From 49f504ba9324bba876b2ed7c713c148acbd5975a Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Thu, 13 Feb 2020 12:12:01 +0200 Subject: [PATCH 1/8] update the assoc policy for the case when the create assoc source node is not a file plan component node --- .../capability/policy/AssocPolicy.java | 45 ++++++++++++++++++- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java index e22a04afd0..882faefa51 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java @@ -27,8 +27,12 @@ package org.alfresco.module.org_alfresco_module_rm.capability.policy; +import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; import org.aopalliance.intercept.MethodInvocation; public class AssocPolicy extends AbstractBasePolicy @@ -40,8 +44,45 @@ public class AssocPolicy extends AbstractBasePolicy Class[] params, ConfigAttributeDefinition cad) { - NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent()); - return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(testNodeRef); + NodeRef source = null; + if (cad.getParameters().get(0) > -1) + { + source = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent()); + } + + NodeRef target = null; + if (cad.getParameters().get(1) > -1) + { + target = getTestNode(invocation, params, cad.getParameters().get(1), cad.isParent()); + } + + if ((source != null) && (target != null)) + { + // check that we aren't trying to create an association from DM to RM + if (nodeService.hasAspect(source, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)) + { + return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(source); + } + else + { + if (nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && + getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME) && + permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED) + ) + { + return AccessDecisionVoter.ACCESS_GRANTED; + } + else + { + return AccessDecisionVoter.ACCESS_DENIED; + } + } + } + else + { + return AccessDecisionVoter.ACCESS_DENIED; + } } } + From 098c80bd034c1efde632e9f19a88b43fa2d11a8a Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Tue, 18 Feb 2020 09:44:13 +0200 Subject: [PATCH 2/8] cherry pick # Conflicts: # rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java # rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java --- .../capability/policy/AssocPolicy.java | 15 +- .../record/DownloadAsZipRecordTest.java | 142 ++++++++++++++++++ 2 files changed, 151 insertions(+), 6 deletions(-) create mode 100644 rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java index 882faefa51..3ec8a3f0a6 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java @@ -56,19 +56,22 @@ public class AssocPolicy extends AbstractBasePolicy target = getTestNode(invocation, params, cad.getParameters().get(1), cad.isParent()); } - if ((source != null) && (target != null)) + if (source != null && target != null) { - // check that we aren't trying to create an association from DM to RM + // check the source node ref is a file plan component if (nodeService.hasAspect(source, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)) { return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(source); } else { - if (nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && - getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME) && - permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED) - ) + final boolean isFilePlanComponent = nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT); + final boolean hasViewRecordCapability = getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME); + // allow association between a source non rm node and an rm node if the user + // has ViewRecordsCapability on the RM target node and write properties on the dm node + if ( isFilePlanComponent && + hasViewRecordCapability && + permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED)) { return AccessDecisionVoter.ACCESS_GRANTED; } diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java new file mode 100644 index 0000000000..5c19e79ff1 --- /dev/null +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java @@ -0,0 +1,142 @@ +/*- + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2020 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ +package org.alfresco.module.org_alfresco_module_rm.test.integration.record; + +import net.sf.acegisecurity.Authentication; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.security.permissions.AccessDeniedException; +import org.alfresco.service.cmr.download.DownloadService; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.util.GUID; + +/** + * Download as zip record test. + * 
Tests for MNT-21292
+ * @author Rodica Sutu + * @since 3.2.0.1 + */ +public class DownloadAsZipRecordTest extends BaseRMTestCase +{ + private DownloadService downloadService; + + @Override + protected boolean isCollaborationSiteTest() + { + return true; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices() + */ + @Override + protected void initServices() + { + super.initServices(); + downloadService = (DownloadService) applicationContext.getBean("DownloadService"); + } + + /** + * Given a record and a user without view record capability + * When the user downloads the record + * Then Access Denied exception is thrown + */ + public void testDownloadRecordUserNoReadCapability() + { + + doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class) + { + /** user with no view record capability */ + String userDownload; + Authentication previousAuthentication; + + public void given() + { + // create an inplace record + AuthenticationUtil.runAs((RunAsWork) () -> { + recordService.createRecord(filePlan, dmDocument); + return null; + }, AuthenticationUtil.getAdminUserName()); + // create user + userDownload = GUID.generate(); + createPerson(userDownload); + } + + public void when() + { + previousAuthentication = AuthenticationUtil.getFullAuthentication(); + AuthenticationUtil.setFullyAuthenticatedUser(userDownload); + downloadService.createDownload(new NodeRef[] { dmDocument }, true); + } + + public void after() + { + AuthenticationUtil.setFullAuthentication(previousAuthentication); + personService.deletePerson(userDownload); + } + }); + } + + /** + * Given a record and a user with view record capability + * When the user downloads the record + * Then download node is created + */ + public void testDownloadRecordUserWithReadCapability() + { + doBehaviourDrivenTest(new BehaviourDrivenTest() + { + NodeRef downloadStorageNode; + + public void given() + { + // Create an inplace record + AuthenticationUtil.runAs((RunAsWork) () -> { + // Declare record + recordService.createRecord(filePlan, dmDocument); + return null; + }, dmCollaborator); + } + + public void when() + { + Authentication previousAuthentication = AuthenticationUtil.getFullAuthentication(); + AuthenticationUtil.setFullyAuthenticatedUser(dmCollaborator); + // request to download the record + downloadStorageNode = downloadService.createDownload(new NodeRef[] { dmDocument }, true); + AuthenticationUtil.setFullAuthentication(previousAuthentication); + } + + public void then() + { + // check the download storage node is created + assertTrue(nodeService.exists(downloadStorageNode)); + } + }); + } +} From 1292cb495b45a0060086f368542d9df8af776247 Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Thu, 24 Oct 2019 07:02:16 +0100 Subject: [PATCH 3/8] Merge branch 'feature/RM-7006_UpdateToACS611' into 'master' RM-7006 Update to ACS 6.1.1 Closes RM-7006 See merge request records-management/records-management!1272 --- pom.xml | 7 ++++--- rm-community/pom.xml | 4 ++-- rm-community/rm-community-repo/pom.xml | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 231460afc9..5a5c758230 100644 --- a/pom.xml +++ b/pom.xml @@ -531,7 +531,7 @@ alfresco org.alfresco share - 6.20 + 7.8 6.1.0 0.0 @@ -558,10 +558,11 @@ 3.1.0 8080 - 2.9.8 + 2.9.9 + 2.9.9.3 0.25.0 1.10.19 - 42.2.5 + 42.2.6 5432 5.1.40 3306 diff --git a/rm-community/pom.xml b/rm-community/pom.xml index e53ae86f65..51d6b80a91 100644 --- a/rm-community/pom.xml +++ b/rm-community/pom.xml @@ -57,7 +57,7 @@ com.fasterxml.jackson.core jackson-databind - ${jackson.version} + ${jackson-databind.version} com.fasterxml.jackson.datatype @@ -73,7 +73,7 @@ - 5.1.1.RELEASE + 5.1.8.RELEASE 6.1.2-ga 6.1.0 diff --git a/rm-community/rm-community-repo/pom.xml b/rm-community/rm-community-repo/pom.xml index 4fc5d127ca..fb73d75580 100644 --- a/rm-community/rm-community-repo/pom.xml +++ b/rm-community/rm-community-repo/pom.xml @@ -24,7 +24,7 @@ alfresco-platform 9.1-901.jdbc4 alfresco-governance-services-community-repo - + 7.5.1 7.33.12 7.34.1 From 738fce1c3727872cd25cd37c366b66be78cc8f21 Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Thu, 20 Feb 2020 10:11:22 +0200 Subject: [PATCH 4/8] update the ACS library versions in order to have the changes that cause download post to work --- rm-community/rm-community-repo/pom.xml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/rm-community/rm-community-repo/pom.xml b/rm-community/rm-community-repo/pom.xml index fb73d75580..40dffee2ba 100644 --- a/rm-community/rm-community-repo/pom.xml +++ b/rm-community/rm-community-repo/pom.xml @@ -25,9 +25,9 @@ 9.1-901.jdbc4 alfresco-governance-services-community-repo - 7.5.1 - 7.33.12 - 7.34.1 + 7.5.7.0 + 7.33.42.0 + 7.34.25.0 6.1.0 alfresco/alfresco-governance-repository-community @@ -460,12 +460,13 @@ use-postgres - ${my.db.name} - ${my.db.port} + ${alfresco.test.db.name} + ${database.port} org.alfresco.repo.domain.dialect.PostgreSQLDialect - jdbc:postgresql:template1 - jdbc:postgresql:${alfresco.db.name} + jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} + jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} + jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} org.postgresql.Driver From b2b0121d204ab6f103a034f038baf158b5ef407f Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Thu, 20 Feb 2020 12:53:54 +0200 Subject: [PATCH 5/8] revert unwanted changes --- rm-community/rm-community-repo/pom.xml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/rm-community/rm-community-repo/pom.xml b/rm-community/rm-community-repo/pom.xml index 40dffee2ba..cd8a410818 100644 --- a/rm-community/rm-community-repo/pom.xml +++ b/rm-community/rm-community-repo/pom.xml @@ -460,13 +460,12 @@ use-postgres - ${alfresco.test.db.name} - ${database.port} + ${my.db.name} + ${my.db.port} org.alfresco.repo.domain.dialect.PostgreSQLDialect - jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} - jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} - jdbc:postgresql://localhost:${database.port}/${alfresco.test.db.name} + jdbc:postgresql:template1 + jdbc:postgresql:${alfresco.db.name} org.postgresql.Driver From 43268debd34d71b499ca684786ab053aa01081b9 Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Fri, 21 Feb 2020 11:21:26 +0200 Subject: [PATCH 6/8] move test DownloadAsZipRecordTest into rm enterprise package as there is no ACS 6.1.1 community equivalent and the issue is not reproducing with ACS community 6.1.2-ga --- rm-community/rm-community-repo/pom.xml | 6 +- .../record/DownloadAsZipRecordTest.java | 142 ------------------ 2 files changed, 3 insertions(+), 145 deletions(-) delete mode 100644 rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java diff --git a/rm-community/rm-community-repo/pom.xml b/rm-community/rm-community-repo/pom.xml index cd8a410818..fb73d75580 100644 --- a/rm-community/rm-community-repo/pom.xml +++ b/rm-community/rm-community-repo/pom.xml @@ -25,9 +25,9 @@ 9.1-901.jdbc4 alfresco-governance-services-community-repo - 7.5.7.0 - 7.33.42.0 - 7.34.25.0 + 7.5.1 + 7.33.12 + 7.34.1 6.1.0 alfresco/alfresco-governance-repository-community diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java deleted file mode 100644 index 5c19e79ff1..0000000000 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/DownloadAsZipRecordTest.java +++ /dev/null @@ -1,142 +0,0 @@ -/*- - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2020 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ -package org.alfresco.module.org_alfresco_module_rm.test.integration.record; - -import net.sf.acegisecurity.Authentication; -import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.security.permissions.AccessDeniedException; -import org.alfresco.service.cmr.download.DownloadService; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.util.GUID; - -/** - * Download as zip record test. - * 
Tests for MNT-21292
- * @author Rodica Sutu - * @since 3.2.0.1 - */ -public class DownloadAsZipRecordTest extends BaseRMTestCase -{ - private DownloadService downloadService; - - @Override - protected boolean isCollaborationSiteTest() - { - return true; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices() - */ - @Override - protected void initServices() - { - super.initServices(); - downloadService = (DownloadService) applicationContext.getBean("DownloadService"); - } - - /** - * Given a record and a user without view record capability - * When the user downloads the record - * Then Access Denied exception is thrown - */ - public void testDownloadRecordUserNoReadCapability() - { - - doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class) - { - /** user with no view record capability */ - String userDownload; - Authentication previousAuthentication; - - public void given() - { - // create an inplace record - AuthenticationUtil.runAs((RunAsWork) () -> { - recordService.createRecord(filePlan, dmDocument); - return null; - }, AuthenticationUtil.getAdminUserName()); - // create user - userDownload = GUID.generate(); - createPerson(userDownload); - } - - public void when() - { - previousAuthentication = AuthenticationUtil.getFullAuthentication(); - AuthenticationUtil.setFullyAuthenticatedUser(userDownload); - downloadService.createDownload(new NodeRef[] { dmDocument }, true); - } - - public void after() - { - AuthenticationUtil.setFullAuthentication(previousAuthentication); - personService.deletePerson(userDownload); - } - }); - } - - /** - * Given a record and a user with view record capability - * When the user downloads the record - * Then download node is created - */ - public void testDownloadRecordUserWithReadCapability() - { - doBehaviourDrivenTest(new BehaviourDrivenTest() - { - NodeRef downloadStorageNode; - - public void given() - { - // Create an inplace record - AuthenticationUtil.runAs((RunAsWork) () -> { - // Declare record - recordService.createRecord(filePlan, dmDocument); - return null; - }, dmCollaborator); - } - - public void when() - { - Authentication previousAuthentication = AuthenticationUtil.getFullAuthentication(); - AuthenticationUtil.setFullyAuthenticatedUser(dmCollaborator); - // request to download the record - downloadStorageNode = downloadService.createDownload(new NodeRef[] { dmDocument }, true); - AuthenticationUtil.setFullAuthentication(previousAuthentication); - } - - public void then() - { - // check the download storage node is created - assertTrue(nodeService.exists(downloadStorageNode)); - } - }); - } -} From e78f159844674d5924acf30cadd74ad67373c514 Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Mon, 28 Oct 2019 06:57:46 +0000 Subject: [PATCH 7/8] Merge branch 'feature/RM-7012_ActionNameInListOfValuesForAudit' into 'master' RM-7012 See merge request records-management/records-management!1280 (cherry picked from commit a3450f74cf1fda0c146f2dd743f51e4be4413e68) --- .../module/org_alfresco_module_rm/action-context.xml | 9 --------- .../module/org_alfresco_module_rm/module-context.xml | 1 + 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/action-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/action-context.xml index b471c996c0..477d319ef4 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/action-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/action-context.xml @@ -5,15 +5,6 @@ http://www.springframework.org/schema/beans/spring-beans.xsd"> - - - - - alfresco.module.org_alfresco_module_rm.messages.actions - - - - diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml index d999b109d7..4ccba8a2a0 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml @@ -64,6 +64,7 @@ alfresco.module.org_alfresco_module_rm.messages.admin-service alfresco.module.org_alfresco_module_rm.messages.records-management-service alfresco.module.org_alfresco_module_rm.messages.action-service + alfresco.module.org_alfresco_module_rm.messages.actions alfresco.module.org_alfresco_module_rm.messages.audit-service alfresco.module.org_alfresco_module_rm.messages.rm-events alfresco.module.org_alfresco_module_rm.messages.capability-service From 11e9c8fc63a0a20199735f58165932331fb39d18 Mon Sep 17 00:00:00 2001 From: Rodica Sutu Date: Tue, 25 Feb 2020 17:50:58 +0200 Subject: [PATCH 8/8] use 6.1.1 community libraries --- rm-community/rm-community-repo/pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rm-community/rm-community-repo/pom.xml b/rm-community/rm-community-repo/pom.xml index 9a6019e46b..0895e912b3 100644 --- a/rm-community/rm-community-repo/pom.xml +++ b/rm-community/rm-community-repo/pom.xml @@ -24,11 +24,11 @@ alfresco-platform 9.1-901.jdbc4 alfresco-governance-services-community-repo - - 7.5.1 - 7.43 - 7.35 - 6.1.0-RC3 + + 7.4 + 7.22 + 7.7 + 6.1.0 alfresco/alfresco-governance-repository-community false