RM-1947 Restrict the classification levels shown to a user.

Currently we don't check what classification level the user has, and instead assume that they have the highest security clearance. The work to assign a security clearance to a user will be in RM-2112. +review RM git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@101413 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2015-04-08 14:55:58 +00:00
parent d7ab9b5480
commit 2ae7a18fc9
2 changed files with 55 additions and 3 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java
@@ -167,11 +167,31 @@ public class ClassificationServiceImpl extends ServiceBaseImpl
        return classificationServiceDao.getConfiguredReasons();
    }

+    /**
+     * Create a list containing all classification levels up to and including the supplied level.
+     * 
+     * @param allLevels The list of all the classification levels starting with the highest security.
+     * @param targetLevel The highest security classification level that should be returned. If this is not found then
+     *            an empty list will be returned.
+     * @return an immutable list of the levels that a user at the target level can see.
+     */
+    List<ClassificationLevel> restrictList(List<ClassificationLevel> allLevels, ClassificationLevel targetLevel)
+    {
+        int targetIndex = allLevels.indexOf(targetLevel);
+        if (targetIndex == -1) { return Collections.emptyList(); }
+        List<ClassificationLevel> subList = allLevels.subList(targetIndex, allLevels.size());
+        return Collections.unmodifiableList(subList);
+    }
+
    @Override
    public List<ClassificationLevel> getClassificationLevels()
    {
-        return configuredLevels == null ? Collections.<ClassificationLevel>emptyList() :
-                                          Collections.unmodifiableList(configuredLevels);
+        if (configuredLevels == null) {
+            return Collections.emptyList();
+        }
+        // FIXME Currently assume user has highest security clearance, this should be fixed as part of RM-2112.
+        ClassificationLevel usersLevel = configuredLevels.get(0);
+        return restrictList(configuredLevels, usersLevel);
    }

    @Override public List<ClassificationReason> getClassificationReasons()
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java
@@ -19,6 +19,7 @@
 package org.alfresco.module.org_alfresco_module_rm.classification;

 import static java.util.Arrays.asList;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
@@ -33,6 +34,7 @@ import java.util.List;
 import java.util.stream.Stream;

 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceException.MissingConfiguration;
+import org.alfresco.module.org_alfresco_module_rm.test.util.ExceptionUtils;
 import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
 import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.service.cmr.attributes.AttributeService;
@@ -211,4 +213,34 @@ public class ClassificationServiceImplUnitTest

        classificationServiceImpl.initConfiguredClassificationReasons();
    }
+
+    /**
+     * Check that restrictList returns the three lower security levels when supplied with "secret" (i.e. that it doesn't
+     * return "top secret").
+     */
+    @Test public void restrictList_filter()
+    {
+        ClassificationLevel targetLevel = new ClassificationLevel("Secret", "rm.classification.secret");
+
+        List<ClassificationLevel> actual = classificationServiceImpl.restrictList(DEFAULT_CLASSIFICATION_LEVELS, targetLevel);
+
+        List<ClassificationLevel> expected = asLevelList("Secret",       "rm.classification.secret",
+                                                         "Confidential", "rm.classification.confidential",
+                                                         "No Clearance", "rm.classification.noClearance");
+        assertEquals(expected, actual);
+        // Check that the returned list can't be modified.
+        ExceptionUtils.expectedException(UnsupportedOperationException.class, () -> actual.remove(0));
+    }
+
+    /**
+     * Check that restrictList returns an empty list when the target is not contained in the list.
+     */
+    @Test public void restrictList_targetNotFound()
+    {
+        ClassificationLevel targetLevel = new ClassificationLevel("UnrecognisedLevel", "rm.classification.IMadeThisUp");
+
+        List<ClassificationLevel> actual = classificationServiceImpl.restrictList(DEFAULT_CLASSIFICATION_LEVELS, targetLevel);
+
+        assertEquals("Expected an empty list when the target level is not found.", 0, actual.size());
+    }
 }