diff --git a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java index e0a529ad04..cfdb0378ef 100644 --- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java +++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java @@ -26,18 +26,24 @@ package org.alfresco.rest.rules; import static java.util.stream.Collectors.toList; - import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED; +import static org.alfresco.rest.actions.access.AccessRestrictionUtil.MAIL_ACTION; +import static org.alfresco.rest.rules.RulesTestsUtils.CHECKIN_ACTION; +import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION; import static org.alfresco.rest.rules.RulesTestsUtils.ID; import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED; import static org.alfresco.rest.rules.RulesTestsUtils.IS_SHARED; import static org.alfresco.rest.rules.RulesTestsUtils.RULE_NAME_DEFAULT; +import static org.alfresco.rest.rules.RulesTestsUtils.RULE_SCRIPT_PARAM_ID; +import static org.alfresco.rest.rules.RulesTestsUtils.SCRIPT_ACTION; +import static org.alfresco.rest.rules.RulesTestsUtils.TEMPLATE_PARAM; import static org.alfresco.utility.constants.UserRole.SiteCollaborator; import static org.alfresco.utility.constants.UserRole.SiteConsumer; import static org.alfresco.utility.constants.UserRole.SiteContributor; import static org.alfresco.utility.constants.UserRole.SiteManager; import static org.alfresco.utility.model.FileModel.getRandomFileModel; import static org.alfresco.utility.model.FileType.TEXT_PLAIN; +import static org.alfresco.utility.model.UserModel.getRandomUserModel; import static org.alfresco.utility.report.log.Step.STEP; import static org.junit.Assert.assertEquals; import static org.springframework.http.HttpStatus.BAD_REQUEST; @@ -45,21 +51,27 @@ import static org.springframework.http.HttpStatus.CREATED; import static org.springframework.http.HttpStatus.FORBIDDEN; import static org.springframework.http.HttpStatus.NOT_FOUND; +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.IntStream; import org.alfresco.rest.RestTest; import org.alfresco.rest.model.RestActionBodyExecTemplateModel; +import org.alfresco.rest.model.RestActionConstraintModel; import org.alfresco.rest.model.RestCompositeConditionDefinitionModel; import org.alfresco.rest.model.RestRuleModel; import org.alfresco.rest.model.RestRuleModelsCollection; import org.alfresco.utility.constants.UserRole; +import org.alfresco.utility.model.ContentModel; import org.alfresco.utility.model.FileModel; import org.alfresco.utility.model.FolderModel; import org.alfresco.utility.model.SiteModel; import org.alfresco.utility.model.TestGroup; import org.alfresco.utility.model.UserModel; +import org.apache.chemistry.opencmis.client.api.CmisObject; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; @@ -368,10 +380,10 @@ public class CreateRulesTests extends RestTest final UserModel admin = dataUser.getAdminUser(); final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() - .createSingleRule(rulesUtils.createVariousActions()); + .createSingleRule(rulesUtils.createRuleWithVariousActions()); RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues(); - expectedRuleModel.setActions(rulesUtils.createVariousActions().getActions()); + expectedRuleModel.setActions(rulesUtils.createRuleWithVariousActions().getActions()); expectedRuleModel.setTriggers(List.of("inbound")); restClient.assertStatusCodeIs(CREATED); @@ -379,8 +391,38 @@ public class CreateRulesTests extends RestTest .assertThat().field(IS_SHARED).isNull(); } + /** + * Check get an error when creating a rule with action with empty parameter value. + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleWithEmptyActionParameterValueShouldFail() + { + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, Map.of("description", "")); + ruleModel.setActions(List.of(checkinAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST).assertLastError().containsSummary("Action parameter should not have empty or null value"); + } + + /** + * Check can create a rule with action without any parameters when action definition states all of them are optional. + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleWithoutParameterWhenTheyAreOptional() + { + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, null); + ruleModel.setActions(List.of(checkinAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(CREATED); + } + /** Check that a normal user cannot create rules that use private actions. */ - @Test + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) public void createRuleWithActions_userCannotUsePrivateAction() { restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -391,7 +433,7 @@ public class CreateRulesTests extends RestTest } /** Check that an administrator can create rules that use private actions. */ - @Test + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) public void createRuleWithActions_adminCanUsePrivateAction() { restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -400,6 +442,33 @@ public class CreateRulesTests extends RestTest restClient.assertStatusCodeIs(CREATED); } + /** + * Check that an administrator can create rules with email (private) action with reference to an email template. + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleWithActions_adminCanUseMailActionWithTemplate() + { + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel(); + mailAction.setActionDefinitionId(MAIL_ACTION); + final Map params = new HashMap<>(); + final UserModel sender = getRandomUserModel(); + final UserModel recipient = getRandomUserModel(); + params.put("from", sender.getEmailAddress()); + params.put("to", recipient.getEmailAddress()); + params.put("subject", "Test"); + final RestActionConstraintModel constraint = rulesUtils.getConstraintsForActionParam(user, MAIL_ACTION, TEMPLATE_PARAM); + String templateScriptRef = constraint.getConstraintValues().stream().findFirst().get().getValue(); + params.put(TEMPLATE_PARAM, templateScriptRef); + mailAction.setParams(params); + ruleModel.setActions(List.of(mailAction)); + + restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(CREATED); + } + /** * Check we get error when attempt to create a rule without any actions. */ @@ -423,17 +492,32 @@ public class CreateRulesTests extends RestTest public void createRuleWithInvalidActionsShouldFail() { final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); final String actionDefinitionId = "invalid-definition-value"; - invalidAction.setActionDefinitionId(actionDefinitionId); - invalidAction.setParams(Map.of("dummy-key", "dummy-value")); + final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of("dummy-key", "dummy-value")); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() .createSingleRule(ruleModel); restClient.assertStatusCodeIs(BAD_REQUEST); - restClient.assertLastError().containsSummary(String.format("Invalid action definition requested %s", actionDefinitionId)); + restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId)); + } + + /** + * Check we get error when attempt to create a rule with an action tha is not applicable to rules. + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleWithNotApplicableActionShouldFail() + { + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel invalidAction = + rulesUtils.createCustomActionModel(RulesTestsUtils.DELETE_RENDITION_ACTION, Map.of("dummy-key", "dummy-value")); + ruleModel.setActions(List.of(invalidAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST); + restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", RulesTestsUtils.DELETE_RENDITION_ACTION)); } /** @@ -443,9 +527,8 @@ public class CreateRulesTests extends RestTest public void createRuleWithMissingActionParametersShouldFail() { final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); - final String actionDefinitionId = "copy"; - invalidAction.setActionDefinitionId(actionDefinitionId); + final RestActionBodyExecTemplateModel invalidAction = + rulesUtils.createCustomActionModel(RulesTestsUtils.COPY_ACTION, Collections.emptyMap()); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -454,7 +537,7 @@ public class CreateRulesTests extends RestTest restClient.assertStatusCodeIs(BAD_REQUEST); restClient.assertLastError().containsSummary( String.format("Action parameters should not be null or empty for this action. See Action Definition for action of: %s", - actionDefinitionId)); + COPY_ACTION)); } /** @@ -464,8 +547,8 @@ public class CreateRulesTests extends RestTest public void createRuleWithActionParameterNotFulfillingConstraint() { final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - final String actionDefinitionId = "script"; - final String scriptRef = "script-ref"; + final String actionDefinitionId = SCRIPT_ACTION; + final String scriptRef = RULE_SCRIPT_PARAM_ID; final String scriptNodeId = "dummy-script-node-id"; final RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of(scriptRef, scriptNodeId)); ruleModel.setActions(List.of(scriptAction)); @@ -484,14 +567,12 @@ public class CreateRulesTests extends RestTest * Check we get error when attempt to create a rule with action parameter that should not be passed. */ @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) - public void createRuleWithoutInvalidActionParameterShouldFail() + public void createRuleWithInvalidActionParameterShouldFail() { final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); - final String actionDefinitionId = "add-features"; - invalidAction.setActionDefinitionId(actionDefinitionId); final String invalidParameterKey = "invalidParameterKey"; - invalidAction.setParams(Map.of(invalidParameterKey,"dummyValue")); + final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel( + RulesTestsUtils.ADD_FEATURES_ACTION, Map.of(invalidParameterKey, "dummyValue")); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -499,7 +580,7 @@ public class CreateRulesTests extends RestTest restClient.assertStatusCodeIs(BAD_REQUEST); restClient.assertLastError().containsSummary( - String.format("Action of definition id: %s must not contain parameter of name: %s", actionDefinitionId, invalidParameterKey)); + String.format("Action of definition id: %s must not contain parameter of name: %s", RulesTestsUtils.ADD_FEATURES_ACTION, invalidParameterKey)); } /** @@ -509,10 +590,7 @@ public class CreateRulesTests extends RestTest public void createRuleWithoutMandatoryActionParametersShouldFail() { final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); - final String actionDefinitionId = "copy"; - invalidAction.setActionDefinitionId(actionDefinitionId); - invalidAction.setParams(Map.of("deep-copy",false)); + final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(COPY_ACTION, Map.of("deep-copy",false)); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -529,10 +607,8 @@ public class CreateRulesTests extends RestTest public void createRuleThatUsesNonExistentNode() { RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); - String actionDefinitionId = "copy"; - invalidAction.setActionDefinitionId(actionDefinitionId); - invalidAction.setParams(Map.of("destination-folder", "non-existent-node")); + RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel( + COPY_ACTION, Map.of("destination-folder", "non-existent-node")); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -552,10 +628,8 @@ public class CreateRulesTests extends RestTest FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder(); RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); - RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel(); - String actionDefinitionId = "copy"; - invalidAction.setActionDefinitionId(actionDefinitionId); - invalidAction.setParams(Map.of("destination-folder", privateFolder.getNodeRef())); + RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel( + COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef())); ruleModel.setActions(List.of(invalidAction)); restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() @@ -565,6 +639,144 @@ public class CreateRulesTests extends RestTest restClient.assertLastError().containsSummary("The entity with id: " + privateFolder.getNodeRef() + " was not found"); } + /** + * Check we get error when attempting to create a rule that copies files to a folder that a user only has read permission for. + */ + @Test (groups = { TestGroup.REST_API, TestGroup.RULES }) + public void createRuleThatWritesToNodeWithoutPermission() + { + SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite(); + FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder(); + dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer); + + RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel( + COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef())); + + ruleModel.setActions(List.of(invalidAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(FORBIDDEN); + restClient.assertLastError().containsSummary("No proper permissions for node: " + privateFolder.getNodeRef()); + } + + /** + * Check we get error when attempting to create a rule that moves files to a node which is not a folder + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleThatMovesToNodeWhichIsNotAFolderShouldFail() + { + final FileModel fileModel = dataContent.usingUser(user).usingSite(site).createContent(getRandomFileModel(TEXT_PLAIN)); + + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel( + RulesTestsUtils.MOVE_ACTION, Map.of("destination-folder", fileModel.getNodeRef())); + ruleModel.setActions(List.of(invalidAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST); + restClient.assertLastError().containsSummary("Node is not a folder " + fileModel.getNodeRef()); + } + + + /** + * Check we get error when attempting to create a rule with mail action defined with non-existing mail template. + */ + @Test(groups = {TestGroup.REST_API, TestGroup.RULES}) + public void createRuleWithMailActionReferringToNonExistingTemplate() + { + final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel(); + mailAction.setActionDefinitionId(MAIL_ACTION); + final Map params = new HashMap<>(); + final UserModel sender = getRandomUserModel(); + final UserModel recipient = getRandomUserModel(); + params.put("from", sender.getEmailAddress()); + params.put("to", recipient.getEmailAddress()); + params.put("subject", "Test"); + final String mailTemplate = "non-existing-node-id"; + params.put(TEMPLATE_PARAM, mailTemplate); + mailAction.setParams(params); + ruleModel.setActions(List.of(mailAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST); + restClient.assertLastError().containsSummary("Action parameter: template has invalid value (" + mailTemplate + + "). Look up possible values for constraint name ac-email-templates"); + } + + /** + * Check the admin user can create a rule with a script. + */ + @Test (groups = { TestGroup.REST_API, TestGroup.RULES }) + public void checkAdminCanUseScriptInRule() + { + RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel( + SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, rulesUtils.getReviewAndApproveWorkflowNode())); + ruleModel.setActions(List.of(scriptAction)); + + restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(CREATED); + } + + /** + * Check the script has to be stored in the scripts directory in the data dictionary. + */ + @Test (groups = { TestGroup.REST_API, TestGroup.RULES }) + public void checkCantUseNodeOutsideScriptsDirectory() + { + STEP("Copy script to location outside data dictionary."); + FolderModel folderOutsideDataDictionary = dataContent.usingUser(user).usingSite(site).createFolder(); + String sourceNodeId = rulesUtils.getReviewAndApproveWorkflowNode(); + ContentModel sourceNode = new ContentModel("/Data Dictionary/Scripts/start-pooled-review-workflow.js"); + sourceNode.setNodeRef("/workspace://SpacesStore/" + sourceNodeId); + CmisObject scriptOutsideDataDictionary = dataContent.getContentActions().copyTo(dataUser.getAdminUser().getUsername(), + dataUser.getAdminUser().getPassword(), + sourceNode.getCmisLocation(), + folderOutsideDataDictionary.getCmisLocation()); + String scriptId = scriptOutsideDataDictionary.getId().substring(0, scriptOutsideDataDictionary.getId().indexOf(";")); + + STEP("Try to use this script in rule."); + RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel( + SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, scriptId)); + ruleModel.setActions(List.of(scriptAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST) + .assertLastError().containsSummary("script-ref has invalid value"); + } + + /** + * Check a real category needs to be supplied when linking to a category. + */ + @Test (groups = { TestGroup.REST_API, TestGroup.RULES }) + public void checkLinkToCategoryNeedsRealCategory() + { + STEP("Attempt to link to a category with a folder node, rather than a category node."); + String nonCategoryNodeRef = ruleFolder.getNodeRef(); + RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues(); + RestActionBodyExecTemplateModel categoryAction = rulesUtils.createCustomActionModel( + RulesTestsUtils.LINK_CATEGORY_ACTION, Map.of("category-value", nonCategoryNodeRef)); + ruleModel.setActions(List.of(categoryAction)); + + restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + .createSingleRule(ruleModel); + + restClient.assertStatusCodeIs(BAD_REQUEST); + } + /** * Check we can create a rule with multiple conditions */ diff --git a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java index 640a0f6dff..aed3d9f0b0 100644 --- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java +++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java @@ -26,6 +26,7 @@ package org.alfresco.rest.rules; import static org.alfresco.rest.requests.RuleSettings.IS_INHERITANCE_ENABLED; +import static org.alfresco.rest.rules.RulesTestsUtils.MOVE_ACTION; import static org.alfresco.utility.report.log.Step.STEP; import static org.junit.Assert.assertTrue; import static org.springframework.http.HttpStatus.FORBIDDEN; @@ -341,7 +342,7 @@ public class GetRuleSetsTests extends RestTest dataContent.usingAdmin().usingResource(privateFolder).setInheritPermissions(false); // Create the grandchild with user and use admin to move it under the private folder. FolderModel publicGrandchild = dataContent.usingUser(user).usingSite(siteModel).createFolder(); - coreAPIForAdmin().usingActions().executeAction("move", publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef())); + coreAPIForAdmin().usingActions().executeAction(MOVE_ACTION, publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef())); // Create the non-inheriting folder. FolderModel nonInheritingFolder = dataContent.usingUser(user).usingResource(folder).createFolder(); RestRuleSettingsModel nonInheriting = new RestRuleSettingsModel(); diff --git a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java index de30b7eea6..f33a3e8703 100644 --- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java +++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java @@ -314,9 +314,11 @@ public class GetRulesTests extends RestTest public void getRuleActions() { STEP("Create a rule with a few actions"); - FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder(); - final RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet() - .createSingleRule(rulesUtils.createVariousActions()); + final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder(); + final RestRuleModel ruleWithVariousActions = rulesUtils.createRuleWithVariousActions(); + final UserModel admin = dataUser.getAdminUser(); + final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(folder).usingDefaultRuleSet() + .createSingleRule(ruleWithVariousActions); STEP("Retrieve the created rule via the GET endpoint"); final RestRuleModel getRuleBody = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId()); diff --git a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java index 443addb1bd..d0372f9a18 100644 --- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java +++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java @@ -63,8 +63,6 @@ public class RulesTestsUtils static final boolean RULE_CASCADE_DEFAULT = true; static final boolean RULE_ASYNC_DEFAULT = true; static final boolean RULE_SHARED_DEFAULT = false; - static final String RULE_SCRIPT_ID = "script"; - static final String RULE_SCRIPT_PARAM_ID = "script-ref"; static final String RULE_ERROR_SCRIPT_LABEL = "Start Pooled Review and Approve Workflow"; static final String INBOUND = "inbound"; static final String UPDATE = "update"; @@ -76,6 +74,15 @@ public class RulesTestsUtils static final String IS_SHARED = "isShared"; static final String AUDIO_ASPECT = "audio:audio"; static final String LOCKABLE_ASPECT = "cm:lockable"; + static final String TEMPLATE_PARAM = "template"; + static final String RULE_SCRIPT_PARAM_ID = "script-ref"; + static final String CHECKIN_ACTION = "check-in"; + static final String LINK_CATEGORY_ACTION = "link-category"; + static final String DELETE_RENDITION_ACTION = "delete-rendition"; + static final String COPY_ACTION = "copy"; + static final String ADD_FEATURES_ACTION = "add-features"; + static final String MOVE_ACTION = "move"; + static final String SCRIPT_ACTION = "script"; @Autowired private RestWrapper restClient; @@ -95,6 +102,42 @@ public class RulesTestsUtils /** Destination folder for check out action used by these helper methods. This is populated by the getter and should not be accessed directly. */ private FolderModel checkOutDestinationFolder; + /** + * Get the constraint value for a given action parameter label. + * + * @param user The user to use to obtain the information. + * @param actionId The id of the action definition. + * @param paramId The id of the parameter for the action. + * @param constraintLabel The label of the desired value of the parameter. + * @return The value to use for the parameter. + */ + public String findConstraintValue(UserModel user, String actionId, String paramId, String constraintLabel) + { + RestActionConstraintModel constraintDef = getConstraintsForActionParam(user, actionId, paramId); + RestActionConstraintDataModel constraintDataModel = constraintDef.getConstraintValues().stream().filter(constraintValue -> constraintValue.getLabel().equals(constraintLabel)).findFirst().get(); + return constraintDataModel.getValue(); + } + + /** + * Get all constraint values for a given action parameter. + * + * @param user The user to use to obtain the information. + * @param actionId The id of the action definition. + * @param paramId The id of the parameter for the action. + * @return The value to use for the parameter. + */ + public RestActionConstraintModel getConstraintsForActionParam(UserModel user, String actionId, String paramId) + { + RestActionDefinitionModel actionDef = restClient.authenticateUser(user).withCoreAPI().usingActions().getActionDefinitionById(actionId); + RestParameterDefinitionModel paramDef = actionDef.getParameterDefinitions().stream().filter(param -> param.getName().equals(paramId)).findFirst().get(); + if (paramDef.getParameterConstraintName() == null) + { + throw new IllegalArgumentException("Supplied parameter " + paramId + " for action " + actionId + " does not have a defined constraint."); + } + String constraintName = paramDef.getParameterConstraintName(); + return restClient.authenticateUser(user).withCoreAPI().usingActions().getActionConstraintByName(constraintName); + } + /** * Get the review and approve workflow node (throwing an exception if this utility class has not been initialised). * @@ -105,13 +148,7 @@ public class RulesTestsUtils if (reviewAndApproveWorkflowNode == null) { UserModel admin = dataUser.getAdminUser(); - // Obtain the node ref for the review and approve workflow. - RestActionDefinitionModel actionDef = restClient.authenticateUser(admin).withCoreAPI().usingActions().getActionDefinitionById(RULE_SCRIPT_ID); - RestParameterDefinitionModel paramDef = actionDef.getParameterDefinitions().stream().filter(param -> param.getName().equals(RULE_SCRIPT_PARAM_ID)).findFirst().get(); - String constraintName = paramDef.getParameterConstraintName(); - RestActionConstraintModel constraintDef = restClient.authenticateUser(admin).withCoreAPI().usingActions().getActionConstraintByName(constraintName); - RestActionConstraintDataModel reviewAndApprove = constraintDef.getConstraintValues().stream().filter(constraintValue -> constraintValue.getLabel().equals(RULE_ERROR_SCRIPT_LABEL)).findFirst().get(); - reviewAndApproveWorkflowNode = reviewAndApprove.getValue(); + reviewAndApproveWorkflowNode = findConstraintValue(admin, SCRIPT_ACTION, RULE_SCRIPT_PARAM_ID, RULE_ERROR_SCRIPT_LABEL); } return reviewAndApproveWorkflowNode; } @@ -209,7 +246,7 @@ public class RulesTestsUtils public RestActionBodyExecTemplateModel createAddAspectAction(String aspect) { - return createCustomActionModel("add-features", Map.of("aspect-name", aspect)); + return createCustomActionModel(ADD_FEATURES_ACTION, Map.of("aspect-name", aspect)); } public RestActionBodyExecTemplateModel createCustomActionModel(String actionDefinitionId, Map params) @@ -247,11 +284,11 @@ public class RulesTestsUtils )); } - public RestRuleModel createVariousActions() + public RestRuleModel createRuleWithVariousActions() { final Map copyParams = Map.of("destination-folder", getCopyDestinationFolder().getNodeRef(), "deep-copy", true); - final RestActionBodyExecTemplateModel copyAction = createCustomActionModel("copy", copyParams); + final RestActionBodyExecTemplateModel copyAction = createCustomActionModel(COPY_ACTION, copyParams); final Map checkOutParams = Map.of("destination-folder", getCheckOutDestinationFolder().getNodeRef(), "assoc-name", "cm:checkout", "assoc-type", "cm:contains"); diff --git a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java index 942aa2657f..17d55ed555 100644 --- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java +++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java @@ -26,6 +26,8 @@ package org.alfresco.rest.rules; import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED; +import static org.alfresco.rest.rules.RulesTestsUtils.ADD_FEATURES_ACTION; +import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION; import static org.alfresco.rest.rules.RulesTestsUtils.ID; import static org.alfresco.rest.rules.RulesTestsUtils.INBOUND; import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED; @@ -247,7 +249,7 @@ public class UpdateRulesTests extends RestTest .updateRule(rule.getId(), rule); restClient.assertStatusCodeIs(BAD_REQUEST); - restClient.assertLastError().containsSummary(String.format("Invalid action definition requested %s", actionDefinitionId)); + restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId)); } /** Check we can use the POST response to create the new rule. */ @@ -257,7 +259,7 @@ public class UpdateRulesTests extends RestTest FolderModel destination = dataContent.usingUser(user).usingSite(site).createFolder(); RestActionBodyExecTemplateModel copyAction = new RestActionBodyExecTemplateModel(); - copyAction.setActionDefinitionId("copy"); + copyAction.setActionDefinitionId(COPY_ACTION); copyAction.setParams(ImmutableMap.of("destination-folder", destination.getNodeRef())); RestRuleModel rule = createAndSaveRule("Rule name", List.of(copyAction)); @@ -269,7 +271,7 @@ public class UpdateRulesTests extends RestTest restClient.assertStatusCodeIs(OK); updatedRule.assertThat().field("name").is("Updated rule name") - .assertThat().field("actions.actionDefinitionId").is(List.of("copy")) + .assertThat().field("actions.actionDefinitionId").is(List.of(COPY_ACTION)) .assertThat().field("actions.params").is(List.of(ImmutableMap.of("destination-folder", destination.getNodeRef()))); } @@ -459,12 +461,10 @@ public class UpdateRulesTests extends RestTest final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues()); STEP("Try to update the rule by adding several actions"); - final Map copyParams = - Map.of("destination-folder", rulesUtils.getCopyDestinationFolder().getNodeRef(), "deep-copy", true); - final RestActionBodyExecTemplateModel copyAction = rulesUtils.createCustomActionModel("copy", copyParams); + final RestActionBodyExecTemplateModel counterAction = rulesUtils.createCustomActionModel("counter", null); final Map addAspectParams = Map.of("aspect-name", "cm:taggable"); - final RestActionBodyExecTemplateModel addAspectAction = rulesUtils.createCustomActionModel("add-features", addAspectParams); - rule.setActions(Arrays.asList(copyAction, addAspectAction)); + final RestActionBodyExecTemplateModel addAspectAction = rulesUtils.createCustomActionModel(ADD_FEATURES_ACTION, addAspectParams); + rule.setActions(Arrays.asList(counterAction, addAspectAction)); final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() .updateRule(rule.getId(), rule); @@ -489,7 +489,8 @@ public class UpdateRulesTests extends RestTest final RestActionBodyExecTemplateModel checkOutAction = rulesUtils.createCustomActionModel("check-out", checkOutParams); rule.setActions(List.of(checkOutAction)); - restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() + final UserModel admin = dataUser.getAdminUser(); + restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet() .updateRule(rule.getId(), rule); restClient.assertStatusCodeIs(BAD_REQUEST); @@ -507,7 +508,7 @@ public class UpdateRulesTests extends RestTest STEP("Try to update the rule by adding action with invalid parameter (non-existing namespace in value)"); final RestActionBodyExecTemplateModel action = new RestActionBodyExecTemplateModel(); - action.setActionDefinitionId("add-features"); + action.setActionDefinitionId(ADD_FEATURES_ACTION); final String aspectNameParam = "aspect-name"; final String paramValue = "dummy:dummy"; action.setParams(Map.of(aspectNameParam, paramValue)); diff --git a/remote-api/src/main/java/org/alfresco/rest/api/Actions.java b/remote-api/src/main/java/org/alfresco/rest/api/Actions.java index d829a7d4dd..0ba356e526 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/Actions.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/Actions.java @@ -27,6 +27,8 @@ package org.alfresco.rest.api; +import java.util.List; + import org.alfresco.rest.api.model.Action; import org.alfresco.rest.api.model.ActionDefinition; import org.alfresco.rest.api.model.ActionParameterConstraint; @@ -53,4 +55,6 @@ public interface Actions @Experimental ActionParameterConstraint getActionConstraint(String constraintName); + @Experimental + ActionDefinition getRuleActionDefinitionById(String actionDefinitionId); } diff --git a/remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java b/remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java index d88b35552f..2b1af819a0 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java @@ -26,13 +26,35 @@ package org.alfresco.rest.api.actions; +import java.util.List; + import org.alfresco.rest.api.model.rules.Action; import org.alfresco.service.Experimental; @Experimental public interface ActionValidator { + + String ALL_ACTIONS = "all"; + + /** + * Provides validation logic for given action. + */ void validate(Action action); - boolean isEnabled(); + /** + * Returns priority of validator (applied to bulk validation in @see {@link org.alfresco.rest.api.impl.mapper.rules.RestRuleActionModelMapper}) + * The lower number, the higher priority is set for the validator. + * @return priority expressed as int + */ + int getPriority(); + + /** + * By default validator is applied to all actions + * + * @return indicator for all defined action definition ids + */ + default List getActionDefinitionIds() { + return List.of(ALL_ACTIONS); + } } diff --git a/remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java b/remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java index da958f9a3c..432a9ffa2c 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java @@ -145,21 +145,7 @@ public class ActionsImpl implements Actions private ActionDefinition getActionDefinition( org.alfresco.service.cmr.action.ActionDefinition actionDefinitionId) { - List paramDefs = - actionDefinitionId. - getParameterDefinitions(). - stream(). - map(this::toModel). - collect(Collectors.toList()); - return new ActionDefinition( - actionDefinitionId.getName(), // ID is a synonym for name. - actionDefinitionId.getName(), - actionDefinitionId.getTitle(), - actionDefinitionId.getDescription(), - toShortQNames(actionDefinitionId.getApplicableTypes()), - actionDefinitionId.getAdhocPropertiesAllowed(), - actionDefinitionId.getTrackStatus(), - paramDefs); + return mapFromServiceModel(actionDefinitionId); } @Override @@ -215,23 +201,7 @@ public class ActionsImpl implements Actions List sortedPage = actionDefinitions. stream(). - map(actionDefinition -> { - List paramDefs = - actionDefinition. - getParameterDefinitions(). - stream(). - map(this::toModel). - collect(Collectors.toList()); - return new ActionDefinition( - actionDefinition.getName(), // ID is a synonym for name. - actionDefinition.getName(), - actionDefinition.getTitle(), - actionDefinition.getDescription(), - toShortQNames(actionDefinition.getApplicableTypes()), - actionDefinition.getAdhocPropertiesAllowed(), - actionDefinition.getTrackStatus(), - paramDefs); - }). + map(this::mapFromServiceModel). sorted(comparator). skip(skip). limit(maxItems). @@ -246,6 +216,40 @@ public class ActionsImpl implements Actions actionDefinitions.size()); } + @Override + @Experimental + public ActionDefinition getRuleActionDefinitionById(String actionDefinitionId) + { + if (actionDefinitionId == null) + { + throw new InvalidArgumentException("actionDefinitionId is null"); + } + return actionService.getActionDefinitions().stream() + .filter(a -> actionDefinitionId.equals(a.getName())) + .map(this::mapFromServiceModel) + .findFirst() + .orElseThrow(() -> new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] {actionDefinitionId})); + } + + private ActionDefinition mapFromServiceModel(org.alfresco.service.cmr.action.ActionDefinition actionDefinition) + { + List paramDefs = + actionDefinition. + getParameterDefinitions(). + stream(). + map(this::toModel). + collect(Collectors.toList()); + return new ActionDefinition( + actionDefinition.getName(), // ID is a synonym for name. + actionDefinition.getName(), + actionDefinition.getTitle(), + actionDefinition.getDescription(), + toShortQNames(actionDefinition.getApplicableTypes()), + actionDefinition.getAdhocPropertiesAllowed(), + actionDefinition.getTrackStatus(), + paramDefs); + } + @Override public Action executeAction(Action action, Parameters parameters) { diff --git a/remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java b/remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java index ac82ad09d0..35b8b3934e 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java @@ -29,10 +29,12 @@ package org.alfresco.rest.api.impl.mapper.rules; import static java.util.Collections.emptyMap; import static org.alfresco.repo.action.access.ActionAccessRestriction.ACTION_CONTEXT_PARAM_NAME; +import static org.alfresco.rest.api.actions.ActionValidator.ALL_ACTIONS; import java.io.Serializable; import java.util.Collection; import java.util.HashMap; +import java.util.Comparator; import java.util.List; import java.util.Map; import java.util.Optional; @@ -116,7 +118,9 @@ public class RestRuleActionModelMapper implements RestModelMapper v.validate(action)); + .filter(v -> (v.getActionDefinitionIds().contains(action.getActionDefinitionId()) || + v.getActionDefinitionIds().equals(List.of(ALL_ACTIONS)))) + .sorted(Comparator.comparing(ActionValidator::getPriority)) + .forEachOrdered(v -> v.validate(action)); } } diff --git a/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidator.java b/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidator.java new file mode 100644 index 0000000000..b8c3d8933e --- /dev/null +++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidator.java @@ -0,0 +1,171 @@ +/* + * #%L + * Alfresco Remote API + * %% + * Copyright (C) 2005 - 2022 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.rest.api.impl.validator.actions; + +import static org.alfresco.model.ContentModel.TYPE_CATEGORY; +import static org.alfresco.model.ContentModel.TYPE_FOLDER; +import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF; +import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED; +import static org.alfresco.service.cmr.security.PermissionService.WRITE; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +import org.alfresco.repo.action.executer.CheckOutActionExecuter; +import org.alfresco.repo.action.executer.CopyActionExecuter; +import org.alfresco.repo.action.executer.ImageTransformActionExecuter; +import org.alfresco.repo.action.executer.ImporterActionExecuter; +import org.alfresco.repo.action.executer.LinkCategoryActionExecuter; +import org.alfresco.repo.action.executer.MoveActionExecuter; +import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter; +import org.alfresco.repo.action.executer.TransformActionExecuter; +import org.alfresco.rest.api.Actions; +import org.alfresco.rest.api.Nodes; +import org.alfresco.rest.api.actions.ActionValidator; +import org.alfresco.rest.api.model.ActionDefinition; +import org.alfresco.rest.api.model.rules.Action; +import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; +import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; +import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.PermissionService; +import org.alfresco.service.namespace.NamespaceService; +import org.apache.commons.collections.MapUtils; +import org.apache.logging.log4j.util.Strings; + +/** + * This class provides logic for validation of permissions for action parameters which reference node. + */ +public class ActionNodeParameterValidator implements ActionValidator +{ + /** + * This list holds action parameter names which require only READ permission on a referenced node + * That means, all other parameters that reference nodes will require WRITE permission + */ + static final Map> REQUIRE_READ_PERMISSION_PARAMS = + Map.of(LinkCategoryActionExecuter.NAME, List.of(LinkCategoryActionExecuter.PARAM_CATEGORY_VALUE)); + + static final String NO_PROPER_PERMISSIONS_FOR_NODE = "No proper permissions for node: "; + static final String NOT_A_CATEGORY = "Node is not a category "; + static final String NOT_A_FOLDER = "Node is not a folder "; + + private final Actions actions; + private final NamespaceService namespaceService; + private final Nodes nodes; + private final PermissionService permissionService; + + public ActionNodeParameterValidator(Actions actions, NamespaceService namespaceService, Nodes nodes, + PermissionService permissionService) + { + this.actions = actions; + this.namespaceService = namespaceService; + this.nodes = nodes; + this.permissionService = permissionService; + } + + /** + * Validates action parameters that reference nodes against access permissions for executing user. + * + * @param action Action to be validated + */ + @Override + public void validate(Action action) + { + final ActionDefinition actionDefinition = actions.getRuleActionDefinitionById(action.getActionDefinitionId()); + final List nodeRefParams = actionDefinition.getParameterDefinitions().stream() + .filter(pd -> NODE_REF.toPrefixString(namespaceService).equals(pd.getType())) + .collect(Collectors.toList()); + validateNodes(nodeRefParams, action); + } + + /** + * @return List of action definitions applicable to this validator + */ + @Override + public List getActionDefinitionIds() + { + return List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME, + LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME, + ImageTransformActionExecuter.NAME); + } + + @Override + public int getPriority() + { + return Integer.MIN_VALUE + 1; + } + + private void validateNodes(final List nodeRefParamDefinitions, + final Action action) + { + if (MapUtils.isNotEmpty(action.getParams())) + { + nodeRefParamDefinitions.stream() + .filter(pd -> action.getParams().containsKey(pd.getName())) + .forEach(p -> { + final String nodeId = Objects.toString(action.getParams().get(p.getName()), Strings.EMPTY); + final NodeRef nodeRef = nodes.validateNode(nodeId); + validatePermission(action.getActionDefinitionId(), p.getName(), nodeRef); + validateType(action.getActionDefinitionId(), nodeRef); + }); + } + } + + private void validatePermission(final String actionDefinitionId, final String paramName, final NodeRef nodeRef) + { + if (permissionService.hasReadPermission(nodeRef) != ALLOWED) + { + throw new EntityNotFoundException(nodeRef.getId()); + } + if (!REQUIRE_READ_PERMISSION_PARAMS.containsKey(actionDefinitionId) || + REQUIRE_READ_PERMISSION_PARAMS.get(actionDefinitionId).stream().noneMatch(paramName::equals)) + { + if (permissionService.hasPermission(nodeRef, WRITE) != ALLOWED) + { + throw new PermissionDeniedException(NO_PROPER_PERMISSIONS_FOR_NODE + nodeRef.getId()); + } + } + } + + private void validateType(final String actionDefinitionId, final NodeRef nodeRef) + { + if (!LinkCategoryActionExecuter.NAME.equals(actionDefinitionId)) + { + if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())) + { + throw new InvalidArgumentException(NOT_A_FOLDER + nodeRef.getId()); + } + } else if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())) + { + throw new InvalidArgumentException(NOT_A_CATEGORY + nodeRef.getId()); + } + } +} diff --git a/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java b/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java index 83778d347d..63de95ddc6 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java @@ -27,7 +27,11 @@ package org.alfresco.rest.api.impl.validator.actions; import java.io.Serializable; +import java.util.Collections; +import java.util.List; import java.util.Map; +import java.util.Objects; +import java.util.stream.Collectors; import org.alfresco.rest.api.Actions; import org.alfresco.rest.api.actions.ActionValidator; @@ -39,6 +43,7 @@ import org.alfresco.rest.framework.core.exceptions.NotFoundException; import org.alfresco.service.Experimental; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; +import org.apache.logging.log4j.util.Strings; /** * This class will validate all action types against action parameters definitions (mandatory parameters, parameter constraints) @@ -46,14 +51,14 @@ import org.apache.commons.collections.MapUtils; @Experimental public class ActionParameterDefinitionValidator implements ActionValidator { - private static final boolean IS_ENABLED = true; static final String INVALID_PARAMETER_VALUE = "Action parameter: %s has invalid value (%s). Look up possible values for constraint name %s"; static final String MISSING_PARAMETER = "Missing action's mandatory parameter: %s"; static final String MUST_NOT_CONTAIN_PARAMETER = "Action of definition id: %s must not contain parameter of name: %s"; static final String PARAMS_SHOULD_NOT_BE_EMPTY = "Action parameters should not be null or empty for this action. See Action Definition for action of: %s"; - static final String INVALID_ACTION_DEFINITION = "Invalid action definition requested %s"; + static final String INVALID_ACTION_DEFINITION = "Invalid rule action definition requested %s"; + static final String EMPTY_ACTION_DEFINITION = "Empty/null rule action definition id"; private final Actions actions; @@ -71,51 +76,81 @@ public class ActionParameterDefinitionValidator implements ActionValidator public void validate(Action action) { ActionDefinition actionDefinition; + final String actionDefinitionId = action.getActionDefinitionId(); + if (Strings.isBlank(actionDefinitionId)) + { + throw new InvalidArgumentException(EMPTY_ACTION_DEFINITION); + } try { - actionDefinition = actions.getActionDefinitionById(action.getActionDefinitionId()); - } catch (NotFoundException e) { - throw new InvalidArgumentException(String.format(INVALID_ACTION_DEFINITION, action.getActionDefinitionId())); + actionDefinition = actions.getRuleActionDefinitionById(actionDefinitionId); + } catch (NotFoundException e) + { + throw new InvalidArgumentException(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId)); } validateParametersSize(action.getParams(), actionDefinition); final Map params = action.getParams(); if (MapUtils.isNotEmpty(params)) { params.forEach((key, value) -> checkParameterShouldExist(key, actionDefinition)); - actionDefinition.getParameterDefinitions().forEach(p -> validateParameterDefinitions(p, params)); + getParameterDefinitions(actionDefinition).forEach(p -> validateParameterDefinitions(p, params)); } } + /** + * This validator should be applied to all actions + * + * @return list of all defined action definition ids + */ @Override - public boolean isEnabled() + public List getActionDefinitionIds() { - return IS_ENABLED; + return List.of(ALL_ACTIONS); + } + + /** + * This validator should have highest priority and be executed first of all (thus minimal integer is returned here). + * + * @return minimal integer value + */ + @Override + public int getPriority() + { + return Integer.MIN_VALUE; } private void validateParametersSize(final Map params, final ActionDefinition actionDefinition) { - if (CollectionUtils.isNotEmpty(actionDefinition.getParameterDefinitions()) && MapUtils.isEmpty(params)) + final List parameterDefinitions = getParameterDefinitions(actionDefinition); + if (CollectionUtils.isNotEmpty( + parameterDefinitions.stream().filter(ActionDefinition.ParameterDefinition::isMandatory).collect(Collectors.toList())) && + MapUtils.isEmpty(params)) { - throw new IllegalArgumentException(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinition.getName())); + throw new InvalidArgumentException(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinition.getName())); } } + private List getParameterDefinitions(ActionDefinition actionDefinition) + { + return actionDefinition.getParameterDefinitions() == null ? Collections.emptyList() : actionDefinition.getParameterDefinitions(); + } + private void validateParameterDefinitions(final ActionDefinition.ParameterDefinition parameterDefinition, final Map params) { final Serializable parameterValue = params.get(parameterDefinition.getName()); if (parameterDefinition.isMandatory() && parameterValue == null) { - throw new IllegalArgumentException(String.format(MISSING_PARAMETER, parameterDefinition.getName())); + throw new InvalidArgumentException(String.format(MISSING_PARAMETER, parameterDefinition.getName())); } if (parameterDefinition.getParameterConstraintName() != null) { final ActionParameterConstraint actionConstraint = actions.getActionConstraint(parameterDefinition.getParameterConstraintName()); if (parameterValue != null && actionConstraint.getConstraintValues().stream() - .noneMatch(constraintData -> constraintData.getValue().equals(parameterValue.toString()))) + .noneMatch(constraintData -> constraintData.getValue().equals(Objects.toString(parameterValue, null)))) { - throw new IllegalArgumentException(String.format(INVALID_PARAMETER_VALUE, parameterDefinition.getName(), parameterValue, + throw new InvalidArgumentException(String.format(INVALID_PARAMETER_VALUE, parameterDefinition.getName(), parameterValue, actionConstraint.getConstraintName())); } } @@ -123,11 +158,9 @@ public class ActionParameterDefinitionValidator implements ActionValidator private void checkParameterShouldExist(final String parameterName, final ActionDefinition actionDefinition) { - if (actionDefinition.getParameterDefinitions().stream().noneMatch(pd -> parameterName.equals(pd.getName()))) + if (getParameterDefinitions(actionDefinition).stream().noneMatch(pd -> parameterName.equals(pd.getName()))) { - throw new IllegalArgumentException(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinition.getName(), parameterName)); + throw new InvalidArgumentException(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinition.getName(), parameterName)); } } - - } diff --git a/remote-api/src/main/resources/alfresco/public-rest-context.xml b/remote-api/src/main/resources/alfresco/public-rest-context.xml index ab10dbe021..ab2b53b4bb 100644 --- a/remote-api/src/main/resources/alfresco/public-rest-context.xml +++ b/remote-api/src/main/resources/alfresco/public-rest-context.xml @@ -593,6 +593,12 @@ + + + + + + @@ -977,6 +983,7 @@ + diff --git a/remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java b/remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java index e0f5990a16..85e1266353 100644 --- a/remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java +++ b/remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java @@ -36,6 +36,8 @@ import org.alfresco.rest.api.impl.rules.NodeValidatorTest; import org.alfresco.rest.api.impl.rules.RuleLoaderTest; import org.alfresco.rest.api.impl.rules.RuleSetsImplTest; import org.alfresco.rest.api.impl.rules.RulesImplTest; +import org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidatorTest; +import org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidatorTest; import org.alfresco.rest.api.rules.NodeRuleSetsRelationTest; import org.alfresco.rest.api.rules.NodeRulesRelationTest; import org.alfresco.service.Experimental; @@ -53,6 +55,8 @@ import org.junit.runners.Suite; RuleLoaderTest.class, ActionParameterConverterTest.class, ActionPermissionValidatorTest.class, + ActionParameterDefinitionValidatorTest.class, + ActionNodeParameterValidatorTest.class, RestRuleSimpleConditionModelMapperTest.class, RestRuleCompositeConditionModelMapperTest.class, RestRuleActionModelMapperTest.class, diff --git a/remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java b/remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java index b3fd3b1082..234a975a35 100644 --- a/remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java +++ b/remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java @@ -76,7 +76,6 @@ public class RestRuleActionModelMapperTest @Before public void setUp() { objectUnderTest = new RestRuleActionModelMapper(parameterConverter, List.of(sampleValidatorMock)); - given(sampleValidatorMock.isEnabled()).willReturn(true); } @Test diff --git a/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidatorTest.java b/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidatorTest.java new file mode 100644 index 0000000000..047d2da7e1 --- /dev/null +++ b/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidatorTest.java @@ -0,0 +1,366 @@ +/* + * #%L + * Alfresco Remote API + * %% + * Copyright (C) 2005 - 2022 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.rest.api.impl.validator.actions; + +import static org.alfresco.model.ContentModel.TYPE_CATEGORY; +import static org.alfresco.model.ContentModel.TYPE_FOLDER; +import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_CATEGORY; +import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_FOLDER; +import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NO_PROPER_PERMISSIONS_FOR_NODE; +import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.REQUIRE_READ_PERMISSION_PARAMS; +import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.CATEGORY; +import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF; +import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT; +import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE; +import static org.alfresco.service.namespace.NamespaceService.DEFAULT_PREFIX; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.junit.Assert.assertEquals; +import static org.mockito.BDDMockito.given; +import static org.mockito.BDDMockito.then; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.repo.action.executer.CheckOutActionExecuter; +import org.alfresco.repo.action.executer.CopyActionExecuter; +import org.alfresco.repo.action.executer.ImageTransformActionExecuter; +import org.alfresco.repo.action.executer.ImporterActionExecuter; +import org.alfresco.repo.action.executer.LinkCategoryActionExecuter; +import org.alfresco.repo.action.executer.MoveActionExecuter; +import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter; +import org.alfresco.repo.action.executer.TransformActionExecuter; +import org.alfresco.rest.api.Actions; +import org.alfresco.rest.api.Nodes; +import org.alfresco.rest.api.model.ActionDefinition; +import org.alfresco.rest.api.model.rules.Action; +import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; +import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; +import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; +import org.alfresco.service.namespace.NamespaceService; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; + +@RunWith(MockitoJUnitRunner.class) +public class ActionNodeParameterValidatorTest +{ + private static final String READ_RIGHTS_REQUIRED_DEFINITION_ID = LinkCategoryActionExecuter.NAME; + private static final String CATEGORY_NODE_REF_PARAM = REQUIRE_READ_PERMISSION_PARAMS.get(READ_RIGHTS_REQUIRED_DEFINITION_ID).get(0); + private static final String DESTINATION_FOLDER_PARAM = "destination-folder"; + private static final String NODE_ID = "node-id"; + private static final String COPY_ACTION = CopyActionExecuter.NAME; + + @Mock + private Actions actionsMock; + @Mock + private NamespaceService namespaceServiceMock; + @Mock + private Nodes nodesMock; + @Mock + private PermissionService permissionServiceMock; + + @InjectMocks + private ActionNodeParameterValidator objectUnderTest; + + @Test + public void testProperPermissionsForReadRights() + { + final Action action = new Action(); + action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID); + action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED); + given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(true); + + //when + objectUnderTest.validate(action); + + then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet()); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testNotEnoughPermissionsForReadRights() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.DENIED); + + //when + assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action)); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testValidateForNodeNotFound() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + given(nodesMock.validateNode(NODE_ID)).willThrow(EntityNotFoundException.class); + + //when + assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action)); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).shouldHaveNoInteractions(); + } + + @Test + public void testProperPermissionsForWriteRights() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED); + given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED); + given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(true); + + //when + objectUnderTest.validate(action); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet()); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testNotEnoughPermissionsForWriteRights() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED); + given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.DENIED); + + //when + assertThatExceptionOfType(PermissionDeniedException.class).isThrownBy(() -> objectUnderTest.validate(action)) + .withMessageContaining(NO_PROPER_PERMISSIONS_FOR_NODE + NODE_ID); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testNoValidationExecutedForNonNodeRefParam() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + final String dummyParam = "dummyParam"; + action.setParams(Map.of(dummyParam, "dummyValue")); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(dummyParam, TEXT.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + + //when + objectUnderTest.validate(action); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).shouldHaveNoInteractions(); + then(permissionServiceMock).shouldHaveNoInteractions(); + } + + @Test + public void testWrongTypeOfNodeWhenFolderExpected() + { + final Action action = new Action(); + action.setActionDefinitionId(COPY_ACTION); + action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED); + given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED); + given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(false); + + //when + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + .withMessageContaining(NOT_A_FOLDER + NODE_ID); + + then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet()); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testWrongTypeOfNodeWhenCategoryExpected() + { + final Action action = new Action(); + action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID); + action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID)); + ActionDefinition.ParameterDefinition parameterDef = + new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null); + final ActionDefinition actionDefinition = + new ActionDefinition(READ_RIGHTS_REQUIRED_DEFINITION_ID, READ_RIGHTS_REQUIRED_DEFINITION_ID, null, null, null, false, false, + List.of(parameterDef)); + given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition); + given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX)); + final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID); + given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef); + given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED); + given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(false); + + //when + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + .withMessageContaining(NOT_A_CATEGORY + NODE_ID); + + then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID); + then(actionsMock).shouldHaveNoMoreInteractions(); + then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI()); + then(namespaceServiceMock).shouldHaveNoMoreInteractions(); + then(nodesMock).should().validateNode(NODE_ID); + then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet()); + then(nodesMock).shouldHaveNoMoreInteractions(); + then(permissionServiceMock).should().hasReadPermission(nodeRef); + then(permissionServiceMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testGetDefinitionIds() + { + final List expectedIds = + List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME, + LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME, + ImageTransformActionExecuter.NAME); + final List actualIds = objectUnderTest.getActionDefinitionIds(); + + assertEquals(expectedIds, actualIds); + } + + @Test + public void testHasProperPriority() + { + final int expectedPriority = Integer.MIN_VALUE + 1; + final int actualPriority = objectUnderTest.getPriority(); + + assertEquals(expectedPriority, actualPriority); + } +} diff --git a/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java b/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java index bc4c8eb9ae..8a87735684 100644 --- a/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java +++ b/remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java @@ -26,12 +26,16 @@ package org.alfresco.rest.api.impl.validator.actions; +import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.EMPTY_ACTION_DEFINITION; +import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.INVALID_ACTION_DEFINITION; import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MISSING_PARAMETER; import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MUST_NOT_CONTAIN_PARAMETER; import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.PARAMS_SHOULD_NOT_BE_EMPTY; import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.BOOLEAN; import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.junit.Assert.assertEquals; +import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.then; import java.util.Collections; @@ -42,11 +46,12 @@ import java.util.Map; import org.alfresco.rest.api.Actions; import org.alfresco.rest.api.model.ActionDefinition; import org.alfresco.rest.api.model.rules.Action; +import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; +import org.alfresco.rest.framework.core.exceptions.NotFoundException; import org.alfresco.service.Experimental; import org.alfresco.service.namespace.QName; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.BDDMockito; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; @@ -74,12 +79,12 @@ public class ActionParameterDefinitionValidatorTest final List parameterDefinitions = List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when objectUnderTest.validate(action); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @@ -90,17 +95,34 @@ public class ActionParameterDefinitionValidatorTest final String actionDefinitionId = "properActionDefinition"; action.setActionDefinitionId(actionDefinitionId); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, null); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when objectUnderTest.validate(action); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @Test - public void testValidationPassesWhenNoMandatoryParameters() + public void testValidationPassesWhenNoMandatoryParametersNeeded() + { + final Action action = new Action(); + final String actionDefinitionId = "properActionDefinition"; + action.setActionDefinitionId(actionDefinitionId); + final ActionDefinition actionDefinition = + createActionDefinition(actionDefinitionId, List.of(createParameterDefinition(NON_MANDATORY_PARAM_KEY, TEXT, false, null))); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + + //when + objectUnderTest.validate(action); + + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); + then(actionsMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testValidationPassesWhenOptionalParametersNotProvided() { final Action action = new Action(); final String actionDefinitionId = "properActionDefinition"; @@ -110,12 +132,12 @@ public class ActionParameterDefinitionValidatorTest List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null), createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when objectUnderTest.validate(action); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @@ -129,13 +151,13 @@ public class ActionParameterDefinitionValidatorTest final List parameterDefinitions = List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) .withMessageContaining(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinitionId, NON_MANDATORY_PARAM_KEY)); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @@ -148,13 +170,13 @@ public class ActionParameterDefinitionValidatorTest final List parameterDefinitions = List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) .withMessageContaining(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinitionId)); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @@ -170,13 +192,13 @@ public class ActionParameterDefinitionValidatorTest final List parameterDefinitions = List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) .withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY)); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } @@ -191,16 +213,56 @@ public class ActionParameterDefinitionValidatorTest List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null), createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null)); final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions); - BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition); //when - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) .withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY)); - then(actionsMock).should().getActionDefinitionById(actionDefinitionId); + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); then(actionsMock).shouldHaveNoMoreInteractions(); } + @Test + public void testValidationFailsWhenActionWithNullActionDefinition() + { + final Action action = new Action(); + action.setActionDefinitionId(null); + action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue")); + + //when + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + .withMessageContaining(EMPTY_ACTION_DEFINITION); + + then(actionsMock).shouldHaveNoInteractions(); + } + + @Test + public void testValidationFailsWhenNotApplicableActionDefinition() + { + final Action action = new Action(); + final String actionDefinitionId = "notApplicableActionDefinition"; + action.setActionDefinitionId(actionDefinitionId); + action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue")); + given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willThrow(NotFoundException.class); + + //when + assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action)) + .withMessageContaining(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId)); + + then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId); + then(actionsMock).shouldHaveNoMoreInteractions(); + } + + @Test + public void testHasProperPriority() + { + final int expectedPriority = Integer.MIN_VALUE; + final int actualPriority = objectUnderTest.getPriority(); + + assertEquals(expectedPriority, actualPriority); + } + private ActionDefinition createActionDefinition(final String actionDefinitionId, List parameterDefinitions) {