inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-555: Add extended reader permissions for records.

Browse Source 
* service added (moved out of RM security service)
  * remove code added
  * move behaviuor extended
  * unit tests



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44016 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-11-27 06:34:49 +00:00
parent bcd6a044f7
commit 3fb6220149
11 changed files with 768 additions and 485 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -481,18 +481,71 @@
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.createRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.updateRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.deleteRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.hasExtendedReaders=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getExtendedReaders=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.setExtendedReaders=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeExtendedReaders=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeAllExtendedReaders=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.*=RM_DENY
]]>
</value>
</property>
</bean>
<!-- Records Management Extended Security Service -->
<bean id="extendedSecurityService"
class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityServiceImpl"
init-method="init">
<property name="policyComponent" ref="policyComponent"/>
<property name="nodeService" ref="nodeService"/>
<property name="recordService" ref="recordService"/>
<property name="recordsManagementService" ref="recordsManagementService"/>
</bean>
<bean id="ExtendedSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService</value>
</property>
<property name="target">
<ref bean="extendedSecurityService"/>
</property>
<property name="interceptorNames">
<list>
<idref local="ExtendedSecurityService_transaction"/>
<idref bean="exceptionTranslator"/>
<idref local="ExtendedSecurityService_security"/>
</list>
</property>
</bean>
<bean id="ExtendedSecurityService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager">
<ref bean="transactionManager"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="ExtendedSecurityService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref bean="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService.*=RM_ALLOW
]]>
</value>
</property>
</bean>
<!-- Records Management Action Service -->
<bean id="recordsManagementActionService" class="org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionServiceImpl" init-method="init">
@@ -858,11 +911,10 @@
<bean id="recordService" class="org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl" init-method="init">
<property name="nodeService" ref="NodeService"/>
<!--<property name="policyComponent" ref="policyComponent"/>-->
<property name="dictionaryService" ref="DictionaryService"/>
<property name="identifierService" ref="recordsManagementIdentifierService"/>
<property name="permissionService" ref="PermissionService"/>
<property name="recordsManagementSecurityService" ref="RecordsManagementSecurityService"/>
<property name="extendedSecurityService" ref="ExtendedSecurityService" />
</bean>
<bean id="RecordService" class="org.springframework.aop.framework.ProxyFactoryBean">

40
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java
View File

@@ -33,11 +33,13 @@ import org.alfresco.model.RenditionModel;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -280,23 +282,33 @@ public class RecordsManagementServiceImpl implements RecordsManagementService,
* @param childAssocRef
* @param bNew
*/
public void onAddRecordThumbnail(ChildAssociationRef childAssocRef, boolean bNew)
public void onAddRecordThumbnail(final ChildAssociationRef childAssocRef, final boolean bNew)
{
NodeRef thumbnail = childAssocRef.getChildRef();
if (nodeService.exists(thumbnail) == true)
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{
// apply file plan component aspect to thumbnail
nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null);
// manage any extended readers
RecordsManagementSecurityService securityService = serviceRegistry.getRecordsManagementSecurityService();
NodeRef parent = childAssocRef.getParentRef();
Set<String> readers = securityService.getExtendedReaders(parent);
if (readers != null && readers.size() != 0)
@Override
public Void doWork() throws Exception
{
securityService.setExtendedReaders(thumbnail, readers, false);
NodeRef thumbnail = childAssocRef.getChildRef();
if (nodeService.exists(thumbnail) == true)
{
// apply file plan component aspect to thumbnail
nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null);
// manage any extended readers
ExtendedSecurityService extendedSecurityService = serviceRegistry.getExtendedSecurityService();
NodeRef parent = childAssocRef.getParentRef();
Set<String> readers = extendedSecurityService.getExtendedReaders(parent);
if (readers != null && readers.size() != 0)
{
extendedSecurityService.setExtendedReaders(thumbnail, readers, false);
}
}
return null;
}
}
});
}
/**

8
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.service.NotAuditable;
import org.alfresco.service.ServiceRegistry;
@@ -49,6 +50,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService");
static final QName RECORD_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordService");
static final QName FREEZE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FreezeService");
static final QName EXTENDED_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "ExtendedSecurityService");
/**
* @return records management service
@@ -109,4 +111,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
FreezeService getFreezeService();
/**
* @return extended security service
*/
@NotAuditable
ExtendedSecurityService getExtendedSecurityService();
}

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.service.ServiceDescriptorRegistry;
@@ -124,4 +125,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
{
return (FreezeService)getService(FREEZE_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getExtendedSecurityService()
*/
@Override
public ExtendedSecurityService getExtendedSecurityService()
{
return (ExtendedSecurityService)getService(EXTENDED_SECURITY_SERVICE);
}
}

327
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
View File

@@ -27,7 +27,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.identifier.IdentifierService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.service.cmr.dictionary.AspectDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
@@ -46,211 +46,188 @@ import org.alfresco.util.ParameterCheck;
*/
public class RecordServiceImpl implements RecordService, RecordsManagementModel
{
/** Node service **/
private NodeService nodeService;
/** Node service **/
private NodeService nodeService;
/** Indentiy service */
private IdentifierService identifierService;
/** Indentiy service */
private IdentifierService identifierService;
/** Dictionary service */
private DictionaryService dictionaryService;
/** Dictionary service */
private DictionaryService dictionaryService;
// /** Policy component */
// private PolicyComponent policyComponent;
/** Permission service */
private PermissionService permissionService;
/** Permission service */
private PermissionService permissionService;
/** Extended security service */
private ExtendedSecurityService extendedSecurityService;
/** Records management security service */
private RecordsManagementSecurityService recordsManagementSecurityService;
/** List of available record meta-data aspects */
private Set<QName> recordMetaDataAspects;
/** List of available record meta-data aspects */
private Set<QName> recordMetaDataAspects;
/**
* @param nodeService node service
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* @param identifierService identifier service
*/
public void setIdentifierService(IdentifierService identifierService)
{
this.identifierService = identifierService;
}
public void setIdentifierService(IdentifierService identifierService)
{
this.identifierService = identifierService;
}
/**
* @param dictionaryService dictionary service
*/
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
/**
* @param permissionService permission service
*/
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
// public void setPolicyComponent(PolicyComponent policyComponent)
// {
// this.policyComponent = policyComponent;
// }
/**
* @param extendedSecurityService extended security service
*/
public void setExtendedSecurityService(ExtendedSecurityService extendedSecurityService)
{
this.extendedSecurityService = extendedSecurityService;
}
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
public void init()
{
public void setRecordsManagementSecurityService(RecordsManagementSecurityService recordsManagementSecurityService)
{
this.recordsManagementSecurityService = recordsManagementSecurityService;
}
}
public void init()
{
// policyComponent.bindAssociationBehaviour(
// QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateChildAssociation"),
// TYPE_UNFILED_RECORD_CONTAINER,
// ContentModel.ASSOC_CONTAINS,
// new JavaBehaviour(this, "onCreateNewRecord", NotificationFrequency.TRANSACTION_COMMIT));
}
// public void onCreateNewRecord(final ChildAssociationRef childAssocRef, boolean bNew)
// {
// AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
// {
// @Override
// public Void doWork() throws Exception
// {
// NodeRef nodeRef = childAssocRef.getChildRef();
// if (nodeService.exists(nodeRef) == true)
// {
// QName type = nodeService.getType(nodeRef);
// if (ContentModel.TYPE_CONTENT.equals(type) == true ||
// dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT) == true)
// {
// makeRecord(nodeRef);
// }
// else
// {
// throw new AlfrescoRuntimeException("Only content can be created as a record.");
// }
// }
// return null;
// }
// });
// }
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects()
*/
@Override
public Set<QName> getRecordMetaDataAspects()
{
if (recordMetaDataAspects == null)
{
recordMetaDataAspects = new HashSet<QName>(7);
Collection<QName> aspects = dictionaryService.getAllAspects();
for (QName aspect : aspects)
{
AspectDefinition def = dictionaryService.getAspect(aspect);
if (def != null)
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects()
*/
@Override
public Set<QName> getRecordMetaDataAspects()
{
if (recordMetaDataAspects == null)
{
recordMetaDataAspects = new HashSet<QName>(7);
Collection<QName> aspects = dictionaryService.getAllAspects();
for (QName aspect : aspects)
{
QName parent = def.getParentName();
if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true)
{
recordMetaDataAspects.add(aspect);
}
AspectDefinition def = dictionaryService.getAspect(aspect);
if (def != null)
{
QName parent = def.getParentName();
if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true)
{
recordMetaDataAspects.add(aspect);
}
}
}
}
}
return recordMetaDataAspects;
}
}
return recordMetaDataAspects;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean isRecord(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean isRecord(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
return nodeService.hasAspect(nodeRef, ASPECT_RECORD);
}
return nodeService.hasAspect(nodeRef, ASPECT_RECORD);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean isDeclared(NodeRef record)
{
ParameterCheck.mandatory("record", record);
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean isDeclared(NodeRef record)
{
ParameterCheck.mandatory("record", record);
return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD);
}
return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public void createRecordFromDocument(NodeRef filePlan, NodeRef document)
{
ParameterCheck.mandatory("filePlan", filePlan);
ParameterCheck.mandatory("document", document);
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef,
* org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public void createRecordFromDocument(NodeRef filePlan, NodeRef document)
{
ParameterCheck.mandatory("filePlan", filePlan);
ParameterCheck.mandatory("document", document);
// skip everything if the document is already a record
if (nodeService.hasAspect(document, ASPECT_RECORD) == false)
{
// get the new record container for the file plan
NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan);
if (newRecordContainer == null)
{
throw new AlfrescoRuntimeException("Unable to create record, because new record container could not be found.");
}
// skip everything if the document is already a record
if (nodeService.hasAspect(document, ASPECT_RECORD) == false)
{
// get the new record container for the file plan
NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan);
if (newRecordContainer == null) { throw new AlfrescoRuntimeException(
"Unable to create record, because new record container could not be found."); }
// get the documents primary parent assoc
ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document);
// get the documents primary parent assoc
ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document);
// move the document into the file plan
nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName());
// move the document into the file plan
nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName());
// maintain the original primary location
nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc.getQName());
// maintain the original primary location
nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc
.getQName());
// make the document a record
makeRecord(document);
// make the document a record
makeRecord(document);
// get the documents readers
Long aclId = nodeService.getNodeAclId(document);
Set<String> readers = permissionService.getReaders(aclId);
// get the documents readers
Long aclId = nodeService.getNodeAclId(document);
Set<String> readers = permissionService.getReaders(aclId);
// set the readers
recordsManagementSecurityService.setExtendedReaders(document, readers);
}
}
// set the readers
extendedSecurityService.setExtendedReaders(document, readers);
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public NodeRef getUnfiledRecordContainer(NodeRef filePlan)
{
ParameterCheck.mandatory("filePlan", filePlan);
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public NodeRef getUnfiledRecordContainer(NodeRef filePlan)
{
ParameterCheck.mandatory("filePlan", filePlan);
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS, RegexQNamePattern.MATCH_ALL);
if (assocs.size() != 1)
{
throw new AlfrescoRuntimeException("Error getting the unfiled container, because the container cannot be indentified.");
}
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS,
RegexQNamePattern.MATCH_ALL);
if (assocs.size() != 1) { throw new AlfrescoRuntimeException(
"Error getting the unfiled container, because the container cannot be indentified."); }
return assocs.get(0).getChildRef();
}
return assocs.get(0).getChildRef();
}
/**
* Helper Methods
*/
/**
* Helper Methods
*/
/**
* Creates a record from the given document
*
* @param document the document from which a record will be created
*/
private void makeRecord(NodeRef document)
{
nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null);
/**
* Creates a record from the given document
*
* @param document the document from which a record will be created
*/
private void makeRecord(NodeRef document)
{
nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null);
String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document).getParentRef());
nodeService.setProperty(document, PROP_IDENTIFIER, recordId);
}
String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document)
.getParentRef());
nodeService.setProperty(document, PROP_IDENTIFIER, recordId);
}
}

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java
View File

@@ -47,8 +47,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
/** Authority service */
private AuthorityService authorityService;
/** Records management security service */
private RecordsManagementSecurityService recordsManagementSecurityService;
/** Extended security service */
private ExtendedSecurityService extendedSecurityService;
/** Node service */
private NodeService nodeService;
@@ -72,15 +72,15 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
}
/**
* @return records management security service
* @return extended security service
*/
public RecordsManagementSecurityService getRecordsManagementSecurityService()
public ExtendedSecurityService getExtendedSecurityService()
{
if (recordsManagementSecurityService == null)
if (extendedSecurityService == null)
{
recordsManagementSecurityService = (RecordsManagementSecurityService)applicationContext.getBean("recordsManagementSecurityService");
extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("extendedSecurityService");
}
return recordsManagementSecurityService;
return extendedSecurityService;
}
/**
@@ -123,7 +123,7 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == true)
{
Set<String> readers = getRecordsManagementSecurityService().getExtendedReaders(nodeRef);
Set<String> readers = getExtendedSecurityService().getExtendedReaders(nodeRef);
if (readers != null)
{
for (String reader : readers)
@@ -167,6 +167,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
@Override
public Set<PermissionReference> requiredFor()
{
// TODO ... should we set something here? ReadRecord?
return null;
}
}

94
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java Normal file
View File

@@ -0,0 +1,94 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Extended security service.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface ExtendedSecurityService
{
/**
* Indicates whether the node has any extended readers set or not.
*
* @param nodeRef node reference
* @return boolean true if the node has extended readers set, false otherwise
*/
boolean hasExtendedReaders(NodeRef nodeRef);
/**
* Gets the set authorities that are extended readers for the given node.
*
* @param nodeRef node reference
* @return {@link Set}<{@link String}> extended readers
*/
Set<String> getExtendedReaders(NodeRef nodeRef);
/**
* Set the authorities that are extended readers on the node. Applies extended readers to
* file plan parent hierarchy.
*
* @param nodeRef node reference
* @param readers extended readers
*/
void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
/**
*
* @param nodeRef
* @param readers
* @param applyToParents
*/
void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
/**
*
* @param nodeRef
* @param readers
*/
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
/**
*
* @param nodeRef
* @param readers
* @param applyToParents
*/
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
/**
*
* @param nodeRef
*/
void removeAllExtendedReaders(NodeRef nodeRef);
/**
*
* @param nodeRef
* @param applyToParents
*/
void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents);
}

347
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java Normal file
View File

@@ -0,0 +1,347 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.RenditionModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
/**
* Extended security service implementation.
*
* @author Roy Wetherall
* @since 2.1
*/
public class ExtendedSecurityServiceImpl implements ExtendedSecurityService,
RecordsManagementModel,
NodeServicePolicies.OnMoveNodePolicy
{
/** Policy component */
private PolicyComponent policyComponent;
/** Node service */
private NodeService nodeService;
/** Records management service */
private RecordsManagementService recordsManagementService;
/** Record service */
private RecordService recordService;
/**
* @param policyComponent policy component
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* @param recordService record service
*/
public void setRecordService(RecordService recordService)
{
this.recordService = recordService;
}
/**
* @param recordsManagementService records management service
*/
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
{
this.recordsManagementService = recordsManagementService;
}
/**
* @param nodeService node service
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* Init method
*/
public void init()
{
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_EXTENDED_READERS,
new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean hasExtendedReaders(NodeRef nodeRef)
{
boolean result = false;
Set<String> extendedReaders = getExtendedReaders(nodeRef);
if (extendedReaders != null && extendedReaders.size() != 0)
{
result = true;
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@SuppressWarnings("unchecked")
@Override
public Set<String> getExtendedReaders(NodeRef nodeRef)
{
Set<String> result = null;
Map<String, Integer> readerMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
if (readerMap != null)
{
result = readerMap.keySet();
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
*/
@Override
public void setExtendedReaders(NodeRef nodeRef, Set<String> readers)
{
setExtendedReaders(nodeRef, readers, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
*/
@SuppressWarnings("unchecked")
@Override
public void setExtendedReaders(NodeRef nodeRef, java.util.Set<String> readers, boolean applyToParents)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
ParameterCheck.mandatory("readers", readers);
ParameterCheck.mandatory("applyToParents", applyToParents);
if (nodeRef != null && readers.isEmpty() == false)
{
// add the aspect if missing
if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false)
{
nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null);
}
// get reader map
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
if (readersMap == null)
{
// create reader map
readersMap = new HashMap<String, Integer>(7);
}
for (String reader : readers)
{
if (readersMap.containsKey(reader) == true)
{
// increment reference count
Integer count = readersMap.get(reader);
readersMap.put(reader, Integer.valueOf(count.intValue()+1));
}
else
{
// add reader with initial count
readersMap.put(reader, Integer.valueOf(1));
}
}
// set the readers property (this will in turn apply the aspect if required)
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
// apply the readers to any renditions of the content
if (recordService.isRecord(nodeRef) == true)
{
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
setExtendedReaders(child, readers, false);
}
}
if (applyToParents == true)
{
// apply the extended readers up the file plan primary hierarchy
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null &&
recordsManagementService.isFilePlanComponent(parent) == true)
{
setExtendedReaders(parent, readers);
}
}
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
*/
@Override
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers)
{
removeExtendedReaders(nodeRef, readers, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
*/
@Override
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents)
{
if (hasExtendedReaders(nodeRef) == true)
{
removeExtendedReadersImpl(nodeRef, readers);
// remove the readers from any renditions of the content
if (recordService.isRecord(nodeRef) == true)
{
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
removeExtendedReadersImpl(child, readers);
}
}
if (applyToParents == true)
{
// apply the extended readers up the file plan primary hierarchy
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null &&
recordsManagementService.isFilePlanComponent(parent) == true)
{
removeExtendedReaders(parent, readers, applyToParents);
}
}
}
}
/**
*
* @param nodeRef
* @param readers
*/
@SuppressWarnings("unchecked")
private void removeExtendedReadersImpl(NodeRef nodeRef, Set<String> readers)
{
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
for (String reader : readers)
{
Integer readerCount = readersMap.get(reader);
if (readerCount != null)
{
if (readerCount == 1)
{
readersMap.remove(reader);
}
else
{
readersMap.put(reader, Integer.valueOf(readerCount.intValue()-1));
}
}
}
if (readersMap.isEmpty() == true)
{
readersMap = null;
}
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public void removeAllExtendedReaders(NodeRef nodeRef)
{
removeAllExtendedReaders(nodeRef, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/
@Override
public void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents)
{
if (hasExtendedReaders(nodeRef) == true)
{
Set<String> readers = getExtendedReaders(nodeRef);
if (readers != null && readers.isEmpty() == false)
{
removeExtendedReaders(nodeRef, readers);
}
}
}
/**
* @see org.alfresco.repo.node.NodeServicePolicies.OnMoveNodePolicy#onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef, org.alfresco.service.cmr.repository.ChildAssociationRef)
*/
@Override
public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc)
{
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
NodeRef record = newAssoc.getChildRef();
NodeRef newParent = newAssoc.getParentRef();
NodeRef oldParent = origAssoc.getParentRef();
Set<String> readers = getExtendedReaders(record);
if (readers != null && readers.size() != 0)
{
setExtendedReaders(newParent, readers);
removeExtendedReadersImpl(oldParent, readers);
}
return null;
}
});
}
}

52
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -152,56 +152,4 @@ public interface RecordsManagementSecurityService
* @param permission permission
*/
void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
* Indicates whether the node has any extended readers set or not.
*
* @param nodeRef node reference
* @return boolean true if the node has extended readers set, false otherwise
* @since 2.1
*/
boolean hasExtendedReaders(NodeRef nodeRef);
/**
* Gets the set authorities that are extended readers for the given node.
*
* @param nodeRef node reference
* @return {@link Set}<{@link String}> extended readers
* @since 2.1
*/
Set<String> getExtendedReaders(NodeRef nodeRef);
/**
* Set the authorities that are extended readers on the node. Applies extended readers to
* file plan parent hierarchy.
*
* @param nodeRef node reference
* @param readers extended readers
* @since 2.1
*/
void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
/**
*
* @param nodeRef
* @param readers
* @param applyToParents
* @since 2.1
*/
void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
/**
*
* @param nodeRef
* @param readers
* @since 2.1
*/
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
/**
*
* @param nodeRef
* @since 2.1
*/
void removeAllExtendedReaders(NodeRef nodeRef);
}

194
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -31,7 +31,6 @@ import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.model.RenditionModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
@@ -43,7 +42,6 @@ import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -61,9 +59,6 @@ import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
/**
* Records management permission service implementation
@@ -71,9 +66,7 @@ import org.springframework.context.ApplicationContextAware;
* @author Roy Wetherall
*/
public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService,
RecordsManagementModel,
ApplicationContextAware,
NodeServicePolicies.OnMoveNodePolicy
RecordsManagementModel
{
/** Capability service */
@@ -106,18 +99,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Logger */
private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class);
/** Application context */
private ApplicationContext applicationContext;
/**
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
*/
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
{
this.applicationContext = applicationContext;
}
/**
* Set the capability service
*
@@ -209,11 +190,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_RECORD_FOLDER,
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
@@ -570,6 +546,13 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}, AuthenticationUtil.getSystemUserName());
}
/**
* Helper method to convert a stream to a string.
*
* @param is input stream
* @return {@link String} string
* @throws IOException
*/
public String convertStreamToString(InputStream is) throws IOException
{
/*
@@ -762,6 +745,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*
* TODO .. change this to check a property of the role its self
*/
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
@@ -1031,163 +1016,4 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean hasExtendedReaders(NodeRef nodeRef)
{
boolean result = false;
Set<String> extendedReaders = getExtendedReaders(nodeRef);
if (extendedReaders != null && extendedReaders.size() != 0)
{
result = true;
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@SuppressWarnings("unchecked")
@Override
public Set<String> getExtendedReaders(NodeRef nodeRef)
{
NodeService nodeService = (NodeService)applicationContext.getBean("nodeService");
Set<String> result = null;
Map<String, Integer> readerMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
if (readerMap != null)
{
result = readerMap.keySet();
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
*/
@Override
public void setExtendedReaders(NodeRef nodeRef, Set<String> readers)
{
setExtendedReaders(nodeRef, readers, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
*/
@SuppressWarnings("unchecked")
@Override
public void setExtendedReaders(NodeRef nodeRef, java.util.Set<String> readers, boolean applyToParents)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
ParameterCheck.mandatory("readers", readers);
NodeService nodeService = (NodeService)applicationContext.getBean("nodeService");
RecordsManagementService recordsManagementService = (RecordsManagementService)applicationContext.getBean("recordsManagementService");
if (nodeRef != null &&
readers.isEmpty() == false)
{
// add the aspect if missing
if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false)
{
nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null);
}
// get reader map
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
if (readersMap == null)
{
// create reader map
readersMap = new HashMap<String, Integer>(7);
}
for (String reader : readers)
{
if (readersMap.containsKey(reader) == true)
{
// increment reference count
Integer count = readersMap.get(reader);
readersMap.put(reader, Integer.valueOf(count.intValue()+1));
}
else
{
// add reader with initial count
readersMap.put(reader, Integer.valueOf(1));
}
}
// set the readers property (this will in turn apply the aspect if required)
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
// apply the readers to any renditions of the content
if (recordsManagementService.isRecord(nodeRef) == true)
{
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
setExtendedReaders(child, readers, false);
}
}
if (applyToParents == true)
{
// apply the extended readers up the file plan primary hierarchy
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null &&
recordsManagementService.isFilePlanComponent(parent) == true)
{
setExtendedReaders(parent, readers);
}
}
}
}
@Override
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers)
{
// TODO Auto-generated method stub
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public void removeAllExtendedReaders(NodeRef nodeRef)
{
// TODO Auto-generated method stub
}
@Override
public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc)
{
// TODO temp solution for demo
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
NodeRef record = newAssoc.getChildRef();
NodeRef parent = newAssoc.getParentRef();
Set<String> readers = getExtendedReaders(record);
if (readers != null && readers.size() != 0)
{
setExtendedReaders(parent, readers);
}
return null;
}});
}
}

95
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java → rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java
View File

@@ -6,6 +6,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -14,8 +15,10 @@ import org.alfresco.service.cmr.repository.NodeRef;
*
* @author Roy Wetherall
*/
public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
{
private ExtendedSecurityService extendedSecurityService;
private NodeRef record;
private NodeRef recordToo;
@@ -25,6 +28,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
return true;
}
@Override
protected void initServices()
{
super.initServices();
extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("ExtendedSecurityService");
}
@Override
protected void setupTestDataImpl()
{
@@ -33,35 +44,6 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
record = utils.createRecord(rmFolder, "record.txt");
recordToo = utils.createRecord(rmFolder, "recordToo.txt");
}
// TODO testGetProtectedAspects
// TODO getProtectedProperties
// TODO bootstrapDefaultRoles
// TODO getRoles
// TODO getRolesByUser
// TODO getRole
// TODO existsRole
// TODO hasRMAdminRole
// TODO createRole
// TODO updateRole
// TODO deleteRole
// TODO assignRoleToAuthority
// TODO setPermission
// TODO deletePermission
public void testExtendedReaders()
{
@@ -74,13 +56,13 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
assertFalse(hasExtendedReadersAspect(rmFolder));
assertFalse(hasExtendedReadersAspect(record));
assertNull(securityService.getExtendedReaders(record));
assertNull(extendedSecurityService.getExtendedReaders(record));
Set<String> extendedReaders = new HashSet<String>(2);
extendedReaders.add("monkey");
extendedReaders.add("elephant");
securityService.setExtendedReaders(record, extendedReaders);
extendedSecurityService.setExtendedReaders(record, extendedReaders);
Map<String, Integer> testMap = new HashMap<String, Integer>(2);
testMap.put("monkey", Integer.valueOf(1));
@@ -95,7 +77,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
extendedReadersToo.add("monkey");
extendedReadersToo.add("snake");
securityService.setExtendedReaders(recordToo, extendedReadersToo);
extendedSecurityService.setExtendedReaders(recordToo, extendedReadersToo);
Map<String, Integer> testMapToo = new HashMap<String, Integer>(2);
testMapToo.put("monkey", Integer.valueOf(1));
@@ -111,6 +93,39 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
test(rmFolder, testMapThree);
test(recordToo, testMapToo);
// test remove (with no parent inheritance)
Set<String> removeMap1 = new HashSet<String>(2);
removeMap1.add("elephant");
removeMap1.add("monkey");
extendedSecurityService.removeExtendedReaders(rmFolder, removeMap1, false);
Map<String, Integer> testMapFour = new HashMap<String, Integer>(2);
testMapFour.put("monkey", Integer.valueOf(1));
testMapFour.put("snake", Integer.valueOf(1));
test(filePlan, testMapThree);
test(rmContainer, testMapThree);
test(rmFolder, testMapFour);
test(recordToo, testMapToo);
// test remove (apply to parents)
Set<String> removeMap2 = new HashSet<String>(1);
removeMap2.add("snake");
extendedSecurityService.removeExtendedReaders(recordToo, removeMap2, true);
testMapThree.remove("snake");
testMapFour.remove("snake");
testMapToo.remove("snake");
test(filePlan, testMapThree);
test(rmContainer, testMapThree);
test(rmFolder, testMapFour);
test(recordToo, testMapToo);
return null;
}
@@ -131,22 +146,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
for (Map.Entry<String, Integer> entry: testMap.entrySet())
{
assertTrue(readersMap.containsKey(entry.getKey()));
assertEquals(entry.getValue(), readersMap.get(entry.getKey()));
assertEquals(entry.getKey(), entry.getValue(), readersMap.get(entry.getKey()));
}
Set<String> readers = securityService.getExtendedReaders(nodeRef);
Set<String> readers = extendedSecurityService.getExtendedReaders(nodeRef);
assertNotNull(readers);
assertEquals(testMap.size(), readers.size());
}
});
}
// TODO getExtendedReaders
// TODO setExtendedReaders
// TODO removeExtendedReaders
// TODO removeAllExtendedReaders
}
}