Added declarative support for running a web script as an alternative effective user via a runas attribute in the description document. Fixes ENH-229

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11072 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/web/scripts/RepoStore.java

@@ -252,6 +252,14 @@ public class RepoStore implements Store, TenantDeployer
     {
     	return getPath(getBaseNodeRef());
     }
+        
+    /* (non-Javadoc)
+     * @see org.alfresco.web.scripts.Store#isSecure()
+     */
+    public boolean isSecure()
+    {
+        return false;
+    }
 
     /* (non-Javadoc)
      * @see org.alfresco.web.scripts.Store#exists()

source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java

@@ -33,6 +33,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.alfresco.repo.cache.SimpleCache;
 import org.alfresco.repo.model.Repository;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.tenant.TenantAdminService;
 import org.alfresco.repo.tenant.TenantDeployer;
 import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
@@ -227,7 +228,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
                 // TODO revisit - cleared here, in-lieu of WebClient clear
                 AuthenticationUtil.clearCurrentSecurityContext();
             }
-            transactionedExecute(script, scriptReq, scriptRes);
+            transactionedExecuteAs(script, scriptReq, scriptRes);
         }
         else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest)
         {
@@ -261,7 +262,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
                     }
                     
                     // Execute Web Script
-                    transactionedExecute(script, scriptReq, scriptRes);
+                    transactionedExecuteAs(script, scriptReq, scriptRes);
                 }
             }
             finally
@@ -326,6 +327,36 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
         }
     }
     
+    /**
+     * Execute script within required level of transaction as required effective user.
+     * 
+     * @param scriptReq
+     * @param scriptRes
+     * @throws IOException
+     */
+    private void transactionedExecuteAs(final WebScript script, final WebScriptRequest scriptReq,
+            final WebScriptResponse scriptRes) throws IOException
+    {
+        String runAs = script.getDescription().getRunAs();
+        if (runAs == null)
+        {
+            transactionedExecute(script, scriptReq, scriptRes);
+        }
+        else
+        {
+            RunAsWork<Object> work = new RunAsWork<Object>()
+            {
+
+                public Object doWork() throws Exception
+                {
+                    transactionedExecute(script, scriptReq, scriptRes);
+                    return null;
+                }
+            };
+            AuthenticationUtil.runAs(work, runAs);
+        }
+    }
+    
     /* (non-Javadoc)
      * @see org.alfresco.web.scripts.AbstractRuntimeContainer#getRegistry()
      */

source/java/org/alfresco/repo/web/scripts/RepositoryContainerTest.java

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have received a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.web.scripts;
+
+import org.alfresco.model.ContentModel;
+import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.util.PropertyMap;
+import org.alfresco.web.scripts.TestWebScriptServer.GetRequest;
+import org.alfresco.web.scripts.TestWebScriptServer.Response;
+
+/**
+ * Unit test to test runas function
+ * 
+ * @author David Ward
+ */
+public class RepositoryContainerTest extends BaseWebScriptTest
+{
+    private AuthenticationService authenticationService;
+    private PersonService personService;
+
+    private static final String USER_ONE = "RunAsOne";
+
+    private static final String URL_RUNAS = "/test/runas";
+
+    @Override
+    protected void setUp() throws Exception
+    {
+        super.setUp();
+
+        this.authenticationService = (AuthenticationService) getServer().getApplicationContext().getBean(
+                "AuthenticationService");
+        this.personService = (PersonService) getServer().getApplicationContext().getBean("PersonService");
+
+        // Create users
+        createUser(USER_ONE);
+    }
+
+    private void createUser(String userName)
+    {
+        if (this.authenticationService.authenticationExists(userName) == false)
+        {
+            this.authenticationService.createAuthentication(userName, "PWD".toCharArray());
+
+            PropertyMap ppOne = new PropertyMap(4);
+            ppOne.put(ContentModel.PROP_USERNAME, userName);
+            ppOne.put(ContentModel.PROP_FIRSTNAME, "firstName");
+            ppOne.put(ContentModel.PROP_LASTNAME, "lastName");
+            ppOne.put(ContentModel.PROP_EMAIL, "email@email.com");
+            ppOne.put(ContentModel.PROP_JOBTITLE, "jobTitle");
+
+            this.personService.createPerson(ppOne);
+        }
+    }
+
+    @Override
+    protected void tearDown() throws Exception
+    {
+        super.tearDown();
+    }
+
+    public void testRunAs() throws Exception
+    {
+        Response response = sendRequest(new GetRequest(URL_RUNAS), 200, "admin");
+        assertEquals(USER_ONE, response.getContentAsString());
+    }
+}

source/test-resources/alfresco/webscripts/org/alfresco/test/runas.get.desc.xml

@@ -0,0 +1,8 @@
+<webscript>
+  <shortname>Unit Test for Run As Function</shortname>
+  <description>Echo the name of the effective user</description>
+  <format>argument</format>
+  <url>/test/runas</url>
+  <authentication runas="RunAsOne">user</authentication>
+  <transaction>required</transaction>
+</webscript>

source/test-resources/alfresco/webscripts/org/alfresco/test/runas.get.html.ftl

@@ -0,0 +1 @@
+${userName!"<notset>"}

source/test-resources/alfresco/webscripts/org/alfresco/test/runas.get.js

@@ -0,0 +1 @@
+model.userName = person.properties.userName;