Merge pull request #1474 from Alfresco/feature/ACS-3657_PartialListOfRuleSets

ACS-3657 Allow returning partial list of rule sets.
2025-07-31 17:39:05 +00:00 · 2022-10-07 14:38:39 +01:00
parent f342b27c74 855e2522f2
commit 1f81a50677
3 changed files with 145 additions and 2 deletions
--- a/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/RuleSetsImpl.java
+++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/RuleSetsImpl.java
@@ -39,6 +39,7 @@ import java.util.stream.IntStream;

 import org.alfresco.repo.rule.RuleModel;
 import org.alfresco.repo.rule.RuntimeRuleService;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.rest.api.RuleSets;
 import org.alfresco.rest.api.model.rules.RuleSet;
 import org.alfresco.rest.api.model.rules.RuleSetLink;
@@ -50,10 +51,14 @@ import org.alfresco.service.Experimental;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.rule.RuleService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

@Experimental
 public class RuleSetsImpl implements RuleSets
 {
+    private static final Logger LOGGER = LoggerFactory.getLogger(RuleSetsImpl.class);
+
    private RuleSetLoader ruleSetLoader;
    private RuleService ruleService;
    private NodeValidator validator;
@@ -67,15 +72,42 @@ public class RuleSetsImpl implements RuleSets

        List<RuleSet> ruleSets = ruleService.getNodesSupplyingRuleSets(folderNode)
                                            .stream()
-                                            .map(ruleService::getRuleSetNode)
+                                            .map(supplyingNode -> loadRuleSet(supplyingNode, folderNode, includes))
                                            .filter(Objects::nonNull)
-                                            .map(nodeRef -> ruleSetLoader.loadRuleSet(nodeRef, folderNode, includes))
                                            .distinct()
                                            .collect(toList());

        return ListPage.of(ruleSets, paging);
    }

+    /**
+     * Load the specified rule set if the user has permission.
+     *
+     * @param supplyingNode The folder supplying a rule set.
+     * @param folderNode The folder being supplied with rule sets.
+     * @param includes The list of optional fields to include for each rule set in the response.
+     * @return The rule set from the DB or null if the folder has no rule set, or the current user does not have permission to view it.
+     */
+    private RuleSet loadRuleSet(NodeRef supplyingNode, NodeRef folderNode, List<String> includes)
+    {
+        NodeRef ruleSetNode = ruleService.getRuleSetNode(supplyingNode);
+        // Check if the folder has no rule sets.
+        if (ruleSetNode == null)
+        {
+            return null;
+        }
+
+        try
+        {
+            return ruleSetLoader.loadRuleSet(ruleSetNode, folderNode, includes);
+        }
+        catch (AccessDeniedException e)
+        {
+            LOGGER.debug("User does not have permission to view rule set with id {}.", ruleSetNode, e);
+            return null;
+        }
+    }
+
    @Override
    public RuleSet getRuleSetById(String folderNodeId, String ruleSetId, List<String> includes)
    {
--- a/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/RuleSetsImplTest.java
+++ b/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/RuleSetsImplTest.java
@@ -42,6 +42,7 @@ import java.util.List;
 import junit.framework.TestCase;
 import org.alfresco.repo.rule.RuleModel;
 import org.alfresco.repo.rule.RuntimeRuleService;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.rest.api.model.rules.RuleSet;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
@@ -146,6 +147,34 @@ public class RuleSetsImplTest extends TestCase
        assertEquals(PAGING, actual.getPaging());
    }

+    @Test
+    public void testOnlyGetPermittedRuleSets()
+    {
+        // Simulate a private folder with a rule set that the current user can't access.
+        NodeRef privateFolder = new NodeRef("private://folder/");
+        NodeRef privateRuleSetNode = new NodeRef("private://rule/set/node/");
+        given(ruleServiceMock.getRuleSetNode(privateFolder)).willReturn(privateRuleSetNode);
+        given(ruleServiceMock.getNodesSupplyingRuleSets(FOLDER_NODE)).willReturn(List.of(FOLDER_NODE, privateFolder));
+        given(ruleSetLoaderMock.loadRuleSet(eq(privateRuleSetNode), any(NodeRef.class), any(List.class)))
+                .willThrow(new AccessDeniedException("Cannot access private rule set."));
+
+        // Call the method under test.
+        CollectionWithPagingInfo<RuleSet> actual = ruleSets.getRuleSets(FOLDER_ID, INCLUDES, PAGING);
+
+        then(nodeValidatorMock).should().validateFolderNode(FOLDER_ID, false);
+        then(nodeValidatorMock).shouldHaveNoMoreInteractions();
+
+        then(ruleServiceMock).should().getNodesSupplyingRuleSets(FOLDER_NODE);
+        then(ruleServiceMock).should().getRuleSetNode(FOLDER_NODE);
+        then(ruleServiceMock).should().getRuleSetNode(privateFolder);
+        then(ruleServiceMock).shouldHaveNoMoreInteractions();
+
+        // Check we only get the accessible rule set back.
+        Collection<RuleSet> expected = List.of(ruleSetMock);
+        assertEquals(expected, actual.getCollection());
+        assertEquals(PAGING, actual.getPaging());
+    }
+
    /** Check that a folder with a parent and grandparent can inherit rule sets from the grandparent, even if the parent has no rules. */
    @Test
    public void testGetInheritedRuleSets()