mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged DEV to HEAD:
92360: RM-1649 : (Access denied to Declare Record to Unfiled Records for user with Create Records capability)
- I handled the case when the destination folder is not a record folder and the user doesn't need File Record capability to create a record there
- unit test fixed and working as part of the merge
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@92523 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -121,6 +121,13 @@ public class CreateCapability extends DeclarativeCapability
|
|||||||
conditions.put("capabilityCondition.closed", Boolean.FALSE);
|
conditions.put("capabilityCondition.closed", Boolean.FALSE);
|
||||||
conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
|
conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
|
||||||
|
|
||||||
|
// if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
|
||||||
|
if (checkConditions(destination, conditions) &&
|
||||||
|
!recordFolderService.isRecordFolder(destination) )
|
||||||
|
{
|
||||||
|
return AccessDecisionVoter.ACCESS_GRANTED;
|
||||||
|
}
|
||||||
|
|
||||||
if (checkConditions(destination, conditions) &&
|
if (checkConditions(destination, conditions) &&
|
||||||
recordFolderService.isRecordFolder(destination) &&
|
recordFolderService.isRecordFolder(destination) &&
|
||||||
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
|
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
|
||||||
|
|||||||
@@ -221,6 +221,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
|
|||||||
/** Relationship service */
|
/** Relationship service */
|
||||||
private RelationshipService relationshipService;
|
private RelationshipService relationshipService;
|
||||||
|
|
||||||
|
/** records management container type */
|
||||||
private RecordsManagementContainerType recordsManagementContainerType;
|
private RecordsManagementContainerType recordsManagementContainerType;
|
||||||
|
|
||||||
/** list of available record meta-data aspects and the file plan types the are applicable to */
|
/** list of available record meta-data aspects and the file plan types the are applicable to */
|
||||||
@@ -1061,7 +1062,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
|
|||||||
ParameterCheck.mandatory("nodeRef", parent);
|
ParameterCheck.mandatory("nodeRef", parent);
|
||||||
ParameterCheck.mandatory("name", name);
|
ParameterCheck.mandatory("name", name);
|
||||||
|
|
||||||
NodeRef record = null;
|
NodeRef result = null;
|
||||||
NodeRef destination = parent;
|
NodeRef destination = parent;
|
||||||
|
|
||||||
if (isFilePlan(parent))
|
if (isFilePlan(parent))
|
||||||
@@ -1088,7 +1089,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
|
|||||||
try
|
try
|
||||||
{
|
{
|
||||||
// create the new record
|
// create the new record
|
||||||
record = fileFolderService.create(destination, name, type).getNodeRef();
|
final NodeRef record = fileFolderService.create(destination, name, type).getNodeRef();
|
||||||
|
|
||||||
// set the properties
|
// set the properties
|
||||||
if (properties != null)
|
if (properties != null)
|
||||||
@@ -1104,23 +1105,32 @@ public class RecordServiceImpl extends BaseBehaviourBean
|
|||||||
writer.setMimetype(reader.getMimetype());
|
writer.setMimetype(reader.getMimetype());
|
||||||
writer.putContent(reader);
|
writer.putContent(reader);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
result = authenticationUtil.runAsSystem(new RunAsWork<NodeRef>()
|
||||||
|
{
|
||||||
|
public NodeRef doWork() throws Exception
|
||||||
|
{
|
||||||
|
// Check if the "record" aspect has been applied already.
|
||||||
|
// In case of filing a report the created node will be made
|
||||||
|
// a record within the "onCreateChildAssociation" method if
|
||||||
|
// a destination for the report has been selected.
|
||||||
|
if (!nodeService.hasAspect(record, ASPECT_RECORD))
|
||||||
|
{
|
||||||
|
// make record
|
||||||
|
makeRecord(record);
|
||||||
|
}
|
||||||
|
|
||||||
|
return record;
|
||||||
|
}
|
||||||
|
|
||||||
|
});
|
||||||
}
|
}
|
||||||
finally
|
finally
|
||||||
{
|
{
|
||||||
enablePropertyEditableCheck();
|
enablePropertyEditableCheck();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the "record" aspect has been applied already.
|
return result;
|
||||||
// In case of filing a report the created node will be made
|
|
||||||
// a record within the "onCreateChildAssociation" method if
|
|
||||||
// a destination for the report has been selected.
|
|
||||||
if (!nodeService.hasAspect(record, ASPECT_RECORD))
|
|
||||||
{
|
|
||||||
// make record
|
|
||||||
makeRecord(record);
|
|
||||||
}
|
|
||||||
|
|
||||||
return record;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -149,4 +149,56 @@ public class CreateRecordTest extends BaseRMTestCase
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* unit test for RM1649 fix
|
||||||
|
* test if a user with create record permissions and without file record permission is able to create a record within unfiled record container
|
||||||
|
*/
|
||||||
|
public void testCreateRecordCapabilityInsideUnfiledRecordsContainer() throws Exception
|
||||||
|
{
|
||||||
|
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||||
|
{
|
||||||
|
/** test data */
|
||||||
|
String roleName = GUID.generate();
|
||||||
|
String user = GUID.generate();
|
||||||
|
NodeRef record;
|
||||||
|
|
||||||
|
public void given()
|
||||||
|
{
|
||||||
|
// create a role with view and create capabilities
|
||||||
|
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||||
|
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||||
|
capabilities.add(capabilityService.getCapability("CreateRecords"));
|
||||||
|
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||||
|
|
||||||
|
|
||||||
|
// create user and assign to role
|
||||||
|
createPerson(user, true);
|
||||||
|
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||||
|
|
||||||
|
//give read and file permission to user on unfiled records container
|
||||||
|
filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void when()
|
||||||
|
{
|
||||||
|
AuthenticationUtil.runAs(new RunAsWork<Void>()
|
||||||
|
{
|
||||||
|
public Void doWork() throws Exception
|
||||||
|
{
|
||||||
|
record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null);
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void then()
|
||||||
|
{
|
||||||
|
// check the details of the record
|
||||||
|
assertTrue(recordService.isRecord(record));
|
||||||
|
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user