Merge remote-tracking branch 'remotes/origin/release/V2.6' into merge-2.7/RM-7148_UpdateACSVersion

# Conflicts:
#	rm-enterprise/pom.xml

rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/search/CmisQueryTests.java

@@ -0,0 +1,233 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2020 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.rm.community.search;
+
+import static org.alfresco.rest.rm.community.model.user.UserRoles.ROLE_RM_MANAGER;
+import static org.alfresco.rest.rm.community.util.CommonTestUtils.generateTestPrefix;
+import static org.alfresco.utility.report.log.Step.STEP;
+import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertFalse;
+import static org.testng.AssertJUnit.assertTrue;
+
+import org.alfresco.dataprep.ContentActions;
+import org.alfresco.rest.rm.community.base.BaseRMRestTest;
+import org.alfresco.rest.rm.community.model.recordcategory.RecordCategoryChild;
+import org.alfresco.rest.rm.community.model.user.UserPermissions;
+import org.alfresco.test.AlfrescoTest;
+import org.alfresco.utility.constants.UserRole;
+import org.alfresco.utility.model.FileModel;
+import org.alfresco.utility.model.FileType;
+import org.alfresco.utility.model.SiteModel;
+import org.alfresco.utility.model.UserModel;
+import org.apache.chemistry.opencmis.client.api.ItemIterable;
+import org.apache.chemistry.opencmis.client.api.OperationContext;
+import org.apache.chemistry.opencmis.client.api.QueryResult;
+import org.apache.chemistry.opencmis.client.runtime.OperationContextImpl;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+/**
+ * Test to check that RM doesn't break CMIS query
+ *
+ * @author jcule, Rodica Sutu
+ * @since 2.5.4
+ * @since 3.3
+ */
+public class CmisQueryTests extends BaseRMRestTest
+{
+    private static final String SEARCH_TERM = generateTestPrefix(CmisQueryTests.class);
+    private static final String SQL_WITH_NAME =
+            "SELECT cmis:name FROM cmis:document where CONTAINS('cmis:name:*" + SEARCH_TERM + "*')";
+
+    private SiteModel collaborationSite;
+    private UserModel nonRMUser, rmUser;
+    private RecordCategoryChild recordFolder;
+
+    @Autowired
+    private ContentActions contentActions;
+
+    /**
+     * Create  some test data:
+     * <pre>
+     *     - a collaboration site with documents
+     *     - in place records
+     *     - category with folder and records
+     *     - a user with no rm rights (no rights to see the record from file plan)
+     *     - a user with rights to see the records and the other documents created
+     * </pre>
+     */
+    @BeforeClass (alwaysRun = true)
+    public void setupCmisQuery() throws Exception
+    {
+        STEP("Create a collaboration site");
+        collaborationSite = dataSite.usingAdmin().createPrivateRandomSite();
+
+        STEP("Create 10 documents ending with SEARCH_TERM");
+        for (int i = 0; ++i <= 10; )
+        {
+            FileModel fileModel = new FileModel(String.format("%s.%s", "Doc" + i + SEARCH_TERM,
+                    FileType.TEXT_PLAIN.extention));
+            dataContent.usingAdmin().usingSite(collaborationSite).createContent(fileModel);
+        }
+
+        STEP("Create a collaborator user for the collaboration site");
+        nonRMUser = getDataUser().createRandomTestUser();
+        getDataUser().addUserToSite(nonRMUser, collaborationSite, UserRole.SiteManager);
+
+        STEP("Create 10 documents and declare as records");
+        for (int i = 0; ++i <= 10; )
+        {
+            FileModel fileModel = new FileModel(String.format("%s.%s", "InPlace " + SEARCH_TERM + i,
+                    FileType.TEXT_PLAIN.extention));
+            fileModel = dataContent.usingUser(nonRMUser).usingSite(collaborationSite).createContent(fileModel);
+            getRestAPIFactory().getFilesAPI(nonRMUser).declareAsRecord(fileModel.getNodeRefWithoutVersion());
+        }
+
+        STEP("Create record folder and some records ");
+        recordFolder = createCategoryFolderInFilePlan();
+        for (int i = 0; ++i <= 10; )
+        {
+            createElectronicRecord(recordFolder.getId(), "Record " + SEARCH_TERM + i);
+        }
+        STEP("Create an rm user with read permission over the category created and contributor role within the " +
+                "collaboration site");
+        rmUser = getDataUser().createRandomTestUser();
+        getRestAPIFactory().getRMUserAPI().assignRoleToUser(rmUser.getUsername(), ROLE_RM_MANAGER);
+        getRestAPIFactory().getRMUserAPI().addUserPermission(recordFolder.getParentId(), rmUser, UserPermissions.PERMISSION_READ_RECORDS);
+        getDataUser().addUserToSite(rmUser, collaborationSite, UserRole.SiteContributor);
+
+
+        //do a cmis query to wait for solr indexing
+        long currentTime = System.currentTimeMillis();
+        long endTime = 0;
+        do
+        {
+            try
+            {
+                endTime = System.currentTimeMillis();
+                ItemIterable<QueryResult> results = contentActions.getCMISSession(getAdminUser().getUsername(),
+                        getAdminUser().getPassword()).query(SQL_WITH_NAME, false);
+                assertEquals("Total number of items is not 30, got  " + results.getTotalNumItems() + "total items",
+                        30, results.getTotalNumItems());
+                break;
+            }
+            catch (AssertionError | Exception e)
+            {
+                if (endTime - currentTime > 30000)
+                {
+                    throw new AssertionError("Maximum retry period reached, test failed.", e);
+                }
+                Thread.sleep(5000);
+            }
+        } while (true);
+    }
+
+    /**
+     * <pre>
+     * Given the RM site created
+     * When I execute a cmis query to get all the documents names
+     * Then I get all documents names 100 per page
+     * </pre>
+     */
+    @Test
+    @AlfrescoTest (jira = "MNT-19442")
+    public void getAllDocumentsNamesCmisQuery()
+    {
+        // execute the cmis query
+        String cq = "SELECT cmis:name FROM cmis:document";
+        ItemIterable<QueryResult> results =
+                contentActions.getCMISSession(getAdminUser().getUsername(), getAdminUser().getPassword()).query(cq,
+                        false);
+
+        // check the total number of items is greater than 100 and has more items is true
+        assertTrue("Has more items not true.", results.getHasMoreItems());
+        assertTrue("Total number of items is not greater than 100. Total number of items received" + results.getTotalNumItems(),
+                results.getTotalNumItems() > 100);
+        assertEquals("Expected 100 items per page and got " + results.getPageNumItems() + " per page.", 100,
+                results.getPageNumItems());
+    }
+
+    /**
+     * <pre>
+     * Given the RM site created
+     * When I execute a cmis query to get all the documents names with a particular name
+     * Then I get all documents names user has permission
+     * </pre>
+     */
+    @Test
+    @AlfrescoTest (jira = "MNT-19442")
+    public void getDocumentsWithSpecificNamesCmisQuery() throws Exception
+    {
+        // execute the cmis query
+        ItemIterable<QueryResult> results =
+                contentActions.getCMISSession(nonRMUser.getUsername(), nonRMUser.getPassword()).query(SQL_WITH_NAME,
+                        false);
+        assertEquals("Total number of items is not 20, got  " + results.getTotalNumItems() + " total items",
+                20, results.getTotalNumItems());
+        // check the has more items is false
+        assertFalse("Has more items not false.", results.getHasMoreItems());
+        assertEquals("Expected 20 items per page and got " + results.getPageNumItems() + " per page.", 20,
+                results.getPageNumItems());
+    }
+
+    /**
+     * <pre>
+     * Given the RM site created
+     * When I execute a cmis query to get all the documents names with a specific number per page
+     * Then I get all documents names paged as requested that the user has permission
+     * </pre>
+     */
+    @Test
+    @AlfrescoTest (jira = "MNT-19442")
+    public void getDocumentsCmisQueryWithPagination() throws Exception
+    {
+        OperationContext oc = new OperationContextImpl();
+        oc.setMaxItemsPerPage(10);
+        ItemIterable<QueryResult> results =
+                contentActions.getCMISSession(rmUser.getUsername(), rmUser.getPassword()).query(SQL_WITH_NAME,
+                        false, oc);
+
+        // check the total number of items and has more items is true
+        assertTrue("Has more items not true. ", results.getHasMoreItems());
+        assertEquals("Total number of items is not 30 " + results.getTotalNumItems(), 30,
+                results.getTotalNumItems());
+        assertEquals("Expected 10 items per page and got " + results.getPageNumItems() + " per page.",
+                10, results.getPageNumItems());
+    }
+
+    @AfterClass
+    private void clearCmisQueryTests()
+    {
+        dataSite.usingAdmin().deleteSite(collaborationSite);
+        getRestAPIFactory().getRecordCategoryAPI().deleteRecordCategory(recordFolder.getParentId());
+        getDataUser().usingAdmin().deleteUser(rmUser);
+        getDataUser().usingAdmin().deleteUser(nonRMUser);
+    }
+}

rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml

@@ -156,6 +156,7 @@
         <property name="maxPermissionChecks">
             <value>${system.acl.maxPermissionChecks}</value>
         </property>
+        <property name="authenticationUtil" ref="rm.authenticationUtil" />
     </bean>
 
     <!-- Link up after method call security -->

rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProvider.java

@@ -46,10 +46,10 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
 
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.repo.search.SimpleResultSetMetaData;
 import org.alfresco.repo.search.impl.lucene.PagingLuceneResultSet;
 import org.alfresco.repo.search.impl.querymodel.QueryEngineResults;
-import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.PermissionCheckCollection;
 import org.alfresco.repo.security.permissions.PermissionCheckValue;
 import org.alfresco.repo.security.permissions.PermissionCheckedCollection.PermissionCheckedCollectionMixin;
@@ -80,8 +80,8 @@ public class RMAfterInvocationProvider extends RMSecurityCommon
 
     private static final String AFTER_RM = "AFTER_RM";
 
+    private AuthenticationUtil authenticationUtil;
     private int maxPermissionChecks;
-
     private long maxPermissionCheckTimeMillis;
 
     public boolean supports(ConfigAttribute configAttribute)
@@ -130,6 +130,16 @@ public class RMAfterInvocationProvider extends RMSecurityCommon
         this.maxPermissionCheckTimeMillis = maxPermissionCheckTimeMillis;
     }
 
+    /**
+     * Sets the authentication util
+     *
+     * @param authenticationUtil The authentication util to set
+     */
+    public void setAuthenticationUtil(AuthenticationUtil authenticationUtil)
+    {
+        this.authenticationUtil = authenticationUtil;
+    }
+
     @SuppressWarnings("rawtypes")
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
     {
@@ -147,7 +157,7 @@ public class RMAfterInvocationProvider extends RMSecurityCommon
         }
         try
         {
-            if (AuthenticationUtil.isRunAsUserTheSystemUser())
+            if (authenticationUtil.isRunAsUserTheSystemUser())
             {
                 if (logger.isDebugEnabled())
                 {
@@ -557,6 +567,13 @@ public class RMAfterInvocationProvider extends RMSecurityCommon
             }
         }
 
+        if (maxSize != null)
+        {
+            LimitBy limitBy = returnedObject.length() > maxSize ? LimitBy.FINAL_SIZE : LimitBy.UNLIMITED;
+            filteringResultSet.setResultSetMetaData(new SimpleResultSetMetaData(limitBy,
+                    PermissionEvaluationMode.EAGER, returnedObject.getResultSetMetaData().getSearchParameters()));
+        }
+
         filteringResultSet.setNumberFound(returnedObject.getNumberFound());
 
         return filteringResultSet;

rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProviderUnitTest.java

@@ -0,0 +1,178 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2020 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.module.org_alfresco_module_rm.capability;
+
+import static java.util.Arrays.asList;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import java.util.List;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.ConfigAttribute;
+import net.sf.acegisecurity.ConfigAttributeDefinition;
+import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.impl.acegi.FilteringResultSet;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.search.LimitBy;
+import org.alfresco.service.cmr.search.ResultSet;
+import org.alfresco.service.cmr.search.ResultSetMetaData;
+import org.alfresco.service.cmr.search.SearchParameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+
+/** Unit tests for {@link RMAfterInvocationProvider}. */
+public class RMAfterInvocationProviderUnitTest
+{
+	private static final NodeRef NODE_A = new NodeRef("test://node/a");
+
+	/** The class under test. */
+	@InjectMocks
+	private RMAfterInvocationProvider rmAfterInvocationProvider;
+	@Mock
+	private Authentication authentication;
+	@Mock
+	Object object;
+	@Mock
+	ConfigAttributeDefinition config;
+	@Mock
+	AuthenticationUtil authenticationUtil;
+	@Mock
+	NodeService nodeService;
+	@Mock
+	ChildAssociationRef childAssocRefA;
+
+	/** Set up the mocks and common test data. */
+	@Before
+	public void setUp()
+	{
+		initMocks(this);
+
+		// Set up the nodes and associations.
+		when(nodeService.exists(NODE_A)).thenReturn(true);
+		when(childAssocRefA.getParentRef()).thenReturn(NODE_A);
+
+		// Create the config object for use by the tests.
+		ConfigAttribute configAttribute = mock(ConfigAttribute.class);
+		when(configAttribute.getAttribute()).thenReturn("AFTER_RM.test");
+		List<ConfigAttribute> configAttributes = asList(configAttribute);
+		when(config.getConfigAttributes()).thenReturn(configAttributes.iterator());
+	}
+
+	/** Check that when all the results fit into a page then we get a response of "UNLIMITED". */
+	@Test
+	public void testDecide_resultSet_unlimited()
+	{
+		// The returned object is a search result set.
+		ResultSet returnedObject = mock(ResultSet.class);
+		ResultSetMetaData resultSetMetaData = mock(ResultSetMetaData.class);
+		when(returnedObject.getResultSetMetaData()).thenReturn(resultSetMetaData);
+
+		// Simulate a single result, and the user has access to it.
+		when(returnedObject.length()).thenReturn(1);
+		when(returnedObject.getNumberFound()).thenReturn(1L);
+		when(returnedObject.getNodeRef(0)).thenReturn(NODE_A);
+		when(returnedObject.getChildAssocRef(0)).thenReturn(childAssocRefA);
+
+		// Set the page size to 1 and skip count to 0.
+		SearchParameters searchParameters = mock(SearchParameters.class);
+		when(searchParameters.getMaxItems()).thenReturn(1);
+		when(searchParameters.getSkipCount()).thenReturn(0);
+		when(resultSetMetaData.getSearchParameters()).thenReturn(searchParameters);
+
+		// Call the method under test.
+		FilteringResultSet filteringResultSet = (FilteringResultSet) rmAfterInvocationProvider.decide(authentication, object, config, returnedObject);
+
+		assertEquals("Expected total of one result.", 1, filteringResultSet.getNumberFound());
+		assertEquals("Expected one result returned.", 1, filteringResultSet.length());
+		assertEquals("Expected that results were not limited by the page size.", LimitBy.UNLIMITED, filteringResultSet.getResultSetMetaData().getLimitedBy());
+	}
+
+	/** Check that results can skipped due to the skip count. */
+	@Test
+	public void testDecide_resultSet_skipped()
+	{
+		// The returned object is a search result set.
+		ResultSet returnedObject = mock(ResultSet.class);
+		ResultSetMetaData resultSetMetaData = mock(ResultSetMetaData.class);
+		when(returnedObject.getResultSetMetaData()).thenReturn(resultSetMetaData);
+
+		// Simulate a single result that was skipped due to the skip count.
+		when(returnedObject.length()).thenReturn(0);
+		when(returnedObject.getNumberFound()).thenReturn(1L);
+
+		// Set the page size to 1 and skip count to 1 (so the result is skipped).
+		SearchParameters searchParameters = mock(SearchParameters.class);
+		when(searchParameters.getMaxItems()).thenReturn(1);
+		when(searchParameters.getSkipCount()).thenReturn(1);
+		when(resultSetMetaData.getSearchParameters()).thenReturn(searchParameters);
+
+		// Call the method under test.
+		FilteringResultSet filteringResultSet = (FilteringResultSet) rmAfterInvocationProvider.decide(authentication, object, config, returnedObject);
+
+		assertEquals("Expected total of one result.", 1, filteringResultSet.getNumberFound());
+		assertEquals("Expected no results returned.", 0, filteringResultSet.length());
+		assertEquals("Expected that results were not limited by the page size.", LimitBy.UNLIMITED, filteringResultSet.getResultSetMetaData().getLimitedBy());
+	}
+
+	/** Check that results can be limited by the page size. */
+	@Test
+	public void testDecide_resultSet_pageSize()
+	{
+		// The returned object is a search result set.
+		ResultSet returnedObject = mock(ResultSet.class);
+		ResultSetMetaData resultSetMetaData = mock(ResultSetMetaData.class);
+		when(returnedObject.getResultSetMetaData()).thenReturn(resultSetMetaData);
+
+		// Simulate a single result, and the user has access to it.
+		when(returnedObject.length()).thenReturn(1);
+		when(returnedObject.getNumberFound()).thenReturn(1L);
+		when(returnedObject.getNodeRef(0)).thenReturn(NODE_A);
+		when(returnedObject.getChildAssocRef(0)).thenReturn(childAssocRefA);
+
+		// Set the page size to 0 and skip count to 0 (so the result is not in page).
+		SearchParameters searchParameters = mock(SearchParameters.class);
+		when(searchParameters.getMaxItems()).thenReturn(0);
+		when(searchParameters.getSkipCount()).thenReturn(0);
+		when(resultSetMetaData.getSearchParameters()).thenReturn(searchParameters);
+
+		// Call the method under test.
+		FilteringResultSet filteringResultSet = (FilteringResultSet) rmAfterInvocationProvider.decide(authentication, object, config, returnedObject);
+
+		assertEquals("Expected total of one result.", 1, filteringResultSet.getNumberFound());
+		assertEquals("Expected no results returned.", 0, filteringResultSet.length());
+		assertEquals("Expected that results were limited by page size.", LimitBy.FINAL_SIZE, filteringResultSet.getResultSetMetaData().getLimitedBy());
+	}
+}