Merged V3.2 to HEAD

17002: Merged V3.2 to V3.2 14187: (record-only) Fix for ETHREEOH-2023: LDAP import must lower case the local name of the association to person. 14941: Merged V2.2 to V3.1 14830: Fix for ETWOTWO-389: Alfresco will not fix up all the permissions if the UID is changed 14849: Build Fix: Remove the constraint to avoid the creation of duplicate users (it stops permission assignment before user creation) 14867: Build Fix: Disable tests for concurrent creation of groups and people (it leaves an odd group around and is not currently used) 14880: More for ETWOTWO-389: restrict fix ups for uid/gid to case changes only. Other changes are rejected. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17013 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-10-19 10:07:49 +00:00
parent 24a4251d8a
commit 5a0883f91c
10 changed files with 755 additions and 53 deletions
--- a/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java
@@ -33,6 +33,7 @@ import org.alfresco.repo.node.db.NodeDaoService;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
+import org.alfresco.repo.security.authority.AuthorityDAO;
 import org.alfresco.repo.security.permissions.PermissionReference;
 import org.alfresco.repo.security.permissions.PermissionServiceSPI;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
@@ -82,6 +83,8 @@ public class AbstractPermissionTest extends BaseSpringTest
    protected PersonService personService;
    
    protected AuthorityService authorityService;
+    
+    protected AuthorityDAO authorityDAO;

    protected NodeDaoService nodeDaoService;
    
@@ -109,6 +112,7 @@ public class AbstractPermissionTest extends BaseSpringTest
        permissionModelDAO = (ModelDAO) applicationContext.getBean("permissionsModelDAO");
        personService = (PersonService) applicationContext.getBean("personService");
        authorityService = (AuthorityService) applicationContext.getBean("authorityService");
+        authorityDAO = (AuthorityDAO) applicationContext.getBean("authorityDAO");
        
        authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
        authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao");
--- a/source/java/org/alfresco/repo/security/permissions/impl/AclDaoComponent.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/AclDaoComponent.java
@@ -25,6 +25,7 @@
 package org.alfresco.repo.security.permissions.impl;

 import java.util.List;
+import java.util.Set;

 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.hibernate.AclDaoComponentImpl.Indirection;
@@ -182,4 +183,8 @@ public interface AclDaoComponent extends TransactionalDao
     * @param id
     */
    public void onDeleteAccessControlList(final long id);
+    
+    public void updateAuthority(String before, String after);
+    
+    public void createAuthority(String authority);
 }
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
@@ -68,6 +68,102 @@ public class PermissionServiceTest extends AbstractPermissionTest
        // TODO Auto-generated constructor stub
    }

+    public void testChangePersonUid()
+    {
+        runAs("admin");
+        NodeRef one = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+        permissionService.setPermission(one, "andy", PermissionService.ALL_PERMISSIONS, true);
+        runAs("andy");
+        assertEquals("andy", authenticationComponent.getCurrentUserName());
+        assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
+        runAs("admin");
+        boolean found = false;
+        Set<AccessPermission> set = permissionService.getAllSetPermissions(one);
+        for (AccessPermission ap : set)
+        {
+            if (ap.getAuthority().equals("Andy"))
+            {
+                found = true;
+            }
+        }
+        assertFalse(found);
+        NodeRef andy = personService.getPerson("andy");
+        nodeService.setProperty(andy, ContentModel.PROP_USERNAME, "Andy");
+        runAs("andy");
+        assertEquals("Andy", authenticationComponent.getCurrentUserName());
+        assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
+        runAs("admin");
+        found = false;
+        set = permissionService.getAllSetPermissions(one);
+        for (AccessPermission ap : set)
+        {
+            if (ap.getAuthority().equals("Andy"))
+            {
+                found = true;
+            }
+        }
+        assertTrue(found);
+        
+        try
+        {
+            nodeService.setProperty(andy, ContentModel.PROP_USERNAME, "Bob");
+            fail("Chainging uid Andy -> Bob should fail");
+        }
+        catch (UnsupportedOperationException e)
+        {
+
+        }
+    }
+
+    public void testChangeGroupUid()
+    {
+        personService.getPerson("andy");
+        runAs("admin");
+        NodeRef one = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+        authorityService.createAuthority(AuthorityType.GROUP, "ONE");
+        authorityService.addAuthority("GROUP_ONE", "andy");
+        permissionService.setPermission(one, "GROUP_ONE", PermissionService.ALL_PERMISSIONS, true);
+        runAs("andy");
+        assertEquals("andy", authenticationComponent.getCurrentUserName());
+        assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
+        runAs("admin");
+        boolean found = false;
+        Set<AccessPermission> set = permissionService.getAllSetPermissions(one);
+        for (AccessPermission ap : set)
+        {
+            if (ap.getAuthority().equals("GROUP_One"))
+            {
+                found = true;
+            }
+        }
+        assertFalse(found);
+        NodeRef gONE = authorityDAO.getAuthorityNodeRefOrNull("GROUP_ONE");
+        nodeService.setProperty(gONE, ContentModel.PROP_AUTHORITY_NAME, "GROUP_One");
+        runAs("andy");
+        assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
+        runAs("admin");
+        found = false;
+        set = permissionService.getAllSetPermissions(one);
+        for (AccessPermission ap : set)
+        {
+            if (ap.getAuthority().equals("GROUP_One"))
+            {
+                found = true;
+            }
+        }
+        assertTrue(found);
+
+        try
+        {
+            nodeService.setProperty(gONE, ContentModel.PROP_AUTHORITY_NAME, "GROUP_TWO");
+            fail("Chainging gid GROUP_One -> GROUP_TWO should fail");
+        }
+        catch (UnsupportedOperationException e)
+        {
+
+        }
+    }
+
    public void testAuthenticatedRoleIsPresent()
    {
        runAs("andy");