inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-2388 (User without any clearance should not see the classify action)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@108131 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2015-07-10 15:50:55 +00:00
parent d011b7ec0a
commit 6a8eeda795
6 changed files with 89 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml
View File

@@ -178,6 +178,8 @@
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.isCurrentUserClearedForClassification=ACL_ALLOW
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.setUserSecurityClearance=ACL_ALLOW
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.getClearanceLevels=ACL_ALLOW
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.hasCurrentUserClearance=ACL_ALLOW
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.hasUserClearance=ACL_ALLOW
org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService.*=ACL_DENY
</value>
</property>

1
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -18,6 +18,7 @@
<property name="dictionaryService" ref="DictionaryService" />
<property name="siteService" ref="SiteService" />
<property name="contentClassificationService" ref="contentClassificationService"/>
<property name="securityClearanceService" ref="SecurityClearanceService" />
<property name="policyComponent" ref="policyComponent" />
<property name="jsonConversionComponentCache" ref="jsonConversionComponentCache" />
</bean>

15
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceService.java
View File

@@ -74,4 +74,19 @@ public interface SecurityClearanceService
* and therefore access to the most restricted documents).
*/
List<ClearanceLevel> getClearanceLevels();
/**
* Checks if the current user has any clearance set
*
* @return <code>true</code> if the current user has a clearance set different than "No Clearance", <code>false</code> otherwise
*/
boolean hasCurrentUserClearance();
/**
* Checks if the user with the given id has any clearance set
*
* @param userId {@link String} The user id
* @return <code>true</code> if the user with the given id has a clearance set different than "No Clearance", <code>false</code> otherwise
*/
boolean hasUserClearance(String userId);
}

30
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java
View File

@@ -18,8 +18,10 @@
*/
package org.alfresco.module.org_alfresco_module_rm.classification;
import static org.alfresco.module.org_alfresco_module_rm.classification.ClearanceLevelManager.NO_CLEARANCE;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.ASPECT_SECURITY_CLEARANCE;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
import static org.alfresco.module.org_alfresco_module_rm.util.RMParameterCheck.checkNotBlank;
import java.util.ArrayList;
import java.util.Collections;
@@ -202,4 +204,32 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
List<ClearanceLevel> subList = allLevels.subList(targetIndex, allLevels.size());
return Collections.unmodifiableList(subList);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasCurrentUserClearance()
*/
@Override
public boolean hasCurrentUserClearance()
{
return hasUserClearance(authenticationUtil.getRunAsUser());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasUserClearance(java.lang.String)
*/
@Override
public boolean hasUserClearance(String userId)
{
checkNotBlank("userId", userId);
boolean hasUserClearance = false;
ClearanceLevel userCleranceLevel = getUserSecurityClearance(userId).getClearanceLevel();
if (userCleranceLevel != null && userCleranceLevel != NO_CLEARANCE)
{
hasUserClearance = true;
}
return hasUserClearance;
}
}

16
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/JSONConversionComponent.java
View File

@@ -30,6 +30,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
@@ -70,6 +71,7 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
private static final String IS_RECORD_CONTRIBUTOR_GROUP_ENABLED = "isRecordContributorGroupEnabled";
private static final String RECORD_CONTRIBUTOR_GROUP_NAME = "recordContributorGroupName";
public static final String IS_CLASSIFIED = "isClassified";
private static final String HAS_CURRENT_USER_CLEARANCE = "hasCurrentUserClearance";
/** true if record contributor group is enabled, false otherwise */
private boolean isRecordContributorsGroupEnabled = false;
@@ -95,6 +97,9 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
/** Content classification service */
private ContentClassificationService contentClassificationService;
/** Security clearance service */
private SecurityClearanceService securityClearanceService;
/** Indicators */
private List<BaseEvaluator> indicators = new ArrayList<BaseEvaluator>();
@@ -174,6 +179,14 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
this.contentClassificationService = contentClassificationService;
}
/**
* @param securityClearanceService the securityClearanceService to set
*/
public void setSecurityClearanceService(SecurityClearanceService securityClearanceService)
{
this.securityClearanceService = securityClearanceService;
}
/**
* @param indicator registered indicator
*/
@@ -260,6 +273,9 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
// Is the node classified
rootJSONObject.put(IS_CLASSIFIED, contentClassificationService.isClassified(nodeRef));
// Has current user clearance
rootJSONObject.put(HAS_CURRENT_USER_CLEARANCE, securityClearanceService.hasCurrentUserClearance());
if (AccessStatus.ALLOWED.equals(capabilityService.getCapabilityAccessState(nodeRef, ViewRecordsCapability.NAME)))
{
// Indicate whether the node is a RM object or not

26
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImplUnitTest.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.ASPECT_SECURITY_CLEARANCE;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
import static org.alfresco.util.GUID.generate;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -30,7 +31,6 @@ import static org.mockito.Mockito.when;
import java.util.List;
import com.google.common.collect.ImmutableList;
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationException.LevelIdNotFound;
import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
@@ -46,6 +46,8 @@ import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import com.google.common.collect.ImmutableList;
/**
* Unit tests for {@link SecurityClearanceServiceImpl}.
*
@@ -300,4 +302,26 @@ public class SecurityClearanceServiceImplUnitTest
assertEquals(mockClearanceLevels.get(1), restrictedClearanceLevels.get(0));
assertEquals(mockClearanceLevels.get(2), restrictedClearanceLevels.get(1));
}
@Test
public void hasUserClearance()
{
// Check if the current user has clearance
PersonInfo user1 = createMockPerson(generate(), generate(), generate(), null);
MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user1.getUserName());
assertFalse(securityClearanceServiceImpl.hasCurrentUserClearance());
// Check if a user with a given id has clearance
String user2 = generate();
String classificationLevelId = generate();
ClassificationLevel classificationLevel = new ClassificationLevel(classificationLevelId, generate());
ClearanceLevel clearanceLevel = new ClearanceLevel(classificationLevel, generate());
when(mockClearanceLevelManager.findLevelByClassificationLevelId(classificationLevelId)).thenReturn(clearanceLevel);
createMockPerson(user2, generate(), generate(), classificationLevelId);
MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user2);
assertTrue(securityClearanceServiceImpl.hasUserClearance(user2));
}
}