REPO-2819 : DELETE /shared-links/{id} with admin returns 403 (#9)

* REPO-2819 : DELETE /shared-links/{id} with admin returns 403
   Add an extra check to QuickShareServiceImpl.canDeleteSharedLink, because the admin user can return the SiteName of a nodeRef (even if it's private).
      Add a JUnit test into QuickShareServiceIntegrationTest
         Add a comment to the test - no actual shared Link is needed for this test.

* REPO-2520 : SiteMembership Java API calls should tell which site resulted in errors
   Add the test class into the test suite (was not previously added).

src/main/java/org/alfresco/repo/quickshare/QuickShareServiceImpl.java

@@ -986,7 +986,8 @@ public class QuickShareServiceImpl implements QuickShareService,
         {
             // node belongs to a site - current user must be a manager or collaborator or someone who shared the link
             String role = siteService.getMembersRole(siteName, currentUser);
-            if (isSharedByCurrentUser || (role != null && (role.equals(SiteModel.SITE_MANAGER) || role.equals(SiteModel.SITE_COLLABORATOR))))
+            if (isSharedByCurrentUser || (role != null && (role.equals(SiteModel.SITE_MANAGER) || role.equals(SiteModel.SITE_COLLABORATOR)))
+                    || (authorityService.isAdminAuthority(currentUser)))
             {
                 canDeleteSharedLink = true;
             }

src/test/java/org/alfresco/AllRepositoryTestsCatalogue.java

@@ -592,6 +592,7 @@ public class AllRepositoryTestsCatalogue
     // no context - true JUNIT tests
     static void unitTestsNoContext(TestSuite suite)
     {
+        suite.addTest(new JUnit4TestAdapter(org.alfresco.repo.site.SiteMembershipTest.class));
         suite.addTestSuite(org.alfresco.encryption.EncryptorTest.class);
         suite.addTestSuite(org.alfresco.encryption.KeyStoreKeyProviderTest.class);
         suite.addTest(new JUnit4TestAdapter(org.alfresco.filesys.config.ServerConfigurationBeanTest.class));

src/test/java/org/alfresco/repo/quickshare/QuickShareServiceIntegrationTest.java

@@ -63,6 +63,8 @@ import org.alfresco.service.cmr.repository.InvalidNodeRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.cmr.site.SiteService;
+import org.alfresco.service.cmr.site.SiteVisibility;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.test.junitrules.AlfrescoPerson;
@@ -134,6 +136,7 @@ public class QuickShareServiceIntegrationTest
     private static QuickShareLinkExpiryActionPersister quickShareLinkExpiryActionPersister;
     private static RetryingTransactionHelper transactionHelper;
     private static Properties globalProperties;
+    private static SiteService siteService;
     
     private static AlfrescoPerson user1 = new AlfrescoPerson(testContext, "UserOne");
     private static AlfrescoPerson user2 = new AlfrescoPerson(testContext, "UserTwo");
@@ -173,6 +176,7 @@ public class QuickShareServiceIntegrationTest
         quickShareLinkExpiryActionPersister = ctx.getBean("quickShareLinkExpiryActionPersister", QuickShareLinkExpiryActionPersister.class);
         transactionHelper = ctx.getBean("retryingTransactionHelper", RetryingTransactionHelper.class);
         globalProperties = ctx.getBean("global-properties", Properties.class);
+        siteService = (SiteService) ctx.getBean("SiteService");
     }
     
     @Before public void createTestData()
@@ -849,6 +853,52 @@ public class QuickShareServiceIntegrationTest
         }
     }
 
+    // Test SharedLink deletion by admin user based on REPO-2819 - test does not relay on whether a sharedLink
+    // exists or not.
+    @Test
+    public void testCanDeleteSharedLinkWithAdminUserForPrivateNodes() throws Exception
+    {
+        String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
+        try
+        {
+            // Create a private site
+            AuthenticationUtil.setFullyAuthenticatedUser(user1.getUsername());
+            String randomUUID = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
+            String siteName = "testSite" + randomUUID;
+            siteService.createSite("site-dashboard", siteName, "Title for " + siteName,
+                    "Description for " + siteName, SiteVisibility.PRIVATE);
+
+            // Create a node on the private site and user home
+            String nodeName = "testNode" + randomUUID;
+            NodeRef nodeRefOnPrivateSite = testNodes.createNode(siteService.getSite(siteName).getNodeRef(), nodeName,
+                    ContentModel.TYPE_CONTENT, user1.getUsername());
+            NodeRef nodeRefOnUserHome = testNodes.createNode(userHome, nodeName + "userHome",
+                    ContentModel.TYPE_CONTENT, user1.getUsername());
+
+            // Verify if the admin user "canDeleteSharedLink" on the nodes
+            AuthenticationUtil.setFullyAuthenticatedUser("admin");
+            boolean canDeleteSharedLink = userCanDeleteSharedLink(nodeRefOnPrivateSite,user1.getUsername());
+            assertEquals(true, canDeleteSharedLink);
+            canDeleteSharedLink = userCanDeleteSharedLink(nodeRefOnUserHome, user1.getUsername());
+            assertEquals(true, canDeleteSharedLink);
+
+            // Clean up
+            nodeService.deleteNode(nodeRefOnUserHome);
+            siteService.deleteSite(siteName);
+        }
+        finally
+        {
+            if (currentUser != null)
+            {
+                AuthenticationUtil.setFullyAuthenticatedUser(currentUser);
+            }
+            else 
+                {
+                AuthenticationUtil.clearCurrentSecurityContext();
+                }
+        }
+    }
+
     private QuickShareLinkExpiryAction getExpiryActionAndAttachSchedule(String sharedId)
     {
 
@@ -913,4 +963,11 @@ public class QuickShareServiceIntegrationTest
             return null;
         });
     }
+
+    private boolean userCanDeleteSharedLink(NodeRef nodeRef, String sharedByUserId)
+    {
+        return transactionHelper.doInTransaction(() -> {
+        return quickShareService.canDeleteSharedLink(nodeRef, sharedByUserId);
+        });
+    }
 }

src/test/java/org/alfresco/util/BaseAlfrescoSpringTest.java

@@ -133,6 +133,7 @@ public abstract class BaseAlfrescoSpringTest extends BaseSpringTest
         createUser(userName, userName, "PWD");
     }
 
+    @SuppressWarnings("deprecation")
     protected void createUser(String userName, String nameSuffix, String password)
     {
         if (this.authenticationService.authenticationExists(userName) == false)
@@ -150,4 +151,17 @@ public abstract class BaseAlfrescoSpringTest extends BaseSpringTest
             personService.createPerson(ppOne);
         }
     }
+
+    /**
+     * We assume: Admin user is already authenticated and userName already exists.
+     * 
+     * @param userName
+     */
+    @SuppressWarnings("deprecation")
+    protected void deleteUser(String userName)
+    {
+        PersonService personService = (PersonService) applicationContext.getBean("personService");
+        personService.deletePerson(userName);
+    }
+
 }