diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java index 77e2f8cc6d..05aec4b7b6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java @@ -120,7 +120,14 @@ public class CreateCapability extends DeclarativeCapability conditions.put("capabilityCondition.frozen", Boolean.FALSE); conditions.put("capabilityCondition.closed", Boolean.FALSE); conditions.put("capabilityCondition.cutoff", Boolean.FALSE); - + + // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record + if (checkConditions(destination, conditions) && + !recordFolderService.isRecordFolder(destination) ) + { + return AccessDecisionVoter.ACCESS_GRANTED; + } + if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java index 74a7582ac4..e0513e1b17 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java @@ -221,6 +221,7 @@ public class RecordServiceImpl extends BaseBehaviourBean /** Relationship service */ private RelationshipService relationshipService; + /** records management container type */ private RecordsManagementContainerType recordsManagementContainerType; /** list of available record meta-data aspects and the file plan types the are applicable to */ @@ -1061,7 +1062,7 @@ public class RecordServiceImpl extends BaseBehaviourBean ParameterCheck.mandatory("nodeRef", parent); ParameterCheck.mandatory("name", name); - NodeRef record = null; + NodeRef result = null; NodeRef destination = parent; if (isFilePlan(parent)) @@ -1088,7 +1089,7 @@ public class RecordServiceImpl extends BaseBehaviourBean try { // create the new record - record = fileFolderService.create(destination, name, type).getNodeRef(); + final NodeRef record = fileFolderService.create(destination, name, type).getNodeRef(); // set the properties if (properties != null) @@ -1104,23 +1105,32 @@ public class RecordServiceImpl extends BaseBehaviourBean writer.setMimetype(reader.getMimetype()); writer.putContent(reader); } + + result = authenticationUtil.runAsSystem(new RunAsWork() + { + public NodeRef doWork() throws Exception + { + // Check if the "record" aspect has been applied already. + // In case of filing a report the created node will be made + // a record within the "onCreateChildAssociation" method if + // a destination for the report has been selected. + if (!nodeService.hasAspect(record, ASPECT_RECORD)) + { + // make record + makeRecord(record); + } + + return record; + } + + }); } finally { enablePropertyEditableCheck(); } - // Check if the "record" aspect has been applied already. - // In case of filing a report the created node will be made - // a record within the "onCreateChildAssociation" method if - // a destination for the report has been selected. - if (!nodeService.hasAspect(record, ASPECT_RECORD)) - { - // make record - makeRecord(record); - } - - return record; + return result; } /** diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java index 8ebcbea4f8..9be23993f0 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java @@ -149,4 +149,56 @@ public class CreateRecordTest extends BaseRMTestCase } }); } + + /** + * unit test for RM1649 fix + * test if a user with create record permissions and without file record permission is able to create a record within unfiled record container + */ + public void testCreateRecordCapabilityInsideUnfiledRecordsContainer() throws Exception + { + doBehaviourDrivenTest(new BehaviourDrivenTest() + { + /** test data */ + String roleName = GUID.generate(); + String user = GUID.generate(); + NodeRef record; + + public void given() + { + // create a role with view and create capabilities + Set capabilities = new HashSet(2); + capabilities.add(capabilityService.getCapability("ViewRecords")); + capabilities.add(capabilityService.getCapability("CreateRecords")); + filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); + + + // create user and assign to role + createPerson(user, true); + filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user); + + //give read and file permission to user on unfiled records container + filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING); + } + + public void when() + { + AuthenticationUtil.runAs(new RunAsWork() + { + public Void doWork() throws Exception + { + record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null); + + return null; + } + }, user); + } + + public void then() + { + // check the details of the record + assertTrue(recordService.isRecord(record)); + + } + }); + } }