diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
index cf907eed7a..0c07644d1a 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -53,6 +53,7 @@ import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.tenant.TenantService;
+import org.alfresco.repo.version.Version2Model;
import org.alfresco.repo.version.VersionModel;
import org.alfresco.repo.version.common.VersionUtil;
import org.alfresco.service.cmr.dictionary.DictionaryService;
@@ -417,25 +418,19 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{
return doAvmCan(passedNodeRef, permIn);
}
-
+
+ // Note: if we're directly accessing a frozen state (version) node (ie. in the 'version' store) we need to check permissions for the versioned node (ie. in the 'live' store)
+ if (isVersionNodeRef(passedNodeRef))
+ {
+ passedNodeRef = convertVersionNodeRefToVersionedNodeRef(VersionUtil.convertNodeRef(passedNodeRef));
+ }
+
// Allow permissions for nodes that do not exist
if (!nodeService.exists(passedNodeRef))
{
return AccessStatus.ALLOWED;
}
- // Because of VersionedNodeRef has no any inherited from source Frozen NodeRef permissions (it has only default permissions),
- // it is necessary to avoid cases when some user without appropriate permissions trying to receive any resource from its any version link etc.
- // That could be proceed through receiving Frozen NodeRef instance for this VersionedNodeRef instance. There is appears a possibility to get
- // access to specified for Frozen NodeRef instance permissions
-
- // NOTE: maybe in future there will appear situation when changing Node permissions will be a cause for creating new Node version. In other words,
- // VersionedNodeRefs will contain their own permissions (whose, probably, will differ from version to version). In this case you should delete/comment this code!!!
- if (isVersionedNodeRefInstance(passedNodeRef))
- {
- passedNodeRef = convertVersionedNodeRefToFrozenNodeRef(VersionUtil.convertNodeRef(passedNodeRef));
- }
-
final NodeRef nodeRef = tenantService.getName(passedNodeRef);
final PermissionReference perm;
@@ -1910,29 +1905,42 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
}
/**
- * This methods checks weather the specified NodeRef instance is an VersionedNodeRef
+ * This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store)
*
- * @param nodeRef - probably VersionedNodeRef
- * @return true if NodeRef if Versioned and false in other case
+ * @param nodeRef - version nodeRef
+ * @return true if version nodeRef false otherwise
*/
- private boolean isVersionedNodeRefInstance(NodeRef nodeRef)
+ private boolean isVersionNodeRef(NodeRef nodeRef)
{
return nodeRef.getStoreRef().getProtocol().equals(VersionModel.STORE_PROTOCOL);
}
/**
- * Converts specified VersionedNodeRef to Frozen NodeRef (from SpacesStore store, accessed by workspace protocol)
+ * Converts specified version nodeRef (eg. versionStore://...) to versioned nodeRef (eg. workspace://SpacesStore/...)
*
- * @param nodeRef - always VersionedNodeRef
- * @return Frozen NodeRef instance (source for this VersionedNodeRef instance)
+ * @param nodeRef - always version nodeRef (ie. in the 'version' store)
+ * @return versioned nodeRef (ie.in the 'live' store)
*/
- private NodeRef convertVersionedNodeRefToFrozenNodeRef(NodeRef nodeRef)
+ private NodeRef convertVersionNodeRefToVersionedNodeRef(NodeRef versionNodeRef)
{
-
- Map properties = nodeService.getProperties(nodeRef);
-
- return new NodeRef((String) properties.get(ContentModel.PROP_STORE_PROTOCOL),
- (String) properties.get(ContentModel.PROP_STORE_IDENTIFIER),
- (String) properties.get(ContentModel.PROP_NODE_UUID));
+ Map properties = nodeService.getProperties(versionNodeRef);
+
+ NodeRef nodeRef = null;
+
+ // Switch VersionStore depending on configured impl
+ if (versionNodeRef.getStoreRef().getIdentifier().equals(Version2Model.STORE_ID))
+ {
+ // V2 version store (eg. workspace://version2Store)
+ nodeRef = (NodeRef)properties.get(Version2Model.PROP_QNAME_FROZEN_NODE_REF);
+ }
+ else if (versionNodeRef.getStoreRef().getIdentifier().equals(VersionModel.STORE_ID))
+ {
+ // Deprecated V1 version store (eg. workspace://lightWeightVersionStore)
+ nodeRef = new NodeRef((String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_STORE_PROTOCOL),
+ (String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_STORE_ID),
+ (String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_ID));
+ }
+
+ return nodeRef;
}
}
diff --git a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
index 994e660a44..f105aa409b 100644
--- a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
+++ b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
@@ -52,12 +52,12 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.version.Version;
import org.alfresco.service.cmr.version.VersionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.BaseSpringTest;
-import org.alfresco.util.TestWithUserUtils;
public abstract class BaseVersionStoreTest extends BaseSpringTest
{
@@ -75,6 +75,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
protected MutableAuthenticationDao authenticationDAO;
protected NodeArchiveService nodeArchiveService;
protected NodeService nodeService;
+ protected PermissionService permissionService;
/*
* Data used by tests
@@ -164,6 +165,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
this.authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao");
this.nodeArchiveService = (NodeArchiveService) applicationContext.getBean("nodeArchiveService");
this.nodeService = (NodeService)applicationContext.getBean("nodeService");
+ this.permissionService = (PermissionService)this.applicationContext.getBean("permissionService");
setVersionService((VersionService)applicationContext.getBean("versionService"));
@@ -197,14 +199,14 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
// Get a reference to the root node
this.rootNodeRef = this.dbNodeService.getRootNode(this.testStoreRef);
- // Create an authenticate the user
+ // Create and authenticate the user
if(!authenticationDAO.userExists(AuthenticationUtil.getAdminUserName()))
{
authenticationService.createAuthentication(AuthenticationUtil.getAdminUserName(), PWD.toCharArray());
}
- TestWithUserUtils.authenticateUser(AuthenticationUtil.getAdminUserName(), PWD, this.rootNodeRef, this.authenticationService);
+ AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
}
/**
@@ -408,7 +410,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
fail("The created date of the version is incorrect.");
}
- // Check the creator
+ // Check the creator
assertEquals(AuthenticationUtil.getAdminUserName(), newVersion.getCreator());
// Check the metadata properties of the version
diff --git a/source/java/org/alfresco/repo/version/VersionServiceImplTest.java b/source/java/org/alfresco/repo/version/VersionServiceImplTest.java
index 83cbd59254..0bdd9ee530 100644
--- a/source/java/org/alfresco/repo/version/VersionServiceImplTest.java
+++ b/source/java/org/alfresco/repo/version/VersionServiceImplTest.java
@@ -37,6 +37,7 @@ import java.util.Set;
import org.alfresco.model.ApplicationModel;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.model.FileFolderService;
@@ -47,6 +48,8 @@ import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.version.Version;
import org.alfresco.service.cmr.version.VersionHistory;
import org.alfresco.service.cmr.version.VersionService;
@@ -67,19 +70,22 @@ import org.springframework.context.ApplicationContext;
public class VersionServiceImplTest extends BaseVersionStoreTest
{
private static Log logger = LogFactory.getLog(VersionServiceImplTest.class);
-
+
private static final String UPDATED_VALUE_1 = "updatedValue1";
- private static final String UPDATED_VALUE_2 = "updatedValue2";
- private static final String UPDATED_VALUE_3 = "updatedValue3";
- private static final String UPDATED_CONTENT_1 = "updatedContent1";
- private static final String UPDATED_CONTENT_2 = "updatedContent2";
-
- public void testSetup()
+ private static final String UPDATED_VALUE_2 = "updatedValue2";
+ private static final String UPDATED_VALUE_3 = "updatedValue3";
+ private static final String UPDATED_CONTENT_1 = "updatedContent1";
+ private static final String UPDATED_CONTENT_2 = "updatedContent2";
+
+ private static final String PWD_A = "passA";
+ private static final String USER_NAME_A = "userA";
+
+ public void testSetup()
{
- // NOOP
+ // NOOP
}
-
- /**
+
+ /**
* Tests the creation of the initial version of a versionable node
*/
public void testCreateIntialVersion()
@@ -1126,7 +1132,47 @@ public class VersionServiceImplTest extends BaseVersionStoreTest
Object editionCodeArchive = nodeService.getProperty(versionNodeRef, prop);
assertEquals(editionCodeArchive.getClass(), Integer.class);
- }
+ }
+
+ /**
+ * Check read permission for the frozen node
+ */
+ public void testHasPermission()
+ {
+ AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
+
+ if(!authenticationDAO.userExists(USER_NAME_A))
+ {
+ authenticationService.createAuthentication(USER_NAME_A, PWD_A.toCharArray());
+ }
+
+ permissionService.setPermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
+ permissionService.setInheritParentPermissions(rootNodeRef, true);
+
+ // Create a new versionable node
+ NodeRef versionableNode = createNewVersionableNode();
+
+ // Create a new version
+ Version version = createVersion(versionableNode, versionProperties);
+ NodeRef versionNodeRef = version.getFrozenStateNodeRef();
+
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ));
+
+ AuthenticationUtil.setFullyAuthenticatedUser(USER_NAME_A);
+
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ));
+
+ AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
+
+ permissionService.setInheritParentPermissions(versionableNode, false);
+
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ));
+
+ AuthenticationUtil.setFullyAuthenticatedUser(USER_NAME_A);
+
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(versionNodeRef, PermissionService.READ));
+ }
+
public static void main(String ... args)
{
try