From 32d169b99be343853659f1d5ae9b4d97bfb59207 Mon Sep 17 00:00:00 2001 From: Britt Park Date: Thu, 7 Jun 2007 20:20:34 +0000 Subject: [PATCH] AVMLockingService is better tested now. Added isAdminAuthority() to AuthorityService. Can be removed if this is objectionable. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5887 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- config/alfresco/public-services-context.xml | 9 +- .../avm/locking/AVMLockingServiceImpl.java | 28 ++-- .../avm/locking/AVMLockingServiceTest.java | 143 ++++++++++++++++-- .../authority/AuthorityServiceImpl.java | 13 ++ .../authority/SimpleAuthorityServiceImpl.java | 13 ++ .../cmr/avm/locking/AVMLockingService.java | 6 + .../cmr/security/AuthorityService.java | 9 ++ 7 files changed, 200 insertions(+), 21 deletions(-) diff --git a/config/alfresco/public-services-context.xml b/config/alfresco/public-services-context.xml index 8759cb4f50..e056cd87ed 100644 --- a/config/alfresco/public-services-context.xml +++ b/config/alfresco/public-services-context.xml @@ -1077,7 +1077,10 @@ getLock getUserLocks - getWebProjectLocks + getWebProjectLocks + getWebProjects + getStoreLocks + hasAccess @@ -1091,7 +1094,9 @@ addWebProject lockPath removeLock - removeWebProject + removeWebProject + modifyLock + removeStoreLocks diff --git a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java index 907b0c0b47..49e6b1c843 100644 --- a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java +++ b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java @@ -209,8 +209,8 @@ public class AVMLockingServiceImpl implements AVMLockingService { for (String authority : lock.getOwners()) { - if (fPersonService.getPerson(authority) == null && - !fAuthorityService.authorityExists(authority)) + if (!fAuthorityService.authorityExists(authority) && + !fPersonService.personExists(authority)) { throw new AVMBadArgumentException("Not an Authority: " + authority); } @@ -466,8 +466,8 @@ public class AVMLockingServiceImpl implements AVMLockingService { for (String user : usersToAdd) { - if (fPersonService.getPerson(user) == null && - !fAuthorityService.authorityExists(user)) + if (!fAuthorityService.authorityExists(user) && + !fPersonService.personExists(user)) { throw new AVMBadArgumentException("Not an authority: " + user); } @@ -512,6 +512,10 @@ public class AVMLockingServiceImpl implements AVMLockingService { return false; } + if (fAuthorityService.isAdminAuthority(user)) + { + return true; + } String[] storePath = avmPath.split(":"); if (storePath.length != 2) { @@ -527,11 +531,6 @@ public class AVMLockingServiceImpl implements AVMLockingService { return false; } - // TODO is this meaningful? I don't think so. - if (AuthorityType.getAuthorityType(user) == AuthorityType.ADMIN) - { - return true; - } List owners = lock.getOwners(); for (String owner : owners) { @@ -569,4 +568,15 @@ public class AVMLockingServiceImpl implements AVMLockingService } return false; } + + /* (non-Javadoc) + * @see org.alfresco.service.cmr.avm.locking.AVMLockingService#getWebProjects() + */ + public List getWebProjects() + { + List keys = new ArrayList(); + keys.add(LOCK_TABLE); + keys.add(WEB_PROJECTS); + return fAttributeService.getKeys(keys); + } } diff --git a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java index 3036d09554..24d5810e2c 100644 --- a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java +++ b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java @@ -25,16 +25,10 @@ package org.alfresco.repo.avm.locking; -import java.io.Serializable; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; -import java.util.Set; -import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationComponent; -import org.alfresco.repo.security.authentication.AuthenticationComponentImpl; import org.alfresco.service.cmr.attributes.AttributeService; import org.alfresco.service.cmr.avm.locking.AVMLock; import org.alfresco.service.cmr.avm.locking.AVMLockingService; @@ -42,7 +36,6 @@ import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.QName; import org.springframework.context.support.FileSystemXmlApplicationContext; import junit.framework.TestCase; @@ -112,10 +105,10 @@ public class AVMLockingServiceTest extends TestCase @Override protected void tearDown() throws Exception { - List keys = fAttributeService.getKeys(""); - for (String key : keys) + List webProjects = fService.getWebProjects(); + for (String webProject : webProjects) { - fAttributeService.removeAttribute("", key); + fService.removeWebProject(webProject); } fAuthenticationService.deleteAuthentication("Buffy"); fAuthenticationService.deleteAuthentication("Willow"); @@ -180,4 +173,134 @@ public class AVMLockingServiceTest extends TestCase fail(); } } + + public void testRoleBasedLocking() + { + try + { + fService.addWebProject("alfresco"); + List owners = new ArrayList(); + owners.add("ROLE_SUPER_POWERED"); + owners.add("Tara"); + AVMLock lock = new AVMLock("alfresco", + "Sunnydale", + "TheInitiative/Adam/plans.txt", + AVMLockingService.Type.DISCRETIONARY, + owners); + fService.lockPath(lock); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander")); + } + catch (Exception e) + { + e.printStackTrace(); + fail(); + } + } + + public void testGroupBasedLocking() + { + try + { + fService.addWebProject("alfresco"); + List owners = new ArrayList(); + owners.add("GROUP_Scoobies"); + owners.add("Tara"); + AVMLock lock = new AVMLock("alfresco", + "Sunnydale", + "TheInitiative/Adam/plans.txt", + AVMLockingService.Type.DISCRETIONARY, + owners); + fService.lockPath(lock); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander")); + } + catch (Exception e) + { + e.printStackTrace(); + fail(); + } + } + + public void testLockModification() + { + try + { + fService.addWebProject("alfresco"); + List owners = new ArrayList(); + owners.add("GROUP_Scoobies"); + owners.add("Tara"); + AVMLock lock = new AVMLock("alfresco", + "Sunnydale", + "TheInitiative/Adam/plans.txt", + AVMLockingService.Type.DISCRETIONARY, + owners); + fService.lockPath(lock); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander")); + fService.modifyLock("alfresco", "TheInitiative/Adam/plans.txt", "ScrapHeap/Adam/plans.txt", null, null, null); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Spike")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Tara")); + assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Xander")); + fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, "LA", null, null); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Buffy")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Willow")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Xander")); + List usersToAdd = new ArrayList(); + usersToAdd.add("Spike"); + fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, null, null, usersToAdd); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander")); + List usersToRemove = new ArrayList(); + usersToRemove.add("GROUP_Scoobies"); + fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, null, usersToRemove, null); + assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike")); + assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara")); + assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander")); + assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "admin")); + } + catch (Exception e) + { + e.printStackTrace(); + fail(); + } + } } diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java index 7041e73798..24dc88a4cd 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java @@ -99,6 +99,19 @@ public class AuthorityServiceImpl implements AuthorityService return ((currentUserName != null) && adminUsers.contains(currentUserName)); } + /* (non-Javadoc) + * @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String) + */ + public boolean isAdminAuthority(String authorityName) + { + String canonicalName = personService.getUserIdentifier(authorityName); + if (canonicalName == null) + { + canonicalName = authorityName; + } + return adminUsers.contains(canonicalName); + } + // IOC public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) diff --git a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java index e4b4e6f2db..076984340d 100644 --- a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java @@ -84,6 +84,19 @@ public class SimpleAuthorityServiceImpl implements AuthorityService return ((currentUserName != null) && adminUsers.contains(currentUserName)); } + /* (non-Javadoc) + * @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String) + */ + public boolean isAdminAuthority(String authorityName) + { + String canonicalName = personService.getUserIdentifier(authorityName); + if (canonicalName == null) + { + canonicalName = authorityName; + } + return adminUsers.contains(canonicalName); + } + // IOC public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) diff --git a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java index 6661a16de2..37c7ae2636 100644 --- a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java +++ b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java @@ -122,4 +122,10 @@ public interface AVMLockingService * @return Whether the user has access. */ public boolean hasAccess(String webProject, String avmPath, String user); + + /** + * Get the names of all the web projects the service knows about. + * @return The list of web project names. + */ + public List getWebProjects(); } diff --git a/source/java/org/alfresco/service/cmr/security/AuthorityService.java b/source/java/org/alfresco/service/cmr/security/AuthorityService.java index d093d836e7..1679cefc10 100644 --- a/source/java/org/alfresco/service/cmr/security/AuthorityService.java +++ b/source/java/org/alfresco/service/cmr/security/AuthorityService.java @@ -57,6 +57,15 @@ public interface AuthorityService */ @Auditable public boolean hasAdminAuthority(); + + /** + * Does the given authority have admin authority. + * + * @param authorityName The name of the authority. + * @return Whether the authority is an admin. + */ + @Auditable(parameters = {"authorityName"}) + public boolean isAdminAuthority(String authorityName); /** * Get the authorities for the current user