-
-model.doclist = getDoclist("all");
diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.json.ftl b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.json.ftl
deleted file mode 100644
index 81e520bab6..0000000000
--- a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.json.ftl
+++ /dev/null
@@ -1,34 +0,0 @@
-<#import "item.lib.ftl" as itemLib />
-<#escape x as jsonUtils.encodeJSONString(x)>
-{
- "totalRecords": ${doclist.paging.totalRecords?c},
- "startIndex": ${doclist.paging.startIndex?c},
- "metadata":
- {
- <#if doclist.filePlan??>"filePlan": "${doclist.filePlan.nodeRef}",
- "parent":
- {
- <#if doclist.parent??>
- "nodeRef": "${doclist.parent.node.nodeRef}",
- "type": "${doclist.parent.type}",
- "permissions":
- {
- "userAccess":
- {
- <#list doclist.parent.userAccess?keys as perm>
- <#if doclist.parent.userAccess[perm]?is_boolean>
- "${perm?string}": ${doclist.parent.userAccess[perm]?string}<#if perm_has_next>,
-
-
- }
- }
-
- }
- },
- "item":
- {
- <@itemLib.itemJSON item=doclist.items[0] />,
- "dod5015": <#noescape>${doclist.items[0].dod5015}
- }
-}
-
\ No newline at end of file
diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.js b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.js
index ebabc06382..09c27856d2 100644
--- a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.js
+++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.js
@@ -55,13 +55,18 @@ function getTreenode()
{
if (itemIsAllowed(item) && !(item.type in ignoredTypes))
{
- capabilities = {};
+ //capabilities = {};
rmNode = rmService.getRecordsManagementNode(item);
- for each (cap in rmNode.capabilitiesSet("Create"))
- {
- capabilities[cap.name] = true;
- }
+
+ //for each (cap in rmNode.capabilitiesSet("Create"))
+ //{
+ // capabilities[cap.name] = true;
+ //}
+
+ //
+ hasCreateCapability = rmNode.hasCapability("Create");
+
if (evalChildFolders)
{
hasSubfolders = item.childFileFolders(false, true, "fm:forum").length > 0;
@@ -73,7 +78,7 @@ function getTreenode()
hasSubfolders: hasSubfolders,
permissions:
{
- create: capabilities["Create"]
+ create: hasCreateCapability
}
});
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
index bca1f20bcd..ae6ba63928 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -43,6 +44,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName RECORDS_MANAGEMENT_EVENT_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementEventService");
static final QName RECORDS_MANAGEMENT_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementSecurityService");
static final QName RECORDS_MANAGEMENT_AUDIT_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementAuditService");
+ static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService");
/**
* @return records management service
@@ -85,4 +87,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
RecordsManagementAuditService getRecordsManagementAuditService();
+
+ /**
+ * @return capability service
+ */
+ @NotAuditable
+ CapabilityService getCapabilityService();
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
index 253fd248a3..b27d6c86fc 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -89,4 +90,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
{
return (DispositionService)getService(DISPOSITION_SERVICE);
}
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getCapabilityService()
+ */
+ @Override
+ public CapabilityService getCapabilityService()
+ {
+ return (CapabilityService)getService(CAPABILITY_SERVICE);
+ }
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
index 9e8f60e7e3..643f87795e 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
@@ -29,6 +29,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.springframework.extensions.surf.util.I18NUtil;
/**
* Abstract capability implementation.
@@ -52,6 +53,10 @@ public abstract class AbstractCapability extends RMSecurityCommon
/** Capability name */
protected String name;
+ /** Capability title and description */
+ protected String title;
+ protected String description;
+
/** Indicates whether this is a private capability or not */
protected boolean isPrivate = false;
@@ -114,6 +119,56 @@ public abstract class AbstractCapability extends RMSecurityCommon
{
return name;
}
+
+ /**
+ * @param title capability title
+ */
+ public void setTitle(String title)
+ {
+ this.title = title;
+ }
+
+ /**
+ * @param titleId message id
+ */
+ public void setTitleId(String titleId)
+ {
+ this.title = I18NUtil.getMessage(titleId);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getTitle()
+ */
+ @Override
+ public String getTitle()
+ {
+ return title;
+ }
+
+ /**
+ * @param description capability description
+ */
+ public void setDescription(String description)
+ {
+ this.description = description;
+ }
+
+ /**
+ * @param descriptionId message id
+ */
+ public void setDescriptionId(String descriptionId)
+ {
+ this.description = I18NUtil.getMessage(descriptionId);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getDescription()
+ */
+ @Override
+ public String getDescription()
+ {
+ return description;
+ }
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isPrivate()
@@ -183,11 +238,22 @@ public abstract class AbstractCapability extends RMSecurityCommon
}
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#hasPermission(org.alfresco.service.cmr.repository.NodeRef)
+ */
public AccessStatus hasPermission(NodeRef nodeRef)
{
return translate(hasPermissionRaw(nodeRef));
}
+ /**
+ * Determines whether the current user has permission on this capability.
+ *
+ * Returns the raw permission value.
+ *
+ * @param nodeRef node reference
+ * @return raw permission value
+ */
public int hasPermissionRaw(NodeRef nodeRef)
{
String prefix = "hasPermissionRaw" + getName();
@@ -232,16 +298,25 @@ public abstract class AbstractCapability extends RMSecurityCommon
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActionNames()
+ */
public List getActionNames()
{
return actionNames;
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActions()
+ */
public List getActions()
{
return actions;
}
+ /**
+ * @see java.lang.Object#hashCode()
+ */
@Override
public int hashCode()
{
@@ -251,6 +326,9 @@ public abstract class AbstractCapability extends RMSecurityCommon
return result;
}
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
@Override
public boolean equals(Object obj)
{
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
index 7b0eb3c35d..4510a2eca1 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
@@ -28,6 +28,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
* Capability Interface.
*
* @author andyh
+ * @author Roy Wetherall
*/
public interface Capability
{
@@ -54,10 +55,11 @@ public interface Capability
int evaluate(NodeRef nodeRef);
/**
+ * Evaluates the capability, taking into account a target.
*
- * @param source
- * @param target
- * @return
+ * @param source source node reference
+ * @param target target node reference
+ * @return int permission value
*/
int evaluate(NodeRef source, NodeRef target);
@@ -65,16 +67,31 @@ public interface Capability
* Indicates whether this is a private capability or not. Private capabilities are used internally, otherwise
* they are made available to the user to assign to roles.
*
- * @return
+ * @return boolean true if private, false otherwise
*/
boolean isPrivate();
/**
* Get the name of the capability
- * @return
+ *
+ * @return String capability name
*/
String getName();
+
+ /**
+ * Get the title of the capability
+ *
+ * @return String capability title
+ */
+ String getTitle();
+ /**
+ * Get the description of the capability
+ *
+ * @return String capability description
+ */
+ String getDescription();
+
/**
* Get the name of optional actions tied to this capability
* @return
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
index 71b50ef918..1de5b79b8a 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
@@ -54,6 +54,13 @@ public interface CapabilityService
*/
Set getCapabilities();
+ /**
+ *
+ * @param includePrivate
+ * @return
+ */
+ Set getCapabilities(boolean includePrivate);
+
/**
*
* @param nodeRef
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityServiceImpl.java
index 4eabad974f..2184de32ec 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityServiceImpl.java
@@ -60,7 +60,33 @@ public class CapabilityServiceImpl implements CapabilityService
@Override
public Set getCapabilities()
{
- return new HashSet(capabilities.values());
+ return getCapabilities(true);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService#getCapabilities(boolean)
+ */
+ @Override
+ public Set getCapabilities(boolean includePrivate)
+ {
+ Set result = null;
+ if (includePrivate == true)
+ {
+ result = new HashSet(capabilities.values());
+ }
+ else
+ {
+ result = new HashSet(capabilities.size());
+ for (Capability capability : capabilities.values())
+ {
+ if (capability.isPrivate() == false)
+ {
+ result.add(capability);
+ }
+ }
+ }
+
+ return result;
}
/**
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
index dd8549c68c..c4c4f7f30c 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
@@ -38,7 +38,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability;
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
@@ -880,7 +879,7 @@ public class RMEntryVoter extends RMSecurityCommon
if ((movee != null) && (destination != null))
{
- return ((MoveRecordsCapability)capabilityService.getCapability(RMPermissionModel.MOVE_RECORDS)).evaluate(movee, destination);
+ return capabilityService.getCapability("Move").evaluate(movee, destination);
}
else
{
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
index 56dfcd6922..e133a4c1b3 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
@@ -52,14 +52,47 @@ public class CompositeCapability extends DeclarativeCapability
for (Capability capability : capabilities)
{
int capabilityResult = capability.evaluate(nodeRef);
- if (capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
+ if (capabilityResult != AccessDecisionVoter.ACCESS_DENIED)
{
- result = AccessDecisionVoter.ACCESS_GRANTED;
+ result = AccessDecisionVoter.ACCESS_ABSTAIN;
+ if (isUndetermined() == false && capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
+ {
+ result = AccessDecisionVoter.ACCESS_GRANTED;
+ }
break;
}
}
return result;
}
-
+
+ @Override
+ public int evaluate(NodeRef source, NodeRef target)
+ {
+ int result = AccessDecisionVoter.ACCESS_ABSTAIN;
+
+ if (targetCapability != null)
+ {
+ result = super.evaluate(source, target);
+ }
+ else
+ {
+ // Check each capability using 'OR' logic
+ for (Capability capability : capabilities)
+ {
+ int capabilityResult = capability.evaluate(source, target);
+ if (capabilityResult != AccessDecisionVoter.ACCESS_DENIED)
+ {
+ result = AccessDecisionVoter.ACCESS_ABSTAIN;
+ if (isUndetermined() == false && capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
+ {
+ result = AccessDecisionVoter.ACCESS_GRANTED;
+ }
+ break;
+ }
+ }
+ }
+
+ return result;
+ }
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
index ad48640e9c..f57f054423 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.capability.declarative;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.Map;
@@ -27,6 +28,7 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.springframework.beans.BeansException;
@@ -38,19 +40,26 @@ import org.springframework.context.ApplicationContextAware;
*
* @author Roy Wetherall
*/
-public class DeclarativeCapability extends AbstractCapability implements ApplicationContextAware
+public class DeclarativeCapability extends AbstractCapability
+ implements ApplicationContextAware
{
/** Application Context */
protected ApplicationContext applicationContext;
/** Required permissions */
- private List permissions;
+ protected List permissions;
/** Map of conditions and expected evaluation result */
- private Map conditions;
+ protected Map conditions;
/** List of file plan component kinds one of which must be satisfied */
- private List kinds;
+ protected List kinds;
+
+ /** Capability to be evaluated against the target node reference */
+ protected Capability targetCapability;
+
+ /** Indicates whether to return an undetermined result */
+ protected boolean isUndetermined = false;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
@@ -83,7 +92,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
}
/**
- * @param kinds list of file plan component kinds that the
+ * @param kinds list of file plan component kinds
*/
public void setKinds(List kinds)
{
@@ -98,6 +107,32 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
return kinds;
}
+ /**
+ * Helper method to set a single kind.
+ *
+ * @param kind file plan component kind
+ */
+ public void setKind(String kind)
+ {
+ this.kinds = Collections.singletonList(kind);
+ }
+
+ /**
+ * Sets whether the capability will return an undetermined result when evaluating permissions
+ * for a single node reference or not. The default is to return grant.
+ *
+ * @param isUndetermined true if undetermined result, false otherwise
+ */
+ public void setUndetermined(boolean isUndetermined)
+ {
+ this.isUndetermined = isUndetermined;
+ }
+
+ public boolean isUndetermined()
+ {
+ return isUndetermined;
+ }
+
/**
* Helper @see #setPermissions(List)
*
@@ -110,6 +145,14 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
this.permissions = permissions;
}
+ /**
+ * @param targetCapability target capability
+ */
+ public void setTargetCapability(Capability targetCapability)
+ {
+ this.targetCapability = targetCapability;
+ }
+
/**
* Check the permissions passed.
*
@@ -261,6 +304,21 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
return result;
}
+ @Override
+ public int evaluate(NodeRef source, NodeRef target)
+ {
+ int result = AccessDecisionVoter.ACCESS_ABSTAIN;
+ if (targetCapability != null)
+ {
+ result = evaluate(source);
+ if (result != AccessDecisionVoter.ACCESS_DENIED)
+ {
+ result = targetCapability.evaluate(target);
+ }
+ }
+ return result;
+ }
+
/**
* Default implementation. Given extending classes a hook point for further checks.
*
@@ -269,7 +327,12 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
*/
protected int evaluateImpl(NodeRef nodeRef)
{
- return AccessDecisionVoter.ACCESS_GRANTED;
+ int result = AccessDecisionVoter.ACCESS_GRANTED;
+ if (isUndetermined == true)
+ {
+ result = AccessDecisionVoter.ACCESS_ABSTAIN;
+ }
+ return result;
}
/**
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
deleted file mode 100644
index 4b25b7f271..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see .
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.impl;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.PermissionService;
-import org.alfresco.service.namespace.QName;
-
-public class MoveRecordsCapability extends DeclarativeCapability
-{
- @Override
- public int evaluate(NodeRef nodeRef)
- {
- // no way to know ...
- return AccessDecisionVoter.ACCESS_ABSTAIN;
- }
-
- public int evaluate(NodeRef movee, NodeRef destination)
- {
- int state = AccessDecisionVoter.ACCESS_ABSTAIN;
-
- if (rmService.isFilePlanComponent(destination))
- {
- state = checkRead(movee, true);
- if (state != AccessDecisionVoter.ACCESS_GRANTED)
- {
- return AccessDecisionVoter.ACCESS_DENIED;
- }
-
- if (rmService.isFilePlanComponent(movee) == true)
- {
- state = capabilityService.getCapability("Delete").evaluate(movee);
- }
- else
- {
- if (checkPermissionsImpl(movee, PermissionService.DELETE) == true)
- {
- state = AccessDecisionVoter.ACCESS_GRANTED;
- }
- }
-
- if (state == AccessDecisionVoter.ACCESS_GRANTED)
- {
- QName type = nodeService.getType(movee);
- // now we know the node - we can abstain for certain types and aspects (eg, rm)
- CreateCapability createCapability = (CreateCapability)capabilityService.getCapability("Create");
- state = createCapability.evaluate(destination, movee, type, null);
-
- if (state == AccessDecisionVoter.ACCESS_GRANTED)
- {
- if (rmService.isFilePlanComponent(movee) == true)
- {
- if (checkPermissionsImpl(movee, MOVE_RECORDS) == true)
- {
- return AccessDecisionVoter.ACCESS_GRANTED;
- }
- }
- else
- {
- return AccessDecisionVoter.ACCESS_GRANTED;
- }
- }
- }
-
- return AccessDecisionVoter.ACCESS_DENIED;
- }
- else
- {
- return AccessDecisionVoter.ACCESS_ABSTAIN;
- }
- }
-}
\ No newline at end of file
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/ScriptRecordsManagmentNode.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/ScriptRecordsManagmentNode.java
index 2ffb7cb2f8..53c10255dd 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/ScriptRecordsManagmentNode.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/ScriptRecordsManagmentNode.java
@@ -18,20 +18,21 @@
*/
package org.alfresco.module.org_alfresco_module_rm.jscript;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.Collections;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.repo.jscript.ScriptNode;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.mozilla.javascript.Scriptable;
/**
- * Base records managment script node
+ * Base records management script node
+ *
+ * NOTE: this could be removed, but is being kept as a place holder for future development
*
* @author Roy Wetherall
*/
@@ -52,39 +53,26 @@ public class ScriptRecordsManagmentNode extends ScriptNode
super(nodeRef, services);
rmServices = services;
}
-
- public ScriptCapability[] getCapabilities()
- {
- return capabilitiesSet(null);
- }
- public ScriptCapability[] capabilitiesSet(String capabilitiesSet)
+ public boolean hasCapability(String capabilityName)
{
- RecordsManagementSecurityService rmSecurity = rmServices.getRecordsManagementSecurityService();
- Map cMap = null;
- if (capabilitiesSet == null)
+ boolean result = false;
+
+ CapabilityService capabilityService = (CapabilityService)rmServices.getCapabilityService();
+ Capability capability = capabilityService.getCapability(capabilityName);
+ if (capability != null)
{
- // Get all capabilities
- cMap = rmSecurity.getCapabilities(this.nodeRef);
- }
- else
- {
- cMap = rmSecurity.getCapabilities(this.nodeRef, capabilitiesSet);
- }
-
- List list = new ArrayList(cMap.size());
- for (Map.Entry entry : cMap.entrySet())
- {
- if (AccessStatus.ALLOWED.equals(entry.getValue()) == true ||
- AccessStatus.UNDETERMINED.equals(entry.getValue()) == true)
+ Map map = capabilityService.getCapabilitiesAccessState(nodeRef, Collections.singletonList(capabilityName));
+ if (map.containsKey(capability) == true)
{
- Capability cap = entry.getKey();
- String[] actions = (String[])cap.getActionNames().toArray(new String[cap.getActionNames().size()]);
- ScriptCapability scriptCap = new ScriptCapability(cap.getName(), cap.getName(), actions);
- list.add(scriptCap);
+ AccessStatus accessStatus = map.get(capability);
+ if (accessStatus.equals(AccessStatus.DENIED) == false)
+ {
+ result = true;
+ }
}
}
-
- return (ScriptCapability[])list.toArray(new ScriptCapability[list.size()]);
+
+ return result;
}
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolePut.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolePut.java
index 11429ecf5d..7be59a5aec 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolePut.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolePut.java
@@ -27,20 +27,21 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.service.cmr.repository.NodeRef;
-import org.springframework.extensions.webscripts.Cache;
-import org.springframework.extensions.webscripts.DeclarativeWebScript;
-import org.springframework.extensions.webscripts.Status;
-import org.springframework.extensions.webscripts.WebScriptException;
-import org.springframework.extensions.webscripts.WebScriptRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.DeclarativeWebScript;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptException;
+import org.springframework.extensions.webscripts.WebScriptRequest;
/**
*
@@ -54,6 +55,7 @@ public class RmRolePut extends DeclarativeWebScript
private RecordsManagementService rmService;
private RecordsManagementSecurityService rmSecurityService;
+ private CapabilityService capabilityService;
public void setRecordsManagementSecurityService(RecordsManagementSecurityService rmSecurityService)
{
@@ -64,6 +66,11 @@ public class RmRolePut extends DeclarativeWebScript
{
this.rmService = rmService;
}
+
+ public void setCapabilityService(CapabilityService capabilityService)
+ {
+ this.capabilityService = capabilityService;
+ }
@Override
public Map executeImpl(WebScriptRequest req, Status status, Cache cache)
@@ -90,7 +97,7 @@ public class RmRolePut extends DeclarativeWebScript
Set capabilites = new HashSet(capabilitiesArray.length());
for (int i = 0; i < capabilitiesArray.length(); i++)
{
- Capability capability = rmSecurityService.getCapability(capabilitiesArray.getString(i));
+ Capability capability = capabilityService.getCapability(capabilitiesArray.getString(i));
capabilites.add(capability);
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesPost.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesPost.java
index fb3656aebd..9155904703 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesPost.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesPost.java
@@ -27,23 +27,24 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.service.cmr.repository.NodeRef;
-import org.springframework.extensions.webscripts.Cache;
-import org.springframework.extensions.webscripts.DeclarativeWebScript;
-import org.springframework.extensions.webscripts.Status;
-import org.springframework.extensions.webscripts.WebScriptException;
-import org.springframework.extensions.webscripts.WebScriptRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.DeclarativeWebScript;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptException;
+import org.springframework.extensions.webscripts.WebScriptRequest;
/**
- *
+ * RM Roles Post implementation
*
* @author Roy Wetherall
*/
@@ -54,6 +55,7 @@ public class RmRolesPost extends DeclarativeWebScript
private RecordsManagementService rmService;
private RecordsManagementSecurityService rmSecurityService;
+ private CapabilityService capabilityService;
public void setRecordsManagementSecurityService(RecordsManagementSecurityService rmSecurityService)
{
@@ -64,6 +66,11 @@ public class RmRolesPost extends DeclarativeWebScript
{
this.rmService = rmService;
}
+
+ public void setCapabilityService(CapabilityService capabilityService)
+ {
+ this.capabilityService = capabilityService;
+ }
@Override
public Map executeImpl(WebScriptRequest req, Status status, Cache cache)
@@ -82,7 +89,7 @@ public class RmRolesPost extends DeclarativeWebScript
Set capabilites = new HashSet(capabilitiesArray.length());
for (int i = 0; i < capabilitiesArray.length(); i++)
{
- Capability capability = rmSecurityService.getCapability(capabilitiesArray.getString(i));
+ Capability capability = capabilityService.getCapability(capabilitiesArray.getString(i));
capabilites.add(capability);
}
@@ -91,7 +98,7 @@ public class RmRolesPost extends DeclarativeWebScript
Role role = rmSecurityService.createRole(root, name, displayString, capabilites);
- Set roles = rmSecurityService.getRoles(root);
+ //Set roles = rmSecurityService.getRoles(root);
model.put("role", role);
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
index 781844762b..217c9886b3 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
@@ -33,35 +33,6 @@ import org.alfresco.service.namespace.QName;
*/
public interface RecordsManagementSecurityService
{
- /**
- * Get a list of the capabilities available
- *
- * @return List list of capabilities available
- */
- Set getCapabilities();
-
- /**
- * Get the full set of capabilities for the current user.
- * @param nodeRef
- * @return
- */
- Map getCapabilities(NodeRef nodeRef);
-
- /**
- *
- * @param nodeRef
- * @param capabilitySet
- * @return
- */
- Map getCapabilities(NodeRef nodeRef, String capabilitySet);
-
- /**
- * Get a capability by name
- * @param name
- * @return
- */
- Capability getCapability(String name);
-
/**
* Get the set of aspect QNames which can not be added direct via the public node service;
* they must be managed via the appropriate actions.
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
index 513bac8102..12064125d2 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
@@ -22,11 +22,8 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.util.ArrayList;
-import java.util.Collection;
import java.util.HashSet;
import java.util.List;
-import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
@@ -51,7 +48,6 @@ import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
-import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
@@ -83,9 +79,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Policy component */
private PolicyComponent policyComponent;
- /** Owner service */
- private OwnableService ownableService;
-
/** Records management service */
private RecordsManagementService recordsManagementService;
@@ -95,12 +88,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** RM Entry voter */
private RMEntryVoter voter;
- /**
- * Capability sets. Allow sub-sets of capabilities to be defined enhancing performance when
- * only a sub-set need be evaluated.
- */
- private Map> capabilitySets;
-
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -147,16 +134,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.policyComponent = policyComponent;
}
- /**
- * Set the ownable service
- *
- * @param ownableService ownable service
- */
- public void setOwnableService(OwnableService ownableService)
- {
- this.ownableService = ownableService;
- }
-
/**
* Set records management service
*
@@ -177,15 +154,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.nodeService = nodeService;
}
- /**
- * Set the capability sets
- * @param capabilitySets map of capability sets (configured in Spring)
- */
- public void setCapabilitySets(Map> capabilitySets)
- {
- this.capabilitySets = capabilitySets;
- }
-
/**
* Set the RM voter
*
@@ -217,7 +185,11 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
public void beforeDeleteFrozenNode(NodeRef nodeRef)
{
- throw new AccessDeniedException("Frozen nodes can not be deleted");
+ if (nodeService.exists(nodeRef) && recordsManagementService.isFrozen(nodeRef) == true)
+ {
+ // Never allowed to delete a frozen node
+ throw new AccessDeniedException("Frozen nodes can not be deleted");
+ }
}
/**
@@ -344,63 +316,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}, AuthenticationUtil.getAdminUserName());
}
}
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities()
- */
- public Set getCapabilities()
- {
- Collection caps = capabilityService.getCapabilities();
- Set result = new HashSet(caps.size());
- for (Capability cap : caps)
- {
- if (cap.isPrivate() == false)
- {
- result.add(cap);
- }
- }
- return result;
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities(org.alfresco.service.cmr.repository.NodeRef)
- */
- public Map getCapabilities(NodeRef nodeRef)
- {
- return capabilityService.getCapabilitiesAccessState(nodeRef);
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
- */
- public Map getCapabilities(NodeRef nodeRef, String capabilitySet)
- {
- List capabilities = capabilitySets.get(capabilitySet);
- if (capabilities == null)
- {
- if (getCapability(capabilitySet) != null)
- {
- // If the capability set is the name of a capability assume we just want that single
- // capability
- capabilities = new ArrayList(1);
- capabilities.add(capabilitySet);
- }
- else
- {
- throw new AlfrescoRuntimeException("Unable to find the capability set '" + capabilitySet + "'");
- }
- }
-
- return capabilityService.getCapabilitiesAccessState(nodeRef, capabilities);
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapability(java.lang.String)
- */
- public Capability getCapability(String name)
- {
- return capabilityService.getCapability(name);
- }
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
@@ -488,7 +403,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
for (int index = 0; index < arrCaps.length(); index++)
{
String capName = arrCaps.getString(index);
- Capability capability = getCapability(capName);
+ Capability capability = capabilityService.getCapability(capName);
if (capability == null)
{
throw new AlfrescoRuntimeException("The capability '" + capName + "' configured for the deafult boostrap role '" + name + "' is invalid.");
@@ -675,7 +590,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
if (permission.getAuthority().equals(roleAuthority) == true)
{
String capabilityName = permission.getPermission();
- if (getCapability(capabilityName) != null)
+ if (capabilityService.getCapability(capabilityName) != null)
{
capabilities.add(permission.getPermission());
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
index e76876eab6..b20cc6ab1d 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
@@ -18,15 +18,16 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
+import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementActionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementAdminServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementSearchServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.VitalRecordServiceImplTest;
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
/**
* RM test suite
@@ -45,7 +46,7 @@ public class ServicesTestSuite extends TestSuite
TestSuite suite = new TestSuite();
suite.addTestSuite(RecordsManagementServiceImplTest.class);
suite.addTestSuite(DispositionServiceImplTest.class);
- //suite.addTestSuite(RecordsManagementActionServiceImplTest.class);
+ suite.addTestSuite(RecordsManagementActionServiceImplTest.class);
suite.addTestSuite(RecordsManagementAdminServiceImplTest.class);
//suite.addTestSuite(RecordsManagementAuditServiceImplTest.class);
//suite.addTestSuite(RecordsManagementEventServiceImplTest.class);
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
index 5ae06de2a9..364825202d 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
@@ -89,7 +89,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
protected void check(Map access, String name, AccessStatus accessStatus)
{
- Capability capability = securityService.getCapability(name);
+ Capability capability = capabilityService.getCapability(name);
assertNotNull(capability);
assertEquals(accessStatus, access.get(capability));
}
@@ -403,7 +403,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
*/
private void testCapabilityActions(int count, String capability)
{
- assertEquals(count, securityService.getCapability(capability)
+ assertEquals(count, capabilityService.getCapability(capability)
.getActionNames().size());
}
@@ -423,8 +423,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(AuthenticationUtil
.getSystemUserName());
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -503,7 +502,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -543,8 +542,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -623,7 +621,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -665,8 +663,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -745,7 +742,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -793,8 +790,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(recordsManagerName);
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -873,7 +869,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -917,8 +913,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(securityOfficerName);
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -995,7 +990,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1036,8 +1031,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(powerUserName);
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1114,7 +1108,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1155,8 +1149,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
- Map access = securityService
- .getCapabilities(filePlan);
+ Map access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1233,7 +1226,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1275,8 +1268,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1355,7 +1347,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1398,8 +1390,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1478,7 +1469,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1520,8 +1511,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1600,7 +1590,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1644,8 +1634,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(recordsManagerName);
// permissionService.setPermission(recordCategory_1,
// rm_records_manager, FILING, true);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1724,7 +1713,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1768,8 +1757,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(securityOfficerName);
// permissionService.setPermission(recordCategory_1,
// securityOfficerName, FILING, true);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1846,7 +1835,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1889,8 +1878,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(powerUserName);
// permissionService.setPermission(rmContainer,
// powerUserName, FILING, true);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1967,7 +1956,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2010,8 +1999,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmUserName);
// permissionService.setPermission(rmContainer,
// rmUserName, FILING, true);
- Map access = securityService
- .getCapabilities(rmContainer);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2088,7 +2077,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2130,8 +2119,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
- Map access = securityService
- .getCapabilities(rmFolder);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2215,7 +2204,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2259,8 +2248,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
- Map access = securityService
- .getCapabilities(rmFolder);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2339,7 +2328,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2382,8 +2371,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
- Map access = securityService
- .getCapabilities(rmFolder);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2462,7 +2451,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2504,7 +2493,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(recordsManagerName);
//setFilingOnRecordFolder(rmFolder, recordsManagerName);
- Map access = securityService.getCapabilities(rmFolder);
+ Map access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2583,7 +2572,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2625,7 +2614,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(securityOfficerName);
//setFilingOnRecordFolder(rmFolder, securityOfficerName);
- Map access = securityService.getCapabilities(rmFolder);
+ Map access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2702,7 +2691,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2743,7 +2732,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(powerUserName);
//setFilingOnRecordFolder(rmFolder, powerUserName);
- Map access = securityService.getCapabilities(rmFolder);
+ Map access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2820,7 +2809,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2862,8 +2851,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
//setFilingOnRecordFolder(rmFolder, rmUserName);
- Map access = securityService
- .getCapabilities(rmFolder);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2940,7 +2929,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2980,7 +2969,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
- Map access = securityService.getCapabilities(record);
+ Map access = capabilityService.getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3103,8 +3092,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3226,8 +3215,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3350,8 +3339,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(recordsManagerName);
// setFilingOnRecord(record, recordsManagerName);
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3474,8 +3463,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(securityOfficerName);
// setFilingOnRecord(record, securityOfficerName);
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3553,7 +3542,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -3596,8 +3585,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(powerUserName);
// setFilingOnRecord(record, powerUserName);
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3675,7 +3664,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -3717,8 +3706,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
// setFilingOnRecord(record, rmUserName);
- Map access = securityService
- .getCapabilities(record);
+ Map access = capabilityService
+ .getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3795,7 +3784,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
+ check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
index f764510b43..15b795df01 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
@@ -23,6 +23,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import net.sf.acegisecurity.vote.AccessDecisionVoter;
+
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
@@ -45,6 +47,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef declaredRecord;
+ private NodeRef undeclaredRecord;
private NodeRef recordFolderContainsFrozen;
private NodeRef frozenRecord;
@@ -53,6 +56,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
private NodeRef closedFolder;
+ private NodeRef moveToFolder;
+ private NodeRef moveToCategory;
+
@Override
protected boolean isUserTest()
{
@@ -67,16 +73,21 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
// Pre-filed content
record = utils.createRecord(rmFolder, "record.txt");
declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
+ undeclaredRecord = utils.createRecord(rmFolder, "undeclaredRecord.txt");
// Closed folder
closedFolder = rmService.createRecordFolder(rmContainer, "closedFolder");
utils.closeFolder(closedFolder);
+ // Frozen artifacts
recordFolderContainsFrozen = rmService.createRecordFolder(rmContainer, "containsFrozen");
frozenRecord = utils.createRecord(rmFolder, "frozenRecord.txt");
frozenRecord2 = utils.createRecord(recordFolderContainsFrozen, "frozen2.txt");
frozenRecordFolder = rmService.createRecordFolder(rmContainer, "frozenRecordFolder");
-
+
+ // MoveTo artifacts
+ moveToFolder = rmService.createRecordFolder(rmContainer, "moveToFolder");
+ moveToCategory = rmService.createRecordCategory(rmContainer, "moveToCategory");
}
@Override
@@ -123,6 +134,8 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
for (String user : testUsers)
{
securityService.setPermission(rmFolder, user, RMPermissionModel.FILING);
+ securityService.setPermission(moveToFolder, user, RMPermissionModel.READ_RECORDS);
+ securityService.setPermission(moveToCategory, user, RMPermissionModel.READ_RECORDS);
}
}
@@ -283,4 +296,190 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
}
}, rmUserName);
}
+
+ public void testMoveRecordCapability()
+ {
+ // grab the move record capability
+ final Capability capability = capabilityService.getCapability("MoveRecords");
+ assertNotNull(capability);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ // first take a look at just the record
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(record));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(undeclaredRecord));
+
+ // now lets take a look when we know what the destination is
+ // NOTE: should be denied since we do not have file permission on the destination folder
+ // despite having the capability!
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(record, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(declaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(undeclaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
+
+ return null;
+ }
+ }, recordsManagerName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ for (String user : testUsers)
+ {
+ securityService.setPermission(moveToFolder, user, RMPermissionModel.FILING);
+ }
+ return null;
+ }
+ }, rmAdminName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ // first take a look at just the record
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(record));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(undeclaredRecord));
+
+ // now lets take a look when we know what the destination is
+ // NOTE: should be allowed now since we have filling permission on the destination folder
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(record, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(declaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(undeclaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
+
+ return null;
+ }
+ }, recordsManagerName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ // first take a look at just the record
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
+
+ // now lets take a look when we know what the destination is
+ // NOTE: should be allowed now since we have filling permission on the destination folder
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(record, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(declaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(undeclaredRecord, moveToFolder));
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
+
+ return null;
+ }
+ }, rmUserName);
+ }
+
+ public void testMoveRecordFolderCapability()
+ {
+ // grab the move record capability
+ final Capability capability = capabilityService.getCapability("MoveRecordFolder");
+ assertNotNull(capability);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ // first take a look at just the record
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
+
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(rmFolder, moveToCategory));
+
+ return null;
+ }
+ }, recordsManagerName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ for (String user : testUsers)
+ {
+ securityService.setPermission(moveToCategory, user, RMPermissionModel.FILING);
+ }
+ return null;
+ }
+ }, rmAdminName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
+
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(rmFolder, moveToCategory));
+
+ return null;
+ }
+ }, recordsManagerName);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
+ assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
+
+ assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(rmFolder, moveToCategory));
+
+ return null;
+ }
+ }, rmUserName);
+ }
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java
index cc414805c0..76838128a3 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java
@@ -30,6 +30,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -72,6 +73,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
private RecordsManagementSecurityService rmSecurityService;
private RecordsManagementActionService rmActionService;
private RetryingTransactionHelper transactionHelper;
+ private CapabilityService capabilityService;
@Override
protected void onSetUpInTransaction() throws Exception
@@ -87,6 +89,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
this.transactionHelper = (RetryingTransactionHelper)this.applicationContext.getBean("retryingTransactionHelper");
this.permissionService = (PermissionService)this.applicationContext.getBean("PermissionService");
this.rmActionService = (RecordsManagementActionService)this.applicationContext.getBean("RecordsManagementActionService");
+ this.capabilityService = (CapabilityService)this.applicationContext.getBean("CapabilityService");
// Set the current security context as admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
@@ -205,7 +208,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
private Set getListOfCapabilities(int size, int offset)
{
Set result = new HashSet(size);
- Set caps = rmSecurityService.getCapabilities();
+ Set caps = capabilityService.getCapabilities(false);
int count = 0;
for (Capability cap : caps)
{
@@ -362,7 +365,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nUser capabilities: ");
for (String cap : caps)
{
- assertNotNull(rmSecurityService.getCapability(cap));
+ assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -375,7 +378,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nPowerUser capabilities: ");
for (String cap : caps)
{
- assertNotNull(rmSecurityService.getCapability(cap));
+ assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -388,7 +391,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nSecurityOfficer capabilities: ");
for (String cap : caps)
{
- assertNotNull(rmSecurityService.getCapability(cap));
+ assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -401,7 +404,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nRecordsManager capabilities: ");
for (String cap : caps)
{
- assertNotNull(rmSecurityService.getCapability(cap));
+ assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -414,7 +417,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nAdministrator capabilities: ");
for (String cap : caps)
{
- assertNotNull("No capability called " + cap, rmSecurityService.getCapability(cap));
+ assertNotNull("No capability called " + cap, capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -449,7 +452,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
{
// Create a new role
Set caps = new HashSet(1);
- caps.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
+ caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();
@@ -562,8 +565,8 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
// Add the capability to the role
Set caps2 = new HashSet(1);
- caps2.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
- caps2.add(rmSecurityService.getCapability(RMPermissionModel.CLOSE_FOLDERS));
+ caps2.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
+ caps2.add(capabilityService.getCapability(RMPermissionModel.CLOSE_FOLDERS));
rmSecurityService.updateRole(rmRootNode, "TestRole", "My Test Role", caps2);
Set aps = permissionService.getAllSetPermissions(rmRootNode);
@@ -616,7 +619,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
{
// Create a new role
Set caps = new HashSet(1);
- caps.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
+ caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/CapabilitiesSystemTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/CapabilitiesSystemTest.java
deleted file mode 100644
index 55d7ced40e..0000000000
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/CapabilitiesSystemTest.java
+++ /dev/null
@@ -1,8849 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see .
- */
-package org.alfresco.module.org_alfresco_module_rm.test.system;
-
-import java.io.Serializable;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.transaction.Status;
-import javax.transaction.UserTransaction;
-
-import junit.framework.TestCase;
-
-import org.alfresco.error.AlfrescoRuntimeException;
-import org.alfresco.model.ContentModel;
-import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
-import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
-import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
-import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
-import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
-import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction;
-import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
-import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter;
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
-import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
-import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
-import org.alfresco.repo.content.MimetypeMap;
-import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.security.permissions.AccessDeniedException;
-import org.alfresco.repo.security.permissions.PermissionReference;
-import org.alfresco.repo.security.permissions.impl.model.PermissionModel;
-import org.alfresco.service.cmr.repository.ChildAssociationRef;
-import org.alfresco.service.cmr.repository.ContentService;
-import org.alfresco.service.cmr.repository.ContentWriter;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.cmr.repository.StoreRef;
-import org.alfresco.service.cmr.security.AccessPermission;
-import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.cmr.security.AuthorityService;
-import org.alfresco.service.cmr.security.AuthorityType;
-import org.alfresco.service.cmr.security.PermissionService;
-import org.alfresco.service.cmr.security.PersonService;
-import org.alfresco.service.cmr.view.ImporterBinding;
-import org.alfresco.service.namespace.NamespaceService;
-import org.alfresco.service.namespace.QName;
-import org.alfresco.service.namespace.RegexQNamePattern;
-import org.alfresco.service.transaction.TransactionService;
-import org.alfresco.util.ApplicationContextHelper;
-import org.springframework.context.ApplicationContext;
-
-/**
- * @author andyh
- */
-public class CapabilitiesSystemTest extends TestCase implements RecordsManagementModel
-{
-
- private ApplicationContext ctx;
-
- private NodeRef rootNodeRef;
-
- private NodeService nodeService;
-
- private NodeService publicNodeService;
-
- private TransactionService transactionService;
-
- private UserTransaction testTX;
-
- private NodeRef filePlan;
-
- private PermissionService permissionService;
-
- private RecordsManagementService recordsManagementService;
-
- private RecordsManagementSecurityService recordsManagementSecurityService;
-
- private RecordsManagementActionService recordsManagementActionService;
-
- private RecordsManagementEventService recordsManagementEventService;
-
- private CapabilityService capabilityService;
-
- private PermissionModel permissionModel;
-
- private ContentService contentService;
-
- private NodeRef recordSeries;
-
- private NodeRef recordCategory_1;
-
- private NodeRef recordCategory_2;
-
- private NodeRef recordFolder_1;
-
- private NodeRef recordFolder_2;
-
- private NodeRef record_1;
-
- private NodeRef record_2;
-
- private RMEntryVoter rmEntryVoter;
-
- private AuthorityService authorityService;
-
- private String rmUsers;
-
- private String rmPowerUsers;
-
- private String rmSecurityOfficers;
-
- private String rmRecordsManagers;
-
- private String rmAdministrators;
-
- private PersonService personService;
-
- private String rm_user;
-
- private String rm_power_user;
-
- private String rm_security_officer;
-
- private String rm_records_manager;
-
- private String rm_administrator;
-
- private String test_user;
-
- private String testers;
-
- private NodeRef recordCategory_3;
-
- private NodeRef recordFolder_3;
-
- private NodeRef record_3;
-
- private ContentService publicContentService;
-
- /**
- * @param name
- */
- public CapabilitiesSystemTest(String name)
- {
- super(name);
- }
-
- /*
- * (non-Javadoc)
- *
- * @see junit.framework.TestCase#setUp()
- */
- protected void setUp() throws Exception
- {
- ctx = ApplicationContextHelper.getApplicationContext();
-
- super.setUp();
-
- nodeService = (NodeService) ctx.getBean("dbNodeService");
- publicNodeService = (NodeService) ctx.getBean("NodeService");
- transactionService = (TransactionService) ctx.getBean("transactionComponent");
- permissionService = (PermissionService) ctx.getBean("permissionService");
- permissionModel = (PermissionModel) ctx.getBean("permissionsModelDAO");
- contentService = (ContentService) ctx.getBean("contentService");
- publicContentService = (ContentService) ctx.getBean("ContentService");
- authorityService = (AuthorityService) ctx.getBean("authorityService");
- personService = (PersonService) ctx.getBean("personService");
- capabilityService = (CapabilityService) ctx.getBean("CapabilityService");
-
- recordsManagementService = (RecordsManagementService) ctx.getBean("RecordsManagementService");
- recordsManagementSecurityService = (RecordsManagementSecurityService) ctx.getBean("RecordsManagementSecurityService");
- recordsManagementActionService = (RecordsManagementActionService) ctx.getBean("RecordsManagementActionService");
- recordsManagementEventService = (RecordsManagementEventService) ctx.getBean("RecordsManagementEventService");
- rmEntryVoter = (RMEntryVoter) ctx.getBean("rmEntryVoter");
-
- testTX = transactionService.getUserTransaction();
- testTX.begin();
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- StoreRef storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
- rootNodeRef = nodeService.getRootNode(storeRef);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
-
- recordsManagementEventService.getEvents();
- recordsManagementEventService.addEvent("rmEventType.simple", "event", "My Event");
-
- filePlan = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, TYPE_FILE_PLAN, TYPE_FILE_PLAN).getChildRef();
- recordSeries = createRecordSeries(filePlan, "RS", "RS-1", "Record Series", "My record series");
- recordCategory_1 = createRecordCategory(recordSeries, "Docs", "101-1", "Docs", "Docs", "week|1", true, false);
- recordCategory_2 = createRecordCategory(recordSeries, "More Docs", "101-2", "More Docs", "More Docs", "week|1", true, true);
- recordCategory_3 = createRecordCategory(recordSeries, "No disp schedule", "101-3", "No disp schedule", "No disp schedule", "week|1", true, null);
-
- testTX.commit();
- testTX = transactionService.getUserTransaction();
- testTX.begin();
-
- recordFolder_1 = createRecordFolder(recordCategory_1, "F1", "101-3", "title", "description", "week|1", true);
- recordFolder_2 = createRecordFolder(recordCategory_2, "F2", "102-3", "title", "description", "week|1", true);
- recordFolder_3 = createRecordFolder(recordCategory_3, "F3", "103-3", "title", "description", "week|1", true);
- record_1 = createRecord(recordFolder_1);
- record_2 = createRecord(recordFolder_2);
- record_3 = createRecord(recordFolder_3);
-
- // create people ...
-
- rm_user = "rm_user_" + storeRef.getIdentifier();
- rm_power_user = "rm_power_user_" + storeRef.getIdentifier();
- rm_security_officer = "rm_security_officer_" + storeRef.getIdentifier();
- rm_records_manager = "rm_records_manager_" + storeRef.getIdentifier();
- rm_administrator = "rm_administrator_" + storeRef.getIdentifier();
-
- test_user = "test_user_" + storeRef.getIdentifier();
-
- personService.createPerson(createDefaultProperties(rm_user));
- personService.createPerson(createDefaultProperties(rm_power_user));
- personService.createPerson(createDefaultProperties(rm_security_officer));
- personService.createPerson(createDefaultProperties(rm_records_manager));
- personService.createPerson(createDefaultProperties(rm_administrator));
- personService.createPerson(createDefaultProperties(test_user));
-
- // create roles as groups
-
- rmUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_USER_" + storeRef.getIdentifier());
- rmPowerUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_POWER_USER_" + storeRef.getIdentifier());
- rmSecurityOfficers = authorityService.createAuthority(AuthorityType.GROUP, "RM_SECURITY_OFFICER_" + storeRef.getIdentifier());
- rmRecordsManagers = authorityService.createAuthority(AuthorityType.GROUP, "RM_RECORDS_MANAGER_" + storeRef.getIdentifier());
- rmAdministrators = authorityService.createAuthority(AuthorityType.GROUP, "RM_ADMINISTRATOR_" + storeRef.getIdentifier());
- testers = authorityService.createAuthority(AuthorityType.GROUP, "RM_TESTOR_" + storeRef.getIdentifier());
-
- authorityService.addAuthority(testers, test_user);
-
- for (PermissionReference pr : permissionModel.getImmediateGranteePermissions(permissionModel.getPermissionReference(null, RMPermissionModel.ROLE_USER)))
- {
- setPermission(filePlan, rmUsers, pr.getName(), true);
- }
- authorityService.addAuthority(rmUsers, rm_user);
- setPermission(filePlan, rm_user, RMPermissionModel.FILING, true);
-
- for (PermissionReference pr : permissionModel.getImmediateGranteePermissions(permissionModel.getPermissionReference(null, RMPermissionModel.ROLE_POWER_USER)))
- {
- setPermission(filePlan, rmPowerUsers, pr.getName(), true);
- }
- authorityService.addAuthority(rmPowerUsers, rm_power_user);
- setPermission(filePlan, rm_power_user, RMPermissionModel.FILING, true);
-
- for (PermissionReference pr : permissionModel.getImmediateGranteePermissions(permissionModel.getPermissionReference(null, RMPermissionModel.ROLE_SECURITY_OFFICER)))
- {
- setPermission(filePlan, rmSecurityOfficers, pr.getName(), true);
- }
- authorityService.addAuthority(rmSecurityOfficers, rm_security_officer);
- setPermission(filePlan, rm_security_officer, RMPermissionModel.FILING, true);
-
- for (PermissionReference pr : permissionModel.getImmediateGranteePermissions(permissionModel.getPermissionReference(null, RMPermissionModel.ROLE_RECORDS_MANAGER)))
- {
- setPermission(filePlan, rmRecordsManagers, pr.getName(), true);
- }
- authorityService.addAuthority(rmRecordsManagers, rm_records_manager);
- setPermission(filePlan, rm_records_manager, RMPermissionModel.FILING, true);
-
- for (PermissionReference pr : permissionModel.getImmediateGranteePermissions(permissionModel.getPermissionReference(null, RMPermissionModel.ROLE_ADMINISTRATOR)))
- {
- setPermission(filePlan, rmAdministrators, pr.getName(), true);
- }
- authorityService.addAuthority(rmAdministrators, rm_administrator);
- setPermission(filePlan, rm_administrator, RMPermissionModel.FILING, true);
-
- testTX.commit();
- testTX = transactionService.getUserTransaction();
- testTX.begin();
- }
-
- private void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
- {
- permissionService.setPermission(nodeRef, authority, permission, allow);
- if (permission.equals(RMPermissionModel.FILING))
- {
- if (recordsManagementService.isRecordCategory(nodeRef) == true)
- {
- List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
- for (ChildAssociationRef assoc : assocs)
- {
- NodeRef child = assoc.getChildRef();
- if (recordsManagementService.isRecordFolder(child) == true || recordsManagementService.isRecordCategory(child) == true)
- {
- setPermission(child, authority, permission, allow);
- }
- }
- }
- }
- }
-
- private Map createDefaultProperties(String userName)
- {
- HashMap properties = new HashMap();
- properties.put(ContentModel.PROP_USERNAME, userName);
- properties.put(ContentModel.PROP_HOMEFOLDER, null);
- properties.put(ContentModel.PROP_FIRSTNAME, userName);
- properties.put(ContentModel.PROP_LASTNAME, userName);
- properties.put(ContentModel.PROP_EMAIL, userName);
- properties.put(ContentModel.PROP_ORGID, "");
- return properties;
- }
-
- private NodeRef createRecord(NodeRef recordFolder)
- {
- Map props = new HashMap(1);
- props.put(ContentModel.PROP_NAME, "MyRecord.txt");
- NodeRef recordOne = this.nodeService.createNode(recordFolder, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "MyRecord.txt"),
- ContentModel.TYPE_CONTENT, props).getChildRef();
-
- // Set the content
- ContentWriter writer = this.contentService.getWriter(recordOne, ContentModel.PROP_CONTENT, true);
- writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
- writer.setEncoding("UTF-8");
- writer.putContent("There is some content in this record");
- return recordOne;
- }
-
- private NodeRef createRecordSeries(NodeRef filePlan, String name, String identifier, String title, String description)
- {
- HashMap properties = new HashMap();
- properties.put(ContentModel.PROP_NAME, name);
- properties.put(PROP_IDENTIFIER, identifier);
- properties.put(ContentModel.PROP_TITLE, title);
- properties.put(ContentModel.PROP_DESCRIPTION, description);
- NodeRef answer = nodeService.createNode(filePlan, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_CATEGORY, TYPE_RECORD_CATEGORY, properties).getChildRef();
- permissionService.setInheritParentPermissions(answer, false);
- return answer;
- }
-
- private NodeRef createRecordCategory(NodeRef recordSeries, String name, String identifier, String title, String description, String review, boolean vital,
- Boolean recordLevelDisposition)
- {
- HashMap properties = new HashMap();
- properties.put(ContentModel.PROP_NAME, name);
- properties.put(PROP_IDENTIFIER, identifier);
- properties.put(ContentModel.PROP_TITLE, title);
- properties.put(ContentModel.PROP_DESCRIPTION, description);
- properties.put(PROP_REVIEW_PERIOD, review);
- properties.put(PROP_VITAL_RECORD_INDICATOR, vital);
- NodeRef answer = nodeService.createNode(recordSeries, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_CATEGORY, TYPE_RECORD_CATEGORY, properties)
- .getChildRef();
-
- if (recordLevelDisposition != null)
- {
- properties = new HashMap();
- properties.put(PROP_DISPOSITION_AUTHORITY, "N1-218-00-4 item 023");
- properties.put(PROP_DISPOSITION_INSTRUCTIONS, "Cut off monthly, hold 1 month, then destroy.");
- properties.put(PROP_RECORD_LEVEL_DISPOSITION, recordLevelDisposition);
- NodeRef ds = nodeService.createNode(answer, ASSOC_DISPOSITION_SCHEDULE, TYPE_DISPOSITION_SCHEDULE, TYPE_DISPOSITION_SCHEDULE,
- properties).getChildRef();
-
- createDispoistionAction(ds, "cutoff", "monthend|1", null, "event");
- createDispoistionAction(ds, "transfer", "month|1", null, null);
- createDispoistionAction(ds, "accession", "month|1", null, null);
- createDispoistionAction(ds, "destroy", "month|1", "{http://www.alfresco.org/model/recordsmanagement/1.0}cutOffDate", null);
- }
- permissionService.setInheritParentPermissions(answer, false);
- return answer;
- }
-
- private NodeRef createDispoistionAction(NodeRef disposition, String actionName, String period, String periodProperty, String event)
- {
- HashMap properties = new HashMap();
- properties.put(PROP_DISPOSITION_ACTION_NAME, actionName);
- properties.put(PROP_DISPOSITION_PERIOD, period);
- if (periodProperty != null)
- {
- properties.put(PROP_DISPOSITION_PERIOD_PROPERTY, periodProperty);
- }
- if (event != null)
- {
- properties.put(PROP_DISPOSITION_EVENT, event);
- }
- NodeRef answer = nodeService.createNode(disposition, ASSOC_DISPOSITION_ACTION_DEFINITIONS, TYPE_DISPOSITION_ACTION_DEFINITION,
- TYPE_DISPOSITION_ACTION_DEFINITION, properties).getChildRef();
- return answer;
- }
-
- private NodeRef createRecordFolder(NodeRef recordCategory, String name, String identifier, String title, String description, String review, boolean vital)
- {
- HashMap properties = new HashMap();
- properties.put(ContentModel.PROP_NAME, name);
- properties.put(PROP_IDENTIFIER, identifier);
- properties.put(ContentModel.PROP_TITLE, title);
- properties.put(ContentModel.PROP_DESCRIPTION, description);
- properties.put(PROP_REVIEW_PERIOD, review);
- properties.put(PROP_VITAL_RECORD_INDICATOR, vital);
- NodeRef answer = nodeService.createNode(recordCategory, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER, TYPE_RECORD_FOLDER, properties)
- .getChildRef();
- permissionService.setInheritParentPermissions(answer, false);
- return answer;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see junit.framework.TestCase#tearDown()
- */
- protected void tearDown() throws Exception
- {
- if (testTX.getStatus() == Status.STATUS_ACTIVE)
- {
- testTX.rollback();
- }
- else if (testTX.getStatus() == Status.STATUS_MARKED_ROLLBACK)
- {
- testTX.rollback();
- }
- AuthenticationUtil.clearCurrentSecurityContext();
- super.tearDown();
- }
-
- public void testPermissionsModel()
- {
- Set exposed = permissionModel.getExposedPermissions(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT);
- assertEquals(6, exposed.size());
- assertTrue(exposed.contains(permissionModel.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, RMPermissionModel.ROLE_ADMINISTRATOR)));
-
- Set all = permissionModel.getAllPermissions(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT);
- assertEquals(58 /* capbilities */* 2 + 5 /* roles */+ (2 /* Read+File */* 2) + 1 /* Filing */, all.size());
-
- checkGranting(RMPermissionModel.ACCESS_AUDIT, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.ADD_MODIFY_EVENT_DATES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CLOSE_FOLDERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER, RMPermissionModel.ROLE_SECURITY_OFFICER,
- RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.CYCLE_VITAL_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER, RMPermissionModel.ROLE_SECURITY_OFFICER,
- RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.DECLARE_AUDIT_AS_RECORD, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DECLARE_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER, RMPermissionModel.ROLE_SECURITY_OFFICER,
- RMPermissionModel.ROLE_POWER_USER, RMPermissionModel.ROLE_USER);
- checkGranting(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.DELETE_AUDIT, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DELETE_LINKS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DELETE_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DESTROY_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.DISPLAY_RIGHTS_REPORT, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.EDIT_NON_RECORD_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.EDIT_RECORD_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.EDIT_SELECTION_LISTS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.EXPORT_AUDIT, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- // File does not exists
- // checkGranting(RMPermissionModel.FILE_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR,
- // RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MANAGE_ACCESS_CONTROLS, RMPermissionModel.ROLE_ADMINISTRATOR);
- checkGranting(RMPermissionModel.MANAGE_ACCESS_RIGHTS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MAP_EMAIL_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.MOVE_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.PASSWORD_CONTROL, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.PLANNING_REVIEW_CYCLES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER, RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.RE_OPEN_FOLDERS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER, RMPermissionModel.ROLE_SECURITY_OFFICER,
- RMPermissionModel.ROLE_POWER_USER);
- checkGranting(RMPermissionModel.SELECT_AUDIT_METADATA, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.TRIGGER_AN_EVENT, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.UNDECLARE_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.UNFREEZE, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.UPDATE_CLASSIFICATION_DATES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER);
- checkGranting(RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER);
- checkGranting(RMPermissionModel.UPDATE_TRIGGER_DATES, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
- checkGranting(RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER,
- RMPermissionModel.ROLE_SECURITY_OFFICER);
- checkGranting(RMPermissionModel.VIEW_RECORDS, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER, RMPermissionModel.ROLE_SECURITY_OFFICER,
- RMPermissionModel.ROLE_POWER_USER, RMPermissionModel.ROLE_USER);
- checkGranting(RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, RMPermissionModel.ROLE_ADMINISTRATOR, RMPermissionModel.ROLE_RECORDS_MANAGER);
-
- }
-
- private void checkGranting(String permission, String... roles)
- {
- Set granting = permissionModel.getGrantingPermissions(permissionModel.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT,
- permission));
- Set test = new HashSet();
- test.addAll(granting);
- Set nonRM = new HashSet();
- for (PermissionReference pr : granting)
- {
- if (!pr.getQName().equals(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
- {
- nonRM.add(pr);
- }
- }
- test.removeAll(nonRM);
- assertEquals(roles.length + 1, test.size());
- for (String role : roles)
- {
- assertTrue(test.contains(permissionModel.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, role)));
- }
-
- }
-
- public void testConfig()
- {
- assertEquals(6, recordsManagementSecurityService.getProtectedAspects().size());
- assertEquals(13, recordsManagementSecurityService.getProtectedProperties().size());
-
- // Test action wire up
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.ACCESS_AUDIT).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.ADD_MODIFY_EVENT_DATES).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.AUTHORIZE_ALL_TRANSFERS).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CHANGE_OR_DELETE_REFERENCES).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.CLOSE_FOLDERS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.CYCLE_VITAL_RECORDS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DECLARE_AUDIT_AS_RECORD).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.DECLARE_RECORDS).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DELETE_AUDIT).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DELETE_LINKS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DELETE_RECORDS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DESTROY_RECORDS).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.DISPLAY_RIGHTS_REPORT).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.EDIT_DECLARED_RECORD_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.EDIT_NON_RECORD_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.EDIT_RECORD_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.EDIT_SELECTION_LISTS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.EXPORT_AUDIT).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.FILE_RECORDS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MANAGE_ACCESS_RIGHTS).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MAP_EMAIL_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.MOVE_RECORDS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.PASSWORD_CONTROL).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.PLANNING_REVIEW_CYCLES).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.RE_OPEN_FOLDERS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.SELECT_AUDIT_METADATA).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.TRIGGER_AN_EVENT).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.UNDECLARE_RECORDS).getActionNames().size());
- assertEquals(2, recordsManagementSecurityService.getCapability(RMPermissionModel.UNFREEZE).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.UPDATE_CLASSIFICATION_DATES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.UPDATE_TRIGGER_DATES).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS).getActionNames().size());
- assertEquals(0, recordsManagementSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS).getActionNames().size());
- assertEquals(1, recordsManagementSecurityService.getCapability(RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE).getActionNames().size());
-
- }
-
- public void testFilePlanAsSystem()
- {
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testFilePlanAsAdmin()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testFilePlanAsAdministrator()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_administrator);
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testFilePlanAsRecordsManager()
- {
- Set permissions = permissionService.getAllSetPermissions(filePlan);
- for (AccessPermission ap : permissions)
- {
- System.out.println(ap.getAuthority() + " -> " + ap.getPermission() + " (" + ap.getPosition() + ")");
- }
-
- AuthenticationUtil.setFullyAuthenticatedUser(rm_records_manager);
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testFilePlanAsSecurityOfficer()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_security_officer);
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testFilePlanAsPowerUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_power_user);
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testFilePlanAsUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_user);
- Map access = recordsManagementSecurityService.getCapabilities(filePlan);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordSeriesAsSystem()
- {
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordSeriesAsAdmin()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordSeriesAsAdministrator()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_administrator);
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordSeriesAsRecordsManager()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_records_manager);
- permissionService.setPermission(recordSeries, rm_records_manager, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordSeriesAsSecurityOfficer()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_security_officer);
- permissionService.setPermission(recordSeries, rm_security_officer, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordSeriesAsPowerUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_power_user);
- permissionService.setPermission(recordSeries, rm_power_user, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordSeriesAsUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_user);
- permissionService.setPermission(recordSeries, rm_user, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordSeries);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordCategoryAsSystem()
- {
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordCategoryAsAdmin()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordCategoryAsAdministrator()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_administrator);
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordCategoryAsRecordsManager()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_records_manager);
- permissionService.setPermission(recordCategory_1, rm_records_manager, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordCategoryAsSecurityOfficer()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_security_officer);
- permissionService.setPermission(recordCategory_1, rm_security_officer, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordCategoryAsPowerUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_power_user);
- permissionService.setPermission(recordCategory_1, rm_power_user, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordCategoryAsUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_user);
- permissionService.setPermission(recordCategory_1, rm_user, RMPermissionModel.FILING, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordCategory_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordFolderAsSystem()
- {
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordFolderAsAdmin()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordFolderAsAdministrator()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_administrator);
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- private void setFilingOnRecordFolder(NodeRef recordFolder, String authority)
- {
- permissionService.setPermission(recordFolder, authority, RMPermissionModel.FILING, true);
- permissionService.setPermission(nodeService.getPrimaryParent(recordFolder).getParentRef(), authority, RMPermissionModel.READ_RECORDS, true);
- }
-
- public void testRecordFolderAsRecordsManager()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_records_manager);
- setFilingOnRecordFolder(recordFolder_1, rm_records_manager);
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordFolderAsSecurityOfficer()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_security_officer);
- permissionService.setPermission(recordFolder_1, rm_security_officer, RMPermissionModel.FILING, true);
- permissionService.setPermission(nodeService.getPrimaryParent(recordFolder_1).getParentRef(), rm_security_officer, RMPermissionModel.READ_RECORDS, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordFolderAsPowerUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_power_user);
- permissionService.setPermission(recordFolder_1, rm_power_user, RMPermissionModel.FILING, true);
- permissionService.setPermission(nodeService.getPrimaryParent(recordFolder_1).getParentRef(), rm_power_user, RMPermissionModel.READ_RECORDS, true);
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordFolderAsUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_user);
- setFilingOnRecordFolder(recordFolder_1, rm_user);
- Map access = recordsManagementSecurityService.getCapabilities(recordFolder_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordAsSystem()
- {
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordAsAdmin()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordAsAdministrator()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_administrator);
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size());
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordAsRecordsManager()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_records_manager);
- setFilingOnRecord(record_1, rm_records_manager);
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
-
- }
-
- public void testRecordAsSecurityOfficer()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_security_officer);
- setFilingOnRecord(record_1, rm_security_officer);
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- private void setFilingOnRecord(NodeRef record, String authority)
- {
- NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
- permissionService.setPermission(recordFolder, authority, RMPermissionModel.FILING, true);
- permissionService.setPermission(nodeService.getPrimaryParent(recordFolder).getParentRef(), authority, RMPermissionModel.READ_RECORDS, true);
- }
-
- public void testRecordAsPowerUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_power_user);
- setFilingOnRecord(record_1, rm_power_user);
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- public void testRecordAsUser()
- {
- AuthenticationUtil.setFullyAuthenticatedUser(rm_user);
- Map access = recordsManagementSecurityService.getCapabilities(record_1);
- assertEquals(65, access.size()); // 58 + File
- check(access, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- check(access, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.DELETE_LINKS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- check(access, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- check(access, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAKE_OPTIONAL_PARAMETERS_MANDATORY, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_CONTROLS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANAGE_ACCESS_RIGHTS, AccessStatus.DENIED);
- check(access, RMPermissionModel.MANUALLY_CHANGE_DISPOSITION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_CLASSIFICATION_GUIDE_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MAP_EMAIL_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.MOVE_RECORDS, AccessStatus.UNDETERMINED);
- check(access, RMPermissionModel.PASSWORD_CONTROL, AccessStatus.DENIED);
- check(access, RMPermissionModel.PLANNING_REVIEW_CYCLES, AccessStatus.DENIED);
- check(access, RMPermissionModel.RE_OPEN_FOLDERS, AccessStatus.DENIED);
- check(access, RMPermissionModel.SELECT_AUDIT_METADATA, AccessStatus.DENIED);
- check(access, RMPermissionModel.TRIGGER_AN_EVENT, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNDECLARE_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.UNFREEZE, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_CLASSIFICATION_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_EXEMPTION_CATEGORIES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_TRIGGER_DATES, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPDATE_VITAL_RECORD_CYCLE_INFORMATION, AccessStatus.DENIED);
- check(access, RMPermissionModel.UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS, AccessStatus.DENIED);
- check(access, RMPermissionModel.VIEW_RECORDS, AccessStatus.ALLOWED);
- check(access, RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE, AccessStatus.DENIED);
- }
-
- private void checkCapability(String user, NodeRef nodeRef, String permission, AccessStatus accessStstus)
- {
- AuthenticationUtil.setFullyAuthenticatedUser(user);
- Map access = capabilityService.getCapabilitiesAccessState(nodeRef);
- check(access, permission, accessStstus);
- }
-
- private void checkPermission(String user, NodeRef nodeRef, String permission, AccessStatus accessStstus)
- {
- AuthenticationUtil.setFullyAuthenticatedUser(user);
- assertTrue(permissionService.hasPermission(nodeRef, permission) == accessStstus);
- }
-
- public void testAccessAuditCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.ACCESS_AUDIT, AccessStatus.DENIED);
- }
-
- public void testAddModifyEventDatesCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.ADD_MODIFY_EVENT_DATES, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
-
- // try and complete some events
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- Map eventDetails = new HashMap(3);
- eventDetails.put(CompleteEventAction.PARAM_EVENT_NAME, "event");
- eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_AT, new Date());
- eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_BY, test_user);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "completeEvent", eventDetails);
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "completeEvent", eventDetails);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "completeEvent", eventDetails);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "completeEvent", eventDetails);
-
- // check protected properties
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETE, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, new Date());
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_BY, "me");
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check cutoff
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.ADD_MODIFY_EVENT_DATES, AccessStatus.ALLOWED);
- }
-
- public void testApproveRecordsScheduledForCutoffCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- // folder level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- // record level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
-
- // try and cut off
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "cutoff", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "cutoff", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- // check protected properties
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_CUT_OFF_DATE, new Date());
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check cutoff again (it is already cut off)
-
- // try
- // {
- // recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- // fail();
- // }
- // catch (AccessDeniedException ade)
- // {
- //
- // }
- // try
- // {
- // recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
- // fail();
- // }
- // catch (AccessDeniedException ade)
- // {
- //
- // }
-
- // checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
- // AccessStatus.DENIED);
- // checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
- // AccessStatus.DENIED);
- // checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
- // AccessStatus.DENIED);
- // checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
- // AccessStatus.DENIED);
- }
-
- public void testAttachRulesToMetadataPropertiesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.ATTACH_RULES_TO_METADATA_PROPERTIES, AccessStatus.DENIED);
- }
-
- private void setupForTransfer()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- // folder level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- // record level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- }
-
- private void setupForTransferComplete()
- {
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_ALL_TRANSFERS, AccessStatus.ALLOWED);
-
- // check each action
-
- TransferAction transfer = (TransferAction) ctx.getBean("transfer");
- assertFalse(transfer.isExecutable(recordFolder_1, null));
- assertFalse(transfer.isExecutable(record_1, null));
- assertFalse(transfer.isExecutable(recordFolder_2, null));
- assertFalse(transfer.isExecutable(record_2, null));
-
- TransferCompleteAction transferComplete = (TransferCompleteAction) ctx.getBean("transferComplete");
- assertTrue(transferComplete.isExecutable(recordFolder_1, null));
- assertFalse(transferComplete.isExecutable(record_1, null));
- assertFalse(transferComplete.isExecutable(recordFolder_2, null));
- assertTrue(transferComplete.isExecutable(record_2, null));
- }
-
- public void testAuthorizeAllTransfersCapability()
- {
- setupForTransfer();
-
- // try and transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
-
- setupForTransferComplete();
-
- // try and complete the transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "transferComplete", null);
- }
-
- public void testAuthorizeAllTransfersCapability_TransferNegative()
- {
- setupForTransfer();
-
- // try and transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
-
- // -ve checks (ALF-2749)
- // note: ideally, each -ve test should be run independently (if we want outer/setup txn to rollback)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "transfer", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "transfer", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check protected properties
-
- // PROP_DISPOSITION_ACTION_STARTED_AT
- // PROP_DISPOSITION_ACTION_STARTED_BY
- // PROP_DISPOSITION_ACTION_COMPLETED_AT
- // PROP_DISPOSITION_ACTION_COMPLETED_BY
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_STARTED_AT, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_STARTED_BY, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_COMPLETED_AT, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_COMPLETED_BY, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check cutoff again (it is already cut off)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- }
-
- public void testAuthorizeAllTransfersCapability_TransferCompleteNegative()
- {
- setupForTransfer();
-
- // try and transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
-
- setupForTransferComplete();
-
- // try and complete the transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "transferComplete", null);
-
- // -ve checks (ALF-2749)
- // note: ideally, each -ve test should be run independently (if we want outer/setup txn to rollback)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "transferComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "transferComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- // will fail as this is in the same transafer which is now done.
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(record_2), "transferComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // try again - should fail
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transferComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transferComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- }
-
-
- private NodeRef getTransferObject(NodeRef fp)
- {
- List assocs = this.nodeService.getParentAssocs(fp, RecordsManagementModel.ASSOC_TRANSFERRED, RegexQNamePattern.MATCH_ALL);
- if (assocs.size() > 0)
- {
- return assocs.get(0).getParentRef();
- }
- else
- {
- return fp;
- }
- }
-
- private void setupForAccession()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- // folder level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- // record level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "transferComplete", null);
-
- assertTrue(this.nodeService.exists(recordFolder_1));
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- assertTrue(this.nodeService.exists(recordFolder_1));
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- assertTrue(this.nodeService.exists(recordFolder_1));
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- }
-
- private void setupForAccessionComplete()
- {
- checkCapability(test_user, recordFolder_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.AUTHORIZE_NOMINATED_TRANSFERS, AccessStatus.ALLOWED);
-
- // check each action
-
- TransferAction transfer = (TransferAction) ctx.getBean("accession");
- assertFalse(transfer.isExecutable(recordFolder_1, null));
- assertFalse(transfer.isExecutable(record_1, null));
- assertFalse(transfer.isExecutable(recordFolder_2, null));
- assertFalse(transfer.isExecutable(record_2, null));
-
- TransferCompleteAction transferComplete = (TransferCompleteAction) ctx.getBean("accessionComplete");
- assertTrue(transferComplete.isExecutable(recordFolder_1, null));
- assertFalse(transferComplete.isExecutable(record_1, null));
- assertFalse(transferComplete.isExecutable(recordFolder_2, null));
- assertTrue(transferComplete.isExecutable(record_2, null));
- }
-
- public void testAuthorizeNominatedTransfersCapability()
- {
- setupForAccession();
-
- // try accession
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "accession", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "accession", null);
-
- setupForAccessionComplete();
-
- // try and complete the transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "accessionComplete", null);
- }
-
- public void testAuthorizeNominatedTransfersCapability_AccessionNegative()
- {
- setupForAccession();
-
- // try accession
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "accession", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "accession", null);
-
- // -ve checks (ALF-2749)
- // note: ideally, each -ve test should be run independently (if we want outer/setup txn to rollback)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "accession", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "accession", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check protected properties
-
- // PROP_DISPOSITION_ACTION_STARTED_AT
- // PROP_DISPOSITION_ACTION_STARTED_BY
- // PROP_DISPOSITION_ACTION_COMPLETED_AT
- // PROP_DISPOSITION_ACTION_COMPLETED_BY
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_STARTED_AT, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_STARTED_BY, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_COMPLETED_AT, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_DISPOSITION_ACTION_COMPLETED_BY, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check cutoff again (it is already cut off)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "accession", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_2, "accession", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- }
-
- public void testAuthorizeNominatedTransfersCapability_AccessionCompleteNegative()
- {
- setupForAccession();
-
- // try accession
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "accession", null);
-
- recordsManagementActionService.executeRecordsManagementAction(record_2, "accession", null);
-
- setupForAccessionComplete();
-
- // try and complete the transfer
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "accessionComplete", null);
-
- // -ve checks (ALF-2749)
- // note: ideally, each -ve test should be run independently (if we want outer/setup txn to rollback)
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "accessionComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "accessionComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- try
- {
- // will fail as this is in the same transfer which is now done.
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(record_2), "accessionComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
-
- // try again - should fail
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "accessionComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(record_2), "accessionComplete", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- catch (AlfrescoRuntimeException are)
- {
-
- }
- }
-
- public void testChangeOrDeleteReferencesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CHANGE_OR_DELETE_REFERENCES, AccessStatus.DENIED);
- }
-
- public void testCloseFoldersCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // folder level - no preconditions
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // record level - record denies - folder allows
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible for cut off
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- assertTrue(this.nodeService.exists(recordFolder_1));
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.CLOSE_FOLDERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CLOSE_FOLDERS, AccessStatus.DENIED);
-
- // try to close
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder", null);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder", null);
-
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_2, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check protected properties
-
- // PROP_IS_CLOSED
-
- try
- {
- publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_IS_CLOSED, true);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // check close again (it is already closed)
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_1, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(record_2, "closeRecordFolder", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- }
-
- public void testCreateAndAssociateSelectionListsCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_AND_ASSOCIATE_SELECTION_LISTS, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyClassificationGuidesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyEventsCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_EVENTS, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyFileplanMetadataCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyFileplanTypesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_TYPES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyFoldersCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // folder level - no preconditions
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- // series level capabilities
-
- // fails as no filling rights ...
-
- checkCapability(test_user, recordCategory_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordCategory_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordCategory_1, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordCategory_2, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS, AccessStatus.ALLOWED);
-
- // create
-
- HashMap properties = new HashMap();
- properties.put(ContentModel.PROP_NAME, "name");
- properties.put(PROP_IDENTIFIER, "identifier");
- properties.put(ContentModel.PROP_TITLE, "title");
- properties.put(ContentModel.PROP_DESCRIPTION, "description");
- properties.put(PROP_REVIEW_PERIOD, "week|1");
- properties.put(PROP_VITAL_RECORD_INDICATOR, true);
- NodeRef newFolder = publicNodeService.createNode(recordCategory_1, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER, TYPE_RECORD_FOLDER,
- properties).getChildRef();
-
- // modify
-
- publicNodeService.addAspect(newFolder, ContentModel.ASPECT_OWNABLE, null);
- properties = new HashMap();
- properties.put(ContentModel.PROP_OWNER, "me");
- publicNodeService.addProperties(newFolder, properties);
- // move should fail ...
- try
- {
- publicNodeService.moveNode(newFolder, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- publicNodeService.removeProperty(newFolder, ContentModel.PROP_TITLE);
- publicNodeService.setProperty(newFolder, ContentModel.PROP_TITLE, "title");
- publicNodeService.addAspect(newFolder, ContentModel.ASPECT_TEMPORARY, null);
- publicNodeService.removeAspect(newFolder, ContentModel.ASPECT_TEMPORARY);
- publicNodeService.setProperties(newFolder, publicNodeService.getProperties(newFolder));
- try
- {
- // abstains
- publicNodeService.setType(newFolder, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- // try move
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.MOVE_RECORDS, true);
- publicNodeService.moveNode(newFolder, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
-
- // delete
-
- publicNodeService.deleteNode(newFolder);
- publicNodeService.deleteNode(recordFolder_1);
- publicNodeService.deleteNode(recordFolder_2);
-
- }
-
- public void testCreateModifyDestroyRecordTypesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_RECORD_TYPES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyReferenceTypesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_REFERENCE_TYPES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyRolesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_ROLES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyTimeframesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_TIMEFRAMES, AccessStatus.DENIED);
- }
-
- public void testCreateModifyDestroyUsersAndGroupsCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_USERS_AND_GROUPS, AccessStatus.DENIED);
- }
-
- public void testCreateModifyRecordsInCuttoffFoldersCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- // folder level - no preconditions
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- // Check cutoff
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS, AccessStatus.ALLOWED);
-
- // create
-
- Map properties = new HashMap(1);
- properties.put(ContentModel.PROP_NAME, "MyRecordCreate.txt");
- NodeRef newRecord = this.publicNodeService.createNode(recordFolder_1, ContentModel.ASSOC_CONTAINS,
- QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "MyRecord.txt"), ContentModel.TYPE_CONTENT, properties).getChildRef();
-
- // Set the content
- ContentWriter writer = this.publicContentService.getWriter(newRecord, ContentModel.PROP_CONTENT, true);
- writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
- writer.setEncoding("UTF-8");
- writer.putContent("There is some content in this record");
-
- recordsManagementActionService.executeRecordsManagementAction(newRecord, "file");
- // modify
-
- publicNodeService.addAspect(newRecord, ContentModel.ASPECT_OWNABLE, null);
- properties = new HashMap();
- properties.put(ContentModel.PROP_OWNER, "me");
- publicNodeService.addProperties(newRecord, properties);
- // move should fail ...
- try
- {
- publicNodeService.moveNode(newRecord, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- publicNodeService.removeProperty(newRecord, ContentModel.PROP_TITLE);
- publicNodeService.setProperty(newRecord, ContentModel.PROP_TITLE, "title");
- publicNodeService.addAspect(newRecord, ContentModel.ASPECT_TEMPORARY, null);
- publicNodeService.removeAspect(newRecord, ContentModel.ASPECT_TEMPORARY);
- publicNodeService.setProperties(newRecord, publicNodeService.getProperties(newRecord));
- try
- {
- // abstains
- publicNodeService.setType(newRecord, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
-
- }
-
- public void testCycleVitalRecordsCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.CYCLE_VITAL_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
-
- // try and cycle
-
- recordsManagementActionService.executeRecordsManagementAction(record_1, "reviewed");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "reviewed");
-
- recordsManagementActionService.executeRecordsManagementAction(record_1, "reviewed");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "reviewed");
-
- // check cutoff
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.CYCLE_VITAL_RECORDS, AccessStatus.ALLOWED);
- }
-
- public void testDeclareAuditAsRecordCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DECLARE_AUDIT_AS_RECORD, AccessStatus.DENIED);
- }
-
- public void testDeclareRecordsCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- // recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- // recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.ALLOWED);
-
- // try declare
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "declareRecord", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "declareRecord", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS, AccessStatus.DENIED);
- }
-
- public void testDeclareRecordsInClosedFoldersCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- // recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- // recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.ALLOWED);
-
- // try declare in closed
-
- // Close
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "declareRecord", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
- try
- {
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "declareRecord", null);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS, AccessStatus.DENIED);
- }
-
- public void testDeleteAuditCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DELETE_AUDIT, AccessStatus.DENIED);
- }
-
- public void testDeleteLinksCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DELETE_LINKS, AccessStatus.DENIED);
- }
-
- public void testDeleteRecordsCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DELETE_RECORDS, AccessStatus.DENIED);
- }
-
- public void testDestroyRecordsCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DESTROY_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS, AccessStatus.ALLOWED);
-
- // cut off
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- // fix disposition
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // should delete even though transfer is next ..,.
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- nodeService.deleteNode(recordFolder_1);
- nodeService.deleteNode(record_2);
-
- }
-
- public void testDestroyRecordsScheduledForDestructionCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- // folder level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- // record level - not eligible all deny
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- NodeRef ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "transfer", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "transfer", null);
- // this completes both transfers :-)
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "transferComplete", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "accession", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "accession", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // this completes both transfers :-)
- recordsManagementActionService.executeRecordsManagementAction(getTransferObject(recordFolder_1), "transferComplete", null);
-
- ndNodeRef = this.nodeService.getChildAssocs(recordFolder_1, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
- ndNodeRef = this.nodeService.getChildAssocs(record_2, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
- this.nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.DECLARE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- // Check closed
- // should make no difference
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION, AccessStatus.ALLOWED);
-
- // scheduled destroy
-
- AuthenticationUtil.setFullyAuthenticatedUser(test_user);
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "destroy", null);
- recordsManagementActionService.executeRecordsManagementAction(record_2, "destroy", null);
-
- }
-
- public void testDisplayRightsReportCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.DISPLAY_RIGHTS_REPORT, AccessStatus.DENIED);
- }
-
- public void testEditDeclaredRecordMetadataCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- // Set appropriate state - declare records and make eligible
-
- Calendar calendar = Calendar.getInstance();
- calendar.set(Calendar.HOUR, 0);
- calendar.set(Calendar.MINUTE, 0);
- calendar.set(Calendar.SECOND, 0);
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
-
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_1, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_1, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_1, "declareRecord");
-
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
- nodeService.setProperty(record_2, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
- nodeService.setProperty(record_2, ContentModel.PROP_TITLE, "titleValue");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "declareRecord");
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // try to modify
-
- publicNodeService.addAspect(record_1, ContentModel.ASPECT_OWNABLE, null);
- Map properties = new HashMap(1);
- properties.put(ContentModel.PROP_OWNER, "me");
- publicNodeService.addProperties(record_1, properties);
- // move should fail ...
- try
- {
- publicNodeService.moveNode(record_1, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- publicNodeService.removeProperty(record_1, ContentModel.PROP_TITLE);
- publicNodeService.setProperty(record_1, ContentModel.PROP_TITLE, "title");
- publicNodeService.addAspect(record_1, ContentModel.ASPECT_TEMPORARY, null);
- publicNodeService.removeAspect(record_1, ContentModel.ASPECT_TEMPORARY);
- publicNodeService.setProperties(record_1, publicNodeService.getProperties(record_1));
- try
- {
- // abstains
- publicNodeService.setType(record_1, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- }
-
- public void testEditNonRecordMetadataCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_NON_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.EDIT_NON_RECORD_METADATA);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_NON_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_NON_RECORD_METADATA, AccessStatus.DENIED);
-
- // try to modify
-
- publicNodeService.addAspect(recordFolder_1, ContentModel.ASPECT_OWNABLE, null);
- Map properties = new HashMap(1);
- properties.put(ContentModel.PROP_OWNER, "me");
- publicNodeService.addProperties(recordFolder_1, properties);
- // move should fail ...
- try
- {
- publicNodeService.moveNode(recordFolder_1, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- publicNodeService.removeProperty(recordFolder_1, ContentModel.PROP_TITLE);
- publicNodeService.setProperty(recordFolder_1, ContentModel.PROP_TITLE, "title");
- publicNodeService.addAspect(recordFolder_1, ContentModel.ASPECT_TEMPORARY, null);
- publicNodeService.removeAspect(recordFolder_1, ContentModel.ASPECT_TEMPORARY);
- publicNodeService.setProperties(recordFolder_1, publicNodeService.getProperties(recordFolder_1));
- try
- {
- // abstains
- publicNodeService.setType(recordFolder_1, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- }
-
- public void testEditRecordMetadataCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.EDIT_RECORD_METADATA);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EDIT_RECORD_METADATA, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EDIT_RECORD_METADATA, AccessStatus.ALLOWED);
-
- // try to modify
-
- publicNodeService.addAspect(record_1, ContentModel.ASPECT_OWNABLE, null);
- Map properties = new HashMap(1);
- properties.put(ContentModel.PROP_OWNER, "me");
- publicNodeService.addProperties(record_1, properties);
- // move should fail ...
- try
- {
- publicNodeService.moveNode(record_1, recordCategory_2, ContentModel.ASSOC_CONTAINS, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- publicNodeService.removeProperty(record_1, ContentModel.PROP_TITLE);
- publicNodeService.setProperty(record_1, ContentModel.PROP_TITLE, "title");
- publicNodeService.addAspect(record_1, ContentModel.ASPECT_TEMPORARY, null);
- publicNodeService.removeAspect(record_1, ContentModel.ASPECT_TEMPORARY);
- publicNodeService.setProperties(record_1, publicNodeService.getProperties(record_1));
- try
- {
- // abstains
- publicNodeService.setType(record_1, TYPE_RECORD_FOLDER);
- fail();
- }
- catch (AccessDeniedException ade)
- {
-
- }
- }
-
- public void testEditSelectionListsCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EDIT_SELECTION_LISTS, AccessStatus.DENIED);
- }
-
- public void testEnableDisableAuditByTypesCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.ENABLE_DISABLE_AUDIT_BY_TYPES, AccessStatus.DENIED);
- }
-
- public void testExportAuditCapability()
- {
- // capability is checked above - just check permission assignments
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EXPORT_AUDIT, AccessStatus.DENIED);
- }
-
- public void testExtendRetentionPeriodOrFreezeCapability()
- {
- // freeze and unfreeze is part of most other tests - this jusr duplicates the basics ...
-
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkPermission(rm_power_user, filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkPermission(rm_user, filePlan, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(rm_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- // check frozen - can be in mutiple holds/freezes ..
-
- Map params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "one");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- params = new HashMap(1);
- params.put(FreezeAction.PARAM_REASON, "Two");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "freeze", params);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "unfreeze");
- recordsManagementActionService.executeRecordsManagementAction(record_2, "unfreeze");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- // Check closed
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "closeRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "closeRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
- recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_1, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
- checkCapability(test_user, record_2, RMPermissionModel.EXTEND_RETENTION_PERIOD_OR_FREEZE, AccessStatus.ALLOWED);
-
- }
-
- public void testFileRecordsCapability()
- {
- // Folder
- checkPermission(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- // Record
- checkPermission(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_administrator, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_records_manager, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_security_officer, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_power_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkPermission(rm_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- // folder level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- // record level
-
- checkCapability(AuthenticationUtil.getSystemUserName(), recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_administrator, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_records_manager, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_security_officer, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_power_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(rm_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
-
- checkCapability(AuthenticationUtil.getSystemUserName(), record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_administrator, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_records_manager, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_security_officer, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_power_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(rm_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- // check person with no access and add read and write
- // Filing
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
- permissionService.setInheritParentPermissions(recordCategory_1, false);
- permissionService.setInheritParentPermissions(recordCategory_2, false);
- permissionService.setPermission(recordCategory_1, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordCategory_2, testers, RMPermissionModel.READ_RECORDS, true);
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.FILE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.FILE_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.FILE_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(filePlan, testers, RMPermissionModel.VIEW_RECORDS, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- permissionService.deletePermission(recordFolder_1, testers, RMPermissionModel.FILING);
- permissionService.deletePermission(recordFolder_2, testers, RMPermissionModel.FILING);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
-
- permissionService.setPermission(recordFolder_1, testers, RMPermissionModel.FILING, true);
- permissionService.setPermission(recordFolder_2, testers, RMPermissionModel.FILING, true);
-
- checkCapability(test_user, recordFolder_1, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_1, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
- checkCapability(test_user, recordFolder_2, RMPermissionModel.FILE_RECORDS, AccessStatus.DENIED);
- checkCapability(test_user, record_2, RMPermissionModel.FILE_RECORDS, AccessStatus.ALLOWED);
-
- // check frozen
-
- AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
- Map