REPO-894: Disable Person

- updated so we receive an error when trying to disable an admin authority git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@132475 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2016-11-07 13:42:55 +00:00
parent d29606a407
commit 104fd25dcc
2 changed files with 27 additions and 2 deletions
--- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
@@ -453,8 +453,7 @@ public class PeopleImpl implements People
    {
        MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;

-        boolean isAdmin = authorityService.hasAdminAuthority();
-        if (!isAdmin)
+        if (!isAdminAuthority())
        {
            throw new PermissionDeniedException();
        }
@@ -471,6 +470,11 @@ public class PeopleImpl implements People

        if (person.isEnabled() != null)
        {
+            if (isAdminAuthority(personIdToUpdate))
+            {
+                throw new PermissionDeniedException("Admin authority cannot be disabled.");
+            }
+
            mutableAuthenticationService.setAuthenticationEnabled(personIdToUpdate, person.isEnabled());
        }
        
@@ -488,4 +492,14 @@ public class PeopleImpl implements People

        return getPerson(personId);
    }
+
+    private boolean isAdminAuthority()
+    {
+        return authorityService.hasAdminAuthority();
+    }
+
+    private boolean isAdminAuthority(String authorityName)
+    {
+        return authorityService.isAdminAuthority(authorityName);
+    }
 }
--- a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java
+++ b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java
@@ -645,6 +645,17 @@ public class TestPeople extends EnterpriseTestApi
        assertEquals(enabled, updatedPerson.isEnabled());
    }

+    @Test
+    public void testUpdatePersonDisableAdminNotAllowed() throws PublicApiException
+    {
+        publicApiClient.setRequestContext(new RequestContext(account3.getId(), account3Admin, "admin"));
+
+        Map<String, String> params = new HashMap<>();
+        params.put("fields", "enabled");
+
+        people.update("people", account3Admin, null, null, "{\n" + "  \"enabled\": \"" + false + "\"\n" + "}", params, "Expected 403 response when updating " + account3Admin, 403);
+    }
+
    @Test
    public void testUpdatePersonPasswordNonAdminNotAllowed() throws PublicApiException
    {