mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-3074: Refactor so read and write groups are reused independantly based on review comments
This commit is contained in:
Roy Wetherall
@@ -34,7 +34,6 @@ import java.util.HashSet;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.alfresco.error.AlfrescoRuntimeException;
|
|
||||||
import org.alfresco.model.RenditionModel;
|
import org.alfresco.model.RenditionModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||||
@@ -280,19 +279,23 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
String iprReaderGroup = null;
|
String iprReaderGroup = null;
|
||||||
String iprWriterGroup = null;
|
String iprWriterGroup = null;
|
||||||
|
|
||||||
|
// get all the set permissions
|
||||||
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
|
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
|
||||||
for (AccessPermission permission : permissions)
|
for (AccessPermission permission : permissions)
|
||||||
{
|
{
|
||||||
|
// look for the presence of the reader group
|
||||||
if (permission.getAuthority().startsWith(GROUP_PREFIX + READER_GROUP_PREFIX))
|
if (permission.getAuthority().startsWith(GROUP_PREFIX + READER_GROUP_PREFIX))
|
||||||
{
|
{
|
||||||
iprReaderGroup = permission.getAuthority();
|
iprReaderGroup = permission.getAuthority();
|
||||||
}
|
}
|
||||||
|
// look for the presence of the writer group
|
||||||
else if (permission.getAuthority().startsWith(GROUP_PREFIX + WRITER_GROUP_PREFIX))
|
else if (permission.getAuthority().startsWith(GROUP_PREFIX + WRITER_GROUP_PREFIX))
|
||||||
{
|
{
|
||||||
iprWriterGroup = permission.getAuthority();
|
iprWriterGroup = permission.getAuthority();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// assuming the are both present then return
|
||||||
if (iprReaderGroup != null && iprWriterGroup != null)
|
if (iprReaderGroup != null && iprWriterGroup != null)
|
||||||
{
|
{
|
||||||
result = new Pair<String, String>(iprReaderGroup, iprWriterGroup);
|
result = new Pair<String, String>(iprReaderGroup, iprWriterGroup);
|
||||||
@@ -318,40 +321,49 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
*/
|
*/
|
||||||
private Pair<String, String> createOrFindIPRGroups(Set<String> readers, Set<String> writers)
|
private Pair<String, String> createOrFindIPRGroups(Set<String> readers, Set<String> writers)
|
||||||
{
|
{
|
||||||
Pair<String, String> result = null;
|
return new Pair<String, String>(
|
||||||
|
createOrFindIPRGroup(READER_GROUP_PREFIX, readers),
|
||||||
// find read group or determine what the next index is if no group exists or there is a clash
|
createOrFindIPRGroup(WRITER_GROUP_PREFIX, writers));
|
||||||
Pair<String, Integer> readGroupResult = findIPRGroup(READER_GROUP_PREFIX, readers, writers);
|
|
||||||
|
|
||||||
if (readGroupResult.getFirst() == null)
|
|
||||||
{
|
|
||||||
// create inplace record reader and writer groups
|
|
||||||
result = createIPRGroups(readers, writers, readGroupResult.getSecond());
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// set result
|
|
||||||
result = new Pair<String, String>(readGroupResult.getFirst(),
|
|
||||||
getIRPWriteGroupNameFromReadGroupName(readGroupResult.getFirst(), readers, writers));
|
|
||||||
}
|
|
||||||
|
|
||||||
return result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Give a group name prefix and the read/write authorities, finds the exact match existing read group
|
* Create or find an IPR group based on the provided prefix and authorities.
|
||||||
* (containing the exact match write group).
|
*
|
||||||
|
* @param groupPrefix group prefix
|
||||||
|
* @param authorities authorities
|
||||||
|
* @return String full group name
|
||||||
|
*/
|
||||||
|
private String createOrFindIPRGroup(String groupPrefix, Set<String> authorities)
|
||||||
|
{
|
||||||
|
String group = null;
|
||||||
|
|
||||||
|
// find group or determine what the next index is if no group exists or there is a clash
|
||||||
|
Pair<String, Integer> groupResult = findIPRGroup(groupPrefix, authorities);
|
||||||
|
|
||||||
|
if (groupResult.getFirst() == null)
|
||||||
|
{
|
||||||
|
group = createIPRGroup(groupPrefix, authorities, groupResult.getSecond());
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
group = groupResult.getFirst();
|
||||||
|
}
|
||||||
|
|
||||||
|
return group;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Given a group name prefix and the authorities, finds the exact match existing group.
|
||||||
* <p>
|
* <p>
|
||||||
* If the group does not exist then the group returned is null and the index shows the next available
|
* If the group does not exist then the group returned is null and the index shows the next available
|
||||||
* group index for creation.
|
* group index for creation.
|
||||||
*
|
*
|
||||||
* @param groupPrefix group name prefix
|
* @param groupPrefix group name prefix
|
||||||
* @param readers authorities with read
|
* @param authorities authorities
|
||||||
* @param writers authorities with write
|
|
||||||
* @return Pair<String, Integer> where first is the name of the found group, null if none found and second
|
* @return Pair<String, Integer> where first is the name of the found group, null if none found and second
|
||||||
* if the next available create index
|
* if the next available create index
|
||||||
*/
|
*/
|
||||||
private Pair<String, Integer> findIPRGroup(String groupPrefix, Set<String> readers, Set<String> writers)
|
private Pair<String, Integer> findIPRGroup(String groupPrefix, Set<String> authorities)
|
||||||
{
|
{
|
||||||
String iprGroup = null;
|
String iprGroup = null;
|
||||||
int nextGroupIndex = 0;
|
int nextGroupIndex = 0;
|
||||||
@@ -359,7 +371,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
int pageCount = 0;
|
int pageCount = 0;
|
||||||
|
|
||||||
// determine the short name prefix
|
// determine the short name prefix
|
||||||
String groupShortNamePrefix = getIPRGroupPrefixShortName(groupPrefix, readers, writers);
|
String groupShortNamePrefix = getIPRGroupPrefixShortName(groupPrefix, authorities);
|
||||||
|
|
||||||
// iterate over the authorities to find a match
|
// iterate over the authorities to find a match
|
||||||
while (hasMoreItems == true)
|
while (hasMoreItems == true)
|
||||||
@@ -376,22 +388,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
nextGroupIndex = nextGroupIndex + results.getPage().size();
|
nextGroupIndex = nextGroupIndex + results.getPage().size();
|
||||||
|
|
||||||
// see if any of the matching groups exactly match
|
// see if any of the matching groups exactly match
|
||||||
for (String readGroup : results.getPage())
|
for (String group : results.getPage())
|
||||||
{
|
{
|
||||||
// get the corresponding write group name
|
// if exists and matches we have found our group
|
||||||
String writeGroup = getIRPWriteGroupNameFromReadGroupName(readGroup, readers, writers);
|
if (isIPRGroupTrueMatch(group, authorities))
|
||||||
|
|
||||||
// check for existence
|
|
||||||
if (!authorityService.authorityExists(writeGroup))
|
|
||||||
{
|
{
|
||||||
throw new AlfrescoRuntimeException("Missing inplace writer group for reader group " + readGroup);
|
iprGroup = group;
|
||||||
}
|
|
||||||
|
|
||||||
// if exists and matches we have found our groups
|
|
||||||
if (isIPRGroupTrueMatch(readGroup, readers, writeGroup) &&
|
|
||||||
isIPRGroupTrueMatch(writeGroup, writers, null))
|
|
||||||
{
|
|
||||||
iprGroup = readGroup;
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -409,33 +411,28 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
*
|
*
|
||||||
* @param authorities list of authorities
|
* @param authorities list of authorities
|
||||||
* @param group group
|
* @param group group
|
||||||
* @param excludeAuthority authority to exclude from comparision
|
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private boolean isIPRGroupTrueMatch(String group, Set<String> authorities, String excludeAuthority)
|
private boolean isIPRGroupTrueMatch(String group, Set<String> authorities)
|
||||||
{
|
{
|
||||||
Set<String> contained = authorityService.getContainedAuthorities(null, group, true);
|
Set<String> contained = authorityService.getContainedAuthorities(null, group, true);
|
||||||
if (excludeAuthority != null)
|
|
||||||
{
|
|
||||||
contained.remove(excludeAuthority);
|
|
||||||
}
|
|
||||||
return contained.equals(authorities);
|
return contained.equals(authorities);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get IPR group prefix short name.
|
* Get IPR group prefix short name.
|
||||||
|
* <p>
|
||||||
|
* 'package' scope to help testing.
|
||||||
*
|
*
|
||||||
* @param prefix prefix
|
* @param prefix prefix
|
||||||
* @param authorities read authorities
|
* @param authorities authorities
|
||||||
* @param shortName write authorities
|
|
||||||
* @return String group prefix short name
|
* @return String group prefix short name
|
||||||
*/
|
*/
|
||||||
private String getIPRGroupPrefixShortName(String prefix, Set<String> readers, Set<String> writers)
|
/*package*/ String getIPRGroupPrefixShortName(String prefix, Set<String> authorities)
|
||||||
{
|
{
|
||||||
StringBuilder builder = new StringBuilder(128)
|
StringBuilder builder = new StringBuilder(128)
|
||||||
.append(prefix)
|
.append(prefix)
|
||||||
.append(getAuthoritySetHashCode(readers))
|
.append(getAuthoritySetHashCode(authorities));
|
||||||
.append(getAuthoritySetHashCode(writers));
|
|
||||||
|
|
||||||
return builder.toString();
|
return builder.toString();
|
||||||
}
|
}
|
||||||
@@ -453,9 +450,9 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
* @param index group index
|
* @param index group index
|
||||||
* @return String group short name
|
* @return String group short name
|
||||||
*/
|
*/
|
||||||
/*package*/ String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, int index)
|
/*package*/ String getIPRGroupShortName(String prefix, Set<String> authorities, int index)
|
||||||
{
|
{
|
||||||
return getIPRGroupShortName(prefix, readers, writers, Integer.toString(index));
|
return getIPRGroupShortName(prefix, authorities, Integer.toString(index));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -469,36 +466,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
* @param index group index
|
* @param index group index
|
||||||
* @return String group short name
|
* @return String group short name
|
||||||
*/
|
*/
|
||||||
private String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, String index)
|
private String getIPRGroupShortName(String prefix, Set<String> authorities, String index)
|
||||||
{
|
{
|
||||||
StringBuilder builder = new StringBuilder(128)
|
StringBuilder builder = new StringBuilder(128)
|
||||||
.append(prefix)
|
.append(getIPRGroupPrefixShortName(prefix, authorities))
|
||||||
.append(getAuthoritySetHashCode(readers))
|
|
||||||
.append(getAuthoritySetHashCode(writers))
|
|
||||||
.append(index);
|
.append(index);
|
||||||
|
|
||||||
return builder.toString();
|
return builder.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the IPR write group name from the read group name.
|
|
||||||
* <p>
|
|
||||||
* Note this doesn't test for existence of the group, instead determines the name based on the index and
|
|
||||||
* authorities.
|
|
||||||
* <p>
|
|
||||||
* Note this excludes the "GROUP_" prefix
|
|
||||||
*
|
|
||||||
* @param readGroupShortName read group short name
|
|
||||||
* @param readers read authorities
|
|
||||||
* @param writers write authorities
|
|
||||||
* @return String write group name
|
|
||||||
*/
|
|
||||||
private String getIRPWriteGroupNameFromReadGroupName(String readGroupnName, Set<String> readers, Set<String> writers)
|
|
||||||
{
|
|
||||||
String index = readGroupnName.substring(readGroupnName.length() - 1);
|
|
||||||
return PermissionService.GROUP_PREFIX + getIPRGroupShortName(WRITER_GROUP_PREFIX, readers, writers, index);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the hashcode value of a set of authorities.
|
* Gets the hashcode value of a set of authorities.
|
||||||
*
|
*
|
||||||
@@ -515,41 +491,26 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates new IPR groups and assigns then to the correct RM roles.
|
|
||||||
*
|
|
||||||
* @param readers read authorities
|
|
||||||
* @param writers write authorities
|
|
||||||
* @param index index
|
|
||||||
* @return Pair<String, String> where first if the full read group name and second is the full write group name
|
|
||||||
*/
|
|
||||||
private Pair<String, String> createIPRGroups(Set<String> readers, Set<String> writers, int index)
|
|
||||||
{
|
|
||||||
String iprReaderGroup = createIPRGroup(getIPRGroupShortName(READER_GROUP_PREFIX, readers, writers, index), getRootIRPGroup(), readers);
|
|
||||||
String iprWriterGroup = createIPRGroup(getIPRGroupShortName(WRITER_GROUP_PREFIX, readers, writers, index), iprReaderGroup, writers);
|
|
||||||
return new Pair<String, String>(iprReaderGroup, iprWriterGroup);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new IPR group.
|
* Creates a new IPR group.
|
||||||
*
|
*
|
||||||
* @param groupShortName group short name
|
* @param groupNamePrefix group name prefix
|
||||||
* @param parent parent group, null if none
|
|
||||||
* @param children child authorities
|
* @param children child authorities
|
||||||
|
* @param index group index
|
||||||
* @return String full name of created group
|
* @return String full name of created group
|
||||||
*/
|
*/
|
||||||
private String createIPRGroup(String groupShortName, String parent, Set<String> children)
|
private String createIPRGroup(String groupNamePrefix, Set<String> children, int index)
|
||||||
{
|
{
|
||||||
ParameterCheck.mandatory("groupShortName", groupShortName);
|
ParameterCheck.mandatory("groupNamePrefix", groupNamePrefix);
|
||||||
|
|
||||||
|
// get the group name
|
||||||
|
String groupShortName = getIPRGroupShortName(groupNamePrefix, children, index);
|
||||||
|
|
||||||
// create group
|
// create group
|
||||||
String group = authorityService.createAuthority(AuthorityType.GROUP, groupShortName, groupShortName, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
String group = authorityService.createAuthority(AuthorityType.GROUP, groupShortName, groupShortName, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
||||||
|
|
||||||
// add parent if provided
|
// add root parent
|
||||||
if (parent != null)
|
authorityService.addAuthority(getRootIRPGroup(), group);
|
||||||
{
|
|
||||||
authorityService.addAuthority(parent, group);
|
|
||||||
}
|
|
||||||
|
|
||||||
// add children if provided
|
// add children if provided
|
||||||
if (children != null)
|
if (children != null)
|
||||||
|
|||||||
@@ -94,7 +94,8 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Mock private TransactionService mockedTransactionService;
|
@Mock private TransactionService mockedTransactionService;
|
||||||
@Mock private RetryingTransactionHelper mockedRetryingTransactionHelper;
|
@Mock private RetryingTransactionHelper mockedRetryingTransactionHelper;
|
||||||
@Mock private NodeService mockedNodeService;
|
@Mock private NodeService mockedNodeService;
|
||||||
@Mock private PagingResults<String> mockedPagingResults;
|
@Mock private PagingResults<String> mockedReadPagingResults;
|
||||||
|
@Mock private PagingResults<String> mockedWritePagingResults;
|
||||||
@Mock private ApplicationContext mockedApplicationContext;
|
@Mock private ApplicationContext mockedApplicationContext;
|
||||||
|
|
||||||
/** test component */
|
/** test component */
|
||||||
@@ -105,10 +106,10 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
private static final String WRITER_GROUP_FULL_PREFIX = GROUP_PREFIX + WRITER_GROUP_PREFIX;
|
private static final String WRITER_GROUP_FULL_PREFIX = GROUP_PREFIX + WRITER_GROUP_PREFIX;
|
||||||
|
|
||||||
/** test authorities */
|
/** test authorities */
|
||||||
private static final String USER = AlfMock.generateText();
|
private static final String USER = "USER";
|
||||||
private static final String GROUP = GROUP_PREFIX + AlfMock.generateText();
|
private static final String GROUP = GROUP_PREFIX + "GROUP";
|
||||||
private static final String USER_W = AlfMock.generateText();
|
private static final String USER_W = "USER_W";
|
||||||
private static final String GROUP_W = GROUP_PREFIX + AlfMock.generateText();
|
private static final String GROUP_W = GROUP_PREFIX + "GROUP_W";
|
||||||
private static final Set<String> READERS = Stream.of(USER, GROUP).collect(Collectors.toSet());
|
private static final Set<String> READERS = Stream.of(USER, GROUP).collect(Collectors.toSet());
|
||||||
private static final Set<String> WRITERS = Stream.of(USER_W, GROUP_W).collect(Collectors.toSet());
|
private static final Set<String> WRITERS = Stream.of(USER_W, GROUP_W).collect(Collectors.toSet());
|
||||||
|
|
||||||
@@ -129,6 +130,8 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
/** test data */
|
/** test data */
|
||||||
private NodeRef nodeRef;
|
private NodeRef nodeRef;
|
||||||
private NodeRef filePlan;
|
private NodeRef filePlan;
|
||||||
|
private String readGroupPrefix;
|
||||||
|
private String writeGroupPrefix;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Before tests
|
* Before tests
|
||||||
@@ -179,6 +182,10 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
};
|
};
|
||||||
when(mockedAuthorityService.createAuthority(any(AuthorityType.class), anyString(), anyString(), anySet()))
|
when(mockedAuthorityService.createAuthority(any(AuthorityType.class), anyString(), anyString(), anySet()))
|
||||||
.thenAnswer(createAuthorityAnswer);
|
.thenAnswer(createAuthorityAnswer);
|
||||||
|
|
||||||
|
// setup group prefixes
|
||||||
|
readGroupPrefix = extendedSecurityService.getIPRGroupPrefixShortName(READER_GROUP_PREFIX, READERS);
|
||||||
|
writeGroupPrefix = extendedSecurityService.getIPRGroupPrefixShortName(WRITER_GROUP_PREFIX, WRITERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -318,7 +325,7 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
|
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, READER_GROUP_FULL_PREFIX, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, READER_GROUP_FULL_PREFIX, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
.of(USER, GROUP, WRITER_GROUP_FULL_PREFIX)
|
.of(USER, GROUP)
|
||||||
.collect(Collectors.toSet()));
|
.collect(Collectors.toSet()));
|
||||||
|
|
||||||
// get extended readers
|
// get extended readers
|
||||||
@@ -379,11 +386,11 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Test public void addExtendedSecurityForTheFirstTimeAndCreateGroups()
|
@Test public void addExtendedSecurityForTheFirstTimeAndCreateGroups()
|
||||||
{
|
{
|
||||||
// group names
|
// group names
|
||||||
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, 0);
|
||||||
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, WRITERS, 0);
|
||||||
|
|
||||||
// setup query results
|
// setup query results
|
||||||
when(mockedPagingResults.getPage())
|
when(mockedReadPagingResults.getPage())
|
||||||
.thenReturn(Collections.emptyList());
|
.thenReturn(Collections.emptyList());
|
||||||
when(mockedAuthorityService.getAuthorities(
|
when(mockedAuthorityService.getAuthorities(
|
||||||
eq(AuthorityType.GROUP),
|
eq(AuthorityType.GROUP),
|
||||||
@@ -392,7 +399,7 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
eq(false),
|
eq(false),
|
||||||
eq(false),
|
eq(false),
|
||||||
any(PagingRequest.class)))
|
any(PagingRequest.class)))
|
||||||
.thenReturn(mockedPagingResults);
|
.thenReturn(mockedReadPagingResults);
|
||||||
|
|
||||||
// add extended security
|
// add extended security
|
||||||
extendedSecurityService.addExtendedSecurity(nodeRef, READERS, WRITERS);
|
extendedSecurityService.addExtendedSecurity(nodeRef, READERS, WRITERS);
|
||||||
@@ -407,7 +414,7 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
// verify write group created correctly
|
// verify write group created correctly
|
||||||
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, writeGroup, writeGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, writeGroup, writeGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
||||||
writeGroup = GROUP_PREFIX + writeGroup;
|
writeGroup = GROUP_PREFIX + writeGroup;
|
||||||
verify(mockedAuthorityService).addAuthority(readGroup, writeGroup);
|
verify(mockedAuthorityService).addAuthority(GROUP_PREFIX + ROOT_IPR_GROUP, writeGroup);
|
||||||
verify(mockedAuthorityService).addAuthority(writeGroup, USER_W);
|
verify(mockedAuthorityService).addAuthority(writeGroup, USER_W);
|
||||||
verify(mockedAuthorityService).addAuthority(writeGroup, GROUP_W);
|
verify(mockedAuthorityService).addAuthority(writeGroup, GROUP_W);
|
||||||
|
|
||||||
@@ -431,27 +438,38 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Test public void addExtendedSecurityForTheFirstTimeAndReuseGroups()
|
@Test public void addExtendedSecurityForTheFirstTimeAndReuseGroups()
|
||||||
{
|
{
|
||||||
// group names
|
// group names
|
||||||
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String readGroup = readGroupPrefix + "0";
|
||||||
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String writeGroup = writeGroupPrefix + "0";
|
||||||
|
|
||||||
// setup query results
|
// setup query results
|
||||||
when(mockedPagingResults.getPage())
|
when(mockedReadPagingResults.getPage())
|
||||||
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
||||||
when(mockedAuthorityService.getAuthorities(
|
when(mockedAuthorityService.getAuthorities(
|
||||||
eq(AuthorityType.GROUP),
|
eq(AuthorityType.GROUP),
|
||||||
eq(RMAuthority.ZONE_APP_RM),
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
any(String.class),
|
eq(readGroupPrefix),
|
||||||
eq(false),
|
eq(false),
|
||||||
eq(false),
|
eq(false),
|
||||||
any(PagingRequest.class)))
|
any(PagingRequest.class)))
|
||||||
.thenReturn(mockedPagingResults);
|
.thenReturn(mockedReadPagingResults);
|
||||||
|
|
||||||
|
when(mockedWritePagingResults.getPage())
|
||||||
|
.thenReturn(Stream.of(GROUP_PREFIX + writeGroup).collect(Collectors.toList()));
|
||||||
|
when(mockedAuthorityService.getAuthorities(
|
||||||
|
eq(AuthorityType.GROUP),
|
||||||
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
|
eq(writeGroupPrefix),
|
||||||
|
eq(false),
|
||||||
|
eq(false),
|
||||||
|
any(PagingRequest.class)))
|
||||||
|
.thenReturn(mockedWritePagingResults);
|
||||||
|
|
||||||
// setup exact match
|
// setup exact match
|
||||||
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
||||||
.thenReturn(true);
|
.thenReturn(true);
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
.of(GROUP_PREFIX + writeGroup, USER, GROUP)
|
.of(USER, GROUP)
|
||||||
.collect(Collectors.toSet()));
|
.collect(Collectors.toSet()));
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
@@ -496,27 +514,38 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Test public void addExtendedSecurityForTheFirstTimeAndCreateGroupsAfterClash()
|
@Test public void addExtendedSecurityForTheFirstTimeAndCreateGroupsAfterClash()
|
||||||
{
|
{
|
||||||
// group names
|
// group names
|
||||||
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String readGroup = readGroupPrefix + "0";
|
||||||
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String writeGroup = writeGroupPrefix + "0";
|
||||||
|
|
||||||
// setup query results
|
// setup query results
|
||||||
when(mockedPagingResults.getPage())
|
when(mockedReadPagingResults.getPage())
|
||||||
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
||||||
when(mockedAuthorityService.getAuthorities(
|
when(mockedAuthorityService.getAuthorities(
|
||||||
eq(AuthorityType.GROUP),
|
eq(AuthorityType.GROUP),
|
||||||
eq(RMAuthority.ZONE_APP_RM),
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
any(String.class),
|
eq(readGroupPrefix),
|
||||||
eq(false),
|
eq(false),
|
||||||
eq(false),
|
eq(false),
|
||||||
any(PagingRequest.class)))
|
any(PagingRequest.class)))
|
||||||
.thenReturn(mockedPagingResults);
|
.thenReturn(mockedReadPagingResults);
|
||||||
|
|
||||||
|
when(mockedWritePagingResults.getPage())
|
||||||
|
.thenReturn(Stream.of(GROUP_PREFIX + writeGroup).collect(Collectors.toList()));
|
||||||
|
when(mockedAuthorityService.getAuthorities(
|
||||||
|
eq(AuthorityType.GROUP),
|
||||||
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
|
eq(writeGroupPrefix),
|
||||||
|
eq(false),
|
||||||
|
eq(false),
|
||||||
|
any(PagingRequest.class)))
|
||||||
|
.thenReturn(mockedWritePagingResults);
|
||||||
|
|
||||||
// setup exact match
|
// setup exact match
|
||||||
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
||||||
.thenReturn(true);
|
.thenReturn(true);
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
.of(GROUP_PREFIX + writeGroup, USER, GROUP)
|
.of(USER, GROUP, AlfMock.generateText())
|
||||||
.collect(Collectors.toSet()));
|
.collect(Collectors.toSet()));
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
@@ -527,8 +556,8 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
extendedSecurityService.addExtendedSecurity(nodeRef, READERS, WRITERS);
|
extendedSecurityService.addExtendedSecurity(nodeRef, READERS, WRITERS);
|
||||||
|
|
||||||
// new group names
|
// new group names
|
||||||
readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, WRITERS, 1);
|
readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, 1);
|
||||||
writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, READERS, WRITERS, 1);
|
writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, WRITERS, 1);
|
||||||
|
|
||||||
// verify read group created correctly
|
// verify read group created correctly
|
||||||
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, readGroup, readGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, readGroup, readGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
||||||
@@ -540,7 +569,7 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
// verify write group created correctly
|
// verify write group created correctly
|
||||||
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, writeGroup, writeGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
verify(mockedAuthorityService).createAuthority(AuthorityType.GROUP, writeGroup, writeGroup, Collections.singleton(RMAuthority.ZONE_APP_RM));
|
||||||
writeGroup = GROUP_PREFIX + writeGroup;
|
writeGroup = GROUP_PREFIX + writeGroup;
|
||||||
verify(mockedAuthorityService).addAuthority(readGroup, writeGroup);
|
verify(mockedAuthorityService).addAuthority(GROUP_PREFIX + ROOT_IPR_GROUP, writeGroup);
|
||||||
verify(mockedAuthorityService).addAuthority(writeGroup, USER_W);
|
verify(mockedAuthorityService).addAuthority(writeGroup, USER_W);
|
||||||
verify(mockedAuthorityService).addAuthority(writeGroup, GROUP_W);
|
verify(mockedAuthorityService).addAuthority(writeGroup, GROUP_W);
|
||||||
|
|
||||||
@@ -564,9 +593,10 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Test public void addExtendedSecurityWithResultPaging()
|
@Test public void addExtendedSecurityWithResultPaging()
|
||||||
{
|
{
|
||||||
// group names
|
// group names
|
||||||
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String readGroup = readGroupPrefix + "0";
|
||||||
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_PREFIX, READERS, WRITERS, 0);
|
String writeGroup = writeGroupPrefix + "0";
|
||||||
|
|
||||||
|
// create fity results
|
||||||
List<String> fiftyResults = new ArrayList<String>(50);
|
List<String> fiftyResults = new ArrayList<String>(50);
|
||||||
for (int i = 0; i < 50; i++)
|
for (int i = 0; i < 50; i++)
|
||||||
{
|
{
|
||||||
@@ -574,24 +604,36 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
}
|
}
|
||||||
|
|
||||||
// setup query results
|
// setup query results
|
||||||
when(mockedPagingResults.getPage())
|
when(mockedReadPagingResults.getPage())
|
||||||
.thenReturn(fiftyResults)
|
.thenReturn(fiftyResults)
|
||||||
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
.thenReturn(Stream.of(GROUP_PREFIX + readGroup).collect(Collectors.toList()));
|
||||||
when(mockedAuthorityService.getAuthorities(
|
when(mockedAuthorityService.getAuthorities(
|
||||||
eq(AuthorityType.GROUP),
|
eq(AuthorityType.GROUP),
|
||||||
eq(RMAuthority.ZONE_APP_RM),
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
any(String.class),
|
eq(readGroupPrefix),
|
||||||
eq(false),
|
eq(false),
|
||||||
eq(false),
|
eq(false),
|
||||||
any(PagingRequest.class)))
|
any(PagingRequest.class)))
|
||||||
.thenReturn(mockedPagingResults);
|
.thenReturn(mockedReadPagingResults);
|
||||||
|
|
||||||
|
when(mockedWritePagingResults.getPage())
|
||||||
|
.thenReturn(fiftyResults)
|
||||||
|
.thenReturn(Stream.of(GROUP_PREFIX + writeGroup).collect(Collectors.toList()));
|
||||||
|
when(mockedAuthorityService.getAuthorities(
|
||||||
|
eq(AuthorityType.GROUP),
|
||||||
|
eq(RMAuthority.ZONE_APP_RM),
|
||||||
|
eq(writeGroupPrefix),
|
||||||
|
eq(false),
|
||||||
|
eq(false),
|
||||||
|
any(PagingRequest.class)))
|
||||||
|
.thenReturn(mockedWritePagingResults);
|
||||||
|
|
||||||
// setup exact match
|
// setup exact match
|
||||||
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
when(mockedAuthorityService.authorityExists(GROUP_PREFIX + writeGroup))
|
||||||
.thenReturn(true);
|
.thenReturn(true);
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + readGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
.of(GROUP_PREFIX + writeGroup, USER, GROUP)
|
.of(USER, GROUP)
|
||||||
.collect(Collectors.toSet()));
|
.collect(Collectors.toSet()));
|
||||||
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
when(mockedAuthorityService.getContainedAuthorities(null, GROUP_PREFIX + writeGroup, true))
|
||||||
.thenReturn(Stream
|
.thenReturn(Stream
|
||||||
@@ -647,8 +689,8 @@ public class ExtendedSecurityServiceImplUnitTest
|
|||||||
@Test public void removeAllExtendedSecurity()
|
@Test public void removeAllExtendedSecurity()
|
||||||
{
|
{
|
||||||
// group names
|
// group names
|
||||||
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_FULL_PREFIX, READERS, WRITERS, 0);
|
String readGroup = extendedSecurityService.getIPRGroupShortName(READER_GROUP_FULL_PREFIX, READERS, 0);
|
||||||
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_FULL_PREFIX, READERS, WRITERS, 0);
|
String writeGroup = extendedSecurityService.getIPRGroupShortName(WRITER_GROUP_FULL_PREFIX, WRITERS, 0);
|
||||||
|
|
||||||
// setup permissions
|
// setup permissions
|
||||||
Set<AccessPermission> permissions = Stream
|
Set<AccessPermission> permissions = Stream
|
||||||
|
|||||||
Reference in New Issue
Block a user