diff --git a/source/java/org/alfresco/cmis/CMISAllowedActionEnum.java b/source/java/org/alfresco/cmis/CMISAllowedActionEnum.java index 19a86d7a63..86b8b58f8d 100644 --- a/source/java/org/alfresco/cmis/CMISAllowedActionEnum.java +++ b/source/java/org/alfresco/cmis/CMISAllowedActionEnum.java @@ -61,8 +61,8 @@ public enum CMISAllowedActionEnum implements EnumLabel // versioning services CAN_CHECKOUT("canCheckOut", "canCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "canCheckout.Document", "{http://www.alfresco.org/model/content/1.0}lockable.CheckOut"), - CAN_CANCEL_CHECKOUT("canCancelCheckOut", "canCancelCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "canCancelCheckout.Document", "{http://www.alfresco.org/model/content/1.0}lockable.CancelCheckOut"), - CAN_CHECKIN("canCheckIn", "canCheckin.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "canCheckin.Document", "{http://www.alfresco.org/model/content/1.0}lockable.CheckIn"), + CAN_CANCEL_CHECKOUT("canCancelCheckOut", "canCancelCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "canCancelCheckout.Document", "{http://www.alfresco.org/model/content/1.0}workingcopy.CancelCheckOut"), + CAN_CHECKIN("canCheckIn", "canCheckin.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "canCheckin.Document", "{http://www.alfresco.org/model/content/1.0}workingcopy.CheckIn"), CAN_GET_ALL_VERSIONS("canGetAllVersions", "canGetAllVersions.VersionSeries", CMISAccessControlService.CMIS_READ_PERMISSION, "canGetAllVersions.VersionSeries", "{http://www.alfresco.org/model/system/1.0}base.Read"), // relationship services diff --git a/source/test-java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java b/source/test-java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java index 4149971c53..aa592bb367 100644 --- a/source/test-java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java +++ b/source/test-java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java @@ -532,8 +532,8 @@ public class CMISAccessControlServiceTest extends BaseCMISTest assertTrue(contains(mappings, "canRemoveFromFolder.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.DeleteNode")); // "canRemoveObjectFromFolder.Folder" assertTrue(contains(mappings, "canCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CheckOut")); - assertTrue(contains(mappings, "canCancelCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CancelCheckOut")); - assertTrue(contains(mappings, "canCheckin.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CheckIn")); + assertTrue(contains(mappings, "canCancelCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}workingcopy.CancelCheckOut")); + assertTrue(contains(mappings, "canCheckin.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}workingcopy.CheckIn")); assertTrue(contains(mappings, "canGetAllVersions.VersionSeries", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.Read")); // "canGetObjectRelationships.Object" assertTrue(contains(mappings, "canAddPolicy.Object", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.Write")); diff --git a/source/test-java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java b/source/test-java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java index e1b7b12aee..42923f7dc8 100644 --- a/source/test-java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java +++ b/source/test-java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java @@ -217,8 +217,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); authenticationService.authenticate("lemur", "lemur".toCharArray()); @@ -227,8 +225,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); authenticationService.authenticate("andy", "andy".toCharArray()); lockService.unlock(testNode); @@ -240,8 +236,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); authenticationService.authenticate("frog", "frog".toCharArray()); @@ -251,6 +245,45 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); + } + + /** + * MNT-9502 + */ + public void testPermissionOfLockedNodeWithWorkingcopyAspect() + { + permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true); + permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true); + permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true); + permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true); + permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true); + permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true); + permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true); + authenticationService.authenticate("andy", "andy".toCharArray()); + NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON, + ContentModel.TYPE_CMOBJECT, null).getChildRef(); + nodeService.addAspect(testNode, ContentModel.ASPECT_WORKING_COPY, null); + lockService.lock(testNode, LockType.READ_ONLY_LOCK); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + + authenticationService.authenticate("lemur", "lemur".toCharArray()); + + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + + authenticationService.authenticate("andy", "andy".toCharArray()); + lockService.unlock(testNode); + authenticationService.authenticate("lemur", "lemur".toCharArray()); + lockService.lock(testNode, LockType.READ_ONLY_LOCK); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + + + authenticationService.authenticate("frog", "frog".toCharArray()); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); @@ -374,8 +407,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + //MNT-9502 node hasn't cm:workingcopy aspect + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.LOCK)); @@ -413,8 +447,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + //MNT-9502 node hasn't cm:workingcopy aspect + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.LOCK)); @@ -518,8 +553,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.LOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + //MNT-9502 node hasn't cm:workingcopy aspect + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); authenticationService.authenticate("lemur", "lemur".toCharArray()); @@ -534,8 +570,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.LOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.UNLOCK)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); lockService.unlock(testNode); @@ -553,6 +587,7 @@ public class LockOwnerDynamicAuthorityTest extends TestCase assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT)); + nodeService.addAspect(testNode, ContentModel.ASPECT_WORKING_COPY, null); lockService.lock(testNode, LockType.READ_ONLY_LOCK); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.LOCK));