inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-2123 Don't create a user called system.

Browse Source 
Also add special check in clearance service that gives system user maximum
clearance.

+review RM-58

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104480 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tom Page
2015-05-19 09:57:02 +00:00
parent 62558fbbc1
commit 4d94c8b66b
9 changed files with 50 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
View File

@@ -23,7 +23,7 @@
<property name="nodeService" ref="nodeService" /> <property name="nodeService" ref="nodeService" />
<property name="modulePatchExecuter" ref="rm.modulePatchExecuter" /> <property name="modulePatchExecuter" ref="rm.modulePatchExecuter" />
<property name="recordContributorsGroupBootstrapComponent" ref="recordContributorsGroupBootstrapComponent"/> <property name="recordContributorsGroupBootstrapComponent" ref="recordContributorsGroupBootstrapComponent"/>
<property name="clearancesForSpecialUsersBootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/> <property name="clearanceForAdminBootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
<property name="moduleId" value="org_alfresco_module_rm"/> <property name="moduleId" value="org_alfresco_module_rm"/>
<property name="name" value="org_alfresco_module_rm_bootstrapData"/> <property name="name" value="org_alfresco_module_rm_bootstrapData"/>
<property name="description" value="Bootstrap records management data"/> <property name="description" value="Bootstrap records management data"/>
@@ -47,9 +47,9 @@
<property name="authenticationUtil" ref="rm.authenticationUtil"/> <property name="authenticationUtil" ref="rm.authenticationUtil"/>
</bean> </bean>
<!-- Clearances for special users bootstrap component --> <!-- Clearance for admin bootstrap component -->
<bean id="clearancesForSpecialUsersBootstrapComponent" <bean id="clearanceForAdminBootstrapComponent"
class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent"> class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent">
<property name="authenticationUtil" ref="rm.authenticationUtil"/> <property name="authenticationUtil" ref="rm.authenticationUtil"/>
<property name="personService" ref="PersonService"/> <property name="personService" ref="PersonService"/>
<property name="nodeService" ref="NodeService"/> <property name="nodeService" ref="NodeService"/>

8
rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml
View File

@@ -5,13 +5,13 @@
<!-- RM v3.0 Patches --> <!-- RM v3.0 Patches -->
<bean id="rm.clearancesForSpecialUsers" <bean id="rm.clearanceForAdmin"
parent="rm.parentModulePatch" parent="rm.parentModulePatch"
class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers"> class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin">
<property name="description" value="Provide security clearance to the admin and system users."/> <property name="description" value="Provide security clearance to the admin user."/>
<property name="fixesToSchema" value="1012"/> <property name="fixesToSchema" value="1012"/>
<property name="targetSchema" value="2001"/> <property name="targetSchema" value="2001"/>
<property name="bootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/> <property name="bootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
</bean> </bean>
</beans> </beans>

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java
View File

@@ -43,8 +43,8 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
/** record contributors group bootstrap component */ /** record contributors group bootstrap component */
private RecordContributorsGroupBootstrapComponent recordContributorsGroupBootstrapComponent; private RecordContributorsGroupBootstrapComponent recordContributorsGroupBootstrapComponent;
/** Clearances for special users bootstrap component. */ /** Clearance for admin bootstrap component. */
private ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent; private ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
/** /**
* @param nodeService node service * @param nodeService node service
@@ -71,12 +71,12 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
} }
/** /**
* @param clearancesForSpecialUsersBootstrapComponent The bootstrap component that give the admin and system users * @param clearanceForAdminBootstrapComponent The bootstrap component that give the admin user the maximum
* the maximum clearance. * clearance.
*/ */
public void setClearancesForSpecialUsersBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent) public void setClearanceForAdminBootstrapComponent(ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent)
{ {
this.clearancesForSpecialUsersBootstrapComponent = clearancesForSpecialUsersBootstrapComponent; this.clearanceForAdminBootstrapComponent = clearanceForAdminBootstrapComponent;
} }
/** /**
@@ -94,7 +94,7 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
// Bootstrap creation of initial data. // Bootstrap creation of initial data.
recordContributorsGroupBootstrapComponent.createRecordContributorsGroup(); recordContributorsGroupBootstrapComponent.createRecordContributorsGroup();
clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers(); clearanceForAdminBootstrapComponent.createClearanceForAdmin();
// init module schema number // init module schema number
modulePatchExecuter.initSchemaVersion(); modulePatchExecuter.initSchemaVersion();

17
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponent.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponent.java
View File

@@ -22,19 +22,19 @@ import java.io.Serializable;
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap; import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel; import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel;
import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers; import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin;
import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil; import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.security.PersonService;
/** /**
* Provide the highest clearance to the admin and system users. This needs to be run once (either bootstrapped into a * Provide the highest clearance to the admin user. This needs to be run once (either bootstrapped into a
* fresh system, or as part of an upgrade in {@link RMv30ClearancesForSpecialUsers}) per installation. * fresh system, or as part of an upgrade in {@link RMv30ClearanceForAdmin}) per installation.
* *
* @author tpage * @author tpage
*/ */
public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedContentModel public class ClearanceForAdminBootstrapComponent implements ClassifiedContentModel
{ {
private AuthenticationUtil authenticationUtil; private AuthenticationUtil authenticationUtil;
private NodeService nodeService; private NodeService nodeService;
@@ -47,9 +47,9 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; } public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; }
/** /**
* Give the admin and system users the maximum clearance. * Give the admin user the maximum clearance.
*/ */
public void createClearancesForSpecialUsers() public void createClearanceForAdmin()
{ {
// Ensure the classification levels are loaded before this patch runs. (Nb. This will result in the // Ensure the classification levels are loaded before this patch runs. (Nb. This will result in the
// classification service bootstrap method being called twice on the start-up that includes this call). // classification service bootstrap method being called twice on the start-up that includes this call).
@@ -57,11 +57,8 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
Serializable mostSecureLevel = classificationServiceBootstrap.getClassificationLevelManager() Serializable mostSecureLevel = classificationServiceBootstrap.getClassificationLevelManager()
.getMostSecureLevel().getId(); .getMostSecureLevel().getId();
String systemUserName = authenticationUtil.getSystemUserName();
NodeRef system = personService.getPerson(systemUserName);
nodeService.setProperty(system, PROP_CLEARANCE_LEVEL, mostSecureLevel);
String adminUserName = authenticationUtil.getAdminUserName(); String adminUserName = authenticationUtil.getAdminUserName();
NodeRef admin = personService.getPerson(adminUserName); NodeRef admin = personService.getPerson(adminUserName, false);
nodeService.setProperty(admin, PROP_CLEARANCE_LEVEL, mostSecureLevel); nodeService.setProperty(admin, PROP_CLEARANCE_LEVEL, mostSecureLevel);
} }
} }

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java
View File

@@ -39,7 +39,7 @@ public final class SecurityClearance implements Serializable
public SecurityClearance(final PersonInfo personInfo, final ClearanceLevel clearanceLevel) public SecurityClearance(final PersonInfo personInfo, final ClearanceLevel clearanceLevel)
{ {
Objects.requireNonNull(personInfo); // Do not check the PersonInfo, as it may be null for the system user's SecurityClearance.
Objects.requireNonNull(clearanceLevel); Objects.requireNonNull(clearanceLevel);
this.personInfo = personInfo; this.personInfo = personInfo;

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java
View File

@@ -72,13 +72,18 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
} }
/** /**
* Gets the users security clearnace. * Gets the user's security clearance.
* *
* @param userName user name * @param userName user name
* @return {@link SecurityClearance} provides information about the user and their clearance level * @return {@link SecurityClearance} provides information about the user and their clearance level
*/ */
private SecurityClearance getUserSecurityClearance(final String userName) private SecurityClearance getUserSecurityClearance(final String userName)
{ {
if (authenticationUtil.isRunAsUserTheSystemUser())
{
return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
}
final NodeRef personNode = personService.getPerson(userName, false); final NodeRef personNode = personService.getPerson(userName, false);
final PersonInfo personInfo = personService.getPerson(personNode); final PersonInfo personInfo = personService.getPerson(personNode);

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearancesForSpecialUsers.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearanceForAdmin.java
View File

@@ -18,31 +18,31 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.patch.v30; package org.alfresco.module.org_alfresco_module_rm.patch.v30;
import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent; import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent;
import org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch; import org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch;
/** /**
* Patch to provide the highest clearance to the admin and system users. * Patch to provide the highest clearance to the admin user.
* *
* @author tpage * @author tpage
*/ */
public class RMv30ClearancesForSpecialUsers extends AbstractModulePatch public class RMv30ClearanceForAdmin extends AbstractModulePatch
{ {
private ClearancesForSpecialUsersBootstrapComponent bootstrapComponent; private ClearanceForAdminBootstrapComponent bootstrapComponent;
public void setBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent bootstrapComponent) public void setBootstrapComponent(ClearanceForAdminBootstrapComponent bootstrapComponent)
{ {
this.bootstrapComponent = bootstrapComponent; this.bootstrapComponent = bootstrapComponent;
} }
/** /**
* Give the admin and system users the maximum clearance. * Give the admin user the maximum clearance.
* *
* @see org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch#applyInternal() * @see org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch#applyInternal()
*/ */
@Override @Override
public void applyInternal() public void applyInternal()
{ {
bootstrapComponent.createClearancesForSpecialUsers(); bootstrapComponent.createClearanceForAdmin();
} }
} }

2
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java
View File

@@ -47,7 +47,7 @@ public class BootstrapImporterModuleComponentUnitTest extends BaseUnitTest
@Mock(name="importer") private ImporterBootstrap mockedImporter; @Mock(name="importer") private ImporterBootstrap mockedImporter;
@Mock(name="modulePatchExecuter") private ModulePatchExecuter mockedModulePatchExecuter; @Mock(name="modulePatchExecuter") private ModulePatchExecuter mockedModulePatchExecuter;
@Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent; @Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent;
@Mock(name="clearancesForSpecialUsersBootstrapComponent") private ClearancesForSpecialUsersBootstrapComponent mockedClearancesForSpecialUsersBootstrapComponent; @Mock(name="clearanceForAdminBootstrapComponent") private ClearanceForAdminBootstrapComponent mockedClearanceForAdminBootstrapComponent;
/** importer */ /** importer */
@InjectMocks @InjectMocks

20
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearancesForSpecialUsersBootstrapComponentUnitTest.java → rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponentUnitTest.java
View File

@@ -37,13 +37,13 @@ import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
/** /**
* Unit tests for {@link ClearancesForSpecialUsersBootstrapComponent}. * Unit tests for {@link ClearanceForAdminBootstrapComponent}.
* *
* @author tpage * @author tpage
*/ */
public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements ClassifiedContentModel public class ClearanceForAdminBootstrapComponentUnitTest implements ClassifiedContentModel
{ {
@InjectMocks ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent; @InjectMocks ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
@Mock AuthenticationUtil mockAuthenticationUtil; @Mock AuthenticationUtil mockAuthenticationUtil;
@Mock PersonService mockPersonService; @Mock PersonService mockPersonService;
@Mock NodeService mockNodeService; @Mock NodeService mockNodeService;
@@ -54,8 +54,8 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
initMocks(this); initMocks(this);
} }
/** Check that the system and admin users get assigned the provided clearance. */ /** Check that the admin user gets assigned the provided clearance. */
@Test public void testCreateClearancesForSpecialUsers() @Test public void testCreateClearanceForAdmin()
{ {
// Allow the classification level id to be found. // Allow the classification level id to be found.
ClassificationLevel level = new ClassificationLevel("id", "displayLabelKey"); ClassificationLevel level = new ClassificationLevel("id", "displayLabelKey");
@@ -63,18 +63,14 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
when(mockClassificationLevelManager.getMostSecureLevel()).thenReturn(level); when(mockClassificationLevelManager.getMostSecureLevel()).thenReturn(level);
when(mockClassificationServiceBootstrap.getClassificationLevelManager()).thenReturn(mockClassificationLevelManager); when(mockClassificationServiceBootstrap.getClassificationLevelManager()).thenReturn(mockClassificationLevelManager);
// Set up the admin and system users. // Set up the admin user.
when(mockAuthenticationUtil.getSystemUserName()).thenReturn("system");
NodeRef system = new NodeRef("system://node/");
when(mockPersonService.getPerson("system")).thenReturn(system);
when(mockAuthenticationUtil.getAdminUserName()).thenReturn("admin"); when(mockAuthenticationUtil.getAdminUserName()).thenReturn("admin");
NodeRef admin = new NodeRef("admin://node/"); NodeRef admin = new NodeRef("admin://node/");
when(mockPersonService.getPerson("admin")).thenReturn(admin); when(mockPersonService.getPerson("admin", false)).thenReturn(admin);
// Call the method under test. // Call the method under test.
clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers(); clearanceForAdminBootstrapComponent.createClearanceForAdmin();
verify(mockNodeService).setProperty(system, PROP_CLEARANCE_LEVEL, "id");
verify(mockNodeService).setProperty(admin, PROP_CLEARANCE_LEVEL, "id"); verify(mockNodeService).setProperty(admin, PROP_CLEARANCE_LEVEL, "id");
// Check that the classification levels were loaded. // Check that the classification levels were loaded.
verify(mockClassificationServiceBootstrap).onBootstrap(null); verify(mockClassificationServiceBootstrap).onBootstrap(null);