inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged FILE-FOLDER-API (5.2.0) to HEAD (5.2)

Browse Source 
122727 jvonka: (Quick) Shared Links API - update shared links api tests for create, get & delete
   RA-708, RA-776, RA-750


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@126500 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jamal Kaabi-Mofrad
2016-05-10 11:13:27 +00:00
parent 490e8448e0
commit 33cd988c18
3 changed files with 102 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/alfresco/public-rest-context.xml
View File

@@ -487,9 +487,7 @@
<bean id="quickShareLinks" class="org.alfresco.rest.api.impl.QuickShareLinksImpl"> <bean id="quickShareLinks" class="org.alfresco.rest.api.impl.QuickShareLinksImpl">
<property name="quickShareService" ref="QuickShareService"/> <property name="quickShareService" ref="QuickShareService"/>
<property name="nodes" ref="nodes"/> <property name="nodes" ref="nodes"/>
<property name="nodeService" ref="NodeService"/> <property name="serviceRegistry" ref="ServiceRegistry"/>
<property name="personService" ref="PersonService"/>
<property name="authorityService" ref="AuthorityService"/>
<property name="enabled" value="${system.quickshare.enabled}" /> <property name="enabled" value="${system.quickshare.enabled}" />
</bean> </bean>

84
source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java
View File

@@ -37,15 +37,19 @@ import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException; import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.content.BinaryResource; import org.alfresco.rest.framework.resource.content.BinaryResource;
import org.alfresco.rest.framework.resource.parameters.Parameters; import org.alfresco.rest.framework.resource.parameters.Parameters;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.quickshare.InvalidSharedIdException; import org.alfresco.service.cmr.quickshare.InvalidSharedIdException;
import org.alfresco.service.cmr.quickshare.QuickShareDTO; import org.alfresco.service.cmr.quickshare.QuickShareDTO;
import org.alfresco.service.cmr.quickshare.QuickShareService; import org.alfresco.service.cmr.quickshare.QuickShareService;
import org.alfresco.service.cmr.repository.ContentData;
import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.MimetypeService;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair; import org.alfresco.util.Pair;
import org.alfresco.util.ParameterCheck; import org.alfresco.util.ParameterCheck;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@@ -53,6 +57,7 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.surf.util.I18NUtil; import org.springframework.extensions.surf.util.I18NUtil;
import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@@ -73,11 +78,19 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
private final static String DISABLED = "QuickShare is disabled system-wide"; private final static String DISABLED = "QuickShare is disabled system-wide";
private boolean enabled = true; private boolean enabled = true;
private ServiceRegistry sr;
private QuickShareService quickShareService; private QuickShareService quickShareService;
private Nodes nodes; private Nodes nodes;
private NodeService nodeService; private NodeService nodeService;
private PersonService personService; private PersonService personService;
private AuthorityService authorityService; private AuthorityService authorityService;
private MimetypeService mimeTypeService;
public void setServiceRegistry(ServiceRegistry sr)
{
this.sr = sr;
}
public void setQuickShareService(QuickShareService quickShareService) public void setQuickShareService(QuickShareService quickShareService)
{ {
@@ -89,21 +102,6 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
this.nodes = nodes; this.nodes = nodes;
} }
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setEnabled(boolean enabled) public void setEnabled(boolean enabled)
{ {
this.enabled = enabled; this.enabled = enabled;
@@ -112,11 +110,14 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
@Override @Override
public void afterPropertiesSet() public void afterPropertiesSet()
{ {
ParameterCheck.mandatory("sr", this.sr);
ParameterCheck.mandatory("quickShareService", this.quickShareService); ParameterCheck.mandatory("quickShareService", this.quickShareService);
ParameterCheck.mandatory("nodes", this.nodes); ParameterCheck.mandatory("nodes", this.nodes);
ParameterCheck.mandatory("nodeService", this.nodeService);
ParameterCheck.mandatory("personService", this.personService); this.nodeService = sr.getNodeService();
ParameterCheck.mandatory("authorityService", this.authorityService); this.personService = sr.getPersonService();
this.authorityService = sr.getAuthorityService();
this.mimeTypeService = sr.getMimetypeService();
} }
/** /**
@@ -133,11 +134,13 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
Pair<String, NodeRef> pair = quickShareService.getTenantNodeRefFromSharedId(sharedId); Pair<String, NodeRef> pair = quickShareService.getTenantNodeRefFromSharedId(sharedId);
String networkTenantDomain = pair.getFirst(); String networkTenantDomain = pair.getFirst();
final boolean noAuth = (AuthenticationUtil.getRunAsUser() == null);
return TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork<QuickShareLink>() return TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork<QuickShareLink>()
{ {
public QuickShareLink doWork() throws Exception public QuickShareLink doWork() throws Exception
{ {
return getQuickShareInfo(sharedId); return getQuickShareInfo(sharedId, noAuth);
} }
}, networkTenantDomain); }, networkTenantDomain);
} }
@@ -255,6 +258,8 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
List<QuickShareLink> result = new ArrayList<>(nodeIds.size()); List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
boolean noAuth = (AuthenticationUtil.getRunAsUser() == null);
for (QuickShareLink qs : nodeIds) for (QuickShareLink qs : nodeIds)
{ {
String nodeId = qs.getNodeId(); String nodeId = qs.getNodeId();
@@ -268,15 +273,28 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
try try
{ {
// Note: this throws AccessDeniedException (=> 403) via QuickShareService (when NodeService tries to getAspects) // Note: will throw InvalidNodeRefException (=> 404) if node does not exist
QuickShareDTO qsDto = quickShareService.shareContent(nodeRef); String sharedId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDID);
if (sharedId != null)
{
throw new InvalidArgumentException("sharedId already exists: "+nodeId+" ["+sharedId+"]");
}
result.add(getQuickShareInfo(qsDto.getId())); // Note: will throw AccessDeniedException (=> 403) via QuickShareService (when NodeService tries to getAspects)
// Note: since we already check node exists above, we can assume that InvalidNodeRefException (=> 404) here means not content (see type check)
try
{
QuickShareDTO qsDto = quickShareService.shareContent(nodeRef);
result.add(getQuickShareInfo(qsDto.getId(), noAuth));
}
catch (InvalidNodeRefException inre)
{
throw new InvalidArgumentException("Unable to create shared link to non-file content: " + nodeId);
}
} }
catch (AccessDeniedException ade) catch (AccessDeniedException ade)
{ {
logger.warn("Unable to create shared link: [" + nodeRef + "]"); throw new PermissionDeniedException("Unable to create shared link to node that does not exist: " + nodeId);
throw new PermissionDeniedException("Unable to create shared link: " + nodeId);
} }
catch (InvalidNodeRefException inre) catch (InvalidNodeRefException inre)
{ {
@@ -319,7 +337,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
} }
} }
private QuickShareLink getQuickShareInfo(String sharedId) private QuickShareLink getQuickShareInfo(String sharedId, boolean noAuth)
{ {
checkValidShareId(sharedId); checkValidShareId(sharedId);
@@ -329,10 +347,12 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
NodeRef nodeRef = new NodeRef((String) map.get("nodeRef")); NodeRef nodeRef = new NodeRef((String) map.get("nodeRef"));
ContentInfo contentInfo = new ContentInfo((String) map.get("mimetype"), null, (Long) map.get("size"), null); Map<QName, Serializable> nodeProps = nodeService.getProperties(nodeRef);
ContentData cd = (ContentData)nodeProps.get(ContentModel.PROP_CONTENT);
// note: if not authenticated then we do not currently return userids (to be consistent with v0 internal - limited disclosure) String mimeType = cd.getMimetype();
boolean noAuth = (AuthenticationUtil.isRunAsUserTheSystemUser()); // TODO review - for now assume "System" implies unauthenticated access String mimeTypeName = mimeTypeService.getDisplaysByMimetype().get(mimeType);
ContentInfo contentInfo = new ContentInfo(mimeType, mimeTypeName, cd.getSize(), cd.getEncoding());
// //
// modifiedByUser // modifiedByUser
@@ -340,19 +360,21 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
UserInfo modifiedByUser = null; UserInfo modifiedByUser = null;
if (noAuth) if (noAuth)
{ {
// note: if not authenticated then we do not currently return userids (to be consistent with v0 internal - limited disclosure)
modifiedByUser = new UserInfo(null, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName")); modifiedByUser = new UserInfo(null, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName"));
} }
else else
{ {
String modifiedByUserId = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_MODIFIER); String modifiedByUserId = (String)nodeProps.get(ContentModel.PROP_MODIFIER);
modifiedByUser = new UserInfo(modifiedByUserId, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName")); modifiedByUser = new UserInfo(modifiedByUserId, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName"));
} }
// //
// sharedByUser // sharedByUser
// TODO review - should we return for authenticated users only ?? (not exposed by V0 but needed for "find")
// //
UserInfo sharedByUser = null; UserInfo sharedByUser = null;
String sharedByUserId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDBY); String sharedByUserId = (String)nodeProps.get(QuickShareModel.PROP_QSHARE_SHAREDBY);
if (sharedByUserId != null) if (sharedByUserId != null)
{ {
NodeRef pRef = personService.getPerson(sharedByUserId); NodeRef pRef = personService.getPerson(sharedByUserId);
@@ -361,9 +383,9 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
PersonService.PersonInfo pInfo = personService.getPerson(pRef); PersonService.PersonInfo pInfo = personService.getPerson(pRef);
if (pInfo != null) if (pInfo != null)
{ {
// TODO review - limit to authenticated users only ?? (not exposed by V0 but needed for "find")
if (noAuth) if (noAuth)
{ {
// note: if not authenticated then we do not currently return userids (to be consistent with v0 internal - limited disclosure)
sharedByUser = new UserInfo(null, pInfo.getFirstName(), pInfo.getLastName()); sharedByUser = new UserInfo(null, pInfo.getFirstName(), pInfo.getLastName());
} }
else else

87
source/test-java/org/alfresco/rest/api/tests/SharedLinkApiTest.java
View File

@@ -212,16 +212,34 @@ public class SharedLinkApiTest extends AbstractBaseApiTest
assertEquals(d1Id, resp.getNodeId()); assertEquals(d1Id, resp.getNodeId());
assertEquals(docName1, resp.getName()); assertEquals(docName1, resp.getName());
// hmm
assertEquals(MimetypeMap.MIMETYPE_BINARY, resp.getContent().getMimeType());
assertEquals("Binary File (Octet Stream)", resp.getContent().getMimeTypeName());
assertEquals(new Long(contentText.length()), resp.getContent().getSizeInBytes());
assertEquals("UTF-8", resp.getContent().getEncoding());
assertEquals(docModifiedAt.getTime(), resp.getModifiedAt().getTime()); // not changed assertEquals(docModifiedAt.getTime(), resp.getModifiedAt().getTime()); // not changed
assertEquals(docModifiedBy, resp.getModifiedByUser().getId()); // not changed (ie. not user2) assertEquals(docModifiedBy, resp.getModifiedByUser().getId()); // not changed (ie. not user2)
assertEquals(docModifiedBy+" "+docModifiedBy, resp.getModifiedByUser().getDisplayName());
assertEquals(user2, resp.getSharedByUser().getId()); assertEquals(user2, resp.getSharedByUser().getId());
assertEquals(user2+" "+user2, resp.getSharedByUser().getDisplayName());
// try to create again (same user) - should return previous shared id // -ve test - try to create again (same user) - already exists
response = post(URL_SHARED_LINKS, user2, toJsonAsStringNonNull(body), 201); post(URL_SHARED_LINKS, user2, toJsonAsStringNonNull(body), 400);
// auth access to get shared link info
response = getSingle(QuickShareLinkEntityResource.class, user1, sharedId, null, 200);
resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class); resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
assertEquals(sharedId, resp.getSharedId()); assertEquals(sharedId, resp.getSharedId());
assertEquals(d1Id, resp.getNodeId());
assertEquals(docName1, resp.getName());
assertEquals(user1, resp.getModifiedByUser().getId()); // returned if authenticated
assertEquals(user2, resp.getSharedByUser().getId()); // returned if authenticated
// unauth access to get shared link info // unauth access to get shared link info
@@ -248,37 +266,23 @@ public class SharedLinkApiTest extends AbstractBaseApiTest
// TODO unauth access to get shared-link rendition content // TODO unauth access to get shared-link rendition content
// As user 2 ... // -ve delete tests
{
// -ve test - user1 cannot delete shared link
delete(URL_SHARED_LINKS, user1, sharedId, 403);
// try to create again (different user, that has read permission) - should return previous shared id // -ve test - delete - cannot delete non-existent link
response = post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 201); delete(URL_SHARED_LINKS, user1, "dummy", 404);
resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class); }
assertEquals(sharedId, resp.getSharedId());
assertEquals(user1, resp.getModifiedByUser().getId());
assertEquals(user2, resp.getSharedByUser().getId());
// As user 1 ...
// -ve test - user1 cannot delete shared link
delete(URL_SHARED_LINKS, user1, sharedId, 403);
// As user 2 ...
// delete shared link
delete(URL_SHARED_LINKS, user2, sharedId, 204);
response = getSingle(NodesEntityResource.class, user2, d1Id, null, 200);
nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class);
assertEquals(docModifiedAt.getTime(), nodeResp.getModifiedAt().getTime()); // not changed
assertEquals(docModifiedBy, nodeResp.getModifiedByUser().getId()); // not changed (ie. not user2)
// -ve create tests // -ve create tests
{ {
// As user 1 ...
// -ve test - try to create again (different user, that has read permission) - already exists
post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 400);
// -ve - create - missing nodeId // -ve - create - missing nodeId
body = new HashMap<>(); body = new HashMap<>();
post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 400); post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 400);
@@ -292,7 +296,7 @@ public class SharedLinkApiTest extends AbstractBaseApiTest
String f1Id = createFolder(user1, myFolderNodeId, "f1 " + RUNID).getId(); String f1Id = createFolder(user1, myFolderNodeId, "f1 " + RUNID).getId();
body = new HashMap<>(); body = new HashMap<>();
body.put("nodeId", f1Id); body.put("nodeId", f1Id);
post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 404); post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 400);
// -ve test - cannot create if user does not have permission to read // -ve test - cannot create if user does not have permission to read
body = new HashMap<>(); body = new HashMap<>();
@@ -300,6 +304,21 @@ public class SharedLinkApiTest extends AbstractBaseApiTest
post(URL_SHARED_LINKS, user2, toJsonAsStringNonNull(body), 403); post(URL_SHARED_LINKS, user2, toJsonAsStringNonNull(body), 403);
} }
// delete shared link
delete(URL_SHARED_LINKS, user2, sharedId, 204);
// -ve test - delete - cannot delete non-existent link
delete(URL_SHARED_LINKS, user1, sharedId, 404);
response = getSingle(NodesEntityResource.class, user2, d1Id, null, 200);
nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class);
assertEquals(docModifiedAt.getTime(), nodeResp.getModifiedAt().getTime()); // not changed
assertEquals(docModifiedBy, nodeResp.getModifiedByUser().getId()); // not changed (ie. not user2)
// -ve get tests // -ve get tests
{ {
// try to get link that has been deleted (see above) // try to get link that has been deleted (see above)
@@ -311,16 +330,6 @@ public class SharedLinkApiTest extends AbstractBaseApiTest
getSingle(QuickShareLinkEntityResource.class, null, "dummy/content", null, 404); getSingle(QuickShareLinkEntityResource.class, null, "dummy/content", null, 404);
} }
// -ve delete tests
{
// -ve test - delete - cannot delete non-existent link
delete(URL_SHARED_LINKS, user1, sharedId, 404);
// -ve test - delete - cannot delete non-existent link
delete(URL_SHARED_LINKS, user1, "dummy", 404);
}
// TODO if and when these tests are optionally runnable via remote env then we could skip this part of the test // TODO if and when these tests are optionally runnable via remote env then we could skip this part of the test
// (else need to verify test mechanism for enterprise admin via jmx ... etc) // (else need to verify test mechanism for enterprise admin via jmx ... etc)