diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
index 94634dba81..67f7f702a7 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -491,6 +491,7 @@
+
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
index f723a83a79..267c6fc918 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -18,6 +18,7 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
+import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -26,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -66,6 +68,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
/** File plan service */
private FilePlanService filePlanService;
+
+ /** Record service */
+ private RecordService recordService;
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
@@ -87,6 +92,10 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
+ policyComponent.bindClassBehaviour(
+ NodeServicePolicies.OnMoveNodePolicy.QNAME,
+ ASPECT_RECORD,
+ new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
@@ -128,6 +137,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
{
this.filePlanService = filePlanService;
}
+
+ /**
+ * @param recordService record service
+ */
+ public void setRecordService(RecordService recordService)
+ {
+ this.recordService = recordService;
+ }
/**
* @param childAssocRef
@@ -238,35 +255,98 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
{
if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true)
{
- NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
-
- setUpPermissions(record);
-
- Set perms = permissionService.getAllSetPermissions(recordFolder);
- for (AccessPermission perm : perms)
- {
- if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
- ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
- {
- AccessStatus accessStatus = perm.getAccessStatus();
- boolean allow = false;
- if (AccessStatus.ALLOWED.equals(accessStatus) == true)
- {
- allow = true;
- }
- permissionService.setPermission(
- record,
- perm.getAuthority(),
- perm.getPermission(),
- allow);
- }
- }
+ NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
+ initialiseRecordPermissions(record, recordFolder);
}
return null;
}
- }, AuthenticationUtil.getSystemUserName());
+ }, AuthenticationUtil.getSystemUserName());
+ }
+
+ /**
+ * Initialise the record permissions for the given record folder.
+ *
+ * @param record record
+ * @param recordFolder record folder
+ */
+ private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder)
+ {
+ setUpPermissions(record);
+ Set perms = permissionService.getAllSetPermissions(recordFolder);
+ for (AccessPermission perm : perms)
+ {
+ if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
+ ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
+ {
+ AccessStatus accessStatus = perm.getAccessStatus();
+ boolean allow = false;
+ if (AccessStatus.ALLOWED.equals(accessStatus) == true)
+ {
+ allow = true;
+ }
+ permissionService.setPermission(
+ record,
+ perm.getAuthority(),
+ perm.getPermission(),
+ allow);
+ }
+ }
+
+ }
+
+ /**
+ * onMoveRecord behaviour
+ *
+ * @param sourceAssocRef source association reference
+ * @param destinationAssocRef destination association reference
+ */
+ public void onMoveRecord(final ChildAssociationRef sourceAssocRef, final ChildAssociationRef destinationAssocRef)
+ {
+ AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork()
+ {
+ NodeRef record = sourceAssocRef.getChildRef();
+ if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true)
+ {
+ Set keepPerms = new HashSet(5);
+
+ // record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent)
+ Set origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef());
+ Set origionalRecordPerms= permissionService.getAllSetPermissions(record);
+ for (AccessPermission perm : origionalRecordPerms)
+ {
+ if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
+ ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
+ {
+ if ((perm.getPermission().equals(RMPermissionModel.FILING) == true ||
+ perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) &&
+ origionalParentPerms.contains(perm) == false)
+ {
+ // then we can assume this is a permission we want to preserve
+ keepPerms.add(perm);
+ }
+ }
+ }
+
+ // clear all existing permissions and start again
+ permissionService.deletePermissions(record);
+
+ // re-setup the records permissions
+ initialiseRecordPermissions(record, destinationAssocRef.getParentRef());
+
+ // re-add keep'er permissions
+ for (AccessPermission keeper : keepPerms)
+ {
+ setPermission(record, keeper.getAuthority(), keeper.getPermission());
+ }
+ }
+
+ return null;
+ }
+ }, AuthenticationUtil.getSystemUserName());
}
/**
@@ -313,7 +393,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
}
else if (recordsManagementService.isRecordsManagementContainer(nodeRef) == true ||
recordsManagementService.isRecordFolder(nodeRef) == true ||
- recordsManagementService.isRecord(nodeRef) == true)
+ recordService.isRecord(nodeRef) == true)
{
setReadPermissionUp(nodeRef, authority);
setPermissionDown(nodeRef, authority, permission);
@@ -367,7 +447,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
- recordsManagementService.isRecord(child) == true)
+ recordService.isRecord(child) == true)
{
setPermissionDown(child, authority, permission);
}
@@ -414,7 +494,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
- recordsManagementService.isRecord(child) == true)
+ recordService.isRecord(child) == true)
{
deletePermission(child, authority, permission);
}
@@ -425,5 +505,4 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
}
}, AuthenticationUtil.getSystemUserName());
}
-
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
index 8797624568..31d60e7b78 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
@@ -23,6 +23,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.service.DataSetServiceImp
import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedActionServiceTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedSecurityServiceImplTest;
+import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanPermissionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanRoleServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FreezeServiceImplTest;
@@ -62,7 +63,8 @@ import org.junit.runners.Suite.SuiteClasses;
RecordServiceImplTest.class,
CapabilityServiceImplTest.class,
FilePlanRoleServiceImplTest.class,
- FilePlanServiceImplTest.class
+ FilePlanServiceImplTest.class,
+ FilePlanPermissionServiceImplTest.class
})
public class ServicesTestSuite
{
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
new file mode 100644
index 0000000000..72a8e4e268
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
@@ -0,0 +1,524 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.service;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.springframework.extensions.webscripts.GUID;
+
+/**
+ * File plan permission service unit test
+ *
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
+{
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
+ */
+ @Override
+ protected boolean isUserTest()
+ {
+ return true;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest()
+ */
+ @Override
+ protected boolean isRecordTest()
+ {
+ return true;
+ }
+
+ /**
+ * Helper to create test user
+ */
+ private String createTestUser()
+ {
+ return doTestInTransaction(new Test()
+ {
+ @Override
+ public String run()
+ {
+ String userName = GUID.generate();
+ createPerson(userName);
+ filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, userName);
+ return userName;
+ }
+ }, AuthenticationUtil.getSystemUserName());
+ }
+
+ /**
+ * Helper to set permission
+ */
+ private void setPermission(final NodeRef nodeRef, final String userName, final String permission)
+ {
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ filePlanPermissionService.setPermission(nodeRef, userName, permission);
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Helper to delete permission
+ */
+ private void deletePermission(final NodeRef nodeRef, final String userName, final String permission)
+ {
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ filePlanPermissionService.deletePermission(nodeRef, userName, permission);
+ return null;
+ }
+ });
+ }
+
+ /**
+ * test set/delete permissions on file plan
+ */
+ public void testSetDeletePermissionFilePlan() throws Exception
+ {
+ String userName = createTestUser();
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+
+ setPermission(filePlan, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.ALLOWED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.ALLOWED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.ALLOWED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+
+ deletePermission(filePlan, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+
+ //what happens if we try and remove READ for a normal user on the file plan ???
+ deletePermission(filePlan, userName, RMPermissionModel.READ_RECORDS);
+
+ // nothing .. user still has read on file plan .. only removing the user from all roles will remove read on file plan
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ }
+
+ /**
+ * Test set/delete permission on record categorty
+ */
+ public void testSetDeletePermissionRecordCategory() throws Exception
+ {
+ String userName = createTestUser();
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+
+ setPermission(rmContainer, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.ALLOWED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.ALLOWED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+
+ deletePermission(rmContainer, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ }
+
+ /**
+ * Test set/delete permission on record folder
+ */
+ public void testSetDeletePermissionRecordFolder() throws Exception
+ {
+ String userName = createTestUser();
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+
+ setPermission(rmFolder, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.ALLOWED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+
+ deletePermission(rmFolder, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ }
+
+ /**
+ * Test set/delete permission on record
+ */
+ public void testSetDeletePermissionRecord() throws Exception
+ {
+ String userName = createTestUser();
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+
+ setPermission(recordOne, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+
+ deletePermission(recordOne, userName, RMPermissionModel.FILING);
+
+ assertPermissions(userName,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ }
+
+ public void testMoveRecord() throws Exception
+ {
+ String userOne = createTestUser();
+ String userTwo = createTestUser();
+ String userThree = createTestUser();
+
+ final NodeRef otherFolder = doTestInTransaction(new Test()
+ {
+ @Override
+ public NodeRef run()
+ {
+ return rmService.createRecordFolder(rmContainer, "otherFolder");
+ }
+ });
+
+ assertPermissions(userOne,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userOne);
+ assertPermissions(userTwo,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userTwo);
+ assertPermissions(userThree,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.DENIED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userThree);
+
+ setPermission(rmFolder, userOne, RMPermissionModel.FILING);
+ setPermission(otherFolder, userTwo, RMPermissionModel.FILING);
+ setPermission(recordOne, userThree, RMPermissionModel.FILING);
+
+ assertPermissions(userOne,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.ALLOWED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userOne);
+ assertPermissions(userTwo,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userTwo);
+ assertPermissions(userThree,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userThree);
+
+ // move the record!
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run() throws Exception
+ {
+ fileFolderService.move(recordOne, otherFolder, "movedRecord.txt");
+ return null;
+ }
+ });
+
+ assertPermissions(userOne,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.ALLOWED, // record folder file
+ AccessStatus.DENIED, // record read
+ AccessStatus.DENIED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userOne);
+ assertPermissions(userTwo,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.DENIED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userTwo);
+ assertPermissions(userThree,
+ AccessStatus.ALLOWED, // fileplan read
+ AccessStatus.DENIED, // fileplan file
+ AccessStatus.ALLOWED, // category read
+ AccessStatus.DENIED, // category file
+ AccessStatus.ALLOWED, // record folder read
+ AccessStatus.DENIED, // record folder file
+ AccessStatus.ALLOWED, // record read
+ AccessStatus.ALLOWED); // record file
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
+ return null;
+ }
+ }, userThree);
+
+ }
+
+
+ /**
+ * Helper to assert permissions for passed user
+ */
+ private void assertPermissions(final String userName, final AccessStatus ... accessStatus)
+ {
+ assertEquals(8, accessStatus.length);
+
+ doTestInTransaction(new Test()
+ {
+ @Override
+ public Void run()
+ {
+ assertEquals("Everyone who has a role has read permissions on the file plan",
+ accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
+ assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING));
+
+ assertEquals(accessStatus[2], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
+ assertEquals(accessStatus[3], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING));
+
+ assertEquals(accessStatus[4], permissionService.hasPermission(rmFolder, RMPermissionModel.READ_RECORDS));
+ assertEquals(accessStatus[5], permissionService.hasPermission(rmFolder, RMPermissionModel.FILING));
+
+ assertEquals(accessStatus[6], permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS));
+ assertEquals(accessStatus[7], permissionService.hasPermission(recordOne, RMPermissionModel.FILING));
+
+ return null;
+ }
+ }, userName);
+ }
+
+}