Improvement to fix and encapsulate the test for user writes to preferences. Also switched around the test so the fastest and most likely to succeed tests go first.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@41852 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/preference-service-context.xml

@@ -43,6 +43,7 @@
         <property name="personService" ref="PersonService"/>
         <property name="permissionService" ref="PermissionService"/>
         <property name="authenticationContext" ref="authenticationContext"/>
+        <property name="authorityService" ref="AuthorityService"/>
     </bean>
     
     <bean id="preferenceServiceScript" parent="baseJavaScriptExtension" class="org.alfresco.repo.preference.script.ScriptPreferenceService">

source/java/org/alfresco/repo/preference/PreferenceServiceImpl.java

@@ -38,6 +38,7 @@ import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.json.JSONException;
@@ -65,6 +66,9 @@ public class PreferenceServiceImpl implements PreferenceService
     /** Authentication Service */
     private AuthenticationContext authenticationContext;
     
+    /** Authority Service */
+    private AuthorityService authorityService;
+
     /**
      * Set the node service
      * 
@@ -115,6 +119,14 @@ public class PreferenceServiceImpl implements PreferenceService
         this.authenticationContext = authenticationContext;
     }
     
+    /**
+     * @param authorityService the authorityService to set
+     */
+    public void setAuthorityService(AuthorityService authorityService)
+    {
+        this.authorityService = authorityService;
+    }
+
     /**
      * @see org.alfresco.service.cmr.preference.PreferenceService#getPreferences(java.lang.String)
      */
@@ -136,13 +148,14 @@ public class PreferenceServiceImpl implements PreferenceService
         NodeRef personNodeRef = this.personService.getPerson(userName);
         if (personNodeRef == null)
         {
-            throw new AlfrescoRuntimeException("Can not get preferences for " + userName
+            throw new AlfrescoRuntimeException("Could not get preferences for " + userName + " because they do not exist.");
-                + " because he/she does not exist."); 
         }
 
         String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
-        if (authenticationContext.isSystemUserName(currentUserName) == true || userName.equals(currentUserName) == true
+        if (userName.equals(currentUserName) ||
-                || AuthenticationUtil.getAdminUserName().equals(currentUserName))
+            personService.getUserIdentifier(userName).equals(personService.getUserIdentifier(currentUserName)) ||
+            authenticationContext.isSystemUserName(currentUserName) ||
+            authorityService.isAdminAuthority(currentUserName))
         {
             try
             {
@@ -162,10 +175,10 @@ public class PreferenceServiceImpl implements PreferenceService
                     Iterator<String> keys = jsonPrefs.keys();
                     while (keys.hasNext())
                     {
-                        String key = (String) keys.next();
+                        final String key = (String) keys.next();
 
-                        if (preferenceFilter == null || preferenceFilter.length() == 0
+                        if (preferenceFilter == null || preferenceFilter.length() == 0 ||
-                                || matchPreferenceNames(key, preferenceFilter) == true)
+                            matchPreferenceNames(key, preferenceFilter) == true)
                         {
                             preferences.put(key, (Serializable) jsonPrefs.get(key));
                         }
@@ -228,16 +241,12 @@ public class PreferenceServiceImpl implements PreferenceService
     {
         // Get the user node reference
         final NodeRef personNodeRef = this.personService.getPerson(userName);
-        if (personNodeRef == null) { throw new AlfrescoRuntimeException("Can not update preferences for " + userName
+        if (personNodeRef == null)
-                + " because he/she does not exist."); }
+        {
+            throw new AlfrescoRuntimeException("Could not update preferences for " + userName + " because they do not exist.");
+        }
         
-        // Can only set preferences if the currently logged in user matches the
+        if (userCanWritePreferences(userName, personNodeRef))
-        // user name being updated or
-        // the user already has write permissions on the person node
-        String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
-        if (authenticationContext.isSystemUserName(currentUserName) == true
-                || permissionService.hasPermission(personNodeRef, PermissionService.WRITE) == AccessStatus.ALLOWED
-                || userName.equals(currentUserName) == true)
         {
             AuthenticationUtil.runAs(new RunAsWork<Object>()
             {
@@ -283,14 +292,13 @@ public class PreferenceServiceImpl implements PreferenceService
 
                     return null;
                 }
-
             }, AuthenticationUtil.SYSTEM_USER_NAME);
         }
         else
         {
             // The current user does not have sufficient permissions to update
             // the preferences for this user
-            throw new UnauthorizedAccessException("The current user " + currentUserName
+            throw new UnauthorizedAccessException("The current user " + AuthenticationUtil.getFullyAuthenticatedUser()
                     + " does not have sufficient permissions to update the preferences of the user " + userName);
         }
     }
@@ -311,16 +319,12 @@ public class PreferenceServiceImpl implements PreferenceService
     {
         // Get the user node reference
         final NodeRef personNodeRef = this.personService.getPerson(userName);
-        if (personNodeRef == null) { throw new AlfrescoRuntimeException("Can not update preferences for " + userName
+        if (personNodeRef == null)
-                + " because he/she does not exist."); }
+        {
+            throw new AlfrescoRuntimeException("Could not update preferences for " + userName + " because they do not exist.");
+        }
         
-        // Can only set preferences if the currently logged in user matches the
+        if (userCanWritePreferences(userName, personNodeRef))
-        // user name being updated or
-        // the user already has write permissions on the person node
-        String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
-        if (authenticationContext.isSystemUserName(currentUserName) == true
-                || permissionService.hasPermission(personNodeRef, PermissionService.WRITE) == AccessStatus.ALLOWED
-                || userName.equals(currentUserName) == true)
         {
             AuthenticationUtil.runAs(new RunAsWork<Object>()
             {
@@ -347,10 +351,10 @@ public class PreferenceServiceImpl implements PreferenceService
                                 Iterator<String> keys = jsonPrefs.keys();
                                 while (keys.hasNext())
                                 {
-                                    String key = (String) keys.next();
+                                    final String key = (String) keys.next();
 
-                                    if (preferenceFilter == null || preferenceFilter.length() == 0
+                                    if (preferenceFilter == null || preferenceFilter.length() == 0 ||
-                                            || matchPreferenceNames(key, preferenceFilter) == true)
+                                        matchPreferenceNames(key, preferenceFilter) == true)
                                     {
                                         removeKeys.add(key);
                                     }
@@ -383,9 +387,26 @@ public class PreferenceServiceImpl implements PreferenceService
         {
             // The current user does not have sufficient permissions to update
             // the preferences for this user
-            throw new UnauthorizedAccessException("The current user " + currentUserName
+            throw new UnauthorizedAccessException("The current user " + AuthenticationUtil.getFullyAuthenticatedUser()
                     + " does not have sufficient permissions to update the preferences of the user " + userName);
         }
     }
     
+    /**
+     * Helper to encapsulate the test for whether the currently authenticated user can write to the
+     * preferences objects for the given username and person node reference.
+     * 
+     * @param userName          Username owner of the preferences object for modification test 
+     * @param personNodeRef     Non-null person representing the given username
+     * 
+     * @return true if they are allowed to write to the user preferences, false otherwise
+     */
+    private boolean userCanWritePreferences(final String userName, final NodeRef personNodeRef)
+    {
+        final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
+        return (userName.equals(currentUserName) ||
+                personService.getUserIdentifier(userName).equals(personService.getUserIdentifier(currentUserName)) ||
+                authenticationContext.isSystemUserName(currentUserName) ||
+                permissionService.hasPermission(personNodeRef, PermissionService.WRITE) == AccessStatus.ALLOWED);
+    }
 }