From 09a0f50882a8e139e7da7326de45b44d8c85c55b Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Wed, 18 Apr 2012 04:58:51 +0000 Subject: [PATCH] RM Bugs: * Edit details Ui action now reflects user's capabilites correctly * Fixed up a couple of behaviours that don't execute when non-admin user (run as system user since admin may not be rm admin) * Transfers not appear in docLib filter correcetly * File UI action now reflects the user's capability correctly. * Renamed 'group' capabilities to 'private' as this more accurately reflects what it means. * Added composite capability implementation ... allows us to futher consolidate some of the edge cases and will allow us to break down further some of the existing capabilities .. this makes is much easier to see and understand exactlly what each capability is doing * Refactored current 'group' capabilities .. replacing with pure spring config where appropriate .. much clearer what they are doing (and fixed up where they wheren't doing exactlly the right thing) * Moved the remaining group capabilities impl's with the other capability impl's .. we are now down to 8 custom capability implementations .. down from 50+ .. and these havily borrow from the base classes where they can ... makes maintenance MUCH easier! * more unit tests * used new 'private' capability technique to break up FileRecord capability ... it's now clear what it is doing and could be corrected easily git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@35350 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-capabilities-context.xml | 266 ++++++++++-------- .../rm-model-context.xml | 1 + .../rm-ui-evaluators-context.xml | 1 + .../capability/AbstractCapability.java | 16 +- .../capability/Capability.java | 5 +- .../capability/CapabilityService.java | 10 +- .../capability/RMEntryVoter.java | 6 +- .../declarative/CompositeCapability.java | 65 +++++ .../declarative/DeclarativeCapability.java | 4 +- .../DeclaredCapabilityCondition.java | 8 +- .../capability/group/DeclareCapability.java | 54 ---- .../capability/group/DeleteCapability.java | 67 ----- .../capability/group/UpdateCapability.java | 95 ------- .../group/UpdatePropertiesCapability.java | 97 ------- .../group/WriteContentCapability.java | 55 ---- .../{group => impl}/CreateCapability.java | 3 +- .../impl/FileRecordsCapability.java | 115 -------- .../impl/MoveRecordsCapability.java | 1 - .../capability/impl/UpdateCapability.java | 58 ++++ .../impl/UpdatePropertiesCapability.java | 52 ++++ .../model/RecordContainerType.java | 2 +- .../RecordsManagementSecurityServiceImpl.java | 2 +- .../vital/VitalRecordServiceImpl.java | 48 ++-- .../test/CapabilitiesTestSuite.java | 2 + .../test/capabilities/CapabilitiesTest.java | 73 ++--- ...Test.java => CompositeCapabilityTest.java} | 2 +- .../DeclarativeCapabilityTest.java | 52 +++- .../test/util/CommonRMTestUtils.java | 13 + 28 files changed, 482 insertions(+), 691 deletions(-) create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java rename rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/{group => impl}/CreateCapability.java (95%) delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java rename rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/{GroupCapabilityTest.java => CompositeCapabilityTest.java} (96%) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml index 29354fe42d..0bdbf64c7b 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml @@ -101,16 +101,24 @@ + + + + + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -129,8 +137,7 @@ + parent="declarativeCapability"> @@ -148,15 +155,13 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -167,8 +172,7 @@ + parent="declarativeCapability"> @@ -192,8 +196,7 @@ + parent="declarativeCapability"> @@ -212,29 +215,25 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -252,22 +251,20 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> RECORD_CATEGORY RECORD_FOLDER - RECORD + @@ -281,43 +278,37 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -337,8 +328,7 @@ + parent="declarativeCapability"> @@ -359,15 +349,13 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -387,8 +375,7 @@ + parent="declarativeCapability"> @@ -408,8 +395,7 @@ + parent="declarativeCapability"> @@ -429,12 +415,12 @@ + parent="declarativeCapability"> - + + RECORD @@ -446,8 +432,7 @@ + parent="declarativeCapability"> @@ -465,8 +450,7 @@ + parent="declarativeCapability"> @@ -478,15 +462,13 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -506,8 +488,7 @@ + parent="declarativeCapability"> @@ -539,29 +520,25 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -578,30 +555,46 @@ + + + + + + + + + + + + + + + parent="compositeCapability"> - + + + + + + + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -612,8 +605,7 @@ + parent="declarativeCapability"> @@ -625,15 +617,13 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -645,8 +635,7 @@ + parent="declarativeCapability"> @@ -667,8 +656,7 @@ + parent="declarativeCapability"> @@ -687,15 +675,13 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -714,8 +700,7 @@ + parent="declarativeCapability"> @@ -733,8 +718,7 @@ + parent="declarativeCapability"> @@ -746,22 +730,19 @@ + parent="declarativeCapability"> + parent="declarativeCapability"> + parent="declarativeCapability"> @@ -772,8 +753,7 @@ + parent="declarativeCapability"> @@ -784,8 +764,7 @@ + parent="declarativeCapability"> @@ -802,8 +781,7 @@ + parent="declarativeCapability"> @@ -812,41 +790,79 @@ - - - + + + - + - + - + + + + + + + + + + - + - + + + + + + + + + + + parent="compositeCapability" + class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability"> - + + + + + + + + + + - + - + + + + + + + + parent="declarativeCapability"> - + RECORD diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml index 2b018359af..a882c2d8d1 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml @@ -89,6 +89,7 @@ + diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml index 18d3b99aff..98d1b16067 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml @@ -394,6 +394,7 @@ RECORD_FOLDER + actions = new ArrayList(1); @@ -116,19 +116,19 @@ public abstract class AbstractCapability extends RMSecurityCommon } /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isGroupCapability() + * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isPrivate() */ - public boolean isGroupCapability() + public boolean isPrivate() { - return isGroupCapability; + return isPrivate; } /** - * @param isGroupCapability indicates whether this is a group capability or not + * @param isPrivate indicates whether the capability is private or not */ - public void setGroupCapability(boolean isGroupCapability) + public void setPrivate(boolean isPrivate) { - this.isGroupCapability = isGroupCapability; + this.isPrivate = isPrivate; } /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java index 33e1d675d0..7b0eb3c35d 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java @@ -62,11 +62,12 @@ public interface Capability int evaluate(NodeRef source, NodeRef target); /** - * Indicates whether this is a group capability or not + * Indicates whether this is a private capability or not. Private capabilities are used internally, otherwise + * they are made available to the user to assign to roles. * * @return */ - boolean isGroupCapability(); + boolean isPrivate(); /** * Get the name of the capability diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java index 6e5a32a88e..71b50ef918 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java @@ -26,21 +26,25 @@ import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; /** + * Capability service implementation + * * @author Roy Wetherall * @since 2.0 */ public interface CapabilityService { /** + * Register a capability * - * @param capability + * @param capability capability */ void registerCapability(Capability capability); /** + * Get a named capability. * - * @param name - * @return + * @param name capability name + * @return {@link Capability} capability or null if not found */ Capability getCapability(String name); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java index db7326ac98..dd8549c68c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java @@ -37,10 +37,10 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction; -import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdateCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability; +import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability; import org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability; +import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability; +import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability; import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java new file mode 100644 index 0000000000..56dfcd6922 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.capability.declarative; + +import java.util.List; + +import net.sf.acegisecurity.vote.AccessDecisionVoter; + +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.service.cmr.repository.NodeRef; + +/** + * Generic implementation of a composite capability + * + * @author Roy Wetherall + */ +public class CompositeCapability extends DeclarativeCapability +{ + /** List of capabilities */ + private List capabilities; + + /** + * @param capabilites list of capabilities + */ + public void setCapabilities(List capabilities) + { + this.capabilities = capabilities; + } + + @Override + public int evaluateImpl(NodeRef nodeRef) + { + int result = AccessDecisionVoter.ACCESS_DENIED; + + // Check each capability using 'OR' logic + for (Capability capability : capabilities) + { + int capabilityResult = capability.evaluate(nodeRef); + if (capabilityResult == AccessDecisionVoter.ACCESS_GRANTED) + { + result = AccessDecisionVoter.ACCESS_GRANTED; + break; + } + } + + return result; + } + +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java index 40e1a9ac17..ad48640e9c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2012 Alfresco Software Limited. * * This file is part of Alfresco * @@ -118,7 +118,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica */ protected boolean checkPermissionsImpl(NodeRef nodeRef, String ... permissions) { - boolean result = true; + boolean result = true; NodeRef filePlan = rmService.getFilePlan(nodeRef); for (String permission : permissions) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java index 76cc017214..b57801aab4 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java @@ -18,6 +18,7 @@ */ package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition; +import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind; import org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition; import org.alfresco.service.cmr.repository.NodeRef; @@ -29,6 +30,11 @@ public class DeclaredCapabilityCondition extends AbstractCapabilityCondition @Override public boolean evaluate(NodeRef nodeRef) { - return rmService.isRecordDeclared(nodeRef); + boolean result = false; + if (FilePlanComponentKind.RECORD.equals(rmService.getFilePlanComponentKind(nodeRef)) == true) + { + result = rmService.isRecordDeclared(nodeRef); + } + return result; } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java deleted file mode 100644 index 060b5f83c6..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.service.cmr.repository.NodeRef; - -/** - * Composite Declare capability - * - * @author andyh - */ -public class DeclareCapability extends AbstractCapability -{ - /* - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - public int evaluate(NodeRef declaree) - { - Capability recordsCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS); - Capability inClosedCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS); - - if (recordsCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - if (inClosedCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - return AccessDecisionVoter.ACCESS_DENIED; - } - -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java deleted file mode 100644 index 9b7395d851..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.service.cmr.repository.NodeRef; - -/** - * @author andyh - */ -public class DeleteCapability extends AbstractCapability -{ - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - public int evaluate(NodeRef deletee) - { - Capability schedRec = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION); - Capability destroy = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS); - Capability delete = capabilityService.getCapability(RMPermissionModel.DELETE_RECORDS); - Capability desfileplan = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA); - Capability desfolder = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS); - - if (schedRec.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - if (destroy.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - if (delete.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - if (desfileplan.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - if (desfolder.evaluate(deletee, null) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - return AccessDecisionVoter.ACCESS_DENIED; - } - -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java deleted file mode 100644 index 671dad38a9..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; - -import java.io.Serializable; -import java.util.Map; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; - -/** - * @author andyh - */ -public class UpdateCapability extends AbstractCapability -{ - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public int evaluate(NodeRef nodeRef) - { - return evaluate(nodeRef, null, null); - } - - /** - * - * @param nodeRef - * @param aspectQName - * @param properties - * @return - */ - public int evaluate(NodeRef nodeRef, QName aspectQName, Map properties) - { - if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } - if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } - - Capability destFolder = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS); - if (destFolder.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability fileplanMeta = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA); - if (fileplanMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability recordMeta = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA); - if (recordMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability nonRecordMetadata = capabilityService.getCapability(EDIT_NON_RECORD_METADATA); - if (nonRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability editRecordMetadata = capabilityService.getCapability(EDIT_RECORD_METADATA); - if (editRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - return AccessDecisionVoter.ACCESS_DENIED; - } -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java deleted file mode 100644 index b1423fcd29..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; - -import java.io.Serializable; -import java.util.Map; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; - -/** - * @author andyh - */ -public class UpdatePropertiesCapability extends AbstractCapability -{ - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public int evaluate(NodeRef nodeRef) - { - return evaluate(nodeRef, (Map)null); - } - - /** - * Evaluate cabability - * - * @param nodeRef - * @param properties - * @return - */ - public int evaluate(NodeRef nodeRef, Map properties) - { - if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } - - Capability cap1 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS); - if (cap1.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability cap2 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA); - if (cap2.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability cap3 = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA); - if (cap3.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability cap4 = capabilityService.getCapability(EDIT_NON_RECORD_METADATA); - if (cap4.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability cap5 = capabilityService.getCapability(EDIT_RECORD_METADATA); - if (cap5.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - Capability cap6 = capabilityService.getCapability(CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS); - if (cap6.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - - return AccessDecisionVoter.ACCESS_DENIED; - } -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java deleted file mode 100644 index 0da5b4a3fc..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.AccessStatus; - -/** - * @author andyh - */ -public class WriteContentCapability extends DeclarativeCapability -{ - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - public int evaluate(NodeRef nodeRef) - { - int result = AccessDecisionVoter.ACCESS_ABSTAIN; - - if (rmService.isFilePlanComponent(nodeRef)) - { - result = AccessDecisionVoter.ACCESS_DENIED; - - if (checkKinds(nodeRef) == true && checkConditions(nodeRef) == true) - { - if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) - { - result = AccessDecisionVoter.ACCESS_GRANTED; - } - } - } - - return result; - } -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java similarity index 95% rename from rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java rename to rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java index b19d558a4e..a54bda2968 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with Alfresco. If not, see . */ -package org.alfresco.module.org_alfresco_module_rm.capability.group; +package org.alfresco.module.org_alfresco_module_rm.capability.impl; import java.util.HashMap; import java.util.Map; @@ -26,7 +26,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.ChangeOrDeleteReferencesCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.namespace.QName; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java deleted file mode 100644 index e8ecaa6829..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.impl; - -import java.util.HashMap; -import java.util.Map; - -import net.sf.acegisecurity.vote.AccessDecisionVoter; - -import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.AccessStatus; -import org.alfresco.service.namespace.QName; - -/** - * File records capability. - * - * @author andyh - */ -public class FileRecordsCapability extends DeclarativeCapability -{ - /** Dictionary service */ - private DictionaryService dictionaryService; - - /** - * @param dictionaryService dictionary service - */ - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef) - */ - public int evaluate(NodeRef nodeRef) - { - if (rmService.isFilePlanComponent(nodeRef)) - { - // Build the conditions map - Map conditions = new HashMap(5); - conditions.put("capabilityCondition.filling", Boolean.TRUE); - conditions.put("capabilityCondition.frozen", Boolean.FALSE); - conditions.put("capabilityCondition.cutoff", Boolean.FALSE); - conditions.put("capabilityCondition.closed", Boolean.FALSE); - conditions.put("capabilityCondition.declared", Boolean.FALSE); - - if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true)) - { - if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - } - - conditions.put("capabilityCondition.closed", Boolean.TRUE); - if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true)) - { - if (checkPermissionsImpl(nodeRef, DECLARE_RECORDS_IN_CLOSED_FOLDERS) == true) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - } - - conditions.put("capabilityCondition.cutoff", Boolean.TRUE); - conditions.remove("capabilityCondition.closed"); - conditions.remove("capabilityCondition.declared"); - if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true)) - { - if (checkPermissionsImpl(nodeRef, CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == true) - { - return AccessDecisionVoter.ACCESS_GRANTED; - } - } - - return AccessDecisionVoter.ACCESS_DENIED; - - } - else - { - return AccessDecisionVoter.ACCESS_ABSTAIN; - } - } - - /** - * Indicate whether a node if 'fileable' or not. - * - * @param nodeRef node reference - * @return boolean true if the node is filable, false otherwise - */ - public boolean isFileable(NodeRef nodeRef) - { - QName type = nodeService.getType(nodeRef); - return dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT); - } -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java index 376172dcfc..4b25b7f271 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java @@ -21,7 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl; import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability; -import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.QName; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java new file mode 100644 index 0000000000..db528dcd0c --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2005-2011 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.capability.impl; + +import java.io.Serializable; +import java.util.Map; + +import net.sf.acegisecurity.vote.AccessDecisionVoter; + +import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.QName; + +/** + * Update capability implementation. + * + * @author andyh + */ +public class UpdateCapability extends CompositeCapability +{ + /** + * + * @param nodeRef + * @param aspectQName + * @param properties + * @return + */ + public int evaluate(NodeRef nodeRef, QName aspectQName, Map properties) + { + if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName))) + { + return AccessDecisionVoter.ACCESS_DENIED; + } + + if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) + { + return AccessDecisionVoter.ACCESS_DENIED; + } + + return evaluate(nodeRef); + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java new file mode 100644 index 0000000000..130b12849a --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2005-2011 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.capability.impl; + +import java.io.Serializable; +import java.util.Map; + +import net.sf.acegisecurity.vote.AccessDecisionVoter; + +import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.QName; + +/** + * Update properties capability + * + * @author andyh + */ +public class UpdatePropertiesCapability extends CompositeCapability +{ + /** + * Evaluate capability, taking into account the protected properties. + * + * @param nodeRef node reference + * @param properties updated properties, if no null + */ + public int evaluate(NodeRef nodeRef, Map properties) + { + if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) + { + return AccessDecisionVoter.ACCESS_DENIED; + } + + return evaluate(nodeRef); + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java index 747a7647ce..5bd85b7f1e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java @@ -186,6 +186,6 @@ public class RecordContainerType implements RecordsManagementModel, } return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java index b9284eecd8..513bac8102 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java @@ -354,7 +354,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe Set result = new HashSet(caps.size()); for (Capability cap : caps) { - if (cap.isGroupCapability() == false) + if (cap.isPrivate() == false) { result.add(cap); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java index 7ab4305c76..ef8935bb87 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java @@ -29,6 +29,8 @@ import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.Period; @@ -122,7 +124,7 @@ public class VitalRecordServiceImpl implements VitalRecordService, * @see org.alfresco.repo.node.NodeServicePolicies.OnAddAspectPolicy#onAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) */ @Override - public void onAddAspect(NodeRef nodeRef, QName aspectTypeQName) + public void onAddAspect(final NodeRef nodeRef, final QName aspectTypeQName) { ParameterCheck.mandatory("nodeRef", nodeRef); ParameterCheck.mandatory("aspectTypeQName", aspectTypeQName); @@ -132,27 +134,35 @@ public class VitalRecordServiceImpl implements VitalRecordService, onUpdateProperties.disable(); try { - // get the immediate parent - NodeRef parentRef = nodeService.getPrimaryParent(nodeRef).getParentRef(); - - // is the parent a record category - if (parentRef != null && - FilePlanComponentKind.RECORD_CATEGORY.equals(rmService.getFilePlanComponentKind(parentRef)) == true) + AuthenticationUtil.runAs(new RunAsWork() { - // is the child a record category or folder - FilePlanComponentKind kind = rmService.getFilePlanComponentKind(nodeRef); - if (kind.equals(FilePlanComponentKind.RECORD_CATEGORY) == true || - kind.equals(FilePlanComponentKind.RECORD_FOLDER) == true) + public Void doWork() throws Exception { - // set the vital record definition values to match that of the parent - nodeService.setProperty(nodeRef, - PROP_VITAL_RECORD_INDICATOR, - nodeService.getProperty(parentRef, PROP_VITAL_RECORD_INDICATOR)); - nodeService.setProperty(nodeRef, - PROP_REVIEW_PERIOD, - nodeService.getProperty(parentRef, PROP_REVIEW_PERIOD)); + // get the immediate parent + NodeRef parentRef = nodeService.getPrimaryParent(nodeRef).getParentRef(); + + // is the parent a record category + if (parentRef != null && + FilePlanComponentKind.RECORD_CATEGORY.equals(rmService.getFilePlanComponentKind(parentRef)) == true) + { + // is the child a record category or folder + FilePlanComponentKind kind = rmService.getFilePlanComponentKind(nodeRef); + if (kind.equals(FilePlanComponentKind.RECORD_CATEGORY) == true || + kind.equals(FilePlanComponentKind.RECORD_FOLDER) == true) + { + // set the vital record definition values to match that of the parent + nodeService.setProperty(nodeRef, + PROP_VITAL_RECORD_INDICATOR, + nodeService.getProperty(parentRef, PROP_VITAL_RECORD_INDICATOR)); + nodeService.setProperty(nodeRef, + PROP_REVIEW_PERIOD, + nodeService.getProperty(parentRef, PROP_REVIEW_PERIOD)); + } + } + + return null; } - } + }, AuthenticationUtil.getSystemUserName()); } finally { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java index 9be78c443d..a21edd0d7c 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java @@ -23,6 +23,7 @@ import junit.framework.TestSuite; import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CapabilitiesTest; import org.alfresco.module.org_alfresco_module_rm.test.capabilities.DeclarativeCapabilityTest; +import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CompositeCapabilityTest; /** @@ -42,6 +43,7 @@ public class CapabilitiesTestSuite extends TestSuite TestSuite suite = new TestSuite(); suite.addTestSuite(CapabilitiesTest.class); suite.addTestSuite(DeclarativeCapabilityTest.class); + suite.addTestSuite(CompositeCapabilityTest.class); return suite; } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java index 3e7419f79e..5ae06de2a9 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java @@ -82,6 +82,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // Give all the users file permission objects for (String user : testUsers) { + securityService.setPermission(filePlan, user, FILING); securityService.setPermission(rmContainer, user, FILING); } } @@ -424,7 +425,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -544,7 +545,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .getAdminUserName()); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -666,7 +667,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(rmAdminName); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -794,7 +795,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(recordsManagerName); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -807,7 +808,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED); check(access, CHANGE_OR_DELETE_REFERENCES, - AccessStatus.UNDETERMINED); + AccessStatus.DENIED); check(access, CLOSE_FOLDERS, AccessStatus.DENIED); check(access, CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED); @@ -817,7 +818,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, @@ -918,7 +919,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(securityOfficerName); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1037,7 +1038,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(powerUserName); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1156,7 +1157,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(rmUserName); Map access = securityService .getCapabilities(filePlan); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1276,7 +1277,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1399,7 +1400,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .getAdminUserName()); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1521,7 +1522,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(rmAdminName); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1645,7 +1646,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // rm_records_manager, FILING, true); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1769,7 +1770,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // securityOfficerName, FILING, true); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -1890,7 +1891,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // powerUserName, FILING, true); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -2011,7 +2012,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // rmUserName, FILING, true); Map access = securityService .getCapabilities(rmContainer); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -2131,7 +2132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements Map access = securityService .getCapabilities(rmFolder); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2260,7 +2261,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .getAdminUserName()); Map access = securityService .getCapabilities(rmFolder); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2383,7 +2384,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(rmAdminName); Map access = securityService .getCapabilities(rmFolder); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2504,7 +2505,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements AuthenticationUtil.setFullyAuthenticatedUser(recordsManagerName); //setFilingOnRecordFolder(rmFolder, recordsManagerName); Map access = securityService.getCapabilities(rmFolder); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2625,7 +2626,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements AuthenticationUtil.setFullyAuthenticatedUser(securityOfficerName); //setFilingOnRecordFolder(rmFolder, securityOfficerName); Map access = securityService.getCapabilities(rmFolder); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2743,7 +2744,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements AuthenticationUtil.setFullyAuthenticatedUser(powerUserName); //setFilingOnRecordFolder(rmFolder, powerUserName); Map access = securityService.getCapabilities(rmFolder); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED); @@ -2863,7 +2864,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements //setFilingOnRecordFolder(rmFolder, rmUserName); Map access = securityService .getCapabilities(rmFolder); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -2980,7 +2981,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements { AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); Map access = securityService.getCapabilities(record); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3007,7 +3008,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3104,7 +3105,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .getAdminUserName()); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3131,7 +3132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3227,7 +3228,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements .setFullyAuthenticatedUser(rmAdminName); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); + assertEquals(66, access.size()); check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3254,7 +3255,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3351,7 +3352,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // setFilingOnRecord(record, recordsManagerName); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.ALLOWED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3378,7 +3379,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3475,7 +3476,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // setFilingOnRecord(record, securityOfficerName); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3502,7 +3503,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3597,7 +3598,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // setFilingOnRecord(record, powerUserName); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); @@ -3624,7 +3625,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_FOLDERS, - AccessStatus.ALLOWED); + AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED); check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES, @@ -3718,7 +3719,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements // setFilingOnRecord(record, rmUserName); Map access = securityService .getCapabilities(record); - assertEquals(65, access.size()); // 58 + File + assertEquals(66, access.size()); // 58 + File check(access, ACCESS_AUDIT, AccessStatus.DENIED); check(access, ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED); diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java similarity index 96% rename from rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java rename to rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java index 10ac2abccd..cbdbe5439c 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java @@ -31,7 +31,7 @@ import org.alfresco.service.cmr.security.AccessStatus; * * @author Roy Wetherall */ -public class GroupCapabilityTest extends BaseRMTestCase +public class CompositeCapabilityTest extends BaseRMTestCase { private NodeRef record; private NodeRef declaredRecord; diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java index f20582d61a..f764510b43 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java @@ -51,6 +51,8 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase private NodeRef frozenRecord2; private NodeRef frozenRecordFolder; + private NodeRef closedFolder; + @Override protected boolean isUserTest() { @@ -66,9 +68,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase record = utils.createRecord(rmFolder, "record.txt"); declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt"); - - // Open folder // Closed folder + closedFolder = rmService.createRecordFolder(rmContainer, "closedFolder"); + utils.closeFolder(closedFolder); recordFolderContainsFrozen = rmService.createRecordFolder(rmContainer, "containsFrozen"); frozenRecord = utils.createRecord(rmFolder, "frozenRecord.txt"); @@ -130,7 +132,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase for (Capability capability : capabilities) { if (capability instanceof DeclarativeCapability && - capability.isGroupCapability() == false && + capability.isPrivate() == false && capability.getName().equals("MoveRecords") == false && capability.getName().equals("DeleteLinks") == false && capability.getName().equals("ChangeOrDeleteReferences") == false && @@ -237,4 +239,48 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase return result; } + + /** Specific declarative capability tests */ + + public void testFileCapability() + { + final Capability capability = capabilityService.getCapability("File"); + assertNotNull(capability); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder)); + + return null; + } + }, recordsManagerName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder)); + + return null; + } + }, rmUserName); + } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java index e146b08575..202fed6b36 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java @@ -169,6 +169,19 @@ public class CommonRMTestUtils implements RecordsManagementModel } + public void closeFolder(final NodeRef recordFolder) + { + AuthenticationUtil.runAs(new RunAsWork() + { + @Override + public Void doWork() throws Exception + { + actionService.executeRecordsManagementAction(recordFolder, "closeRecordFolder"); + return null; + } + }, AuthenticationUtil.getAdminUserName()); + } + public void freeze(final NodeRef nodeRef) { AuthenticationUtil.runAs(new RunAsWork()