DM permissions

http://issues.alfresco.com/browse/SLNG-202
http://issues.alfresco.com/browse/SLNG-203

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9090 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthority.java

@@ -25,18 +25,22 @@
 package org.alfresco.repo.security.permissions.dynamic;
 
 import java.io.Serializable;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.permissions.DynamicAuthority;
+import org.alfresco.repo.security.permissions.PermissionReference;
+import org.alfresco.repo.security.permissions.impl.ModelDAO;
 import org.alfresco.service.cmr.lock.LockService;
 import org.alfresco.service.cmr.lock.LockStatus;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
 import org.alfresco.service.cmr.security.PermissionService;
-import org.alfresco.util.EqualsHelper;
 import org.springframework.beans.factory.InitializingBean;
 
 /**
@@ -48,6 +52,11 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
     
     private NodeService nodeService;
     
+    private ModelDAO modelDAO;
+    
+    private List<String> requiredFor;
+    
+    private Set<PermissionReference> whenRequired;
     
     public boolean hasAuthority(final NodeRef nodeRef, final String userName)
     {
@@ -101,16 +110,64 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
         {
             throw new IllegalStateException("The NodeService service must be set");
         }
+        if(modelDAO == null)
+        {
+            throw new IllegalStateException("The ModelDAO service must be set");
+        }
         
+        // buld the permission set
+        
+        if(requiredFor != null)
+        {
+            whenRequired = new HashSet<PermissionReference>();
+            for(String permission : requiredFor)
+            {
+                PermissionReference permissionReference = modelDAO.getPermissionReference(null, permission);
+                whenRequired.addAll(modelDAO.getGranteePermissions(permissionReference));
+                whenRequired.addAll(modelDAO.getGrantingPermissions(permissionReference));
+            }
+        }
     }
 
+    /**
+     * Set the lock service
+     * @param lockService
+     */
     public void setLockService(LockService lockService)
     {
         this.lockService = lockService;
     }
     
+    /**
+     * Set the node service
+     * @param nodeService
+     */
     public void setNodeService(NodeService nodeService)
     {
         this.nodeService = nodeService;
     }
+    
+    /**
+     * Set the permissions model dao
+     * @param modelDAO
+     */
+    public void setModelDAO(ModelDAO modelDAO)
+    {
+        this.modelDAO = modelDAO;
+    }
+    
+    /**
+     * Set the permissions for which this dynamic authority is required
+     * @param requiredFor
+     */
+    public void setRequiredFor(List<String> requiredFor)
+    {
+        this.requiredFor = requiredFor;
+    }
+    
+    
+    public Set<PermissionReference> requiredFor()
+    {
+        return whenRequired;
+    }
 }

source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java

@@ -24,6 +24,9 @@
  */
 package org.alfresco.repo.security.permissions.dynamic;
 
+import java.io.Serializable;
+import java.util.Map;
+
 import javax.transaction.UserTransaction;
 
 import junit.framework.TestCase;
@@ -43,10 +46,17 @@ import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.OwnableService;
 import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.ApplicationContextHelper;
 import org.springframework.context.ApplicationContext;
 
+/**
+ * Test the lock owner dynaic authority
+ * 
+ * @author andyh
+ *
+ */
 public class LockOwnerDynamicAuthorityTest extends TestCase
 {
     private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
@@ -73,11 +83,17 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
     
     private OwnableService ownableService;
     
+    /**
+     * 
+     */
     public LockOwnerDynamicAuthorityTest()
     {
         super();
     }
 
+    /**
+     * @param arg0
+     */
     public LockOwnerDynamicAuthorityTest(String arg0)
     {
         super(arg0);
@@ -137,6 +153,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         super.tearDown();
     }
 
+    /**
+     * 
+     */
     public void testSetup()
     {
         assertNotNull(nodeService);
@@ -144,6 +163,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         assertNotNull(lockService);
     }
 
+    /**
+     * 
+     */
     public void testUnSet()
     {
         permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
@@ -152,6 +174,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         authenticationService.clearCurrentSecurityContext();
     }
 
+    /**
+     * 
+     */
     public void testPermissionWithNoLockAspect()
     {
         authenticationService.authenticate("andy", "andy".toCharArray());
@@ -169,6 +194,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT));
     }
     
+    /**
+     * 
+     */
     public void testPermissionWithLockAspect()
     {
         permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
@@ -228,6 +256,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         
     }
 
+    /**
+     * 
+     */
     public void testCheckOutCheckInAuthorities()
     {
         permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
@@ -356,11 +387,13 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         
         assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
                 PermissionService.LOCK));
-        assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
+        @SuppressWarnings("unused")
+        Map<QName, Serializable> properties = nodeService.getProperties(testNode);
+        assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
                 PermissionService.UNLOCK));
         assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
-        assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
-        assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
+        assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
+        assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
         
         authenticationService.authenticate("lemur", "lemur".toCharArray());
         
@@ -390,6 +423,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
         
     }
    
+    /**
+     * 
+     */
     public void testCeckInCheckOut()
     {
 

source/java/org/alfresco/repo/security/permissions/dynamic/OwnerDynamicAuthority.java

@@ -24,24 +24,39 @@
  */
 package org.alfresco.repo.security.permissions.dynamic;
 
+import java.util.Set;
+
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.permissions.DynamicAuthority;
+import org.alfresco.repo.security.permissions.PermissionReference;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.OwnableService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.util.EqualsHelper;
 import org.springframework.beans.factory.InitializingBean;
 
+/**
+ * The owner dynamic authority
+ * @author andyh
+ *
+ */
 public class OwnerDynamicAuthority implements DynamicAuthority, InitializingBean
 {
     private OwnableService ownableService;
 
+    /**
+     * Standard construction
+     */
     public OwnerDynamicAuthority()
     {
         super();
     }
 
+    /**
+     * Set the ownable service
+     * @param ownableService
+     */
     public void setOwnableService(OwnableService ownableService)
     {
         this.ownableService = ownableService;
@@ -72,4 +87,9 @@ public class OwnerDynamicAuthority implements DynamicAuthority, InitializingBean
        return PermissionService.OWNER_AUTHORITY;
     }
 
+    public Set<PermissionReference> requiredFor()
+    {
+        return null;
+    }
+
 }