RM-2388 (User without any clearance should not see the classify action)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@108131 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml

@@ -178,6 +178,8 @@
             org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.isCurrentUserClearedForClassification=ACL_ALLOW
             org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.setUserSecurityClearance=ACL_ALLOW
             org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.getClearanceLevels=ACL_ALLOW
+            org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.hasCurrentUserClearance=ACL_ALLOW
+            org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.hasUserClearance=ACL_ALLOW
             org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.*=ACL_DENY
          </value>
       </property>

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml

@@ -18,6 +18,7 @@
       <property name="dictionaryService" ref="DictionaryService" />
       <property name="siteService" ref="SiteService" />
       <property name="contentClassificationService" ref="contentClassificationService"/>
+      <property name="securityClearanceService" ref="SecurityClearanceService" />
       <property name="policyComponent" ref="policyComponent" />
       <property name="jsonConversionComponentCache" ref="jsonConversionComponentCache" />
    </bean>

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceService.java

@@ -74,4 +74,19 @@ public interface SecurityClearanceService
      * and therefore access to the most restricted documents).
      */
     List<ClearanceLevel> getClearanceLevels();
+
+    /**
+     * Checks if the current user has any clearance set
+     *
+     * @return <code>true</code> if the current user has a clearance set different than "No Clearance", <code>false</code> otherwise
+     */
+    boolean hasCurrentUserClearance();
+
+    /**
+     * Checks if the user with the given id has any clearance set
+     *
+     * @param userId {@link String} The user id
+     * @return <code>true</code> if the user with the given id has a clearance set different than "No Clearance", <code>false</code> otherwise
+     */
+    boolean hasUserClearance(String userId);
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java

@@ -18,8 +18,10 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.classification;
 
+import static org.alfresco.module.org_alfresco_module_rm.classification.ClearanceLevelManager.NO_CLEARANCE;
 import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.ASPECT_SECURITY_CLEARANCE;
 import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
+import static org.alfresco.module.org_alfresco_module_rm.util.RMParameterCheck.checkNotBlank;
 
 import java.util.ArrayList;
 import java.util.Collections;
@@ -202,4 +204,32 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
         List<ClearanceLevel> subList = allLevels.subList(targetIndex, allLevels.size());
         return Collections.unmodifiableList(subList);
     }
+
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasCurrentUserClearance()
+     */
+    @Override
+    public boolean hasCurrentUserClearance()
+    {
+        return hasUserClearance(authenticationUtil.getRunAsUser());
+    }
+
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasUserClearance(java.lang.String)
+     */
+    @Override
+    public boolean hasUserClearance(String userId)
+    {
+        checkNotBlank("userId", userId);
+
+        boolean hasUserClearance = false;
+
+        ClearanceLevel userCleranceLevel = getUserSecurityClearance(userId).getClearanceLevel();
+        if (userCleranceLevel != null && userCleranceLevel != NO_CLEARANCE)
+        {
+            hasUserClearance = true;
+        }
+
+        return hasUserClearance;
+    }
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/JSONConversionComponent.java

@@ -30,6 +30,7 @@ import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
 import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
+import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanComponentKind;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
@@ -70,6 +71,7 @@ public class JSONConversionComponent extends    org.alfresco.repo.jscript.app.JS
     private static final String IS_RECORD_CONTRIBUTOR_GROUP_ENABLED = "isRecordContributorGroupEnabled";
     private static final String RECORD_CONTRIBUTOR_GROUP_NAME = "recordContributorGroupName";
     public static final String IS_CLASSIFIED = "isClassified";
+    private static final String HAS_CURRENT_USER_CLEARANCE = "hasCurrentUserClearance";
 
     /** true if record contributor group is enabled, false otherwise */
     private boolean isRecordContributorsGroupEnabled = false;
@@ -95,6 +97,9 @@ public class JSONConversionComponent extends    org.alfresco.repo.jscript.app.JS
     /** Content classification service */
     private ContentClassificationService contentClassificationService;
 
+    /** Security clearance service */
+    private SecurityClearanceService securityClearanceService;
+
     /** Indicators */
     private List<BaseEvaluator> indicators = new ArrayList<BaseEvaluator>();
 
@@ -174,6 +179,14 @@ public class JSONConversionComponent extends    org.alfresco.repo.jscript.app.JS
         this.contentClassificationService = contentClassificationService;
     }
 
+    /**
+     * @param securityClearanceService the securityClearanceService to set
+     */
+    public void setSecurityClearanceService(SecurityClearanceService securityClearanceService)
+    {
+        this.securityClearanceService = securityClearanceService;
+    }
+
     /**
      * @param indicator registered indicator
      */
@@ -260,6 +273,9 @@ public class JSONConversionComponent extends    org.alfresco.repo.jscript.app.JS
             // Is the node classified
             rootJSONObject.put(IS_CLASSIFIED, contentClassificationService.isClassified(nodeRef));
 
+            // Has current user clearance
+            rootJSONObject.put(HAS_CURRENT_USER_CLEARANCE, securityClearanceService.hasCurrentUserClearance());
+
             if (AccessStatus.ALLOWED.equals(capabilityService.getCapabilityAccessState(nodeRef, ViewRecordsCapability.NAME)))
             {
                 // Indicate whether the node is a RM object or not

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImplUnitTest.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification;
 
 import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.ASPECT_SECURITY_CLEARANCE;
 import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
+import static org.alfresco.util.GUID.generate;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
@@ -30,7 +31,6 @@ import static org.mockito.Mockito.when;
 
 import java.util.List;
 
-import com.google.common.collect.ImmutableList;
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationException.LevelIdNotFound;
 import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
 import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
@@ -46,6 +46,8 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 
+import com.google.common.collect.ImmutableList;
+
 /**
  * Unit tests for {@link SecurityClearanceServiceImpl}.
  *
@@ -300,4 +302,26 @@ public class SecurityClearanceServiceImplUnitTest
         assertEquals(mockClearanceLevels.get(1), restrictedClearanceLevels.get(0));
         assertEquals(mockClearanceLevels.get(2), restrictedClearanceLevels.get(1));
     }
+
+    @Test
+    public void hasUserClearance()
+    {
+        // Check if the current user has clearance
+        PersonInfo user1 = createMockPerson(generate(), generate(), generate(), null);
+        MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user1.getUserName());
+        assertFalse(securityClearanceServiceImpl.hasCurrentUserClearance());
+
+        // Check if a user with a given id has clearance
+        String user2 = generate();
+        String classificationLevelId = generate();
+        ClassificationLevel classificationLevel = new ClassificationLevel(classificationLevelId, generate());
+        ClearanceLevel clearanceLevel = new ClearanceLevel(classificationLevel, generate());
+
+        when(mockClearanceLevelManager.findLevelByClassificationLevelId(classificationLevelId)).thenReturn(clearanceLevel);
+
+        createMockPerson(user2, generate(), generate(), classificationLevelId);
+        MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user2);
+        assertTrue(securityClearanceServiceImpl.hasUserClearance(user2));
+    }
+
 }