mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Fix for ALF-2609: CMIS ACL mapping improvements
- repository specifc reporting includes actual assigned permissions + CMIS permissions reported as indirect - CMIS format reports cmis permissions directly set for Read, Write and All only - Apache Chemistry CMIS AtomPub TCK pass - cmis-tck-ws ACL test pass git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20051 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -32,11 +32,19 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
|||||||
|
|
||||||
private int position;
|
private int position;
|
||||||
|
|
||||||
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position)
|
private boolean direct;
|
||||||
|
|
||||||
|
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position, boolean direct)
|
||||||
{
|
{
|
||||||
this.principalId = principalId;
|
this.principalId = principalId;
|
||||||
this.permission = permission;
|
this.permission = permission;
|
||||||
this.position = position;
|
this.position = position;
|
||||||
|
this.direct = direct;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position)
|
||||||
|
{
|
||||||
|
this(principalId, permission, position, position == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -56,7 +64,7 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
|||||||
*/
|
*/
|
||||||
public boolean getDirect()
|
public boolean getDirect()
|
||||||
{
|
{
|
||||||
return position == 0;
|
return direct;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (non-Javadoc)
|
/* (non-Javadoc)
|
||||||
@@ -83,23 +91,18 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
|||||||
return position;
|
return position;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (non-Javadoc)
|
|
||||||
* @see java.lang.Object#hashCode()
|
|
||||||
*/
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode()
|
public int hashCode()
|
||||||
{
|
{
|
||||||
final int prime = 31;
|
final int prime = 31;
|
||||||
int result = 1;
|
int result = 1;
|
||||||
|
result = prime * result + (direct ? 1231 : 1237);
|
||||||
result = prime * result + ((permission == null) ? 0 : permission.hashCode());
|
result = prime * result + ((permission == null) ? 0 : permission.hashCode());
|
||||||
result = prime * result + position;
|
result = prime * result + position;
|
||||||
result = prime * result + ((principalId == null) ? 0 : principalId.hashCode());
|
result = prime * result + ((principalId == null) ? 0 : principalId.hashCode());
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (non-Javadoc)
|
|
||||||
* @see java.lang.Object#equals(java.lang.Object)
|
|
||||||
*/
|
|
||||||
@Override
|
@Override
|
||||||
public boolean equals(Object obj)
|
public boolean equals(Object obj)
|
||||||
{
|
{
|
||||||
@@ -109,7 +112,9 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
|||||||
return false;
|
return false;
|
||||||
if (getClass() != obj.getClass())
|
if (getClass() != obj.getClass())
|
||||||
return false;
|
return false;
|
||||||
final CMISAccessControlEntryImpl other = (CMISAccessControlEntryImpl) obj;
|
CMISAccessControlEntryImpl other = (CMISAccessControlEntryImpl) obj;
|
||||||
|
if (direct != other.direct)
|
||||||
|
return false;
|
||||||
if (permission == null)
|
if (permission == null)
|
||||||
{
|
{
|
||||||
if (other.permission != null)
|
if (other.permission != null)
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ import java.util.ArrayList;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Comparator;
|
import java.util.Comparator;
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
|
import java.util.HashSet;
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@@ -51,6 +52,7 @@ import org.alfresco.service.cmr.security.AccessPermission;
|
|||||||
import org.alfresco.service.cmr.security.AccessStatus;
|
import org.alfresco.service.cmr.security.AccessStatus;
|
||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.service.namespace.QName;
|
import org.alfresco.service.namespace.QName;
|
||||||
|
import org.alfresco.util.Pair;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author andyh
|
* @author andyh
|
||||||
@@ -228,7 +230,7 @@ public class CMISAccessControlServiceImpl implements CMISAccessControlService
|
|||||||
*/
|
*/
|
||||||
public CMISAccessControlReport getAcl(NodeRef nodeRef, CMISAccessControlFormatEnum format)
|
public CMISAccessControlReport getAcl(NodeRef nodeRef, CMISAccessControlFormatEnum format)
|
||||||
{
|
{
|
||||||
CMISAccessControlReportImpl answer = new CMISAccessControlReportImpl();
|
CMISAccessControlReportImpl merge = new CMISAccessControlReportImpl();
|
||||||
// Need to compact deny to mask correctly
|
// Need to compact deny to mask correctly
|
||||||
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
|
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
|
||||||
ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>();
|
ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>();
|
||||||
@@ -246,21 +248,40 @@ public class CMISAccessControlServiceImpl implements CMISAccessControlService
|
|||||||
{
|
{
|
||||||
if (entry.getAccessStatus() == AccessStatus.ALLOWED)
|
if (entry.getAccessStatus() == AccessStatus.ALLOWED)
|
||||||
{
|
{
|
||||||
answer.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
//answer.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||||
format)), entry.getPosition()));
|
// format)), entry.getPosition()));
|
||||||
|
merge.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), entry.getPermission(), entry.getPosition()));
|
||||||
}
|
}
|
||||||
else if (entry.getAccessStatus() == AccessStatus.DENIED)
|
else if (entry.getAccessStatus() == AccessStatus.DENIED)
|
||||||
{
|
{
|
||||||
answer.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
//answer.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||||
format)), entry.getPosition()));
|
// format)), entry.getPosition()));
|
||||||
|
merge.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), entry.getPermission(), entry.getPosition()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CMISAccessControlReportImpl answer = new CMISAccessControlReportImpl();
|
||||||
|
for(CMISAccessControlEntry entry : merge.getAccessControlEntries())
|
||||||
|
{
|
||||||
|
CMISAccessControlEntryImpl impl = (CMISAccessControlEntryImpl)entry;
|
||||||
|
PermissionReference permissionReference = permissionModelDao.getPermissionReference(null, impl.getPermission());
|
||||||
|
Set<PermissionReference> longForms = permissionModelDao.getGranteePermissions(permissionReference);
|
||||||
|
HashSet<String> shortForms = new HashSet<String>();
|
||||||
|
for(PermissionReference longForm : longForms)
|
||||||
|
{
|
||||||
|
shortForms.add(getPermission(longForm));
|
||||||
|
}
|
||||||
|
for(Pair<String, Boolean> toAdd : cmisMapping.getReportedPermissions(impl.getPermission(), shortForms, permissionModelDao.hasFull(permissionReference), impl.getDirect(), format))
|
||||||
|
{
|
||||||
|
answer.addEntry(new CMISAccessControlEntryImpl(impl.getPrincipalId(), expandPermission(toAdd.getFirst()), impl.getPosition(), toAdd.getSecond()));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
return answer;
|
return answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getPermission(String string)
|
private String getPermission(PermissionReference permissionReference)
|
||||||
{
|
{
|
||||||
PermissionReference permissionReference = permissionModelDao.getPermissionReference(null, string);
|
|
||||||
if (permissionModelDao.isUnique(permissionReference))
|
if (permissionModelDao.isUnique(permissionReference))
|
||||||
{
|
{
|
||||||
return permissionReference.getName();
|
return permissionReference.getName();
|
||||||
|
|||||||
@@ -81,43 +81,48 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
|
|
||||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
assertEquals(10, grandParentReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 2));
|
||||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
||||||
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 0));
|
||||||
assertTrue(checkCounts(grandParentReport, "Full", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Full", 0, 3));
|
||||||
assertTrue(checkCounts(grandParentReport, "Reader", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Reader", 1, 0));
|
||||||
assertTrue(checkCounts(grandParentReport, "Writer", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Writer", 1, 0));
|
||||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
assertTrue(checkAbsent(grandParentReport, "SplitRead"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "SplitWrite"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "DuplicateRead"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "Multi"));
|
||||||
|
|
||||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(parentReport.isExact());
|
assertFalse(parentReport.isExact());
|
||||||
assertEquals(9, parentReport.getAccessControlEntries().size());
|
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
|
||||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||||
assertTrue(checkAbsent(parentReport, "ToMask"));
|
assertTrue(checkAbsent(parentReport, "ToMask"));
|
||||||
assertTrue(checkCounts(parentReport, "Full", 0, 1));
|
assertTrue(checkCounts(parentReport, "Full", 0, 3));
|
||||||
assertTrue(checkCounts(parentReport, "Reader", 0, 1));
|
assertTrue(checkCounts(parentReport, "Reader", 0, 1));
|
||||||
assertTrue(checkCounts(parentReport, "Writer", 0, 1));
|
assertTrue(checkCounts(parentReport, "Writer", 0, 1));
|
||||||
assertTrue(checkCounts(parentReport, "SplitRead", 1, 0));
|
assertTrue(checkAbsent(parentReport, "SplitRead"));
|
||||||
assertTrue(checkCounts(parentReport, "SplitWrite", 1, 0));
|
assertTrue(checkAbsent(parentReport, "SplitWrite"));
|
||||||
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 0));
|
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 0));
|
||||||
assertTrue(checkCounts(parentReport, "Multi", 1, 0));
|
assertTrue(checkAbsent(parentReport, "Writer2"));
|
||||||
|
assertTrue(checkAbsent(parentReport, "Multi"));
|
||||||
|
|
||||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(12, childReport.getAccessControlEntries().size());
|
assertEquals(13, childReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
|
||||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||||
assertTrue(checkAbsent(childReport, "ToMask"));
|
assertTrue(checkAbsent(childReport, "ToMask"));
|
||||||
assertTrue(checkCounts(childReport, "Full", 0, 1));
|
assertTrue(checkCounts(childReport, "Full", 0, 3));
|
||||||
assertTrue(checkCounts(childReport, "Reader", 0, 1));
|
assertTrue(checkCounts(childReport, "Reader", 0, 1));
|
||||||
assertTrue(checkCounts(childReport, "Writer", 0, 1));
|
assertTrue(checkCounts(childReport, "Writer", 0, 1));
|
||||||
assertTrue(checkCounts(childReport, "SplitRead", 1, 0));
|
assertTrue(checkAbsent(childReport, "SplitRead"));
|
||||||
assertTrue(checkCounts(childReport, "SplitWrite", 1, 0));
|
assertTrue(checkAbsent(childReport, "SplitWrite"));
|
||||||
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 0));
|
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 0));
|
||||||
assertTrue(checkCounts(childReport, "Writer2", 1, 0));
|
assertTrue(checkCounts(childReport, "Writer2", 1, 0));
|
||||||
assertTrue(checkCounts(childReport, "Multi", 3, 0));
|
assertTrue(checkCounts(childReport, "Multi", 2, 0));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Set<String> getAllPermissions()
|
private Set<String> getAllPermissions()
|
||||||
@@ -190,43 +195,49 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
|
|
||||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
assertEquals(17, grandParentReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 3));
|
||||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 1));
|
||||||
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 1));
|
||||||
assertTrue(checkCounts(grandParentReport, "Full", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Full", 1, 3));
|
||||||
assertTrue(checkCounts(grandParentReport, "Reader", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Reader", 1, 1));
|
||||||
assertTrue(checkCounts(grandParentReport, "Writer", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Writer", 1, 1));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "SplitRead"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "SplitWrite"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "DuplicateRead"));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
||||||
|
|
||||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(parentReport.isExact());
|
assertFalse(parentReport.isExact());
|
||||||
assertEquals(10, parentReport.getAccessControlEntries().size());
|
assertEquals(20, parentReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
|
||||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 2));
|
||||||
assertTrue(checkAbsent(parentReport, "ToMask"));
|
assertTrue(checkAbsent(parentReport, "ToMask"));
|
||||||
assertTrue(checkCounts(parentReport, "Full", 0, 1));
|
assertTrue(checkCounts(parentReport, "Full", 0, 4));
|
||||||
assertTrue(checkCounts(parentReport, "Reader", 0, 1));
|
assertTrue(checkCounts(parentReport, "Reader", 0, 2));
|
||||||
assertTrue(checkCounts(parentReport, "Writer", 0, 1));
|
assertTrue(checkCounts(parentReport, "Writer", 0, 2));
|
||||||
assertTrue(checkCounts(parentReport, "SplitRead", 1, 0));
|
assertTrue(checkCounts(parentReport, "SplitRead", 1, 0));
|
||||||
assertTrue(checkCounts(parentReport, "SplitWrite", 1, 0));
|
assertTrue(checkCounts(parentReport, "SplitWrite", 1, 0));
|
||||||
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 0));
|
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 1));
|
||||||
|
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||||
assertTrue(checkCounts(parentReport, "Multi", 1, 1));
|
assertTrue(checkCounts(parentReport, "Multi", 1, 1));
|
||||||
|
|
||||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(16, childReport.getAccessControlEntries().size());
|
assertEquals(29, childReport.getAccessControlEntries().size());
|
||||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
|
||||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 2));
|
||||||
assertTrue(checkAbsent(childReport, "ToMask"));
|
assertTrue(checkAbsent(childReport, "ToMask"));
|
||||||
assertTrue(checkCounts(childReport, "Full", 0, 1));
|
assertTrue(checkCounts(childReport, "Full", 0, 4));
|
||||||
assertTrue(checkCounts(childReport, "Reader", 0, 1));
|
assertTrue(checkCounts(childReport, "Reader", 0, 2));
|
||||||
assertTrue(checkCounts(childReport, "Writer", 0, 1));
|
assertTrue(checkCounts(childReport, "Writer", 0, 2));
|
||||||
assertTrue(checkCounts(childReport, "SplitRead", 1, 1));
|
assertTrue(checkCounts(childReport, "SplitRead", 1, 1));
|
||||||
assertTrue(checkCounts(childReport, "SplitWrite", 1, 1));
|
assertTrue(checkCounts(childReport, "SplitWrite", 1, 1));
|
||||||
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 0));
|
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 1));
|
||||||
assertTrue(checkCounts(childReport, "Multi", 3, 2));
|
assertTrue(checkCounts(childReport, "Writer2", 1, 1));
|
||||||
assertTrue(checkCounts(childReport, "Writer2", 1, 0));
|
assertTrue(checkCounts(childReport, "Multi", 3, 4));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void createTestAcls()
|
private void createTestAcls()
|
||||||
@@ -395,7 +406,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(6, grandParentReport.getAccessControlEntries().size());
|
assertEquals(16, grandParentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
List<CMISAccessControlEntry> acesToRemove = new ArrayList<CMISAccessControlEntry>();
|
List<CMISAccessControlEntry> acesToRemove = new ArrayList<CMISAccessControlEntry>();
|
||||||
acesToRemove.add(new CMISAccessControlEntryImpl("ToMask", PermissionService.READ));
|
acesToRemove.add(new CMISAccessControlEntryImpl("ToMask", PermissionService.READ));
|
||||||
@@ -403,7 +414,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
|
grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
|
||||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
assertEquals(14, grandParentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@@ -423,7 +434,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(parentReport.isExact());
|
assertFalse(parentReport.isExact());
|
||||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
assertEquals(18, parentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||||
acesToAdd.add(new CMISAccessControlEntryImpl("SplitRead", PermissionService.READ_CONTENT));
|
acesToAdd.add(new CMISAccessControlEntryImpl("SplitRead", PermissionService.READ_CONTENT));
|
||||||
@@ -434,31 +445,31 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
assertEquals(9, grandParentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(parentReport.isExact());
|
assertFalse(parentReport.isExact());
|
||||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(9, childReport.getAccessControlEntries().size());
|
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(grandParentReport.isExact());
|
assertFalse(grandParentReport.isExact());
|
||||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
assertEquals(14, grandParentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(parentReport.isExact());
|
assertFalse(parentReport.isExact());
|
||||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
assertEquals(18, parentReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||||
acesToAdd.add(new CMISAccessControlEntryImpl("CMISReader", CMISAccessControlService.CMIS_READ_PERMISSION));
|
acesToAdd.add(new CMISAccessControlEntryImpl("CMISReader", CMISAccessControlService.CMIS_READ_PERMISSION));
|
||||||
@@ -467,15 +478,15 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
|||||||
|
|
||||||
childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
assertEquals(30, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
assertEquals(30, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||||
assertFalse(childReport.isExact());
|
assertFalse(childReport.isExact());
|
||||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -19,6 +19,8 @@
|
|||||||
package org.alfresco.cmis.mapping;
|
package org.alfresco.cmis.mapping;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
@@ -47,6 +49,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
|||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.service.namespace.NamespaceService;
|
import org.alfresco.service.namespace.NamespaceService;
|
||||||
import org.alfresco.service.namespace.QName;
|
import org.alfresco.service.namespace.QName;
|
||||||
|
import org.alfresco.util.Pair;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
@@ -109,10 +112,6 @@ public class CMISMapping implements InitializingBean
|
|||||||
private Map<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>> actionEvaluators = new HashMap<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>>();
|
private Map<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>> actionEvaluators = new HashMap<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>>();
|
||||||
|
|
||||||
|
|
||||||
private Set<String> cmisRead = new HashSet<String>();
|
|
||||||
private Set<String> cmisWrite = new HashSet<String>();
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* (non-Javadoc)
|
* (non-Javadoc)
|
||||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||||
@@ -277,14 +276,6 @@ public class CMISMapping implements InitializingBean
|
|||||||
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_GET_ACL, false));
|
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_GET_ACL, false));
|
||||||
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_APPLY_ACL, false));
|
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_APPLY_ACL, false));
|
||||||
|
|
||||||
cmisRead.add(PermissionService.READ_PROPERTIES);
|
|
||||||
cmisRead.add(PermissionService.READ_CONTENT);
|
|
||||||
cmisRead.add(PermissionService.READ);
|
|
||||||
|
|
||||||
cmisWrite.add(PermissionService.WRITE_PROPERTIES);
|
|
||||||
cmisWrite.add(PermissionService.WRITE_CONTENT);
|
|
||||||
cmisWrite.add(PermissionService.WRITE);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -796,35 +787,97 @@ public class CMISMapping implements InitializingBean
|
|||||||
logger.debug("Registered Action Evaluator: scope=" + scope + ", evaluator=" + evaluator);
|
logger.debug("Registered Action Evaluator: scope=" + scope + ", evaluator=" + evaluator);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Collection<Pair<String, Boolean>> getReportedPermissions(String permission, Set<String> permissions, boolean hasFull, boolean isDirect, CMISAccessControlFormatEnum format)
|
||||||
/**
|
|
||||||
* @param permission
|
|
||||||
* @param format
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
public String getReportedPermission(String permission, CMISAccessControlFormatEnum format)
|
|
||||||
{
|
{
|
||||||
|
ArrayList<Pair<String, Boolean>> answer = new ArrayList<Pair<String, Boolean>>(20);
|
||||||
|
// indirect
|
||||||
|
|
||||||
|
if(hasFull)
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||||
|
}
|
||||||
|
|
||||||
|
for(String perm : permissions)
|
||||||
|
{
|
||||||
|
if(PermissionService.READ.equals(perm))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||||
|
}
|
||||||
|
else if(PermissionService.WRITE.equals(perm))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||||
|
}
|
||||||
|
else if(PermissionService.ALL_PERMISSIONS.equals(perm))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||||
|
}
|
||||||
|
|
||||||
|
if(hasFull)
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// permission
|
||||||
|
|
||||||
if(format == CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS)
|
if(format == CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS)
|
||||||
{
|
{
|
||||||
return permission;
|
if(PermissionService.READ.equals(permission))
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(cmisRead.contains(permission))
|
|
||||||
{
|
{
|
||||||
return CMISAccessControlService.CMIS_READ_PERMISSION;
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||||
}
|
}
|
||||||
else if(cmisWrite.contains(permission))
|
else if(PermissionService.WRITE.equals(permission))
|
||||||
{
|
{
|
||||||
return CMISAccessControlService.CMIS_WRITE_PERMISSION;
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||||
|
}
|
||||||
|
else if(PermissionService.ALL_PERMISSIONS.equals(permission))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||||
|
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return CMISAccessControlService.CMIS_ALL_PERMISSION;
|
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if(format == CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS)
|
||||||
|
{
|
||||||
|
if(PermissionService.READ.equals(permission))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, isDirect));
|
||||||
|
}
|
||||||
|
else if(PermissionService.WRITE.equals(permission))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, isDirect));
|
||||||
|
}
|
||||||
|
else if(PermissionService.ALL_PERMISSIONS.equals(permission))
|
||||||
|
{
|
||||||
|
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, isDirect));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// else nothing
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
return answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param permission
|
||||||
|
* @return permission to set
|
||||||
|
*/
|
||||||
public String getSetPermission(String permission)
|
public String getSetPermission(String permission)
|
||||||
{
|
{
|
||||||
if(permission.equals(CMISAccessControlService.CMIS_READ_PERMISSION))
|
if(permission.equals(CMISAccessControlService.CMIS_READ_PERMISSION))
|
||||||
|
|||||||
Reference in New Issue
Block a user