From 1fa09a014d4afc856607c7e7c7ac471461fdf164 Mon Sep 17 00:00:00 2001 From: Jan Vonka Date: Tue, 10 Nov 2009 09:50:17 +0000 Subject: [PATCH] Merged V3.2 to HEAD 17398: Merged V3.1 to V3.2 17396: Merged V2.2 to V3.1 17393: Fix ETHREEOH-2912 / ETWOONE-243 - Permissions issue with Versioning enabled git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17402 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../impl/PermissionServiceImpl.java | 64 +++++++++-------- .../repo/version/BaseVersionStoreTest.java | 10 +-- .../repo/version/VersionServiceImplTest.java | 68 ++++++++++++++++--- 3 files changed, 99 insertions(+), 43 deletions(-) diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java index cf907eed7a..0c07644d1a 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -53,6 +53,7 @@ import org.alfresco.repo.security.permissions.PermissionEntry; import org.alfresco.repo.security.permissions.PermissionReference; import org.alfresco.repo.security.permissions.PermissionServiceSPI; import org.alfresco.repo.tenant.TenantService; +import org.alfresco.repo.version.Version2Model; import org.alfresco.repo.version.VersionModel; import org.alfresco.repo.version.common.VersionUtil; import org.alfresco.service.cmr.dictionary.DictionaryService; @@ -417,25 +418,19 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing { return doAvmCan(passedNodeRef, permIn); } - + + // Note: if we're directly accessing a frozen state (version) node (ie. in the 'version' store) we need to check permissions for the versioned node (ie. in the 'live' store) + if (isVersionNodeRef(passedNodeRef)) + { + passedNodeRef = convertVersionNodeRefToVersionedNodeRef(VersionUtil.convertNodeRef(passedNodeRef)); + } + // Allow permissions for nodes that do not exist if (!nodeService.exists(passedNodeRef)) { return AccessStatus.ALLOWED; } - // Because of VersionedNodeRef has no any inherited from source Frozen NodeRef permissions (it has only default permissions), - // it is necessary to avoid cases when some user without appropriate permissions trying to receive any resource from its any version link etc. - // That could be proceed through receiving Frozen NodeRef instance for this VersionedNodeRef instance. There is appears a possibility to get - // access to specified for Frozen NodeRef instance permissions - - // NOTE: maybe in future there will appear situation when changing Node permissions will be a cause for creating new Node version. In other words, - // VersionedNodeRefs will contain their own permissions (whose, probably, will differ from version to version). In this case you should delete/comment this code!!! - if (isVersionedNodeRefInstance(passedNodeRef)) - { - passedNodeRef = convertVersionedNodeRefToFrozenNodeRef(VersionUtil.convertNodeRef(passedNodeRef)); - } - final NodeRef nodeRef = tenantService.getName(passedNodeRef); final PermissionReference perm; @@ -1910,29 +1905,42 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing } /** - * This methods checks weather the specified NodeRef instance is an VersionedNodeRef + * This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store) * - * @param nodeRef - probably VersionedNodeRef - * @return true if NodeRef if Versioned and false in other case + * @param nodeRef - version nodeRef + * @return true if version nodeRef false otherwise */ - private boolean isVersionedNodeRefInstance(NodeRef nodeRef) + private boolean isVersionNodeRef(NodeRef nodeRef) { return nodeRef.getStoreRef().getProtocol().equals(VersionModel.STORE_PROTOCOL); } /** - * Converts specified VersionedNodeRef to Frozen NodeRef (from SpacesStore store, accessed by workspace protocol) + * Converts specified version nodeRef (eg. versionStore://...) to versioned nodeRef (eg. workspace://SpacesStore/...) * - * @param nodeRef - always VersionedNodeRef - * @return Frozen NodeRef instance (source for this VersionedNodeRef instance) + * @param nodeRef - always version nodeRef (ie. in the 'version' store) + * @return versioned nodeRef (ie.in the 'live' store) */ - private NodeRef convertVersionedNodeRefToFrozenNodeRef(NodeRef nodeRef) + private NodeRef convertVersionNodeRefToVersionedNodeRef(NodeRef versionNodeRef) { - - Map properties = nodeService.getProperties(nodeRef); - - return new NodeRef((String) properties.get(ContentModel.PROP_STORE_PROTOCOL), - (String) properties.get(ContentModel.PROP_STORE_IDENTIFIER), - (String) properties.get(ContentModel.PROP_NODE_UUID)); + Map properties = nodeService.getProperties(versionNodeRef); + + NodeRef nodeRef = null; + + // Switch VersionStore depending on configured impl + if (versionNodeRef.getStoreRef().getIdentifier().equals(Version2Model.STORE_ID)) + { + // V2 version store (eg. workspace://version2Store) + nodeRef = (NodeRef)properties.get(Version2Model.PROP_QNAME_FROZEN_NODE_REF); + } + else if (versionNodeRef.getStoreRef().getIdentifier().equals(VersionModel.STORE_ID)) + { + // Deprecated V1 version store (eg. workspace://lightWeightVersionStore) + nodeRef = new NodeRef((String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_STORE_PROTOCOL), + (String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_STORE_ID), + (String) properties.get(VersionModel.PROP_QNAME_FROZEN_NODE_ID)); + } + + return nodeRef; } } diff --git a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java index 994e660a44..f105aa409b 100644 --- a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java +++ b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java @@ -52,12 +52,12 @@ import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.version.Version; import org.alfresco.service.cmr.version.VersionService; import org.alfresco.service.namespace.QName; import org.alfresco.service.transaction.TransactionService; import org.alfresco.util.BaseSpringTest; -import org.alfresco.util.TestWithUserUtils; public abstract class BaseVersionStoreTest extends BaseSpringTest { @@ -75,6 +75,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest protected MutableAuthenticationDao authenticationDAO; protected NodeArchiveService nodeArchiveService; protected NodeService nodeService; + protected PermissionService permissionService; /* * Data used by tests @@ -164,6 +165,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest this.authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao"); this.nodeArchiveService = (NodeArchiveService) applicationContext.getBean("nodeArchiveService"); this.nodeService = (NodeService)applicationContext.getBean("nodeService"); + this.permissionService = (PermissionService)this.applicationContext.getBean("permissionService"); setVersionService((VersionService)applicationContext.getBean("versionService")); @@ -197,14 +199,14 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest // Get a reference to the root node this.rootNodeRef = this.dbNodeService.getRootNode(this.testStoreRef); - // Create an authenticate the user + // Create and authenticate the user if(!authenticationDAO.userExists(AuthenticationUtil.getAdminUserName())) { authenticationService.createAuthentication(AuthenticationUtil.getAdminUserName(), PWD.toCharArray()); } - TestWithUserUtils.authenticateUser(AuthenticationUtil.getAdminUserName(), PWD, this.rootNodeRef, this.authenticationService); + AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); } /** @@ -408,7 +410,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest fail("The created date of the version is incorrect."); } - // Check the creator + // Check the creator assertEquals(AuthenticationUtil.getAdminUserName(), newVersion.getCreator()); // Check the metadata properties of the version diff --git a/source/java/org/alfresco/repo/version/VersionServiceImplTest.java b/source/java/org/alfresco/repo/version/VersionServiceImplTest.java index 83cbd59254..0bdd9ee530 100644 --- a/source/java/org/alfresco/repo/version/VersionServiceImplTest.java +++ b/source/java/org/alfresco/repo/version/VersionServiceImplTest.java @@ -37,6 +37,7 @@ import java.util.Set; import org.alfresco.model.ApplicationModel; import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.model.FileFolderService; @@ -47,6 +48,8 @@ import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.version.Version; import org.alfresco.service.cmr.version.VersionHistory; import org.alfresco.service.cmr.version.VersionService; @@ -67,19 +70,22 @@ import org.springframework.context.ApplicationContext; public class VersionServiceImplTest extends BaseVersionStoreTest { private static Log logger = LogFactory.getLog(VersionServiceImplTest.class); - + private static final String UPDATED_VALUE_1 = "updatedValue1"; - private static final String UPDATED_VALUE_2 = "updatedValue2"; - private static final String UPDATED_VALUE_3 = "updatedValue3"; - private static final String UPDATED_CONTENT_1 = "updatedContent1"; - private static final String UPDATED_CONTENT_2 = "updatedContent2"; - - public void testSetup() + private static final String UPDATED_VALUE_2 = "updatedValue2"; + private static final String UPDATED_VALUE_3 = "updatedValue3"; + private static final String UPDATED_CONTENT_1 = "updatedContent1"; + private static final String UPDATED_CONTENT_2 = "updatedContent2"; + + private static final String PWD_A = "passA"; + private static final String USER_NAME_A = "userA"; + + public void testSetup() { - // NOOP + // NOOP } - - /** + + /** * Tests the creation of the initial version of a versionable node */ public void testCreateIntialVersion() @@ -1126,7 +1132,47 @@ public class VersionServiceImplTest extends BaseVersionStoreTest Object editionCodeArchive = nodeService.getProperty(versionNodeRef, prop); assertEquals(editionCodeArchive.getClass(), Integer.class); - } + } + + /** + * Check read permission for the frozen node + */ + public void testHasPermission() + { + AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); + + if(!authenticationDAO.userExists(USER_NAME_A)) + { + authenticationService.createAuthentication(USER_NAME_A, PWD_A.toCharArray()); + } + + permissionService.setPermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + permissionService.setInheritParentPermissions(rootNodeRef, true); + + // Create a new versionable node + NodeRef versionableNode = createNewVersionableNode(); + + // Create a new version + Version version = createVersion(versionableNode, versionProperties); + NodeRef versionNodeRef = version.getFrozenStateNodeRef(); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ)); + + AuthenticationUtil.setFullyAuthenticatedUser(USER_NAME_A); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ)); + + AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); + + permissionService.setInheritParentPermissions(versionableNode, false); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(versionNodeRef, PermissionService.READ)); + + AuthenticationUtil.setFullyAuthenticatedUser(USER_NAME_A); + + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(versionNodeRef, PermissionService.READ)); + } + public static void main(String ... args) { try