diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
index 29eca51615..d42f1b3bda 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -1585,8 +1585,8 @@
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.existsRelationshipDefinition=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.getRelationshipsFrom=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.getRelationshipsTo=RM_ALLOW
- org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.addRelationship=RM_ALLOW
- org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.removeRelationship=RM_ALLOW
+ org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.addRelationship=RM_CAP.1.rma:filePlanComponent.ChangeOrDeleteReferences,RM_CAP.2.rma:filePlanComponent.ChangeOrDeleteReferences
+ org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.removeRelationship=RM_CAP.1.rma:filePlanComponent.ChangeOrDeleteReferences,RM_CAP.2.rma:filePlanComponent.ChangeOrDeleteReferences
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.*=RM_DENY
]]>
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java
index 07fb58b887..f050fc1ab9 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java
@@ -30,16 +30,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
*/
public class ChangeOrDeleteReferencesCapability extends DeclarativeCapability
{
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluateImpl(org.alfresco.service.cmr.repository.NodeRef)
- */
- @Override
- protected int evaluateImpl(NodeRef nodeRef)
- {
- // Can't be sure, because we don't have information about the target so we still abstain
- return AccessDecisionVoter.ACCESS_ABSTAIN;
- }
-
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/relationship/RelationshipServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/relationship/RelationshipServiceImpl.java
index 1d3efc1e16..92b4fa7be4 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/relationship/RelationshipServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/relationship/RelationshipServiceImpl.java
@@ -629,9 +629,12 @@ public class RelationshipServiceImpl extends RecordsManagementAdminBase implemen
for (AssociationRef associationRef : associationRefs)
{
String uniqueName = associationRef.getTypeQName().getLocalName();
- NodeRef from = associationRef.getSourceRef();
- NodeRef to = associationRef.getTargetRef();
- relationships.add(new RelationshipImpl(uniqueName, from, to));
+ if (existsRelationshipDefinition(uniqueName))
+ {
+ NodeRef from = associationRef.getSourceRef();
+ NodeRef to = associationRef.getTargetRef();
+ relationships.add(new RelationshipImpl(uniqueName, from, to));
+ }
}
return relationships;
@@ -650,9 +653,12 @@ public class RelationshipServiceImpl extends RecordsManagementAdminBase implemen
for (ChildAssociationRef childAssociationRef : childAssociationRefs)
{
String uniqueName = childAssociationRef.getQName().getLocalName();
- NodeRef from = childAssociationRef.getParentRef();
- NodeRef to = childAssociationRef.getChildRef();
- relationships.add(new RelationshipImpl(uniqueName, from, to));
+ if (existsRelationshipDefinition(uniqueName))
+ {
+ NodeRef from = childAssociationRef.getParentRef();
+ NodeRef to = childAssociationRef.getChildRef();
+ relationships.add(new RelationshipImpl(uniqueName, from, to));
+ }
}
return relationships;
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/CreateRelationshipTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/CreateRelationshipTest.java
new file mode 100644
index 0000000000..ffa21c8785
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/CreateRelationshipTest.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+
+package org.alfresco.module.org_alfresco_module_rm.test.integration.relationship;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.util.GUID;
+
+/**
+ * Create relationship integration test.
+ *
+ * @author Roy Wetherall
+ * @since 2.3
+ */
+public class CreateRelationshipTest extends BaseRMTestCase
+{
+ public void testReadOnlyPermissionOnSource() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.READ_RECORDS);
+ filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.FILING);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+ });
+ }
+
+ public void testReadOnlyPermissionOnTarget() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.FILING);
+ filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.READ_RECORDS);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+ });
+ }
+
+ public void testFillingPermissionOnSourceAndTarget() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest()
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecordCategory, user, RMPermissionModel.FILING);
+ filePlanPermissionService.setPermission(targetRecordCategory, user, RMPermissionModel.FILING);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+
+ @Override
+ public void then() throws Exception
+ {
+ // assert that the relationship exists
+ assertEquals(1, relationshipService.getRelationshipsFrom(sourceRecord).size());
+ assertEquals(0, relationshipService.getRelationshipsTo(sourceRecord).size());
+ assertEquals(0, relationshipService.getRelationshipsFrom(targetRecord).size());
+ assertEquals(1, relationshipService.getRelationshipsTo(targetRecord).size());
+ }
+ });
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/DeleteRelationshipTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/DeleteRelationshipTest.java
index 19c370601d..116541b597 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/DeleteRelationshipTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/DeleteRelationshipTest.java
@@ -19,9 +19,15 @@
package org.alfresco.module.org_alfresco_module_rm.test.integration.relationship;
+import java.util.HashSet;
import java.util.Set;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.relationship.Relationship;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID;
@@ -72,6 +78,183 @@ public class DeleteRelationshipTest extends BaseRMTestCase
}
});
}
+
+ public void testReadOnlyPermissionOnSource() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+
+ // add relationship
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.READ_RECORDS);
+ filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.FILING);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+ });
+ }
+
+ public void testReadOnlyPermissionOnTarget() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+
+ // create relationship
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.FILING);
+ filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.READ_RECORDS);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+ });
+ }
+
+ public void testFillingPermissionOnSourceAndTarget() throws Exception
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest()
+ {
+ /** test data */
+ private String roleName = GUID.generate();
+ private String user = GUID.generate();
+ private NodeRef sourceRecordCategory;
+ private NodeRef targetRecordCategory;
+ private NodeRef sourceRecordFolder;
+ private NodeRef targetRecordFolder;
+ private NodeRef sourceRecord;
+ private NodeRef targetRecord;
+
+ public void given() throws Exception
+ {
+ // test entities
+ sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
+ sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
+ targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
+ targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
+ targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
+
+ // create role
+ Set capabilities = new HashSet(2);
+ capabilities.add(capabilityService.getCapability("ViewRecords"));
+ capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
+ filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+ // create user and assign to role
+ createPerson(user, true);
+ filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+
+ // create relationship
+ relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
+ }
+
+ public void when()
+ {
+ // assign permissions
+ filePlanPermissionService.setPermission(sourceRecordCategory, user, RMPermissionModel.FILING);
+ filePlanPermissionService.setPermission(targetRecordCategory, user, RMPermissionModel.FILING);
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
+ return null;
+ }
+ }, user);
+ }
+
+ @Override
+ public void then() throws Exception
+ {
+ // assert that the relationship exists
+ assertEquals(0, relationshipService.getRelationshipsFrom(sourceRecord).size());
+ assertEquals(0, relationshipService.getRelationshipsTo(sourceRecord).size());
+ assertEquals(0, relationshipService.getRelationshipsFrom(targetRecord).size());
+ assertEquals(0, relationshipService.getRelationshipsTo(targetRecord).size());
+ }
+ });
+ }
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/RelationshipTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/RelationshipTestSuite.java
index da0fe63a5e..fd06625cfb 100755
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/RelationshipTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/relationship/RelationshipTestSuite.java
@@ -31,6 +31,7 @@ import org.junit.runners.Suite.SuiteClasses;
@RunWith(Suite.class)
@SuiteClasses(
{
+ CreateRelationshipTest.class,
DeleteRelationshipTest.class
})
public class RelationshipTestSuite