From 098c80bd034c1efde632e9f19a88b43fa2d11a8a Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Tue, 18 Feb 2020 09:44:13 +0200 Subject: [PATCH] cherry pick # Conflicts: # rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java # rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java --- .../capability/policy/AssocPolicy.java | 15 +- .../record/DownloadAsZipRecordTest.java | 142 ++++++++++++++++++ 2 files changed, 151 insertions(+), 6 deletions(-) create mode 100644 rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java index 882faefa51..3ec8a3f0a6 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java @@ -56,19 +56,22 @@ public class AssocPolicy extends AbstractBasePolicy target = getTestNode(invocation, params, cad.getParameters().get(1), cad.isParent()); } - if ((source != null) && (target != null)) + if (source != null && target != null) { - // check that we aren't trying to create an association from DM to RM + // check the source node ref is a file plan component if (nodeService.hasAspect(source, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)) { return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(source); } else { - if (nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && - getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME) && - permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED) - ) + final boolean isFilePlanComponent = nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT); + final boolean hasViewRecordCapability = getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME); + // allow association between a source non rm node and an rm node if the user + // has ViewRecordsCapability on the RM target node and write properties on the dm node + if ( isFilePlanComponent && + hasViewRecordCapability && + permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED)) { return AccessDecisionVoter.ACCESS_GRANTED; } diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java new file mode 100644 index 0000000000..5c19e79ff1 --- /dev/null +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java @@ -0,0 +1,142 @@ +/*- + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2020 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ +package org.alfresco.module.org_alfresco_module_rm.test.integration.record; + +import net.sf.acegisecurity.Authentication; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.security.permissions.AccessDeniedException; +import org.alfresco.service.cmr.download.DownloadService; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.util.GUID; + +/** + * Download as zip record test. + * 
Tests for MNT-21292
+ * @author Rodica Sutu + * @since 3.2.0.1 + */ +public class DownloadAsZipRecordTest extends BaseRMTestCase +{ + private DownloadService downloadService; + + @Override + protected boolean isCollaborationSiteTest() + { + return true; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices() + */ + @Override + protected void initServices() + { + super.initServices(); + downloadService = (DownloadService) applicationContext.getBean("DownloadService"); + } + + /** + * Given a record and a user without view record capability + * When the user downloads the record + * Then Access Denied exception is thrown + */ + public void testDownloadRecordUserNoReadCapability() + { + + doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class) + { + /** user with no view record capability */ + String userDownload; + Authentication previousAuthentication; + + public void given() + { + // create an inplace record + AuthenticationUtil.runAs((RunAsWork) () -> { + recordService.createRecord(filePlan, dmDocument); + return null; + }, AuthenticationUtil.getAdminUserName()); + // create user + userDownload = GUID.generate(); + createPerson(userDownload); + } + + public void when() + { + previousAuthentication = AuthenticationUtil.getFullAuthentication(); + AuthenticationUtil.setFullyAuthenticatedUser(userDownload); + downloadService.createDownload(new NodeRef[] { dmDocument }, true); + } + + public void after() + { + AuthenticationUtil.setFullAuthentication(previousAuthentication); + personService.deletePerson(userDownload); + } + }); + } + + /** + * Given a record and a user with view record capability + * When the user downloads the record + * Then download node is created + */ + public void testDownloadRecordUserWithReadCapability() + { + doBehaviourDrivenTest(new BehaviourDrivenTest() + { + NodeRef downloadStorageNode; + + public void given() + { + // Create an inplace record + AuthenticationUtil.runAs((RunAsWork) () -> { + // Declare record + recordService.createRecord(filePlan, dmDocument); + return null; + }, dmCollaborator); + } + + public void when() + { + Authentication previousAuthentication = AuthenticationUtil.getFullAuthentication(); + AuthenticationUtil.setFullyAuthenticatedUser(dmCollaborator); + // request to download the record + downloadStorageNode = downloadService.createDownload(new NodeRef[] { dmDocument }, true); + AuthenticationUtil.setFullAuthentication(previousAuthentication); + } + + public void then() + { + // check the download storage node is created + assertTrue(nodeService.exists(downloadStorageNode)); + } + }); + } +}