/repo/web/scripts/quickshare/UnshareContentDelete.java b/source/java/org/alfresco/repo/web/scripts/quickshare/UnshareContentDelete.java
index 6a1daf47fd..d33a411943 100644
--- a/source/java/org/alfresco/repo/web/scripts/quickshare/UnshareContentDelete.java
+++ b/source/java/org/alfresco/repo/web/scripts/quickshare/UnshareContentDelete.java
@@ -30,14 +30,11 @@ import java.util.Map;
import javax.servlet.http.HttpServletResponse;
-import org.alfresco.model.ContentModel;
import org.alfresco.model.QuickShareModel;
-import org.alfresco.repo.site.SiteModel;
+import org.alfresco.service.cmr.quickshare.InvalidSharedIdException;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.cmr.security.AuthenticationService;
-import org.alfresco.service.cmr.site.SiteService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Cache;
@@ -59,23 +56,14 @@ import org.springframework.extensions.webscripts.WebScriptRequest;
public class UnshareContentDelete extends AbstractQuickShareContent
{
private static final Log logger = LogFactory.getLog(ShareContentPost.class);
-
+
private NodeService nodeService;
- private SiteService siteService;
- private AuthenticationService authenticationService;
-
- public void setNodeService(NodeService nodeService) {
+
+ public void setNodeService(NodeService nodeService)
+ {
this.nodeService = nodeService;
}
- public void setSiteService(SiteService siteService) {
- this.siteService = siteService;
- }
-
- public void setAuthenticationService(AuthenticationService authenticationService) {
- this.authenticationService = authenticationService;
- }
-
@Override
protected Map executeImpl(WebScriptRequest req, Status status, Cache cache)
{
@@ -83,7 +71,7 @@ public class UnshareContentDelete extends AbstractQuickShareContent
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
}
-
+
// create map of params (template vars)
Map params = req.getServiceMatch().getTemplateVars();
final String sharedId = params.get("shared_id");
@@ -91,53 +79,31 @@ public class UnshareContentDelete extends AbstractQuickShareContent
{
throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
}
-
- NodeRef nodeRef = quickShareService.getTenantNodeRefFromSharedId(sharedId).getSecond();
- String currentUser = authenticationService.getCurrentUserName();
-
- String siteName = getSiteName(nodeRef);
- String sharedBy = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDBY);
- if (!currentUser.equals(sharedBy) && siteName != null)
- {
- String role = siteService.getMembersRole(siteName, currentUser);
- if (role.equals(SiteModel.SITE_CONSUMER) || role.equals(SiteModel.SITE_CONTRIBUTOR))
- {
- throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Can't perform unshare action: "+sharedId);
- }
- }
-
+
try
{
+ NodeRef nodeRef = quickShareService.getTenantNodeRefFromSharedId(sharedId).getSecond();
+
+ String sharedBy = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDBY);
+ if (!quickShareService.canDeleteSharedLink(nodeRef, sharedBy))
+ {
+ throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Can't perform unshare action: " + sharedId);
+ }
quickShareService.unshareContent(sharedId);
-
- Map model = new HashMap(1);
+
+ Map model = new HashMap<>(1);
model.put("success", Boolean.TRUE);
return model;
}
+ catch (InvalidSharedIdException ex)
+ {
+ logger.error("Unable to find: " + sharedId);
+ throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: " + sharedId);
+ }
catch (InvalidNodeRefException inre)
{
- logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
- throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
+ logger.error("Unable to find: " + sharedId + " [" + inre.getNodeRef() + "]");
+ throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: " + sharedId);
}
}
-
- private String getSiteName(NodeRef nodeRef)
- {
- NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
- while (parent != null && !nodeService.getType(parent).equals(SiteModel.TYPE_SITE))
- {
- String parentName = (String) nodeService.getProperty(parent, ContentModel.PROP_NAME);
- if (nodeService.getPrimaryParent(nodeRef) != null)
- {
- parent = nodeService.getPrimaryParent(parent).getParentRef();
- }
- }
-
- if (parent == null)
- {
- return null;
- }
-
- return nodeService.getProperty(parent, ContentModel.PROP_NAME).toString();
- }
}
\ No newline at end of file
diff --git a/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java b/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
index 7e48370007..fd0162a1a8 100644
--- a/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
+++ b/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
@@ -42,6 +42,7 @@ import org.alfresco.repo.content.transform.magick.ImageTransformationOptions;
import org.alfresco.repo.model.Repository;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
@@ -151,7 +152,8 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
AuthenticationUtil.setFullyAuthenticatedUser(USER_TWO);
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.READ));
-
+
+ AuthenticationUtil.clearCurrentSecurityContext();
}
@Override
@@ -177,20 +179,32 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
deleteUser(USER_ONE);
deleteUser(USER_TWO);
+
+ AuthenticationUtil.clearCurrentSecurityContext();
}
private void checkTransformer()
{
- ContentTransformer transformer = this.contentService.getImageTransformer();
- assertNotNull("No transformer returned for 'getImageTransformer'", transformer);
-
- // Check that it is working
- ImageTransformationOptions imageTransformationOptions = new ImageTransformationOptions();
- if (!transformer.isTransformable(MimetypeMap.MIMETYPE_IMAGE_JPEG, -1, MimetypeMap.MIMETYPE_IMAGE_PNG,
- imageTransformationOptions))
+ AuthenticationUtil.runAs(new RunAsWork()
{
- fail("Image transformer is not working. Please check your image conversion command setup.");
- }
+ @Override
+ public Void doWork() throws Exception
+ {
+ ContentTransformer transformer = contentService.getImageTransformer();
+
+ assertNotNull("No transformer returned for 'getImageTransformer'", transformer);
+
+ // Check that it is working
+ ImageTransformationOptions imageTransformationOptions = new ImageTransformationOptions();
+ if (!transformer.isTransformable(MimetypeMap.MIMETYPE_IMAGE_JPEG, -1, MimetypeMap.MIMETYPE_IMAGE_PNG, imageTransformationOptions))
+
+ {
+ fail("Image transformer is not working. Please check your image conversion command setup.");
+ }
+
+ return null;
+ }
+ }, AuthenticationUtil.getAdminUserName());
}
private void checkBytes(byte[] content1, byte[] content2)