RM-4426: Tests for user without delete capability.

2025-07-31 17:39:05 +00:00 · 2016-12-22 16:55:55 +00:00
parent 2458fc6f38
commit 2764802bca
4 changed files with 163 additions and 8 deletions
--- a/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/base/BaseRestTest.java
+++ b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/base/BaseRestTest.java
@@ -28,6 +28,8 @@ package org.alfresco.rest.rm.community.base;

 import static java.lang.Integer.parseInt;

+import static com.jayway.restassured.RestAssured.given;
+
 import static org.alfresco.rest.rm.community.base.TestData.CATEGORY_TITLE;
 import static org.alfresco.rest.rm.community.base.TestData.FOLDER_TITLE;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.FILE_PLAN_ALIAS;
@@ -37,11 +39,19 @@ import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanCo
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.UNFILED_RECORD_FOLDER_TYPE;
 import static org.alfresco.rest.rm.community.model.site.RMSiteCompliance.STANDARD;
 import static org.alfresco.utility.data.RandomData.getRandomAlphanumeric;
+import static org.jglue.fluentjson.JsonBuilderFactory.buildObject;
 import static org.springframework.http.HttpStatus.CREATED;
 import static org.springframework.http.HttpStatus.OK;

+import com.google.gson.JsonObject;
 import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.builder.RequestSpecBuilder;
+import com.jayway.restassured.http.ContentType;
+import com.jayway.restassured.response.Response;
+import com.jayway.restassured.specification.RequestSpecification;

+import org.alfresco.dataprep.AlfrescoHttpClient;
+import org.alfresco.dataprep.AlfrescoHttpClientFactory;
 import org.alfresco.rest.RestTest;
 import org.alfresco.rest.core.RestWrapper;
 import org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponent;
@@ -96,6 +106,9 @@ public class BaseRestTest extends RestTest
    @Autowired
    public FilePlanComponentAPI filePlanComponentAPI;

+    @Autowired
+    private AlfrescoHttpClientFactory alfrescoHttpClientFactory;
+    
    // Constants
    public static final String RM_ID = "rm";
    public static final String RM_TITLE = "Records Management";
@@ -268,4 +281,47 @@ public class BaseRestTest extends RestTest
        filePlanComponentAPI.usingRestWrapper().authenticateUser(user);
        return filePlanComponentAPI.getFilePlanComponent(componentId);
    }
+    
+    /**
+     * Helper method to add permission on a component to user
+     * @param component {@link FilePlanComponent} on which permission should be given
+     * @param user {@link UserModel} for a user to be granted permission
+     * @param permission permission to be granted (e.g. "Filing")
+     */
+     // FIXME: As of December 2016 there is no v1-style API for managing RM permissions.
+     // Until such APIs have become available, this method is just a proxy to an "old-style"
+     // API call.
+    public void addUserPermission(FilePlanComponent component, UserModel user, String permission)
+    {
+        // get an "old-style" REST API client
+        AlfrescoHttpClient client = alfrescoHttpClientFactory.getObject();
+        
+        JsonObject bodyJson = buildObject()
+            .addArray("permissions")
+                .addObject()
+                    .add("authority", user.getUsername())
+                    .add("role", permission)
+                    .end()
+                    .getJson();
+
+        // override v1 baseURI and basePath
+        RequestSpecification spec = new RequestSpecBuilder()
+            .setBaseUri(client.getApiUrl())
+            .setBasePath("/")
+            .build();
+        
+        // execute an "old-style" API call
+        Response response = given()
+            .spec(spec)
+            .auth().basic(dataUser.getAdminUser().getUsername(), dataUser.getAdminUser().getPassword())
+            .contentType(ContentType.JSON)
+            .body(bodyJson.toString())
+            .pathParam("nodeId", component.getId())
+            .log().all()
+        .when()
+            .post("/node/workspace/SpacesStore/{nodeId}/rmpermissions")
+            .prettyPeek()
+            .andReturn();
+        filePlanComponentAPI.usingRestWrapper().setStatusCode(Integer.toString(response.getStatusCode()));
+    }
 }
--- a/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java
+++ b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java
@@ -26,6 +26,7 @@
 */
 package org.alfresco.rest.rm.community.fileplancomponents;

+import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.FILE_PLAN_ALIAS;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.UNFILED_RECORDS_CONTAINER_ALIAS;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.CONTENT_TYPE;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.NON_ELECTRONIC_RECORD_TYPE;
@@ -38,6 +39,7 @@ import static org.springframework.http.HttpStatus.OK;

 import org.alfresco.rest.rm.community.base.BaseRestTest;
 import org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponent;
+import org.alfresco.rest.rm.community.model.user.UserCapabilities;
 import org.alfresco.rest.rm.community.model.user.UserRoles;
 import org.alfresco.rest.rm.community.requests.FilePlanComponentAPI;
 import org.alfresco.rest.rm.community.requests.RMSiteAPI;
@@ -160,7 +162,8 @@ public class DeleteRecordTests extends BaseRestTest
    (
        description = "User without write permissions can't delete a record"
    )
-    public void userWithoutDeletePermissionsCantDeleteRecord() throws Exception
+    @AlfrescoTest(jira="RM-4363")
+    public void userWithoutWritePermissionsCantDeleteRecord() throws Exception
    {
        filePlanComponentAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
        rmSiteAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
@@ -193,6 +196,69 @@ public class DeleteRecordTests extends BaseRestTest
        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(FORBIDDEN);
    }
    
+    /**
+     * <pre>
+     * Given a record
+     * And that I don't have the "Delete Record" capability
+     * When I try to delete the record
+     * Then nothing happens
+     * And error gets reported
+     * </pre>
+     * 
+     * @param container
+     * @throws Exception
+     */
+    @Test
+    (
+        description = "User without delete records capability can't delete a record"
+    )
+    @AlfrescoTest(jira="RM-4363")
+    public void userWithoutDeleteRecordsCapabilityCantDeleteRecord() throws Exception
+    {
+        filePlanComponentAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
+        rmSiteAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
+        
+        // create test user and add it with collab. privileges
+        UserModel deleteUser = dataUser.createRandomTestUser("delnoperm");
+        deleteUser.setUserRole(UserRole.SiteCollaborator);
+        dataUser.addUserToSite(deleteUser, new SiteModel(rmSiteAPI.getSite().getId()), UserRole.SiteCollaborator);
+        logger.info("test user: " + deleteUser.getUsername());
+        
+        // add RM role to user, RM Power User doesn't have the Delete Record capabilities
+        rmUserAPI.assignRoleToUser(deleteUser.getUsername(), UserRoles.ROLE_RM_POWER_USER);
+        rmUserAPI.usingRestWrapper().assertStatusCodeIs(OK);
+        
+        // create random folder
+        FilePlanComponent randomFolder = createCategoryFolderInFilePlan(dataUser.getAdminUser(), FILE_PLAN_ALIAS.toString());
+        logger.info("random folder:" + randomFolder.getName());
+        
+        // grant deleteUser Filing privileges on randomFolder category, this will be
+        // inherited to randomFolder
+        addUserPermission(filePlanComponentAPI.getFilePlanComponent(randomFolder.getParentId()), 
+            deleteUser, UserCapabilities.CAPABILITY_FILING);
+        
+        // create a non-electronic record in randomFolder
+        FilePlanComponent record = FilePlanComponent.builder()
+            .name("Record " + getRandomAlphanumeric())
+            .nodeType(NON_ELECTRONIC_RECORD_TYPE.toString())
+            .build();
+        FilePlanComponent newRecord = filePlanComponentAPI.createFilePlanComponent(
+            record,
+            randomFolder.getId());
+        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(CREATED);
+
+        // log in as deleteUser
+        filePlanComponentAPI.usingRestWrapper().authenticateUser(deleteUser);
+        
+        // verify the user can see the newRecord
+        filePlanComponentAPI.getFilePlanComponent(newRecord.getId());
+        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(OK);
+        
+        // try to delete newRecord
+        filePlanComponentAPI.deleteFilePlanComponent(newRecord.getId());
+        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(FORBIDDEN);
+    }
+    
    /**
     * Utility method to delete a record and verify successful deletion
     * @param record