inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-672: Permissions should be maintained when moving a record

Browse Source 
* add move behaviour to file plan permission service .. inherited permissions are adjusted, any set directly on the record are kept
  * added missing unit test for file plan permission service
    * test add/remove
    * test record move



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49535 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-04-24 07:44:51 +00:00
parent d0379ca43f
commit 78ce3c75ec
4 changed files with 635 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -491,6 +491,7 @@
<property name="policyComponent" ref="policyComponent"/> <property name="policyComponent" ref="policyComponent"/>
<property name="recordsManagementService" ref="RecordsManagementService"/> <property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="filePlanService" ref="FilePlanService" /> <property name="filePlanService" ref="FilePlanService" />
<property name="recordService" ref="RecordService" />
</bean> </bean>
<bean id="FilePlanPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean"> <bean id="FilePlanPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">

113
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -18,6 +18,7 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.security; package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@@ -26,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
@@ -67,6 +69,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
/** File plan service */ /** File plan service */
private FilePlanService filePlanService; private FilePlanService filePlanService;
/** Record service */
private RecordService recordService;
/** Logger */ /** Logger */
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
@@ -87,6 +92,10 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeServicePolicies.OnAddAspectPolicy.QNAME, NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
} }
/** /**
@@ -129,6 +138,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
this.filePlanService = filePlanService; this.filePlanService = filePlanService;
} }
/**
* @param recordService record service
*/
public void setRecordService(RecordService recordService)
{
this.recordService = recordService;
}
/** /**
* @param childAssocRef * @param childAssocRef
*/ */
@@ -239,34 +256,97 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true) if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true)
{ {
NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef(); NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
initialiseRecordPermissions(record, recordFolder);
}
setUpPermissions(record); return null;
}
}, AuthenticationUtil.getSystemUserName());
}
Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder); /**
for (AccessPermission perm : perms) * Initialise the record permissions for the given record folder.
*
* @param record record
* @param recordFolder record folder
*/
private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder)
{
setUpPermissions(record);
Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
/**
* onMoveRecord behaviour
*
* @param sourceAssocRef source association reference
* @param destinationAssocRef destination association reference
*/
public void onMoveRecord(final ChildAssociationRef sourceAssocRef, final ChildAssociationRef destinationAssocRef)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
NodeRef record = sourceAssocRef.getChildRef();
if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true)
{
Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
// record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent)
Set<AccessPermission> origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef());
Set<AccessPermission> origionalRecordPerms= permissionService.getAllSetPermissions(record);
for (AccessPermission perm : origionalRecordPerms)
{ {
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{ {
AccessStatus accessStatus = perm.getAccessStatus(); if ((perm.getPermission().equals(RMPermissionModel.FILING) == true ||
boolean allow = false; perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) &&
if (AccessStatus.ALLOWED.equals(accessStatus) == true) origionalParentPerms.contains(perm) == false)
{ {
allow = true; // then we can assume this is a permission we want to preserve
keepPerms.add(perm);
} }
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
} }
} }
// clear all existing permissions and start again
permissionService.deletePermissions(record);
// re-setup the records permissions
initialiseRecordPermissions(record, destinationAssocRef.getParentRef());
// re-add keep'er permissions
for (AccessPermission keeper : keepPerms)
{
setPermission(record, keeper.getAuthority(), keeper.getPermission());
}
} }
return null; return null;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/** /**
@@ -313,7 +393,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
} }
else if (recordsManagementService.isRecordsManagementContainer(nodeRef) == true || else if (recordsManagementService.isRecordsManagementContainer(nodeRef) == true ||
recordsManagementService.isRecordFolder(nodeRef) == true || recordsManagementService.isRecordFolder(nodeRef) == true ||
recordsManagementService.isRecord(nodeRef) == true) recordService.isRecord(nodeRef) == true)
{ {
setReadPermissionUp(nodeRef, authority); setReadPermissionUp(nodeRef, authority);
setPermissionDown(nodeRef, authority, permission); setPermissionDown(nodeRef, authority, permission);
@@ -367,7 +447,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef(); NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true || if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true || recordsManagementService.isRecordFolder(child) == true ||
recordsManagementService.isRecord(child) == true) recordService.isRecord(child) == true)
{ {
setPermissionDown(child, authority, permission); setPermissionDown(child, authority, permission);
} }
@@ -414,7 +494,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef(); NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true || if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true || recordsManagementService.isRecordFolder(child) == true ||
recordsManagementService.isRecord(child) == true) recordService.isRecord(child) == true)
{ {
deletePermission(child, authority, permission); deletePermission(child, authority, permission);
} }
@@ -425,5 +505,4 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
} }

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
View File

@@ -23,6 +23,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.service.DataSetServiceImp
import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest; import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedActionServiceTest; import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedActionServiceTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedSecurityServiceImplTest; import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedSecurityServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanPermissionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanRoleServiceImplTest; import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanRoleServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanServiceImplTest; import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FreezeServiceImplTest; import org.alfresco.module.org_alfresco_module_rm.test.service.FreezeServiceImplTest;
@@ -62,7 +63,8 @@ import org.junit.runners.Suite.SuiteClasses;
RecordServiceImplTest.class, RecordServiceImplTest.class,
CapabilityServiceImplTest.class, CapabilityServiceImplTest.class,
FilePlanRoleServiceImplTest.class, FilePlanRoleServiceImplTest.class,
FilePlanServiceImplTest.class FilePlanServiceImplTest.class,
FilePlanPermissionServiceImplTest.class
}) })
public class ServicesTestSuite public class ServicesTestSuite
{ {

524
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java Normal file
View File

@@ -0,0 +1,524 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.springframework.extensions.webscripts.GUID;
/**
* File plan permission service unit test
*
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest()
*/
@Override
protected boolean isRecordTest()
{
return true;
}
/**
* Helper to create test user
*/
private String createTestUser()
{
return doTestInTransaction(new Test<String>()
{
@Override
public String run()
{
String userName = GUID.generate();
createPerson(userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, userName);
return userName;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Helper to set permission
*/
private void setPermission(final NodeRef nodeRef, final String userName, final String permission)
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.setPermission(nodeRef, userName, permission);
return null;
}
});
}
/**
* Helper to delete permission
*/
private void deletePermission(final NodeRef nodeRef, final String userName, final String permission)
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.deletePermission(nodeRef, userName, permission);
return null;
}
});
}
/**
* test set/delete permissions on file plan
*/
public void testSetDeletePermissionFilePlan() throws Exception
{
String userName = createTestUser();
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
setPermission(filePlan, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.ALLOWED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.ALLOWED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
deletePermission(filePlan, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
//what happens if we try and remove READ for a normal user on the file plan ???
deletePermission(filePlan, userName, RMPermissionModel.READ_RECORDS);
// nothing .. user still has read on file plan .. only removing the user from all roles will remove read on file plan
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
}
/**
* Test set/delete permission on record categorty
*/
public void testSetDeletePermissionRecordCategory() throws Exception
{
String userName = createTestUser();
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
setPermission(rmContainer, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.ALLOWED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
deletePermission(rmContainer, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
}
/**
* Test set/delete permission on record folder
*/
public void testSetDeletePermissionRecordFolder() throws Exception
{
String userName = createTestUser();
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
setPermission(rmFolder, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
deletePermission(rmFolder, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
}
/**
* Test set/delete permission on record
*/
public void testSetDeletePermissionRecord() throws Exception
{
String userName = createTestUser();
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
setPermission(recordOne, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
deletePermission(recordOne, userName, RMPermissionModel.FILING);
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
}
public void testMoveRecord() throws Exception
{
String userOne = createTestUser();
String userTwo = createTestUser();
String userThree = createTestUser();
final NodeRef otherFolder = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
return rmService.createRecordFolder(rmContainer, "otherFolder");
}
});
assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userThree);
setPermission(rmFolder, userOne, RMPermissionModel.FILING);
setPermission(otherFolder, userTwo, RMPermissionModel.FILING);
setPermission(recordOne, userThree, RMPermissionModel.FILING);
assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userThree);
// move the record!
doTestInTransaction(new Test<Void>()
{
@Override
public Void run() throws Exception
{
fileFolderService.move(recordOne, otherFolder, "movedRecord.txt");
return null;
}
});
assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
}, userThree);
}
/**
* Helper to assert permissions for passed user
*/
private void assertPermissions(final String userName, final AccessStatus ... accessStatus)
{
assertEquals(8, accessStatus.length);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals("Everyone who has a role has read permissions on the file plan",
accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING));
assertEquals(accessStatus[2], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[3], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[4], permissionService.hasPermission(rmFolder, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[5], permissionService.hasPermission(rmFolder, RMPermissionModel.FILING));
assertEquals(accessStatus[6], permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[7], permissionService.hasPermission(recordOne, RMPermissionModel.FILING));
return null;
}
}, userName);
}
}