mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
ACE-2224: Reverse Merge HEAD (5.0/Cloud)
74808: Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)
73693: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
73621: MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding
- Fix test failure - fix CMISTest to not affect on AuthorityServiceTest
74803: Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)
73688: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
73548: MNT-10165: Merged DEV to V4.2-BUG-FIX (4.2.3)
61161: MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding
- Detect permission to delete for principal and also find and delete all the concomitant basic CMIS permissions. Add unit test.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@88915 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Pavel Yurke
@@ -2720,7 +2720,6 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
|
|||||||
}
|
}
|
||||||
|
|
||||||
Set<AccessPermission> currentAces = permissionService.getAllSetPermissions(nodeRef);
|
Set<AccessPermission> currentAces = permissionService.getAllSetPermissions(nodeRef);
|
||||||
Acl currentACL = getACL(nodeRef, false);
|
|
||||||
|
|
||||||
// remove all permissions
|
// remove all permissions
|
||||||
permissionService.deletePermissions(nodeRef);
|
permissionService.deletePermissions(nodeRef);
|
||||||
@@ -2734,9 +2733,7 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
|
|||||||
principalId = AuthenticationUtil.getFullyAuthenticatedUser();
|
principalId = AuthenticationUtil.getFullyAuthenticatedUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
List<String> acePermissions = ace.getPermissions();
|
List<String> permissions = translatePermissionsFromCMIS(ace.getPermissions());
|
||||||
normaliseAcePermissions(currentACL, ace, acePermissions);
|
|
||||||
List<String> permissions = translatePermissionsFromCMIS(acePermissions);
|
|
||||||
normalisePermissions(currentAces, permissions);
|
normalisePermissions(currentAces, permissions);
|
||||||
for (String permission : permissions)
|
for (String permission : permissions)
|
||||||
{
|
{
|
||||||
@@ -2745,38 +2742,6 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding
|
|
||||||
*
|
|
||||||
* Detect permission to delete for principal and
|
|
||||||
* also delete all the concomitant basic permissions
|
|
||||||
*/
|
|
||||||
private void normaliseAcePermissions(Acl currentACL, Ace newAce, List<String> acePermissions)
|
|
||||||
{
|
|
||||||
for (Ace oldAce : currentACL.getAces())
|
|
||||||
{
|
|
||||||
if (oldAce.getPrincipalId().equals(newAce.getPrincipalId()))
|
|
||||||
{
|
|
||||||
// detect what permissions were deleted for principal
|
|
||||||
Set<String> permissionsDeletedForPrincipal = new HashSet<String>(oldAce.getPermissions());
|
|
||||||
Set<String> newPermissions = new HashSet<String>(newAce.getPermissions());
|
|
||||||
permissionsDeletedForPrincipal.removeAll(newPermissions);
|
|
||||||
for (String permissionDeleted : permissionsDeletedForPrincipal)
|
|
||||||
{
|
|
||||||
// for deleted permission also delete all attendant basic permissions
|
|
||||||
List<String> onePermissionList = new ArrayList<String>();
|
|
||||||
onePermissionList.add(permissionDeleted);
|
|
||||||
|
|
||||||
List<String> cmisPermissions = translatePermmissionsToCMIS(onePermissionList, false);
|
|
||||||
for (String cmisPermission : cmisPermissions)
|
|
||||||
{
|
|
||||||
acePermissions.remove(cmisPermission);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ALF-11868: the cmis client library may incorrectly send READ or WRITE permissions to applyAcl.
|
* ALF-11868: the cmis client library may incorrectly send READ or WRITE permissions to applyAcl.
|
||||||
* This method works around this by "normalising" permissions:
|
* This method works around this by "normalising" permissions:
|
||||||
|
|||||||
@@ -75,9 +75,7 @@ import org.alfresco.service.cmr.repository.StoreRef;
|
|||||||
import org.alfresco.service.cmr.rule.Rule;
|
import org.alfresco.service.cmr.rule.Rule;
|
||||||
import org.alfresco.service.cmr.rule.RuleService;
|
import org.alfresco.service.cmr.rule.RuleService;
|
||||||
import org.alfresco.service.cmr.rule.RuleType;
|
import org.alfresco.service.cmr.rule.RuleType;
|
||||||
import org.alfresco.service.cmr.security.AccessPermission;
|
|
||||||
import org.alfresco.service.cmr.security.AuthorityService;
|
import org.alfresco.service.cmr.security.AuthorityService;
|
||||||
import org.alfresco.service.cmr.security.AuthorityType;
|
|
||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.service.cmr.tagging.TaggingService;
|
import org.alfresco.service.cmr.tagging.TaggingService;
|
||||||
import org.alfresco.service.cmr.version.VersionService;
|
import org.alfresco.service.cmr.version.VersionService;
|
||||||
@@ -86,9 +84,7 @@ import org.alfresco.service.namespace.QName;
|
|||||||
import org.alfresco.service.transaction.TransactionService;
|
import org.alfresco.service.transaction.TransactionService;
|
||||||
import org.alfresco.util.ApplicationContextHelper;
|
import org.alfresco.util.ApplicationContextHelper;
|
||||||
import org.alfresco.util.Pair;
|
import org.alfresco.util.Pair;
|
||||||
import org.apache.chemistry.opencmis.commons.BasicPermissions;
|
|
||||||
import org.apache.chemistry.opencmis.commons.PropertyIds;
|
import org.apache.chemistry.opencmis.commons.PropertyIds;
|
||||||
import org.apache.chemistry.opencmis.commons.data.Ace;
|
|
||||||
import org.apache.chemistry.opencmis.commons.data.AllowableActions;
|
import org.apache.chemistry.opencmis.commons.data.AllowableActions;
|
||||||
import org.apache.chemistry.opencmis.commons.data.CmisExtensionElement;
|
import org.apache.chemistry.opencmis.commons.data.CmisExtensionElement;
|
||||||
import org.apache.chemistry.opencmis.commons.data.ObjectData;
|
import org.apache.chemistry.opencmis.commons.data.ObjectData;
|
||||||
@@ -99,7 +95,6 @@ import org.apache.chemistry.opencmis.commons.data.Properties;
|
|||||||
import org.apache.chemistry.opencmis.commons.data.PropertyData;
|
import org.apache.chemistry.opencmis.commons.data.PropertyData;
|
||||||
import org.apache.chemistry.opencmis.commons.data.RepositoryInfo;
|
import org.apache.chemistry.opencmis.commons.data.RepositoryInfo;
|
||||||
import org.apache.chemistry.opencmis.commons.definitions.TypeDefinition;
|
import org.apache.chemistry.opencmis.commons.definitions.TypeDefinition;
|
||||||
import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
|
|
||||||
import org.apache.chemistry.opencmis.commons.enums.Action;
|
import org.apache.chemistry.opencmis.commons.enums.Action;
|
||||||
import org.apache.chemistry.opencmis.commons.enums.ChangeType;
|
import org.apache.chemistry.opencmis.commons.enums.ChangeType;
|
||||||
import org.apache.chemistry.opencmis.commons.enums.CmisVersion;
|
import org.apache.chemistry.opencmis.commons.enums.CmisVersion;
|
||||||
@@ -108,9 +103,6 @@ import org.apache.chemistry.opencmis.commons.enums.VersioningState;
|
|||||||
import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
|
import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
|
||||||
import org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException;
|
import org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException;
|
||||||
import org.apache.chemistry.opencmis.commons.exceptions.CmisUpdateConflictException;
|
import org.apache.chemistry.opencmis.commons.exceptions.CmisUpdateConflictException;
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlEntryImpl;
|
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlListImpl;
|
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlPrincipalDataImpl;
|
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.CmisExtensionElementImpl;
|
import org.apache.chemistry.opencmis.commons.impl.dataobjects.CmisExtensionElementImpl;
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.ContentStreamImpl;
|
import org.apache.chemistry.opencmis.commons.impl.dataobjects.ContentStreamImpl;
|
||||||
import org.apache.chemistry.opencmis.commons.impl.dataobjects.ExtensionDataImpl;
|
import org.apache.chemistry.opencmis.commons.impl.dataobjects.ExtensionDataImpl;
|
||||||
@@ -2155,126 +2147,6 @@ public class CMISTest
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* MNT-10165: Check that all concomitant basic CMIS permissions are deleted
|
|
||||||
* when permission is deleted vai CMIS 1.1 API. For Atom binding it applies
|
|
||||||
* new set of permissions instead of deleting the old ones.
|
|
||||||
*/
|
|
||||||
@Test
|
|
||||||
public void testRemoveACL() throws Exception
|
|
||||||
{
|
|
||||||
AuthenticationUtil.pushAuthentication();
|
|
||||||
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
|
|
||||||
final String groupName = "group" + GUID.generate();
|
|
||||||
final String testGroup = PermissionService.GROUP_PREFIX + groupName;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
// preconditions: create test document
|
|
||||||
if (!authorityService.authorityExists(testGroup))
|
|
||||||
{
|
|
||||||
authorityService.createAuthority(AuthorityType.GROUP, groupName);
|
|
||||||
}
|
|
||||||
|
|
||||||
final FileInfo document = transactionService.getRetryingTransactionHelper().doInTransaction(
|
|
||||||
new RetryingTransactionCallback<FileInfo>()
|
|
||||||
{
|
|
||||||
@Override
|
|
||||||
public FileInfo execute() throws Throwable
|
|
||||||
{
|
|
||||||
NodeRef companyHomeNodeRef = repositoryHelper.getCompanyHome();
|
|
||||||
|
|
||||||
String folderName = GUID.generate();
|
|
||||||
FileInfo folderInfo = fileFolderService.create(companyHomeNodeRef, folderName, ContentModel.TYPE_FOLDER);
|
|
||||||
nodeService.setProperty(folderInfo.getNodeRef(), ContentModel.PROP_NAME, folderName);
|
|
||||||
assertNotNull(folderInfo);
|
|
||||||
|
|
||||||
String docName = GUID.generate();
|
|
||||||
FileInfo document = fileFolderService.create(folderInfo.getNodeRef(), docName, ContentModel.TYPE_CONTENT);
|
|
||||||
assertNotNull(document);
|
|
||||||
nodeService.setProperty(document.getNodeRef(), ContentModel.PROP_NAME, docName);
|
|
||||||
|
|
||||||
return document;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(document.getNodeRef());
|
|
||||||
assertEquals(permissions.size(), 1);
|
|
||||||
AccessPermission current = permissions.iterator().next();
|
|
||||||
assertEquals(current.getAuthority(), "GROUP_EVERYONE");
|
|
||||||
assertEquals(current.getPermission(), "Consumer");
|
|
||||||
|
|
||||||
// add group1 with Coordinator permissions
|
|
||||||
permissionService.setPermission(document.getNodeRef(), testGroup, PermissionService.COORDINATOR, true);
|
|
||||||
permissions = permissionService.getAllSetPermissions(document.getNodeRef());
|
|
||||||
|
|
||||||
Map<String , String> docPermissions = new HashMap<String, String>();
|
|
||||||
for (AccessPermission permission : permissions)
|
|
||||||
{
|
|
||||||
docPermissions.put(permission.getAuthority(), permission.getPermission());
|
|
||||||
}
|
|
||||||
assertTrue(docPermissions.keySet().contains(testGroup));
|
|
||||||
assertEquals(docPermissions.get(testGroup), PermissionService.COORDINATOR);
|
|
||||||
|
|
||||||
// update permissions for group1 via CMIS 1.1 API
|
|
||||||
withCmisService(new CmisServiceCallback<Void>()
|
|
||||||
{
|
|
||||||
@Override
|
|
||||||
public Void execute(CmisService cmisService)
|
|
||||||
{
|
|
||||||
List<RepositoryInfo> repositories = cmisService.getRepositoryInfos(null);
|
|
||||||
assertNotNull(repositories);
|
|
||||||
assertTrue(repositories.size() > 0);
|
|
||||||
RepositoryInfo repo = repositories.iterator().next();
|
|
||||||
String repositoryId = repo.getId();
|
|
||||||
String docIdStr = document.getNodeRef().toString();
|
|
||||||
|
|
||||||
// when removing Coordinator ACE from workbench-0.10.0 it sends PUT request
|
|
||||||
// to apply basic cmis:write, cmis:read, cmis:all for principal
|
|
||||||
AccessControlListImpl acesToPut = new AccessControlListImpl();
|
|
||||||
List<Ace> acesList = new ArrayList<Ace>();
|
|
||||||
acesToPut.setAces(acesList);
|
|
||||||
AccessControlEntryImpl ace = new AccessControlEntryImpl();
|
|
||||||
ace.setPrincipal(new AccessControlPrincipalDataImpl(testGroup));
|
|
||||||
List<String> putPermissions = new ArrayList<String>();
|
|
||||||
putPermissions.add(BasicPermissions.ALL);
|
|
||||||
putPermissions.add(BasicPermissions.READ);
|
|
||||||
putPermissions.add(BasicPermissions.WRITE);
|
|
||||||
ace.setPermissions(putPermissions);
|
|
||||||
ace.setDirect(true);
|
|
||||||
acesList.add(ace);
|
|
||||||
cmisService.applyAcl(repositoryId, docIdStr, acesToPut, AclPropagation.REPOSITORYDETERMINED);
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}, CmisVersion.CMIS_1_1);
|
|
||||||
|
|
||||||
// check that permissions are the same as they were before Coordinator was added
|
|
||||||
permissions = permissionService.getAllSetPermissions(document.getNodeRef());
|
|
||||||
docPermissions = new HashMap<String, String>();
|
|
||||||
for (AccessPermission permission : permissions)
|
|
||||||
{
|
|
||||||
docPermissions.put(permission.getAuthority(), permission.getPermission());
|
|
||||||
}
|
|
||||||
assertFalse(docPermissions.keySet().contains(testGroup));
|
|
||||||
assertEquals(permissions.size(), 1);
|
|
||||||
current = permissions.iterator().next();
|
|
||||||
assertEquals(current.getAuthority(), "GROUP_EVERYONE");
|
|
||||||
assertEquals(current.getPermission(), "Consumer");
|
|
||||||
}
|
|
||||||
catch (CmisConstraintException e)
|
|
||||||
{
|
|
||||||
fail(e.toString());
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
if (authorityService.authorityExists(testGroup))
|
|
||||||
{
|
|
||||||
authorityService.deleteAuthority(testGroup);
|
|
||||||
}
|
|
||||||
AuthenticationUtil.popAuthentication();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void dictionaryTest()
|
public void dictionaryTest()
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user