RM: Fix up hide action after changes to extended security service.

* hide now shows only for collab users that have extended write on the record, ie fileRecord capability and filling permission git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46334 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2013-02-07 06:56:42 +00:00
parent b0110b7c76
commit 13417e16a1
3 changed files with 50 additions and 10 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
@@ -686,4 +686,15 @@
      <property name="capability" value="RejectRecords" />
   </bean>
   
+   <bean id="jsonConversionComponent.hide"
+         parent="jsonConversionComponent.baseAction">
+      <property name="name" value="hide"/>
+      <property name="kinds">
+         <set>
+            <value>RECORD</value>
+         </set>
+      </property>
+      <property name="capability" value="FileRecords" />
+   </bean>
+
 </beans>
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
@@ -475,16 +475,6 @@ public class RecordServiceImpl implements RecordService,
    {
        ParameterCheck.mandatory("NodeRef", nodeRef);

-        // first we do a sanity check to ensure that the user has at least write permissions on the record
-        if (permissionService.hasPermission(nodeRef, PermissionService.WRITE) != AccessStatus.ALLOWED)
-        {
-            throw new AccessDeniedException(
-                    "Cannot hide record, because the user '"
-                            + AuthenticationUtil.getRunAsUser()
-                            + "' does not have write permissions on the record '"
-                            + nodeRef.toString() + "'.");
-        }
-
        // do the work of hiding the record as the system user
        AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
        {
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
@@ -274,6 +274,8 @@ public class RecordServiceImplTest extends BaseRMTestCase
                assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
                assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
                
+                Capability filling = capabilityService.getCapability("FileRecords");
+                assertEquals(AccessStatus.ALLOWED, filling.hasPermission(dmDocument));
                
                Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
                assertEquals(AccessStatus.ALLOWED, editRecordMetadata.hasPermission(dmDocument));
@@ -284,6 +286,43 @@ public class RecordServiceImplTest extends BaseRMTestCase
                return null;
            }
        }, dmCollaborator);
+        
+        // check the consumer's permissions are correct for the newly created document
+        doTestInTransaction(new Test<Void>()
+        {
+            @Override
+            public Void run()
+            {
+                checkPermissions(READ_RECORDS,
+                        AccessStatus.ALLOWED,   // file plan
+                        AccessStatus.ALLOWED,   // unfiled container
+                        AccessStatus.DENIED,   // record category
+                        AccessStatus.DENIED,   // record folder
+                        AccessStatus.ALLOWED);  // doc/record
+
+                checkPermissions(FILING,
+                        AccessStatus.DENIED,   // file plan
+                        AccessStatus.DENIED,   // unfiled container
+                        AccessStatus.DENIED,   // record category
+                        AccessStatus.DENIED,   // record folder
+                        AccessStatus.DENIED);  // doc/record
+                
+                assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
+                assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
+                
+                Capability filling = capabilityService.getCapability("FileRecords");
+                assertEquals(AccessStatus.DENIED, filling.hasPermission(dmDocument));
+                
+                Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
+                assertEquals(AccessStatus.DENIED, editRecordMetadata.hasPermission(dmDocument));
+                
+                Capability updateProperties = capabilityService.getCapability("UpdateProperties");
+                assertEquals(AccessStatus.DENIED, updateProperties.hasPermission(dmDocument));
+
+            
+                return null;
+            }
+        }, dmConsumer);
    }

    public void testCreateRecordNoLink() throws Exception