Merged DEV to HEAD:

92360: RM-1649 : (Access denied to Declare Record to Unfiled Records for user with Create Records capability)
        - I handled the case when the destination folder is not a record folder and the user doesn't need File Record capability to create a record there
        - unit test fixed and working as part of the merge



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@92523 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java

@@ -121,6 +121,13 @@ public class CreateCapability extends DeclarativeCapability
             conditions.put("capabilityCondition.closed", Boolean.FALSE);
             conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
         
+            // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
+            if (checkConditions(destination, conditions) &&
+                   !recordFolderService.isRecordFolder(destination) )
+            {
+                return AccessDecisionVoter.ACCESS_GRANTED;
+            }
+            
             if (checkConditions(destination, conditions) &&
                     recordFolderService.isRecordFolder(destination) &&
                     permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java

@@ -221,6 +221,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
     /** Relationship service */
     private RelationshipService relationshipService;
     
+    /** records management container type */
     private RecordsManagementContainerType recordsManagementContainerType;
 
     /** list of available record meta-data aspects and the file plan types the are applicable to */
@@ -1061,7 +1062,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
         ParameterCheck.mandatory("nodeRef", parent);
         ParameterCheck.mandatory("name", name);
 
-        NodeRef record = null;
+        NodeRef result = null;
         NodeRef destination = parent;
 
         if (isFilePlan(parent))
@@ -1088,7 +1089,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
         try
         {
             // create the new record
-            record = fileFolderService.create(destination, name, type).getNodeRef();
+            final NodeRef record = fileFolderService.create(destination, name, type).getNodeRef();
 
             // set the properties
             if (properties != null)
@@ -1104,12 +1105,11 @@ public class RecordServiceImpl extends BaseBehaviourBean
                 writer.setMimetype(reader.getMimetype());
                 writer.putContent(reader);
             }
-        }
-        finally
-        {
-            enablePropertyEditableCheck();
-        }
             
+            result = authenticationUtil.runAsSystem(new RunAsWork<NodeRef>()
+            {
+    			public NodeRef doWork() throws Exception 
+    			{
     				// Check if the "record" aspect has been applied already.
     		        // In case of filing a report the created node will be made
     		        // a record within the "onCreateChildAssociation" method if
@@ -1123,6 +1123,16 @@ public class RecordServiceImpl extends BaseBehaviourBean
     				return record;
     			}
             	
+            });
+        }
+        finally
+        {
+            enablePropertyEditableCheck();
+        }
+
+        return result;
+    }
+
     /**
      * Creates a record from the given document
      *

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java

@@ -149,4 +149,56 @@ public class CreateRecordTest extends BaseRMTestCase
             }
         });           
     }
+    
+    /**
+     * unit test for RM1649 fix
+     * test if a user with create record permissions and without file record permission is able to create a record within unfiled record container
+     */
+    public void testCreateRecordCapabilityInsideUnfiledRecordsContainer() throws Exception
+    {
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            /** test data */
+            String roleName = GUID.generate();
+            String user = GUID.generate();
+            NodeRef record;
+            
+            public void given()
+            {
+                // create a role with view and create capabilities
+                Set<Capability> capabilities = new HashSet<Capability>(2);
+                capabilities.add(capabilityService.getCapability("ViewRecords"));
+                capabilities.add(capabilityService.getCapability("CreateRecords"));
+                filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+              
+                
+                // create user and assign to role
+                createPerson(user, true);
+                filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+                
+                //give read and file permission to user on unfiled records container
+                filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING);
+            }
+            
+            public void when()
+            {
+                AuthenticationUtil.runAs(new RunAsWork<Void>()
+                {
+                    public Void doWork() throws Exception
+                    {
+                        record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null);
+                        
+                        return null;
+                    }
+                }, user);
+            }
+            
+            public void then()
+            {
+                // check the details of the record
+                assertTrue(recordService.isRecord(record));
+
+            }
+        });
+    }
 }