1Merged V4.0-BUG-FIX to HEAD

35438: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/V4.0-BUG-FIX:
       - fix merge issue (THOR-4 / ALF-13756)
   35446: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/V4.0-BUG-FIX:
      29422: record-only
      29453: build/test fix (AspectTest, PolicyTest, WebScriptTestSuite)
   35448: ALF-13770: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2)
      35447: ALF-13769: Merged V3.4.8 (3.4.8.7) to V3.4-BUG-FIX (3.4.10)
         35435: ALF-11535 Home Folder Synchronizer fails when destination folder already exists
            - HomeFolderProviderSynchronizerTest was broken on build m/c because PersonTest (in the same suite) created
              its own UserNameMatcherImpl and left it attached to the personServiceImpl.
         35413: ALF-11535 Home Folder Synchronizer (HFS) fails when destination folder already exists
            - HomeFolderManager no longer returns an existing folder (unless the provider is an ExistingPathBasedHomeFolderProvider*),
              but will append -N (where N is an integer) so that a new folder is always created.
              This fixes an unreported bug (when case sensitive user names are in use) that users created in Share that only differ
              in case would have shared the same home folder.
            - Modified HFS to log more 'info' rather than 'debug' messages so it is possible for administrators to understand the moves
              and errors better.
            - Modified HFS to understand that Alfresco does not allow duplicate folders/content when case is ignored.
            - Added unit test for case insensitive user names.
            - Modified HFS to allows folder structure to change case on re-sync
   35451: Fix for ALF-13503 Add SOLR client API tests to the SystemBuildTest project
   - missed keystore from checkin
   35454: Improved solution for ALF-13286 - after changes to "SiteService" ProxyFactoryBean definition from Andy.
    - now checks user ability to execute the SiteService.createSite() method based on ACLs defined - avoiding AccessDeniedException.
   35462: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/V4.0-BUG-FIX:
   - minor manual merge (to avoid future conflict)
   35465: Fix for ALF-13454 - Advanced search date picker missing the additional pop up
   35475: ALF-12780 - CIFS and TextEdit shuffle
   35495: ALF-13753: Prevent users from editing the name of locked documents in Share via the insitu editor


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35499 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/templates/webscripts/org/alfresco/repository/site/sites.post.json.js

@@ -1,5 +1,12 @@
 function main()
 {
+   // Ensure the user has Create Site capability
+   if (!siteService.hasCreateSitePermissions())
+   {
+      status.setCode(status.STATUS_FORBIDDEN, "error.noPermissions");
+      return;
+   }
+   
    // Get the details of the site
    if (json.has("shortName") == false || json.get("shortName").length == 0)
    {

source/java/org/alfresco/repo/web/scripts/BaseWebScriptTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2012 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -32,6 +32,7 @@ import junit.textui.ResultPrinter;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.web.scripts.servlet.LocalTestRunAsAuthenticatorFactory;
 import org.apache.commons.httpclient.Header;
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.HttpMethod;
@@ -338,6 +339,14 @@ public abstract class BaseWebScriptTest extends TestCase
         throws IOException
     {
         asUser = (asUser == null) ? defaultRunAs : asUser;
+        
+        TestWebScriptServer tws = getServer();
+        if (AuthenticationUtil.isMtEnabled())
+        {
+            // MT repository container requires non-none authentication (ie. guest or higher)
+            tws.setServletAuthenticatorFactory(new LocalTestRunAsAuthenticatorFactory());
+        }
+        
         if (asUser == null)
         {
             return getServer().submitRequest(req.getMethod(), req.getFullUri(), req.getHeaders(), req.getBody(), req.getEncoding(), req.getType());
@@ -345,7 +354,6 @@ public abstract class BaseWebScriptTest extends TestCase
         else
         {
             // send request in context of specified user
-            getServer();
             return AuthenticationUtil.runAs(new RunAsWork<Response>()
             {
                 @SuppressWarnings("synthetic-access")

source/java/org/alfresco/repo/web/scripts/servlet/LocalTestRunAsAuthenticatorFactory.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.repo.web.scripts.servlet;
+
+import javax.servlet.ServletContext;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.springframework.extensions.webscripts.Authenticator;
+import org.springframework.extensions.webscripts.Description.RequiredAuthentication;
+import org.springframework.extensions.webscripts.servlet.ServletAuthenticatorFactory;
+import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
+import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;
+import org.springframework.web.context.ServletContextAware;
+
+
+/**
+ * Used for local web script tests when MT is enabled - eg. WebScriptTestSuite, BaseCMISTest (AspectTest, PolicyTest), etc.
+ * 
+ * When MT is enabled the repository container required authentication must be "guest" or higher (ie. not "none") to determine the tenant domain.
+ * 
+ * This dummy authenticator will effectively pass-through the runAs user ... note: it needs to set the runAs user since it will be cleared first (by RepositoryContainer.authenticate).
+ *
+ * @author janv
+ * @since 4.0 (thor)
+ */
+public class LocalTestRunAsAuthenticatorFactory implements ServletAuthenticatorFactory, ServletContextAware
+{
+    @Override
+    public void setServletContext(ServletContext context)
+    {
+    }
+    
+    @Override
+    public Authenticator create(WebScriptServletRequest req, WebScriptServletResponse res)
+    {
+        String runAsUser = AuthenticationUtil.getRunAsUser();
+        if (runAsUser == null)
+        {
+            runAsUser = AuthenticationUtil.getSystemUserName();
+        }
+        return new LocalTestRunAsAuthenticator(runAsUser);
+    }
+    
+    public class LocalTestRunAsAuthenticator implements Authenticator
+    {
+        private String userName;
+        
+        public LocalTestRunAsAuthenticator(String userName)
+        {
+            this.userName = userName;
+        }
+        
+        @Override
+        public boolean authenticate(RequiredAuthentication required, boolean isGuest)
+        {
+            if (! emptyCredentials())
+            {
+                AuthenticationUtil.setRunAsUser(userName);
+                return true;
+            }
+            return false;
+        }
+        
+        @Override
+        public boolean emptyCredentials()
+        {
+            return (userName == null || userName.length() == 0);
+        }
+    }
+
+}