diff --git a/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java b/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java
index 6e48e63aa4..b6d3e0dcdd 100644
--- a/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java
+++ b/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java
@@ -805,7 +805,24 @@ public class CMISNodeInfoImpl implements CMISNodeInfo
ChildAssociationRef assocRef = ((ChildAssocElement) element).getRef();
NodeRef node = assocRef.getChildRef();
displayPath.append("/");
- displayPath.append(connector.getNodeService().getProperty(node, ContentModel.PROP_NAME));
+ try
+ {
+ String propertyName = (String) connector.getNodeService().getProperty(node, ContentModel.PROP_NAME);
+ displayPath.append(propertyName);
+ }
+ catch (AccessDeniedException e)
+ {
+ // if the user does not have enough permissions to construct the entire path then the object
+ // should have a null path
+ return null;
+ }
+ // Somewhere this has not been wrapped correctly
+ catch (net.sf.acegisecurity.AccessDeniedException e)
+ {
+ // if the user does not have enough permissions to construct the entire path then the object
+ // should have a null path
+ return null;
+ }
}
i++;
}
diff --git a/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java b/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java
index 0a688bad2c..3614751553 100644
--- a/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java
+++ b/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java
@@ -74,6 +74,7 @@ import org.alfresco.repo.search.impl.parsers.FTSQueryException;
import org.alfresco.repo.search.impl.querymodel.Order;
import org.alfresco.repo.search.impl.querymodel.QueryModelException;
import org.alfresco.repo.search.impl.querymodel.QueryOptions.Connective;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ContentData;
import org.alfresco.service.cmr.repository.ContentWriter;
@@ -197,6 +198,10 @@ public class OpenCmisQueryTest extends BaseCMISTest
private NodeRef f9;
+ private NodeRef forAdminFolder;
+
+ private NodeRef forEveryoneFolder;
+
private NodeRef c0;
private NodeRef c1;
@@ -5647,6 +5652,70 @@ public class OpenCmisQueryTest extends BaseCMISTest
testOrderablePropertyFail("test:multipleBoolean");
}
+ /**
+ * MNT-11163 test:
+ *
+ * Assume there is a folder 'A' with admin access only and subfolder 'B' with permissions EVERYONE Contributor.
+ * The folder's structure:
+ *
+ * repository
+ * |
+ * -A
+ * |
+ * -B
+ *
+ * The CMIS query SELECT * FROM cmis:folder should not raise CmisPermissionDeniedException. Returned path for 'A' or 'B' nodes should be null.
+ */
+ public void testParentWithPermissions() throws Exception
+ {
+ String userName = "cmis";
+
+ final String forAdminFolderName = "For admin folder";
+ forAdminFolder = nodeService.createNode(base, ContentModel.ASSOC_CONTAINS,
+ QName.createQName("cm", forAdminFolderName, namespaceService),
+ ContentModel.TYPE_FOLDER).getChildRef();
+ nodeService.setProperty(forAdminFolder, ContentModel.PROP_NAME, forAdminFolderName);
+ // deny access for test user to 'forAdminFolder'
+ permissionService.setPermission(forAdminFolder, userName, PermissionService.ALL_PERMISSIONS, false);
+
+ String forEveryoneFolderName = "For everyone folder";
+ forEveryoneFolder = nodeService.createNode(forAdminFolder,
+ ContentModel.ASSOC_CONTAINS,
+ QName.createQName("cm", forEveryoneFolderName, namespaceService),
+ ContentModel.TYPE_FOLDER).getChildRef();
+ nodeService.setProperty(forEveryoneFolder, ContentModel.PROP_NAME, forEveryoneFolderName);
+ // set access for test to 'forEveryOneFOlder'
+ permissionService.setPermission(forEveryoneFolder, userName, PermissionService.ALL_PERMISSIONS, true);
+
+ final CMISQueryOptions options = new CMISQueryOptions("SELECT * FROM cmis:folder", rootNodeRef.getStoreRef());
+
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ @Override
+ public Serializable doWork() throws Exception
+ {
+ CMISResultSet rs = cmisQueryService.query(options);
+ for (CMISResultSetRow row : rs)
+ {
+ if (!row.getNodeRef().equals(base))
+ {
+ NodeRef ref = row.getNodeRef();
+ if (ref.equals(forEveryoneFolder))
+ {
+ Serializable sValue = row.getValue("cmis:path");
+ assertEquals("The path for '" + forAdminFolderName + "' should be null", null, sValue);
+ }
+ else if (ref.equals(forAdminFolder))
+ {
+ assertTrue("Should not get the path for '" + forAdminFolderName + "'",false);
+ }
+ }
+ }
+ return null;
+ }
+ }, userName);
+ }
+
public void testNonQueryableTypes() throws Exception
{
testQuery("SELECT * FROM cmis:policy", 0, false, "cmis:name", new String(), true);