mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
RM-2123 Don't create a user called system.
Also add special check in clearance service that gives system user maximum clearance. +review RM-58 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104480 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tom Page
@@ -23,7 +23,7 @@
|
||||
<property name="nodeService" ref="nodeService" />
|
||||
<property name="modulePatchExecuter" ref="rm.modulePatchExecuter" />
|
||||
<property name="recordContributorsGroupBootstrapComponent" ref="recordContributorsGroupBootstrapComponent"/>
|
||||
<property name="clearancesForSpecialUsersBootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/>
|
||||
<property name="clearanceForAdminBootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
|
||||
<property name="moduleId" value="org_alfresco_module_rm"/>
|
||||
<property name="name" value="org_alfresco_module_rm_bootstrapData"/>
|
||||
<property name="description" value="Bootstrap records management data"/>
|
||||
@@ -47,9 +47,9 @@
|
||||
<property name="authenticationUtil" ref="rm.authenticationUtil"/>
|
||||
</bean>
|
||||
|
||||
<!-- Clearances for special users bootstrap component -->
|
||||
<bean id="clearancesForSpecialUsersBootstrapComponent"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent">
|
||||
<!-- Clearance for admin bootstrap component -->
|
||||
<bean id="clearanceForAdminBootstrapComponent"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent">
|
||||
<property name="authenticationUtil" ref="rm.authenticationUtil"/>
|
||||
<property name="personService" ref="PersonService"/>
|
||||
<property name="nodeService" ref="NodeService"/>
|
||||
|
||||
@@ -5,13 +5,13 @@
|
||||
|
||||
<!-- RM v3.0 Patches -->
|
||||
|
||||
<bean id="rm.clearancesForSpecialUsers"
|
||||
<bean id="rm.clearanceForAdmin"
|
||||
parent="rm.parentModulePatch"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers">
|
||||
<property name="description" value="Provide security clearance to the admin and system users."/>
|
||||
class="org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin">
|
||||
<property name="description" value="Provide security clearance to the admin user."/>
|
||||
<property name="fixesToSchema" value="1012"/>
|
||||
<property name="targetSchema" value="2001"/>
|
||||
<property name="bootstrapComponent" ref="clearancesForSpecialUsersBootstrapComponent"/>
|
||||
<property name="bootstrapComponent" ref="clearanceForAdminBootstrapComponent"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
@@ -43,8 +43,8 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
|
||||
|
||||
/** record contributors group bootstrap component */
|
||||
private RecordContributorsGroupBootstrapComponent recordContributorsGroupBootstrapComponent;
|
||||
/** Clearances for special users bootstrap component. */
|
||||
private ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent;
|
||||
/** Clearance for admin bootstrap component. */
|
||||
private ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
|
||||
|
||||
/**
|
||||
* @param nodeService node service
|
||||
@@ -71,12 +71,12 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
|
||||
}
|
||||
|
||||
/**
|
||||
* @param clearancesForSpecialUsersBootstrapComponent The bootstrap component that give the admin and system users
|
||||
* the maximum clearance.
|
||||
* @param clearanceForAdminBootstrapComponent The bootstrap component that give the admin user the maximum
|
||||
* clearance.
|
||||
*/
|
||||
public void setClearancesForSpecialUsersBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent)
|
||||
public void setClearanceForAdminBootstrapComponent(ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent)
|
||||
{
|
||||
this.clearancesForSpecialUsersBootstrapComponent = clearancesForSpecialUsersBootstrapComponent;
|
||||
this.clearanceForAdminBootstrapComponent = clearanceForAdminBootstrapComponent;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -94,7 +94,7 @@ public class BootstrapImporterModuleComponent extends ImporterModuleComponent
|
||||
|
||||
// Bootstrap creation of initial data.
|
||||
recordContributorsGroupBootstrapComponent.createRecordContributorsGroup();
|
||||
clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers();
|
||||
clearanceForAdminBootstrapComponent.createClearanceForAdmin();
|
||||
|
||||
// init module schema number
|
||||
modulePatchExecuter.initSchemaVersion();
|
||||
|
||||
@@ -22,19 +22,19 @@ import java.io.Serializable;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
|
||||
import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearancesForSpecialUsers;
|
||||
import org.alfresco.module.org_alfresco_module_rm.patch.v30.RMv30ClearanceForAdmin;
|
||||
import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
|
||||
/**
|
||||
* Provide the highest clearance to the admin and system users. This needs to be run once (either bootstrapped into a
|
||||
* fresh system, or as part of an upgrade in {@link RMv30ClearancesForSpecialUsers}) per installation.
|
||||
* Provide the highest clearance to the admin user. This needs to be run once (either bootstrapped into a
|
||||
* fresh system, or as part of an upgrade in {@link RMv30ClearanceForAdmin}) per installation.
|
||||
*
|
||||
* @author tpage
|
||||
*/
|
||||
public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedContentModel
|
||||
public class ClearanceForAdminBootstrapComponent implements ClassifiedContentModel
|
||||
{
|
||||
private AuthenticationUtil authenticationUtil;
|
||||
private NodeService nodeService;
|
||||
@@ -47,9 +47,9 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
|
||||
public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; }
|
||||
|
||||
/**
|
||||
* Give the admin and system users the maximum clearance.
|
||||
* Give the admin user the maximum clearance.
|
||||
*/
|
||||
public void createClearancesForSpecialUsers()
|
||||
public void createClearanceForAdmin()
|
||||
{
|
||||
// Ensure the classification levels are loaded before this patch runs. (Nb. This will result in the
|
||||
// classification service bootstrap method being called twice on the start-up that includes this call).
|
||||
@@ -57,11 +57,8 @@ public class ClearancesForSpecialUsersBootstrapComponent implements ClassifiedCo
|
||||
|
||||
Serializable mostSecureLevel = classificationServiceBootstrap.getClassificationLevelManager()
|
||||
.getMostSecureLevel().getId();
|
||||
String systemUserName = authenticationUtil.getSystemUserName();
|
||||
NodeRef system = personService.getPerson(systemUserName);
|
||||
nodeService.setProperty(system, PROP_CLEARANCE_LEVEL, mostSecureLevel);
|
||||
String adminUserName = authenticationUtil.getAdminUserName();
|
||||
NodeRef admin = personService.getPerson(adminUserName);
|
||||
NodeRef admin = personService.getPerson(adminUserName, false);
|
||||
nodeService.setProperty(admin, PROP_CLEARANCE_LEVEL, mostSecureLevel);
|
||||
}
|
||||
}
|
||||
@@ -39,7 +39,7 @@ public final class SecurityClearance implements Serializable
|
||||
|
||||
public SecurityClearance(final PersonInfo personInfo, final ClearanceLevel clearanceLevel)
|
||||
{
|
||||
Objects.requireNonNull(personInfo);
|
||||
// Do not check the PersonInfo, as it may be null for the system user's SecurityClearance.
|
||||
Objects.requireNonNull(clearanceLevel);
|
||||
|
||||
this.personInfo = personInfo;
|
||||
|
||||
@@ -72,13 +72,18 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the users security clearnace.
|
||||
* Gets the user's security clearance.
|
||||
*
|
||||
* @param userName user name
|
||||
* @return {@link SecurityClearance} provides information about the user and their clearance level
|
||||
*/
|
||||
private SecurityClearance getUserSecurityClearance(final String userName)
|
||||
{
|
||||
if (authenticationUtil.isRunAsUserTheSystemUser())
|
||||
{
|
||||
return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
|
||||
}
|
||||
|
||||
final NodeRef personNode = personService.getPerson(userName, false);
|
||||
final PersonInfo personInfo = personService.getPerson(personNode);
|
||||
|
||||
|
||||
@@ -18,31 +18,31 @@
|
||||
*/
|
||||
package org.alfresco.module.org_alfresco_module_rm.patch.v30;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearancesForSpecialUsersBootstrapComponent;
|
||||
import org.alfresco.module.org_alfresco_module_rm.bootstrap.ClearanceForAdminBootstrapComponent;
|
||||
import org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch;
|
||||
|
||||
/**
|
||||
* Patch to provide the highest clearance to the admin and system users.
|
||||
* Patch to provide the highest clearance to the admin user.
|
||||
*
|
||||
* @author tpage
|
||||
*/
|
||||
public class RMv30ClearancesForSpecialUsers extends AbstractModulePatch
|
||||
public class RMv30ClearanceForAdmin extends AbstractModulePatch
|
||||
{
|
||||
private ClearancesForSpecialUsersBootstrapComponent bootstrapComponent;
|
||||
private ClearanceForAdminBootstrapComponent bootstrapComponent;
|
||||
|
||||
public void setBootstrapComponent(ClearancesForSpecialUsersBootstrapComponent bootstrapComponent)
|
||||
public void setBootstrapComponent(ClearanceForAdminBootstrapComponent bootstrapComponent)
|
||||
{
|
||||
this.bootstrapComponent = bootstrapComponent;
|
||||
}
|
||||
|
||||
/**
|
||||
* Give the admin and system users the maximum clearance.
|
||||
* Give the admin user the maximum clearance.
|
||||
*
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.patch.AbstractModulePatch#applyInternal()
|
||||
*/
|
||||
@Override
|
||||
public void applyInternal()
|
||||
{
|
||||
bootstrapComponent.createClearancesForSpecialUsers();
|
||||
bootstrapComponent.createClearanceForAdmin();
|
||||
}
|
||||
}
|
||||
@@ -47,7 +47,7 @@ public class BootstrapImporterModuleComponentUnitTest extends BaseUnitTest
|
||||
@Mock(name="importer") private ImporterBootstrap mockedImporter;
|
||||
@Mock(name="modulePatchExecuter") private ModulePatchExecuter mockedModulePatchExecuter;
|
||||
@Mock(name="recordContributorsGroupBootstrapComponent") private RecordContributorsGroupBootstrapComponent mockedRecordContributorsGroupBootstrapComponent;
|
||||
@Mock(name="clearancesForSpecialUsersBootstrapComponent") private ClearancesForSpecialUsersBootstrapComponent mockedClearancesForSpecialUsersBootstrapComponent;
|
||||
@Mock(name="clearanceForAdminBootstrapComponent") private ClearanceForAdminBootstrapComponent mockedClearanceForAdminBootstrapComponent;
|
||||
|
||||
/** importer */
|
||||
@InjectMocks
|
||||
|
||||
@@ -37,13 +37,13 @@ import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link ClearancesForSpecialUsersBootstrapComponent}.
|
||||
* Unit tests for {@link ClearanceForAdminBootstrapComponent}.
|
||||
*
|
||||
* @author tpage
|
||||
*/
|
||||
public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements ClassifiedContentModel
|
||||
public class ClearanceForAdminBootstrapComponentUnitTest implements ClassifiedContentModel
|
||||
{
|
||||
@InjectMocks ClearancesForSpecialUsersBootstrapComponent clearancesForSpecialUsersBootstrapComponent;
|
||||
@InjectMocks ClearanceForAdminBootstrapComponent clearanceForAdminBootstrapComponent;
|
||||
@Mock AuthenticationUtil mockAuthenticationUtil;
|
||||
@Mock PersonService mockPersonService;
|
||||
@Mock NodeService mockNodeService;
|
||||
@@ -54,8 +54,8 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
|
||||
initMocks(this);
|
||||
}
|
||||
|
||||
/** Check that the system and admin users get assigned the provided clearance. */
|
||||
@Test public void testCreateClearancesForSpecialUsers()
|
||||
/** Check that the admin user gets assigned the provided clearance. */
|
||||
@Test public void testCreateClearanceForAdmin()
|
||||
{
|
||||
// Allow the classification level id to be found.
|
||||
ClassificationLevel level = new ClassificationLevel("id", "displayLabelKey");
|
||||
@@ -63,18 +63,14 @@ public class ClearancesForSpecialUsersBootstrapComponentUnitTest implements Clas
|
||||
when(mockClassificationLevelManager.getMostSecureLevel()).thenReturn(level);
|
||||
when(mockClassificationServiceBootstrap.getClassificationLevelManager()).thenReturn(mockClassificationLevelManager);
|
||||
|
||||
// Set up the admin and system users.
|
||||
when(mockAuthenticationUtil.getSystemUserName()).thenReturn("system");
|
||||
NodeRef system = new NodeRef("system://node/");
|
||||
when(mockPersonService.getPerson("system")).thenReturn(system);
|
||||
// Set up the admin user.
|
||||
when(mockAuthenticationUtil.getAdminUserName()).thenReturn("admin");
|
||||
NodeRef admin = new NodeRef("admin://node/");
|
||||
when(mockPersonService.getPerson("admin")).thenReturn(admin);
|
||||
when(mockPersonService.getPerson("admin", false)).thenReturn(admin);
|
||||
|
||||
// Call the method under test.
|
||||
clearancesForSpecialUsersBootstrapComponent.createClearancesForSpecialUsers();
|
||||
clearanceForAdminBootstrapComponent.createClearanceForAdmin();
|
||||
|
||||
verify(mockNodeService).setProperty(system, PROP_CLEARANCE_LEVEL, "id");
|
||||
verify(mockNodeService).setProperty(admin, PROP_CLEARANCE_LEVEL, "id");
|
||||
// Check that the classification levels were loaded.
|
||||
verify(mockClassificationServiceBootstrap).onBootstrap(null);
|
||||
Reference in New Issue
Block a user