mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM: Fix up hide action after changes to extended security service.
* hide now shows only for collab users that have extended write on the record, ie fileRecord capability and filling permission git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46334 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -685,5 +685,16 @@
|
||||
</property>
|
||||
<property name="capability" value="RejectRecords" />
|
||||
</bean>
|
||||
|
||||
<bean id="jsonConversionComponent.hide"
|
||||
parent="jsonConversionComponent.baseAction">
|
||||
<property name="name" value="hide"/>
|
||||
<property name="kinds">
|
||||
<set>
|
||||
<value>RECORD</value>
|
||||
</set>
|
||||
</property>
|
||||
<property name="capability" value="FileRecords" />
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
@@ -475,16 +475,6 @@ public class RecordServiceImpl implements RecordService,
|
||||
{
|
||||
ParameterCheck.mandatory("NodeRef", nodeRef);
|
||||
|
||||
// first we do a sanity check to ensure that the user has at least write permissions on the record
|
||||
if (permissionService.hasPermission(nodeRef, PermissionService.WRITE) != AccessStatus.ALLOWED)
|
||||
{
|
||||
throw new AccessDeniedException(
|
||||
"Cannot hide record, because the user '"
|
||||
+ AuthenticationUtil.getRunAsUser()
|
||||
+ "' does not have write permissions on the record '"
|
||||
+ nodeRef.toString() + "'.");
|
||||
}
|
||||
|
||||
// do the work of hiding the record as the system user
|
||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||
{
|
||||
|
@@ -274,6 +274,8 @@ public class RecordServiceImplTest extends BaseRMTestCase
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
|
||||
|
||||
Capability filling = capabilityService.getCapability("FileRecords");
|
||||
assertEquals(AccessStatus.ALLOWED, filling.hasPermission(dmDocument));
|
||||
|
||||
Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
|
||||
assertEquals(AccessStatus.ALLOWED, editRecordMetadata.hasPermission(dmDocument));
|
||||
@@ -284,6 +286,43 @@ public class RecordServiceImplTest extends BaseRMTestCase
|
||||
return null;
|
||||
}
|
||||
}, dmCollaborator);
|
||||
|
||||
// check the consumer's permissions are correct for the newly created document
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
checkPermissions(READ_RECORDS,
|
||||
AccessStatus.ALLOWED, // file plan
|
||||
AccessStatus.ALLOWED, // unfiled container
|
||||
AccessStatus.DENIED, // record category
|
||||
AccessStatus.DENIED, // record folder
|
||||
AccessStatus.ALLOWED); // doc/record
|
||||
|
||||
checkPermissions(FILING,
|
||||
AccessStatus.DENIED, // file plan
|
||||
AccessStatus.DENIED, // unfiled container
|
||||
AccessStatus.DENIED, // record category
|
||||
AccessStatus.DENIED, // record folder
|
||||
AccessStatus.DENIED); // doc/record
|
||||
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
|
||||
|
||||
Capability filling = capabilityService.getCapability("FileRecords");
|
||||
assertEquals(AccessStatus.DENIED, filling.hasPermission(dmDocument));
|
||||
|
||||
Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
|
||||
assertEquals(AccessStatus.DENIED, editRecordMetadata.hasPermission(dmDocument));
|
||||
|
||||
Capability updateProperties = capabilityService.getCapability("UpdateProperties");
|
||||
assertEquals(AccessStatus.DENIED, updateProperties.hasPermission(dmDocument));
|
||||
|
||||
|
||||
return null;
|
||||
}
|
||||
}, dmConsumer);
|
||||
}
|
||||
|
||||
public void testCreateRecordNoLink() throws Exception
|
||||
|
Reference in New Issue
Block a user