mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Fix for ALF-2609: CMIS ACL mapping improvements
- repository specifc reporting includes actual assigned permissions + CMIS permissions reported as indirect - CMIS format reports cmis permissions directly set for Read, Write and All only - Apache Chemistry CMIS AtomPub TCK pass - cmis-tck-ws ACL test pass git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20051 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -32,11 +32,19 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
||||
|
||||
private int position;
|
||||
|
||||
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position)
|
||||
private boolean direct;
|
||||
|
||||
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position, boolean direct)
|
||||
{
|
||||
this.principalId = principalId;
|
||||
this.permission = permission;
|
||||
this.position = position;
|
||||
this.direct = direct;
|
||||
}
|
||||
|
||||
/*package*/ CMISAccessControlEntryImpl(String principalId, String permission, int position)
|
||||
{
|
||||
this(principalId, permission, position, position == 0);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -56,7 +64,7 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
||||
*/
|
||||
public boolean getDirect()
|
||||
{
|
||||
return position == 0;
|
||||
return direct;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
@@ -83,23 +91,18 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
||||
return position;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see java.lang.Object#hashCode()
|
||||
*/
|
||||
@Override
|
||||
public int hashCode()
|
||||
{
|
||||
final int prime = 31;
|
||||
int result = 1;
|
||||
result = prime * result + (direct ? 1231 : 1237);
|
||||
result = prime * result + ((permission == null) ? 0 : permission.hashCode());
|
||||
result = prime * result + position;
|
||||
result = prime * result + ((principalId == null) ? 0 : principalId.hashCode());
|
||||
return result;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see java.lang.Object#equals(java.lang.Object)
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj)
|
||||
{
|
||||
@@ -109,7 +112,9 @@ public class CMISAccessControlEntryImpl implements CMISAccessControlEntry
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
final CMISAccessControlEntryImpl other = (CMISAccessControlEntryImpl) obj;
|
||||
CMISAccessControlEntryImpl other = (CMISAccessControlEntryImpl) obj;
|
||||
if (direct != other.direct)
|
||||
return false;
|
||||
if (permission == null)
|
||||
{
|
||||
if (other.permission != null)
|
||||
|
||||
@@ -22,6 +22,7 @@ import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.EnumSet;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@@ -51,6 +52,7 @@ import org.alfresco.service.cmr.security.AccessPermission;
|
||||
import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.Pair;
|
||||
|
||||
/**
|
||||
* @author andyh
|
||||
@@ -228,7 +230,7 @@ public class CMISAccessControlServiceImpl implements CMISAccessControlService
|
||||
*/
|
||||
public CMISAccessControlReport getAcl(NodeRef nodeRef, CMISAccessControlFormatEnum format)
|
||||
{
|
||||
CMISAccessControlReportImpl answer = new CMISAccessControlReportImpl();
|
||||
CMISAccessControlReportImpl merge = new CMISAccessControlReportImpl();
|
||||
// Need to compact deny to mask correctly
|
||||
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
|
||||
ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>();
|
||||
@@ -246,21 +248,40 @@ public class CMISAccessControlServiceImpl implements CMISAccessControlService
|
||||
{
|
||||
if (entry.getAccessStatus() == AccessStatus.ALLOWED)
|
||||
{
|
||||
answer.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||
format)), entry.getPosition()));
|
||||
//answer.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||
// format)), entry.getPosition()));
|
||||
merge.addEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), entry.getPermission(), entry.getPosition()));
|
||||
}
|
||||
else if (entry.getAccessStatus() == AccessStatus.DENIED)
|
||||
{
|
||||
answer.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||
format)), entry.getPosition()));
|
||||
//answer.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), expandPermission(cmisMapping.getReportedPermission(getPermission(entry.getPermission()),
|
||||
// format)), entry.getPosition()));
|
||||
merge.removeEntry(new CMISAccessControlEntryImpl(entry.getAuthority(), entry.getPermission(), entry.getPosition()));
|
||||
}
|
||||
}
|
||||
|
||||
CMISAccessControlReportImpl answer = new CMISAccessControlReportImpl();
|
||||
for(CMISAccessControlEntry entry : merge.getAccessControlEntries())
|
||||
{
|
||||
CMISAccessControlEntryImpl impl = (CMISAccessControlEntryImpl)entry;
|
||||
PermissionReference permissionReference = permissionModelDao.getPermissionReference(null, impl.getPermission());
|
||||
Set<PermissionReference> longForms = permissionModelDao.getGranteePermissions(permissionReference);
|
||||
HashSet<String> shortForms = new HashSet<String>();
|
||||
for(PermissionReference longForm : longForms)
|
||||
{
|
||||
shortForms.add(getPermission(longForm));
|
||||
}
|
||||
for(Pair<String, Boolean> toAdd : cmisMapping.getReportedPermissions(impl.getPermission(), shortForms, permissionModelDao.hasFull(permissionReference), impl.getDirect(), format))
|
||||
{
|
||||
answer.addEntry(new CMISAccessControlEntryImpl(impl.getPrincipalId(), expandPermission(toAdd.getFirst()), impl.getPosition(), toAdd.getSecond()));
|
||||
}
|
||||
|
||||
}
|
||||
return answer;
|
||||
}
|
||||
|
||||
private String getPermission(String string)
|
||||
private String getPermission(PermissionReference permissionReference)
|
||||
{
|
||||
PermissionReference permissionReference = permissionModelDao.getPermissionReference(null, string);
|
||||
if (permissionModelDao.isUnique(permissionReference))
|
||||
{
|
||||
return permissionReference.getName();
|
||||
|
||||
@@ -81,43 +81,48 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
||||
assertEquals(10, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 2));
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Full", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Full", 0, 3));
|
||||
assertTrue(checkCounts(grandParentReport, "Reader", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Writer", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
||||
assertTrue(checkAbsent(grandParentReport, "SplitRead"));
|
||||
assertTrue(checkAbsent(grandParentReport, "SplitWrite"));
|
||||
assertTrue(checkAbsent(grandParentReport, "DuplicateRead"));
|
||||
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||
assertTrue(checkAbsent(grandParentReport, "Multi"));
|
||||
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(9, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
assertTrue(checkAbsent(parentReport, "ToMask"));
|
||||
assertTrue(checkCounts(parentReport, "Full", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "Full", 0, 3));
|
||||
assertTrue(checkCounts(parentReport, "Reader", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "Writer", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "SplitRead", 1, 0));
|
||||
assertTrue(checkCounts(parentReport, "SplitWrite", 1, 0));
|
||||
assertTrue(checkAbsent(parentReport, "SplitRead"));
|
||||
assertTrue(checkAbsent(parentReport, "SplitWrite"));
|
||||
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 0));
|
||||
assertTrue(checkCounts(parentReport, "Multi", 1, 0));
|
||||
assertTrue(checkAbsent(parentReport, "Writer2"));
|
||||
assertTrue(checkAbsent(parentReport, "Multi"));
|
||||
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(12, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertEquals(13, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
|
||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
assertTrue(checkAbsent(childReport, "ToMask"));
|
||||
assertTrue(checkCounts(childReport, "Full", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "Full", 0, 3));
|
||||
assertTrue(checkCounts(childReport, "Reader", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "Writer", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "SplitRead", 1, 0));
|
||||
assertTrue(checkCounts(childReport, "SplitWrite", 1, 0));
|
||||
assertTrue(checkAbsent(childReport, "SplitRead"));
|
||||
assertTrue(checkAbsent(childReport, "SplitWrite"));
|
||||
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 0));
|
||||
assertTrue(checkCounts(childReport, "Writer2", 1, 0));
|
||||
assertTrue(checkCounts(childReport, "Multi", 3, 0));
|
||||
assertTrue(checkCounts(childReport, "Multi", 2, 0));
|
||||
}
|
||||
|
||||
private Set<String> getAllPermissions()
|
||||
@@ -190,43 +195,49 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Full", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Reader", 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, "Writer", 1, 0));
|
||||
assertEquals(17, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 3));
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 1));
|
||||
assertTrue(checkCounts(grandParentReport, "ToMask", 1, 1));
|
||||
assertTrue(checkCounts(grandParentReport, "Full", 1, 3));
|
||||
assertTrue(checkCounts(grandParentReport, "Reader", 1, 1));
|
||||
assertTrue(checkCounts(grandParentReport, "Writer", 1, 1));
|
||||
assertTrue(checkAbsent(grandParentReport, "SplitRead"));
|
||||
assertTrue(checkAbsent(grandParentReport, "SplitWrite"));
|
||||
assertTrue(checkAbsent(grandParentReport, "DuplicateRead"));
|
||||
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
||||
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
assertEquals(20, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 2));
|
||||
assertTrue(checkAbsent(parentReport, "ToMask"));
|
||||
assertTrue(checkCounts(parentReport, "Full", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "Reader", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "Writer", 0, 1));
|
||||
assertTrue(checkCounts(parentReport, "Full", 0, 4));
|
||||
assertTrue(checkCounts(parentReport, "Reader", 0, 2));
|
||||
assertTrue(checkCounts(parentReport, "Writer", 0, 2));
|
||||
assertTrue(checkCounts(parentReport, "SplitRead", 1, 0));
|
||||
assertTrue(checkCounts(parentReport, "SplitWrite", 1, 0));
|
||||
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 0));
|
||||
assertTrue(checkCounts(parentReport, "DuplicateRead", 1, 1));
|
||||
assertTrue(checkAbsent(grandParentReport, "Writer2"));
|
||||
assertTrue(checkCounts(parentReport, "Multi", 1, 1));
|
||||
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(16, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
assertEquals(29, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
|
||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 2));
|
||||
assertTrue(checkAbsent(childReport, "ToMask"));
|
||||
assertTrue(checkCounts(childReport, "Full", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "Reader", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "Writer", 0, 1));
|
||||
assertTrue(checkCounts(childReport, "Full", 0, 4));
|
||||
assertTrue(checkCounts(childReport, "Reader", 0, 2));
|
||||
assertTrue(checkCounts(childReport, "Writer", 0, 2));
|
||||
assertTrue(checkCounts(childReport, "SplitRead", 1, 1));
|
||||
assertTrue(checkCounts(childReport, "SplitWrite", 1, 1));
|
||||
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 0));
|
||||
assertTrue(checkCounts(childReport, "Multi", 3, 2));
|
||||
assertTrue(checkCounts(childReport, "Writer2", 1, 0));
|
||||
assertTrue(checkCounts(childReport, "DuplicateRead", 1, 1));
|
||||
assertTrue(checkCounts(childReport, "Writer2", 1, 1));
|
||||
assertTrue(checkCounts(childReport, "Multi", 3, 4));
|
||||
|
||||
}
|
||||
|
||||
private void createTestAcls()
|
||||
@@ -395,7 +406,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(6, grandParentReport.getAccessControlEntries().size());
|
||||
assertEquals(16, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
List<CMISAccessControlEntry> acesToRemove = new ArrayList<CMISAccessControlEntry>();
|
||||
acesToRemove.add(new CMISAccessControlEntryImpl("ToMask", PermissionService.READ));
|
||||
@@ -403,7 +414,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
assertEquals(14, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -423,7 +434,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
assertEquals(18, parentReport.getAccessControlEntries().size());
|
||||
|
||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||
acesToAdd.add(new CMISAccessControlEntryImpl("SplitRead", PermissionService.READ_CONTENT));
|
||||
@@ -434,31 +445,31 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||
|
||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
assertEquals(9, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(9, childReport.getAccessControlEntries().size());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
|
||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
assertEquals(14, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
assertEquals(18, parentReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||
|
||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||
acesToAdd.add(new CMISAccessControlEntryImpl("CMISReader", CMISAccessControlService.CMIS_READ_PERMISSION));
|
||||
@@ -467,15 +478,15 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
||||
assertEquals(30, childReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
||||
assertEquals(30, childReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
assertEquals(22, childReport.getAccessControlEntries().size());
|
||||
|
||||
try
|
||||
{
|
||||
|
||||
@@ -19,6 +19,8 @@
|
||||
package org.alfresco.cmis.mapping;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
@@ -47,6 +49,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.NamespaceService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.Pair;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
@@ -109,10 +112,6 @@ public class CMISMapping implements InitializingBean
|
||||
private Map<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>> actionEvaluators = new HashMap<CMISScope, Map<CMISAllowedActionEnum, CMISActionEvaluator<? extends Object>>>();
|
||||
|
||||
|
||||
private Set<String> cmisRead = new HashSet<String>();
|
||||
private Set<String> cmisWrite = new HashSet<String>();
|
||||
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||
@@ -277,14 +276,6 @@ public class CMISMapping implements InitializingBean
|
||||
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_GET_ACL, false));
|
||||
registerEvaluator(CMISScope.POLICY, new FixedValueActionEvaluator<NodeRef>(serviceRegistry, CMISAllowedActionEnum.CAN_APPLY_ACL, false));
|
||||
|
||||
cmisRead.add(PermissionService.READ_PROPERTIES);
|
||||
cmisRead.add(PermissionService.READ_CONTENT);
|
||||
cmisRead.add(PermissionService.READ);
|
||||
|
||||
cmisWrite.add(PermissionService.WRITE_PROPERTIES);
|
||||
cmisWrite.add(PermissionService.WRITE_CONTENT);
|
||||
cmisWrite.add(PermissionService.WRITE);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -796,35 +787,97 @@ public class CMISMapping implements InitializingBean
|
||||
logger.debug("Registered Action Evaluator: scope=" + scope + ", evaluator=" + evaluator);
|
||||
}
|
||||
|
||||
public Collection<Pair<String, Boolean>> getReportedPermissions(String permission, Set<String> permissions, boolean hasFull, boolean isDirect, CMISAccessControlFormatEnum format)
|
||||
{
|
||||
ArrayList<Pair<String, Boolean>> answer = new ArrayList<Pair<String, Boolean>>(20);
|
||||
// indirect
|
||||
|
||||
if(hasFull)
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||
}
|
||||
|
||||
for(String perm : permissions)
|
||||
{
|
||||
if(PermissionService.READ.equals(perm))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||
}
|
||||
else if(PermissionService.WRITE.equals(perm))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||
}
|
||||
else if(PermissionService.ALL_PERMISSIONS.equals(perm))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||
}
|
||||
|
||||
if(hasFull)
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||
}
|
||||
}
|
||||
|
||||
// permission
|
||||
|
||||
if(format == CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS)
|
||||
{
|
||||
if(PermissionService.READ.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||
}
|
||||
else if(PermissionService.WRITE.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||
}
|
||||
else if(PermissionService.ALL_PERMISSIONS.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, false));
|
||||
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||
}
|
||||
else
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(permission, isDirect));
|
||||
}
|
||||
}
|
||||
else if(format == CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS)
|
||||
{
|
||||
if(PermissionService.READ.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_READ_PERMISSION, isDirect));
|
||||
}
|
||||
else if(PermissionService.WRITE.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_WRITE_PERMISSION, isDirect));
|
||||
}
|
||||
else if(PermissionService.ALL_PERMISSIONS.equals(permission))
|
||||
{
|
||||
answer.add(new Pair<String, Boolean>(CMISAccessControlService.CMIS_ALL_PERMISSION, isDirect));
|
||||
}
|
||||
else
|
||||
{
|
||||
// else nothing
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
return answer;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param permission
|
||||
* @param format
|
||||
* @return
|
||||
* @return permission to set
|
||||
*/
|
||||
public String getReportedPermission(String permission, CMISAccessControlFormatEnum format)
|
||||
{
|
||||
if(format == CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS)
|
||||
{
|
||||
return permission;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(cmisRead.contains(permission))
|
||||
{
|
||||
return CMISAccessControlService.CMIS_READ_PERMISSION;
|
||||
}
|
||||
else if(cmisWrite.contains(permission))
|
||||
{
|
||||
return CMISAccessControlService.CMIS_WRITE_PERMISSION;
|
||||
}
|
||||
else
|
||||
{
|
||||
return CMISAccessControlService.CMIS_ALL_PERMISSION;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public String getSetPermission(String permission)
|
||||
{
|
||||
if(permission.equals(CMISAccessControlService.CMIS_READ_PERMISSION))
|
||||
|
||||
Reference in New Issue
Block a user