From 20fe538cb38ec797b85275046ed5adfc8b9c5073 Mon Sep 17 00:00:00 2001 From: Will Abson Date: Wed, 25 Jun 2014 16:11:26 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud) 73883: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 73717: Merged DEV to V4.2-BUG-FIX (4.2.3) 73669: MNT-11163: CMIS - querying for folders raises CmisPermissionDeniedException - CmisPermissionDeniedException is fixed. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74829 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco/opencmis/CMISNodeInfoImpl.java | 19 ++++- .../opencmis/search/OpenCmisQueryTest.java | 69 +++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) diff --git a/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java b/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java index 6e48e63aa4..b6d3e0dcdd 100644 --- a/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java +++ b/source/java/org/alfresco/opencmis/CMISNodeInfoImpl.java @@ -805,7 +805,24 @@ public class CMISNodeInfoImpl implements CMISNodeInfo ChildAssociationRef assocRef = ((ChildAssocElement) element).getRef(); NodeRef node = assocRef.getChildRef(); displayPath.append("/"); - displayPath.append(connector.getNodeService().getProperty(node, ContentModel.PROP_NAME)); + try + { + String propertyName = (String) connector.getNodeService().getProperty(node, ContentModel.PROP_NAME); + displayPath.append(propertyName); + } + catch (AccessDeniedException e) + { + // if the user does not have enough permissions to construct the entire path then the object + // should have a null path + return null; + } + // Somewhere this has not been wrapped correctly + catch (net.sf.acegisecurity.AccessDeniedException e) + { + // if the user does not have enough permissions to construct the entire path then the object + // should have a null path + return null; + } } i++; } diff --git a/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java b/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java index 0a688bad2c..3614751553 100644 --- a/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java +++ b/source/test-java/org/alfresco/opencmis/search/OpenCmisQueryTest.java @@ -74,6 +74,7 @@ import org.alfresco.repo.search.impl.parsers.FTSQueryException; import org.alfresco.repo.search.impl.querymodel.Order; import org.alfresco.repo.search.impl.querymodel.QueryModelException; import org.alfresco.repo.search.impl.querymodel.QueryOptions.Connective; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.dictionary.DataTypeDefinition; import org.alfresco.service.cmr.repository.ContentData; import org.alfresco.service.cmr.repository.ContentWriter; @@ -197,6 +198,10 @@ public class OpenCmisQueryTest extends BaseCMISTest private NodeRef f9; + private NodeRef forAdminFolder; + + private NodeRef forEveryoneFolder; + private NodeRef c0; private NodeRef c1; @@ -5647,6 +5652,70 @@ public class OpenCmisQueryTest extends BaseCMISTest testOrderablePropertyFail("test:multipleBoolean"); } + /** + * MNT-11163 test: + *

+ * Assume there is a folder 'A' with admin access only and subfolder 'B' with permissions EVERYONE Contributor. + * The folder's structure: + *

+     *  repository
+     *           |
+     *            -A
+     *             |
+     *              -B
+     *
+ * The CMIS query SELECT * FROM cmis:folder should not raise CmisPermissionDeniedException. Returned path for 'A' or 'B' nodes should be null. + */ + public void testParentWithPermissions() throws Exception + { + String userName = "cmis"; + + final String forAdminFolderName = "For admin folder"; + forAdminFolder = nodeService.createNode(base, ContentModel.ASSOC_CONTAINS, + QName.createQName("cm", forAdminFolderName, namespaceService), + ContentModel.TYPE_FOLDER).getChildRef(); + nodeService.setProperty(forAdminFolder, ContentModel.PROP_NAME, forAdminFolderName); + // deny access for test user to 'forAdminFolder' + permissionService.setPermission(forAdminFolder, userName, PermissionService.ALL_PERMISSIONS, false); + + String forEveryoneFolderName = "For everyone folder"; + forEveryoneFolder = nodeService.createNode(forAdminFolder, + ContentModel.ASSOC_CONTAINS, + QName.createQName("cm", forEveryoneFolderName, namespaceService), + ContentModel.TYPE_FOLDER).getChildRef(); + nodeService.setProperty(forEveryoneFolder, ContentModel.PROP_NAME, forEveryoneFolderName); + // set access for test to 'forEveryOneFOlder' + permissionService.setPermission(forEveryoneFolder, userName, PermissionService.ALL_PERMISSIONS, true); + + final CMISQueryOptions options = new CMISQueryOptions("SELECT * FROM cmis:folder", rootNodeRef.getStoreRef()); + + AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() + { + @Override + public Serializable doWork() throws Exception + { + CMISResultSet rs = cmisQueryService.query(options); + for (CMISResultSetRow row : rs) + { + if (!row.getNodeRef().equals(base)) + { + NodeRef ref = row.getNodeRef(); + if (ref.equals(forEveryoneFolder)) + { + Serializable sValue = row.getValue("cmis:path"); + assertEquals("The path for '" + forAdminFolderName + "' should be null", null, sValue); + } + else if (ref.equals(forAdminFolder)) + { + assertTrue("Should not get the path for '" + forAdminFolderName + "'",false); + } + } + } + return null; + } + }, userName); + } + public void testNonQueryableTypes() throws Exception { testQuery("SELECT * FROM cmis:policy", 0, false, "cmis:name", new String(), true);