From 4d94c8b66bc6bb9abc169b2b9483840b86f69427 Mon Sep 17 00:00:00 2001 From: Tom Page Date: Tue, 19 May 2015 09:57:02 +0000 Subject: [PATCH] RM-2123 Don't create a user called system. Also add special check in clearance service that gives system user maximum clearance. +review RM-58 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104480 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../org_alfresco_module_rm/module-context.xml | 8 ++++---- .../patch/rm-patch-v30-context.xml | 8 ++++---- .../BootstrapImporterModuleComponent.java | 14 ++++++------- ... ClearanceForAdminBootstrapComponent.java} | 17 +++++++--------- .../classification/SecurityClearance.java | 2 +- .../SecurityClearanceServiceImpl.java | 11 +++++++--- ...Users.java => RMv30ClearanceForAdmin.java} | 14 ++++++------- ...tstrapImporterModuleComponentUnitTest.java | 8 ++++---- ...ceForAdminBootstrapComponentUnitTest.java} | 20 ++++++++----------- 9 files changed, 50 insertions(+), 52 deletions(-) rename rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/{ClearancesForSpecialUsersBootstrapComponent.java => ClearanceForAdminBootstrapComponent.java} (78%) rename rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/{RMv30ClearancesForSpecialUsers.java => RMv30ClearanceForAdmin.java} (69%) rename rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/{ClearancesForSpecialUsersBootstrapComponentUnitTest.java => ClearanceForAdminBootstrapComponentUnitTest.java} (74%) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml index b2dfe6af60..2a54c34b40 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml @@ -23,7 +23,7 @@ - + @@ -47,9 +47,9 @@ - - + + diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml index e20ca25d0b..f57927e2d9 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml @@ -5,13 +5,13 @@ - - + class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin"> + - + \ No newline at end of file diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java index b426c26cb5..5dad9139df 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java @@ -43,8 +43,8 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent /** record contributors group bootstrap component */ private RecordContributorsGroupBootstrapComponent recordContributorsGroupBootstrapComponent; - /** Clearances for special users bootstrap component. */ - private ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent; + /** Clearance for admin bootstrap component. */ + private ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent; /** * @param nodeService node service @@ -71,12 +71,12 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent } /** - * @param clearancesForSpecialUsersBootstrapComponent The bootstrap component that give the admin and system users - * the maximum clearance. + * @param clearanceForAdminBootstrapComponent The bootstrap component that give the admin user the maximum + * clearance. */ - public void setClearancesForSpecialUsersBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent) + public void setClearanceForAdminBootstrapComponent(ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent) { - this.clearancesForSpecialUsersBootstrapComponent = clearancesForSpecialUsersBootstrapComponent; + this.clearanceForAdminBootstrapComponent = clearanceForAdminBootstrapComponent; } /** @@ -94,7 +94,7 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent // Bootstrap creation of initial data. recordContributorsGroupBootstrapComponent.createRecordContributorsGroup(); - clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers(); + clearanceForAdminBootstrapComponent.createClearanceForAdmin(); // init module schema number modulePatchExecuter.initSchemaVersion(); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponent.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponent.java similarity index 78% rename from rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponent.java rename to rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponent.java index cecbc9a0c4..7e0ab94892 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponent.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponent.java @@ -22,19 +22,19 @@ import java.io.Serializable; import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap; import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel; -import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers; +import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin; import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.PersonService; /** - * Provide the highest clearance to the admin and system users. This needs to be run once (either bootstrapped into a - * fresh system, or as part of an upgrade in {@link RMv30ClearancesForSpecialUsers}) per installation. + * Provide the highest clearance to the admin user. This needs to be run once (either bootstrapped into a + * fresh system, or as part of an upgrade in {@link RMv30ClearanceForAdmin}) per installation. * * @author tpage */ -public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedContentModel +public class ClearanceForAdminBootstrapComponent implements ClassifiedContentModel { private AuthenticationUtil authenticationUtil; private NodeService nodeService; @@ -47,9 +47,9 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; } /** - * Give the admin and system users the maximum clearance. + * Give the admin user the maximum clearance. */ - public void createClearancesForSpecialUsers() + public void createClearanceForAdmin() { // Ensure the classification levels are loaded before this patch runs. (Nb. This will result in the // classification service bootstrap method being called twice on the start-up that includes this call). @@ -57,11 +57,8 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo Serializable mostSecureLevel = classificationServiceBootstrap.getClassificationLevelManager() .getMostSecureLevel().getId(); - String systemUserName = authenticationUtil.getSystemUserName(); - NodeRef system = personService.getPerson(systemUserName); - nodeService.setProperty(system, PROP_CLEARANCE_LEVEL, mostSecureLevel); String adminUserName = authenticationUtil.getAdminUserName(); - NodeRef admin = personService.getPerson(adminUserName); + NodeRef admin = personService.getPerson(adminUserName, false); nodeService.setProperty(admin, PROP_CLEARANCE_LEVEL, mostSecureLevel); } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java index 33139aef71..e6f3de52ad 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java @@ -39,7 +39,7 @@ public final class SecurityClearance implements Serializable public SecurityClearance(final PersonInfo personInfo, final ClearanceLevel clearanceLevel) { - Objects.requireNonNull(personInfo); + // Do not check the PersonInfo, as it may be null for the system user's SecurityClearance. Objects.requireNonNull(clearanceLevel); this.personInfo = personInfo; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java index dbc69fdf4a..14d3ca280d 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java @@ -72,13 +72,18 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec } /** - * Gets the users security clearnace. + * Gets the user's security clearance. * - * @param userName user name - * @return {@link SecurityClearance} provides information about the user and their clearance level + * @param userName user name + * @return {@link SecurityClearance} provides information about the user and their clearance level */ private SecurityClearance getUserSecurityClearance(final String userName) { + if (authenticationUtil.isRunAsUserTheSystemUser()) + { + return new SecurityClearance(null, clearanceManager.getMostSecureLevel()); + } + final NodeRef personNode = personService.getPerson(userName, false); final PersonInfo personInfo = personService.getPerson(personNode); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearancesForSpecialUsers.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearanceForAdmin.java similarity index 69% rename from rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearancesForSpecialUsers.java rename to rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearanceForAdmin.java index cd3c9445ad..1f4945b76e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearancesForSpecialUsers.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearanceForAdmin.java @@ -18,31 +18,31 @@ */ package org.alfresco.module.org_alfresco_module_rm.patch.v30; -import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent; +import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent; import org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch; /** - * Patch to provide the highest clearance to the admin and system users. + * Patch to provide the highest clearance to the admin user. * * @author tpage */ -public class RMv30ClearancesForSpecialUsers extends AbstractModulePatch +public class RMv30ClearanceForAdmin extends AbstractModulePatch { - private ClearancesForSpecialUsersBootstrapComponent bootstrapComponent; + private ClearanceForAdminBootstrapComponent bootstrapComponent; - public void setBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent bootstrapComponent) + public void setBootstrapComponent(ClearanceForAdminBootstrapComponent bootstrapComponent) { this.bootstrapComponent = bootstrapComponent; } /** - * Give the admin and system users the maximum clearance. + * Give the admin user the maximum clearance. * * @see org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch#applyInternal() */ @Override public void applyInternal() { - bootstrapComponent.createClearancesForSpecialUsers(); + bootstrapComponent.createClearanceForAdmin(); } } diff --git a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java index 0e5faeb982..92bdc889d3 100644 --- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java +++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java @@ -44,10 +44,10 @@ public class BootstrapImporterModuleComponentUnitTest extends BaseUnitTest private static final NodeRef configNodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, "rm_config_folder"); /** mocks */ - @Mock(name="importer") private ImporterBootstrap mockedImporter; - @Mock(name="modulePatchExecuter") private ModulePatchExecuter mockedModulePatchExecuter; - @Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent; - @Mock(name="clearancesForSpecialUsersBootstrapComponent") private ClearancesForSpecialUsersBootstrapComponent mockedClearancesForSpecialUsersBootstrapComponent; + @Mock(name="importer") private ImporterBootstrap mockedImporter; + @Mock(name="modulePatchExecuter") private ModulePatchExecuter mockedModulePatchExecuter; + @Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent; + @Mock(name="clearanceForAdminBootstrapComponent") private ClearanceForAdminBootstrapComponent mockedClearanceForAdminBootstrapComponent; /** importer */ @InjectMocks diff --git a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponentUnitTest.java b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponentUnitTest.java similarity index 74% rename from rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponentUnitTest.java rename to rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponentUnitTest.java index b435481c50..dfb8baa3d8 100644 --- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponentUnitTest.java +++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponentUnitTest.java @@ -37,13 +37,13 @@ import org.mockito.InjectMocks; import org.mockito.Mock; /** - * Unit tests for {@link ClearancesForSpecialUsersBootstrapComponent}. + * Unit tests for {@link ClearanceForAdminBootstrapComponent}. * * @author tpage */ -public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements ClassifiedContentModel +public class ClearanceForAdminBootstrapComponentUnitTest implements ClassifiedContentModel { - @InjectMocks ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent; + @InjectMocks ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent; @Mock AuthenticationUtil mockAuthenticationUtil; @Mock PersonService mockPersonService; @Mock NodeService mockNodeService; @@ -54,8 +54,8 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas initMocks(this); } - /** Check that the system and admin users get assigned the provided clearance. */ - @Test public void testCreateClearancesForSpecialUsers() + /** Check that the admin user gets assigned the provided clearance. */ + @Test public void testCreateClearanceForAdmin() { // Allow the classification level id to be found. ClassificationLevel level = new ClassificationLevel("id", "displayLabelKey"); @@ -63,18 +63,14 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas when(mockClassificationLevelManager.getMostSecureLevel()).thenReturn(level); when(mockClassificationServiceBootstrap.getClassificationLevelManager()).thenReturn(mockClassificationLevelManager); - // Set up the admin and system users. - when(mockAuthenticationUtil.getSystemUserName()).thenReturn("system"); - NodeRef system = new NodeRef("system://node/"); - when(mockPersonService.getPerson("system")).thenReturn(system); + // Set up the admin user. when(mockAuthenticationUtil.getAdminUserName()).thenReturn("admin"); NodeRef admin = new NodeRef("admin://node/"); - when(mockPersonService.getPerson("admin")).thenReturn(admin); + when(mockPersonService.getPerson("admin", false)).thenReturn(admin); // Call the method under test. - clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers(); + clearanceForAdminBootstrapComponent.createClearanceForAdmin(); - verify(mockNodeService).setProperty(system, PROP_CLEARANCE_LEVEL, "id"); verify(mockNodeService).setProperty(admin, PROP_CLEARANCE_LEVEL, "id"); // Check that the classification levels were loaded. verify(mockClassificationServiceBootstrap).onBootstrap(null);