From 2fa3bf1a55a35bef17de2e2ff8e89c62e7f37c09 Mon Sep 17 00:00:00 2001 From: Alexandru Balmus Date: Tue, 20 Oct 2015 13:25:39 +0000 Subject: [PATCH] RM-2391 : The Audit Log GET requests have to verify first which user is logged in and to which data it has access. - Implemented final fix and added a unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.2@114786 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../RecordsManagementAuditServiceImpl.java | 2 +- ...RecordsManagementAuditServiceImplTest.java | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 6c2e81679f..9e804bc72e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -921,7 +921,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean return true; } - if( nodeRef != null && + if(nodeRef != null && nodeService.exists(nodeRef) && !AccessStatus.ALLOWED.equals( capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAuditServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAuditServiceImplTest.java index 65b0cede07..1a9d8f469c 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAuditServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAuditServiceImplTest.java @@ -141,6 +141,55 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase }, ADMIN_USER); } + /** + * Test getAuditTrail method to check that deleted items always show in the audit. + * + * @see RM-2391 (last addressed isue) + */ + public void testGetAuditTrailForDeletedItem() + { + // We have only one entry for the event "audit.start": + List entries = getAuditTrail(1, ADMIN_USER); + + assertEquals(entries.get(0).getEvent(), "audit.start"); + + // Event "audit.view" was generated but will be visible on the next call to getAuditTrail(). + + // Make a change: + updateTitle(filePlan, ADMIN_USER); // event=Update RM Object + + // Show the audit has been updated; at this point we have three entries for the three events up to now: + // "audit.start", "audit.view" and "Update RM Object"; + entries = getAuditTrail(3, ADMIN_USER); + + assertEquals(entries.get(0).getEvent(), "audit.start"); + assertEquals(entries.get(1).getEvent(), "audit.view"); + assertEquals(entries.get(2).getEvent(), "Update RM Object"); + + // New "audit.view" event was generated - will be visible on next getAuditTrail(). + + doTestInTransaction(new Test() + { + @Override + public Void run() throws Exception + { + nodeService.deleteNode(record); + List entries = getAuditTrail(5, ADMIN_USER); + + assertEquals(entries.get(0).getEvent(), "audit.start"); + assertEquals(entries.get(1).getEvent(), "audit.view"); + assertEquals(entries.get(2).getEvent(), "Update RM Object"); + assertEquals(entries.get(3).getEvent(), "audit.view"); + + // Show the audit contains a reference to the deleted item: + assertEquals(entries.get(4).getEvent(), "Delete RM Object"); + assertEquals(entries.get(4).getNodeRef(), record); + + return null; + } + }); + } + /** * Test getAuditTrail method and parameter filters. */