inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Global RM admin user added

Browse Source 
* this allows code to be 'runAsRMAdmin' .. rather than having to use System (remember 'admin' isn't nessesarily an rm admin)
  * will give us the option to run rm rules as rmAdmin (this may be the default case for the time being and later part of the configuration of the rule)
  * will also allow us to add RM admin level security to methods (for example can only create a role if you are an rm admin)
  * rmAdmin user has global RM admin rights to all file plans (when we go to multi-file plan support)
  * rm user bootstrapped via module 'patch' .. this will execute on existing V2.1 db's
  * filePlanRoleService unit test (was missing! .. my bad!)
  * relates to RM-596 (this rule needs to be executed as the rm admin)



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46749 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-02-18 23:50:21 +00:00
parent 017efecda9
commit 23206d29a3
8 changed files with 358 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
View File

@@ -22,3 +22,6 @@ audit.rm.enabled=true
# Extended permission service cache sizing # Extended permission service cache sizing
# #
cache.writersSharedCache.maxItems=10000 cache.writersSharedCache.maxItems=10000
# Global RM admin default pwd
rm.rmadmin.pwd=rmadmin

15
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
View File

@@ -77,4 +77,19 @@
<property name="capabilityService" ref="CapabilityService"/> <property name="capabilityService" ref="CapabilityService"/>
</bean> </bean>
<bean id="org_alfresco_module_rm_RMv2RMAdminUserPatch"
parent="module.baseComponent"
class="org.alfresco.module.org_alfresco_module_rm.patch.RMv2RMAdminUserPatch">
<property name="moduleId" value="org_alfresco_module_rm"/>
<property name="name" value="org_alfresco_module_rm_RMv2RMAdminUserPatch"/>
<property name="description" value="Adds the global RM admin user to all existing file plans."/>
<property name="sinceVersion" value="2.1"/>
<property name="appliesFromVersion" value="2.1"/>
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="filePlanRoleService" ref="FilePlanRoleService"/>
<property name="authenticationService" ref="AuthenticationService" />
<property name="personService" ref="PersonService" />
<property name="password" value="${rm.rmadmin.pwd}" />
</bean>
</beans> </beans>

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2ModelPatch.java
View File

@@ -43,7 +43,7 @@ public class RMv2ModelPatch extends AbstractModuleComponent
implements BeanNameAware, RecordsManagementModel, DOD5015Model implements BeanNameAware, RecordsManagementModel, DOD5015Model
{ {
/** Logger */ /** Logger */
private static Log logger = LogFactory.getLog(NotificationTemplatePatch.class); private static Log logger = LogFactory.getLog(RMv2ModelPatch.class);
private static long BATCH_SIZE = 100000L; private static long BATCH_SIZE = 100000L;

124
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.patch;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.module.AbstractModuleComponent;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.BeanNameAware;
/**
* RM v2.1: RM admin user patch
*
* @author Roy Wetherall
*/
public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements BeanNameAware
{
/** Logger */
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
private String password = "rmadmin";
private MutableAuthenticationService authenticationService;
private PersonService personService;
private RecordsManagementService recordsManagementService;
private FilePlanRoleService filePlanRoleService;
public void setPassword(String password)
{
this.password = password;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
{
this.recordsManagementService = recordsManagementService;
}
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@Override
protected void executeInternal() throws Throwable
{
if (logger.isDebugEnabled() == true)
{
logger.debug("RM Module RMv2RMAdminUserPatch ...");
}
if (authenticationService.authenticationExists(FilePlanRoleService.RM_ADMIN_USER) == false)
{
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(FilePlanRoleService.RM_ADMIN_USER, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, FilePlanRoleService.RM_ADMIN_USER);
personService.createPerson(properties);
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... assigning RM Admin user to file plans");
}
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.RM_ADMIN_USER);
}
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... RMv2RMAdminUserPatch complete");
}
}
}
}

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
View File

@@ -31,6 +31,9 @@ import org.alfresco.service.cmr.repository.NodeRef;
*/ */
public interface FilePlanRoleService public interface FilePlanRoleService
{ {
/** Default rm admin user */
public static final String RM_ADMIN_USER = "rmadmin";
/** Default role names */ /** Default role names */
public static final String ROLE_USER = "User"; public static final String ROLE_USER = "User";
public static final String ROLE_POWER_USER = "PowerUser"; public static final String ROLE_POWER_USER = "PowerUser";

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -332,6 +332,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// Add the creating user to the administration group // Add the creating user to the administration group
String user = AuthenticationUtil.getFullyAuthenticatedUser(); String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user); authorityService.addAuthority(role.getRoleGroupName(), user);
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), FilePlanRoleService.RM_ADMIN_USER);
} }
} }
} }
@@ -619,6 +622,11 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{ {
public Role doWork() throws Exception public Role doWork() throws Exception
{ {
if (existsRole(rmRootNode, role) == false)
{
throw new AlfrescoRuntimeException("Unable to update role " + role + ", because it does not exist.");
}
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode)); String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
// Reset the role display name // Reset the role display name
@@ -646,6 +654,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
*/ */
public void deleteRole(final NodeRef rmRootNode, final String role) public void deleteRole(final NodeRef rmRootNode, final String role)
{ {
// ensure that we are not trying to delete the admin role
if (ROLE_ADMIN.equals(role) == true)
{
throw new AlfrescoRuntimeException("Can not delete the records management administration role.");
}
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{ {
public Boolean doWork() throws Exception public Boolean doWork() throws Exception

181
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java Normal file
View File

@@ -0,0 +1,181 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.Role;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.security.AuthorityType;
/**
* File plan role service unit test
*
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
@Override
protected boolean isUserTest()
{
return true;
}
public void testGetAllRolesContainerGroup() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
String allRolesGroup = filePlanRoleService.getAllRolesContainerGroup(filePlan);
assertNotNull(allRolesGroup);
Set<String> allRoles = authorityService.getContainedAuthorities(AuthorityType.GROUP, allRolesGroup, true);
assertNotNull(allRoles);
assertTrue(allRoles.contains(filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER).getRoleGroupName()));
return null;
}
});
}
public void testGetRoles() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
Set<Role> roles = filePlanRoleService.getRoles(filePlan);
assertNotNull(roles);
assertTrue(roles.size() != 0);
return null;
}
});
}
public void testRolesByUser() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(1, roles.size());
return null;
}
});
}
public void testGetRole() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER);
assertNotNull(role);
assertEquals(ROLE_NAME_POWER_USER, role.getName());
role = filePlanRoleService.getRole(filePlan, "donkey");
assertNull(role);
return null;
}
});
}
public void testExistsRole() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER));
assertFalse(filePlanRoleService.existsRole(filePlan, "donkey"));
return null;
}
});
}
public void testCreateUpdateDeleteRole() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
Set<Capability> caps = new HashSet<Capability>(2);
caps.add(capabilityService.getCapability(RMPermissionModel.ACCESS_AUDIT));
caps.add(capabilityService.getCapability(RMPermissionModel.ADD_MODIFY_EVENT_DATES));
Role role = filePlanRoleService.createRole(filePlan, "Michelle Holt", "Michelle Holt", caps);
assertNotNull(role);
assertEquals("Michelle Holt", role.getName());
assertEquals(2, role.getCapabilities().size());
assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
caps.add(capabilityService.getCapability(RMPermissionModel.AUTHORIZE_ALL_TRANSFERS));
role = filePlanRoleService.updateRole(filePlan, "Michelle Holt", "Michelle Wetherall", caps);
assertNotNull(role);
assertEquals("Michelle Holt", role.getName());
assertEquals(3, role.getCapabilities().size());
assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
filePlanRoleService.deleteRole(filePlan, "Michelle Holt");
assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
return null;
}
});
}
public void testAssignRoleToAuthority() throws Exception
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(1, roles.size());
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName);
roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(2, roles.size());
return null;
}
});
}
}

16
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -661,6 +661,22 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
siteService.setMembership(COLLABORATION_SITE_ID, dmCollaborator, SiteModel.SITE_COLLABORATOR); siteService.setMembership(COLLABORATION_SITE_ID, dmCollaborator, SiteModel.SITE_COLLABORATOR);
} }
/**
* Override to ensure the tests are run as the 'rmadmin' user by default.
*/
@Override
protected <A> A doTestInTransaction(Test<A> test)
{
return super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
}
@Override
protected void doTestInTransaction(FailureTest test)
{
super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
}
/** /**
* Helper class to try and simplify {@link Void} tests. * Helper class to try and simplify {@link Void} tests.
* *