inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/release/V3.2' into merge-3.3/MNT-21292_DownloadRecords

Browse Source
This commit is contained in:
Rodica Sutu
2020-02-26 14:59:41 +02:00
parent fff717b9b1 0920fd7f5b
commit 262e4ab88f
2 changed files with 189 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java
View File

@@ -27,8 +27,12 @@
package org.alfresco.module.org_alfresco_module_rm.capability.policy; package org.alfresco.module.org_alfresco_module_rm.capability.policy;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability; import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.aopalliance.intercept.MethodInvocation; import org.aopalliance.intercept.MethodInvocation;
public class AssocPolicy extends AbstractBasePolicy public class AssocPolicy extends AbstractBasePolicy
@@ -40,8 +44,48 @@ public class AssocPolicy extends AbstractBasePolicy
Class[] params, Class[] params,
ConfigAttributeDefinition cad) ConfigAttributeDefinition cad)
{ {
NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent()); NodeRef source = null;
return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(testNodeRef); if (cad.getParameters().get(0) > -1)
{
source = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
}
NodeRef target = null;
if (cad.getParameters().get(1) > -1)
{
target = getTestNode(invocation, params, cad.getParameters().get(1), cad.isParent());
}
if (source != null && target != null)
{
// check the source node ref is a file plan component
if (nodeService.hasAspect(source, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
{
return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(source);
}
else
{
final boolean isFilePlanComponent = nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT);
final boolean hasViewRecordCapability = getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME);
// allow association between a source non rm node and an rm node if the user
// has ViewRecordsCapability on the RM target node and write properties on the dm node
if ( isFilePlanComponent &&
hasViewRecordCapability &&
permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED))
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
else
{
return AccessDecisionVoter.ACCESS_DENIED;
}
}
}
else
{
return AccessDecisionVoter.ACCESS_DENIED;
}
} }
} }

143
rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java Normal file
View File

@@ -0,0 +1,143 @@
/*
* #%L
* Alfresco Records Management Module
* %%
* Copyright (C) 2005 - 2020 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* -
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
* -
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* -
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
* -
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.record;
import net.sf.acegisecurity.Authentication;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.download.DownloadService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID;
/**
* Download as zip record test.
* <pre>Tests for <a href="https://issues.alfresco.com/jira/browse/MNT-21292">MNT-21292</a> </pre>
* @author Rodica Sutu
* @since 3.2.0.1
*/
public class DownloadAsZipRecordTest extends BaseRMTestCase
{
private DownloadService downloadService;
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
/**
* @see BaseRMTestCase#initServices()
*/
@Override
protected void initServices()
{
super.initServices();
downloadService = (DownloadService) applicationContext.getBean("DownloadService");
}
/**
* Given a record and a user without view record capability
* When the user downloads the record
* Then Access Denied exception is thrown
*/
public void testDownloadRecordUserNoReadCapability()
{
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
{
/** user with no view record capability */
String userDownload;
Authentication previousAuthentication;
public void given()
{
// create an inplace record
AuthenticationUtil.runAs((RunAsWork<Void>) () -> {
recordService.createRecord(filePlan, dmDocument);
return null;
}, AuthenticationUtil.getAdminUserName());
// create user
userDownload = GUID.generate();
createPerson(userDownload);
}
public void when()
{
previousAuthentication = AuthenticationUtil.getFullAuthentication();
AuthenticationUtil.setFullyAuthenticatedUser(userDownload);
downloadService.createDownload(new NodeRef[] { dmDocument }, true);
}
public void after()
{
AuthenticationUtil.setFullAuthentication(previousAuthentication);
personService.deletePerson(userDownload);
}
});
}
/**
* Given a record and a user with view record capability
* When the user downloads the record
* Then download node is created
*/
public void testDownloadRecordUserWithReadCapability()
{
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
NodeRef downloadStorageNode;
public void given()
{
// Create an inplace record
AuthenticationUtil.runAs((RunAsWork<Void>) () -> {
// Declare record
recordService.createRecord(filePlan, dmDocument);
return null;
}, dmCollaborator);
}
public void when()
{
Authentication previousAuthentication = AuthenticationUtil.getFullAuthentication();
AuthenticationUtil.setFullyAuthenticatedUser(dmCollaborator);
// request to download the record
downloadStorageNode = downloadService.createDownload(new NodeRef[] { dmDocument }, true);
AuthenticationUtil.setFullAuthentication(previousAuthentication);
}
public void then()
{
// check the download storage node is created
assertTrue(nodeService.exists(downloadStorageNode));
}
});
}
}