RM-2123 Don't create a user called system.

Also add special check in clearance service that gives system user maximum
clearance.

+review RM-58

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104480 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml

@@ -23,7 +23,7 @@
       <property name="nodeService" ref="nodeService" />
       <property name="modulePatchExecuter" ref="rm.modulePatchExecuter" />
       <property name="recordContributorsGroupBootstrapComponent" ref="recordContributorsGroupBootstrapComponent"/>
-      <property name="clearancesForSpecialUsersBootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/>
+      <property name="clearanceForAdminBootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
       <property name="moduleId" value="org_alfresco_module_rm"/>
       <property name="name" value="org_alfresco_module_rm_bootstrapData"/>
       <property name="description" value="Bootstrap records management data"/>
@@ -47,9 +47,9 @@
       <property name="authenticationUtil" ref="rm.authenticationUtil"/>
    </bean>
 
-   <!-- Clearances for special users bootstrap component -->
+   <!-- Clearance for admin bootstrap component -->
-   <bean id="clearancesForSpecialUsersBootstrapComponent"
+   <bean id="clearanceForAdminBootstrapComponent"
-         class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent">
+         class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent">
       <property name="authenticationUtil" ref="rm.authenticationUtil"/>
       <property name="personService" ref="PersonService"/>
       <property name="nodeService" ref="NodeService"/>

rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v30-context.xml

@@ -5,13 +5,13 @@
 
    <!-- RM v3.0 Patches -->
 
-   <bean id="rm.clearancesForSpecialUsers"
+   <bean id="rm.clearanceForAdmin"
          parent="rm.parentModulePatch"
-         class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers">
+         class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin">
-      <property name="description" value="Provide security clearance to the admin and system users."/>
+      <property name="description" value="Provide security clearance to the admin user."/>
       <property name="fixesToSchema" value="1012"/>
       <property name="targetSchema" value="2001"/>
-      <property name="bootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/>
+      <property name="bootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
    </bean>
 
 </beans>

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponent.java

@@ -43,8 +43,8 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
 
     /** record contributors group bootstrap component */
     private RecordContributorsGroupBootstrapComponent recordContributorsGroupBootstrapComponent;
-    /** Clearances for special users bootstrap component. */
+    /** Clearance for admin bootstrap component. */
-    private ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent;
+    private ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
 
     /**
      * @param nodeService   node service
@@ -71,12 +71,12 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
     }
 
     /**
-     * @param clearancesForSpecialUsersBootstrapComponent The bootstrap component that give the admin and system users
+     * @param clearanceForAdminBootstrapComponent The bootstrap component that give the admin user the maximum
-     *            the maximum clearance.
+     *            clearance.
      */
-    public void setClearancesForSpecialUsersBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent)
+    public void setClearanceForAdminBootstrapComponent(ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent)
     {
-        this.clearancesForSpecialUsersBootstrapComponent = clearancesForSpecialUsersBootstrapComponent;
+        this.clearanceForAdminBootstrapComponent = clearanceForAdminBootstrapComponent;
     }
 
     /**
@@ -94,7 +94,7 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
 
             // Bootstrap creation of initial data.
             recordContributorsGroupBootstrapComponent.createRecordContributorsGroup();
-            clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers();
+            clearanceForAdminBootstrapComponent.createClearanceForAdmin();
 
             // init module schema number
             modulePatchExecuter.initSchemaVersion();

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponent.java

@@ -22,19 +22,19 @@ import java.io.Serializable;
 
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
 import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel;
-import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers;
+import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin;
 import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.PersonService;
 
 /**
- * Provide the highest clearance to the admin and system users. This needs to be run once (either bootstrapped into a
+ * Provide the highest clearance to the admin user. This needs to be run once (either bootstrapped into a
- * fresh system, or as part of an upgrade in {@link RMv30ClearancesForSpecialUsers}) per installation.
+ * fresh system, or as part of an upgrade in {@link RMv30ClearanceForAdmin}) per installation.
  *
  * @author tpage
  */
-public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedContentModel
+public class ClearanceForAdminBootstrapComponent implements ClassifiedContentModel
 {
     private AuthenticationUtil authenticationUtil;
     private NodeService nodeService;
@@ -47,9 +47,9 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
     public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; }
 
     /**
-     * Give the admin and system users the maximum clearance.
+     * Give the admin user the maximum clearance.
      */
-    public void createClearancesForSpecialUsers()
+    public void createClearanceForAdmin()
     {
         // Ensure the classification levels are loaded before this patch runs. (Nb. This will result in the
         // classification service bootstrap method being called twice on the start-up that includes this call).
@@ -57,11 +57,8 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
 
         Serializable mostSecureLevel = classificationServiceBootstrap.getClassificationLevelManager()
                     .getMostSecureLevel().getId();
-        String systemUserName = authenticationUtil.getSystemUserName();
-        NodeRef system = personService.getPerson(systemUserName);
-        nodeService.setProperty(system, PROP_CLEARANCE_LEVEL, mostSecureLevel);
         String adminUserName = authenticationUtil.getAdminUserName();
-        NodeRef admin = personService.getPerson(adminUserName);
+        NodeRef admin = personService.getPerson(adminUserName, false);
         nodeService.setProperty(admin, PROP_CLEARANCE_LEVEL, mostSecureLevel);
     }
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearance.java

@@ -39,7 +39,7 @@ public final class SecurityClearance implements Serializable
 
     public SecurityClearance(final PersonInfo personInfo, final ClearanceLevel clearanceLevel)
     {
-        Objects.requireNonNull(personInfo);
+        // Do not check the PersonInfo, as it may be null for the system user's SecurityClearance.
         Objects.requireNonNull(clearanceLevel);
 
         this.personInfo     = personInfo;

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java

@@ -72,13 +72,18 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
     }
 
     /**
-     * Gets the users security clearnace.
+     * Gets the user's security clearance.
      *
-     * @param  userName						user name
+     * @param  userName user name
-     * @return {@link SecurityClearance}	provides information about the user and their clearance level
+     * @return {@link SecurityClearance} provides information about the user and their clearance level
      */
     private SecurityClearance getUserSecurityClearance(final String userName)
     {
+        if (authenticationUtil.isRunAsUserTheSystemUser())
+        {
+            return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
+        }
+
         final NodeRef    personNode = personService.getPerson(userName, false);
         final PersonInfo personInfo = personService.getPerson(personNode);
 

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v30/RMv30ClearanceForAdmin.java

@@ -18,31 +18,31 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.patch.v30;
 
-import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent;
+import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent;
 import org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch;
 
 /**
- * Patch to provide the highest clearance to the admin and system users.
+ * Patch to provide the highest clearance to the admin user.
  *
  * @author tpage
  */
-public class RMv30ClearancesForSpecialUsers extends AbstractModulePatch
+public class RMv30ClearanceForAdmin extends AbstractModulePatch
 {
-    private ClearancesForSpecialUsersBootstrapComponent bootstrapComponent;
+    private ClearanceForAdminBootstrapComponent bootstrapComponent;
 
-    public void setBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent bootstrapComponent)
+    public void setBootstrapComponent(ClearanceForAdminBootstrapComponent bootstrapComponent)
     {
         this.bootstrapComponent = bootstrapComponent;
     }
 
     /**
-     * Give the admin and system users the maximum clearance.
+     * Give the admin user the maximum clearance.
      *
      * @see org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch#applyInternal()
      */
     @Override
     public void applyInternal()
     {
-        bootstrapComponent.createClearancesForSpecialUsers();
+        bootstrapComponent.createClearanceForAdmin();
     }
 }

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/BootstrapImporterModuleComponentUnitTest.java

@@ -44,10 +44,10 @@ public class BootstrapImporterModuleComponentUnitTest extends BaseUnitTest
     private static final NodeRef configNodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, "rm_config_folder");
 
     /** mocks */
-    @Mock(name="importer")                                    private ImporterBootstrap                           mockedImporter;
+    @Mock(name="importer")                                  private ImporterBootstrap                         mockedImporter;
-    @Mock(name="modulePatchExecuter")                         private ModulePatchExecuter                         mockedModulePatchExecuter;
+    @Mock(name="modulePatchExecuter")                       private ModulePatchExecuter                       mockedModulePatchExecuter;
-    @Mock(name="recordContributorsGroupBootstrapComponent")   private RecordContributorsGroupBootstrapComponent   mockedRecordContributorsGroupBootstrapComponent;
+    @Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent;
-    @Mock(name="clearancesForSpecialUsersBootstrapComponent") private ClearancesForSpecialUsersBootstrapComponent mockedClearancesForSpecialUsersBootstrapComponent;
+    @Mock(name="clearanceForAdminBootstrapComponent")       private ClearanceForAdminBootstrapComponent       mockedClearanceForAdminBootstrapComponent;
 
     /** importer */
     @InjectMocks

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/ClearanceForAdminBootstrapComponentUnitTest.java

@@ -37,13 +37,13 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 
 /**
- * Unit tests for {@link ClearancesForSpecialUsersBootstrapComponent}.
+ * Unit tests for {@link ClearanceForAdminBootstrapComponent}.
  *
  * @author tpage
  */
-public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements ClassifiedContentModel
+public class ClearanceForAdminBootstrapComponentUnitTest implements ClassifiedContentModel
 {
-    @InjectMocks ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent;
+    @InjectMocks ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
     @Mock AuthenticationUtil mockAuthenticationUtil;
     @Mock PersonService mockPersonService;
     @Mock NodeService mockNodeService;
@@ -54,8 +54,8 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
         initMocks(this);
     }
 
-    /** Check that the system and admin users get assigned the provided clearance. */
+    /** Check that the admin user gets assigned the provided clearance. */
-    @Test public void testCreateClearancesForSpecialUsers()
+    @Test public void testCreateClearanceForAdmin()
     {
         // Allow the classification level id to be found.
         ClassificationLevel level = new ClassificationLevel("id", "displayLabelKey");
@@ -63,18 +63,14 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
         when(mockClassificationLevelManager.getMostSecureLevel()).thenReturn(level);
         when(mockClassificationServiceBootstrap.getClassificationLevelManager()).thenReturn(mockClassificationLevelManager);
 
-        // Set up the admin and system users.
+        // Set up the admin user.
-        when(mockAuthenticationUtil.getSystemUserName()).thenReturn("system");
-        NodeRef system = new NodeRef("system://node/");
-        when(mockPersonService.getPerson("system")).thenReturn(system);
         when(mockAuthenticationUtil.getAdminUserName()).thenReturn("admin");
         NodeRef admin = new NodeRef("admin://node/");
-        when(mockPersonService.getPerson("admin")).thenReturn(admin);
+        when(mockPersonService.getPerson("admin", false)).thenReturn(admin);
 
         // Call the method under test.
-        clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers();
+        clearanceForAdminBootstrapComponent.createClearanceForAdmin();
 
-        verify(mockNodeService).setProperty(system, PROP_CLEARANCE_LEVEL, "id");
         verify(mockNodeService).setProperty(admin, PROP_CLEARANCE_LEVEL, "id");
         // Check that the classification levels were loaded.
         verify(mockClassificationServiceBootstrap).onBootstrap(null);