diff --git a/source/java/org/alfresco/opencmis/CMISConnector.java b/source/java/org/alfresco/opencmis/CMISConnector.java index fdc30cc5ac..b33c849c47 100644 --- a/source/java/org/alfresco/opencmis/CMISConnector.java +++ b/source/java/org/alfresco/opencmis/CMISConnector.java @@ -2720,7 +2720,6 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen } Set currentAces = permissionService.getAllSetPermissions(nodeRef); - Acl currentACL = getACL(nodeRef, false); // remove all permissions permissionService.deletePermissions(nodeRef); @@ -2734,9 +2733,7 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen principalId = AuthenticationUtil.getFullyAuthenticatedUser(); } - List acePermissions = ace.getPermissions(); - normaliseAcePermissions(currentACL, ace, acePermissions); - List permissions = translatePermissionsFromCMIS(acePermissions); + List permissions = translatePermissionsFromCMIS(ace.getPermissions()); normalisePermissions(currentAces, permissions); for (String permission : permissions) { @@ -2745,38 +2742,6 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen } } - /* - * MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding - * - * Detect permission to delete for principal and - * also delete all the concomitant basic permissions - */ - private void normaliseAcePermissions(Acl currentACL, Ace newAce, List acePermissions) - { - for (Ace oldAce : currentACL.getAces()) - { - if (oldAce.getPrincipalId().equals(newAce.getPrincipalId())) - { - // detect what permissions were deleted for principal - Set permissionsDeletedForPrincipal = new HashSet(oldAce.getPermissions()); - Set newPermissions = new HashSet(newAce.getPermissions()); - permissionsDeletedForPrincipal.removeAll(newPermissions); - for (String permissionDeleted : permissionsDeletedForPrincipal) - { - // for deleted permission also delete all attendant basic permissions - List onePermissionList = new ArrayList(); - onePermissionList.add(permissionDeleted); - - List cmisPermissions = translatePermmissionsToCMIS(onePermissionList, false); - for (String cmisPermission : cmisPermissions) - { - acePermissions.remove(cmisPermission); - } - } - } - } - } - /* * ALF-11868: the cmis client library may incorrectly send READ or WRITE permissions to applyAcl. * This method works around this by "normalising" permissions: diff --git a/source/test-java/org/alfresco/opencmis/CMISTest.java b/source/test-java/org/alfresco/opencmis/CMISTest.java index ca611a69d2..14e38c8161 100644 --- a/source/test-java/org/alfresco/opencmis/CMISTest.java +++ b/source/test-java/org/alfresco/opencmis/CMISTest.java @@ -75,9 +75,7 @@ import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.rule.Rule; import org.alfresco.service.cmr.rule.RuleService; import org.alfresco.service.cmr.rule.RuleType; -import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.tagging.TaggingService; import org.alfresco.service.cmr.version.VersionService; @@ -86,9 +84,7 @@ import org.alfresco.service.namespace.QName; import org.alfresco.service.transaction.TransactionService; import org.alfresco.util.ApplicationContextHelper; import org.alfresco.util.Pair; -import org.apache.chemistry.opencmis.commons.BasicPermissions; import org.apache.chemistry.opencmis.commons.PropertyIds; -import org.apache.chemistry.opencmis.commons.data.Ace; import org.apache.chemistry.opencmis.commons.data.AllowableActions; import org.apache.chemistry.opencmis.commons.data.CmisExtensionElement; import org.apache.chemistry.opencmis.commons.data.ObjectData; @@ -99,7 +95,6 @@ import org.apache.chemistry.opencmis.commons.data.Properties; import org.apache.chemistry.opencmis.commons.data.PropertyData; import org.apache.chemistry.opencmis.commons.data.RepositoryInfo; import org.apache.chemistry.opencmis.commons.definitions.TypeDefinition; -import org.apache.chemistry.opencmis.commons.enums.AclPropagation; import org.apache.chemistry.opencmis.commons.enums.Action; import org.apache.chemistry.opencmis.commons.enums.ChangeType; import org.apache.chemistry.opencmis.commons.enums.CmisVersion; @@ -108,9 +103,6 @@ import org.apache.chemistry.opencmis.commons.enums.VersioningState; import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException; import org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException; import org.apache.chemistry.opencmis.commons.exceptions.CmisUpdateConflictException; -import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlEntryImpl; -import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlListImpl; -import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlPrincipalDataImpl; import org.apache.chemistry.opencmis.commons.impl.dataobjects.CmisExtensionElementImpl; import org.apache.chemistry.opencmis.commons.impl.dataobjects.ContentStreamImpl; import org.apache.chemistry.opencmis.commons.impl.dataobjects.ExtensionDataImpl; @@ -2155,126 +2147,6 @@ public class CMISTest } } - /** - * MNT-10165: Check that all concomitant basic CMIS permissions are deleted - * when permission is deleted vai CMIS 1.1 API. For Atom binding it applies - * new set of permissions instead of deleting the old ones. - */ - @Test - public void testRemoveACL() throws Exception - { - AuthenticationUtil.pushAuthentication(); - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - final String groupName = "group" + GUID.generate(); - final String testGroup = PermissionService.GROUP_PREFIX + groupName; - try - { - // preconditions: create test document - if (!authorityService.authorityExists(testGroup)) - { - authorityService.createAuthority(AuthorityType.GROUP, groupName); - } - - final FileInfo document = transactionService.getRetryingTransactionHelper().doInTransaction( - new RetryingTransactionCallback() - { - @Override - public FileInfo execute() throws Throwable - { - NodeRef companyHomeNodeRef = repositoryHelper.getCompanyHome(); - - String folderName = GUID.generate(); - FileInfo folderInfo = fileFolderService.create(companyHomeNodeRef, folderName, ContentModel.TYPE_FOLDER); - nodeService.setProperty(folderInfo.getNodeRef(), ContentModel.PROP_NAME, folderName); - assertNotNull(folderInfo); - - String docName = GUID.generate(); - FileInfo document = fileFolderService.create(folderInfo.getNodeRef(), docName, ContentModel.TYPE_CONTENT); - assertNotNull(document); - nodeService.setProperty(document.getNodeRef(), ContentModel.PROP_NAME, docName); - - return document; - } - }); - - Set permissions = permissionService.getAllSetPermissions(document.getNodeRef()); - assertEquals(permissions.size(), 1); - AccessPermission current = permissions.iterator().next(); - assertEquals(current.getAuthority(), "GROUP_EVERYONE"); - assertEquals(current.getPermission(), "Consumer"); - - // add group1 with Coordinator permissions - permissionService.setPermission(document.getNodeRef(), testGroup, PermissionService.COORDINATOR, true); - permissions = permissionService.getAllSetPermissions(document.getNodeRef()); - - Map docPermissions = new HashMap(); - for (AccessPermission permission : permissions) - { - docPermissions.put(permission.getAuthority(), permission.getPermission()); - } - assertTrue(docPermissions.keySet().contains(testGroup)); - assertEquals(docPermissions.get(testGroup), PermissionService.COORDINATOR); - - // update permissions for group1 via CMIS 1.1 API - withCmisService(new CmisServiceCallback() - { - @Override - public Void execute(CmisService cmisService) - { - List repositories = cmisService.getRepositoryInfos(null); - assertNotNull(repositories); - assertTrue(repositories.size() > 0); - RepositoryInfo repo = repositories.iterator().next(); - String repositoryId = repo.getId(); - String docIdStr = document.getNodeRef().toString(); - - // when removing Coordinator ACE from workbench-0.10.0 it sends PUT request - // to apply basic cmis:write, cmis:read, cmis:all for principal - AccessControlListImpl acesToPut = new AccessControlListImpl(); - List acesList = new ArrayList(); - acesToPut.setAces(acesList); - AccessControlEntryImpl ace = new AccessControlEntryImpl(); - ace.setPrincipal(new AccessControlPrincipalDataImpl(testGroup)); - List putPermissions = new ArrayList(); - putPermissions.add(BasicPermissions.ALL); - putPermissions.add(BasicPermissions.READ); - putPermissions.add(BasicPermissions.WRITE); - ace.setPermissions(putPermissions); - ace.setDirect(true); - acesList.add(ace); - cmisService.applyAcl(repositoryId, docIdStr, acesToPut, AclPropagation.REPOSITORYDETERMINED); - - return null; - } - }, CmisVersion.CMIS_1_1); - - // check that permissions are the same as they were before Coordinator was added - permissions = permissionService.getAllSetPermissions(document.getNodeRef()); - docPermissions = new HashMap(); - for (AccessPermission permission : permissions) - { - docPermissions.put(permission.getAuthority(), permission.getPermission()); - } - assertFalse(docPermissions.keySet().contains(testGroup)); - assertEquals(permissions.size(), 1); - current = permissions.iterator().next(); - assertEquals(current.getAuthority(), "GROUP_EVERYONE"); - assertEquals(current.getPermission(), "Consumer"); - } - catch (CmisConstraintException e) - { - fail(e.toString()); - } - finally - { - if (authorityService.authorityExists(testGroup)) - { - authorityService.deleteAuthority(testGroup); - } - AuthenticationUtil.popAuthentication(); - } - } - @Test public void dictionaryTest() {