inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACS-3652 Node access validation for Rule Action Parameters, ACS-3795 Validate that action is suitable for use in rule (#1502)

Browse Source 
* ACS-3652 Add validation for individual actions.

In particular write access is required for the folder specified in the copy and move actions.

* ACS-3652: Adding action validations for node permissions.

* ACS-3652: Fixing failing E2E tests.

* ACS-3652: Adding E2E tests.

* ACS-3652: Adding E2E tests.

* ACS-3652 E2E tests for script validation.

* ACS-3652 Fix script validation test to use admin.

* ACS-3652: Removing unnecessary code.

* ACS-3652 E2Es for link to category action.

* ACS-3652: Adding applicable action definition check.

* ACS-3652: Adding more thorough action definition checks and fixing node permission and type checks.

* ACS-3652: Adding more thorough E2E tests and some fixes.

* ACS-3652: Adding more E2E tests and some fixes.

* ACS-3652: Fixing some missing corner cases, adding tests.

* ACS-3652: Small refactoring after code review.

Co-authored-by: Tom Page <thomas.page@alfresco.com>
This commit is contained in:
Maciej Pichura
2022-10-20 14:39:29 +02:00
committed by GitHub
parent 96c437e6a4
commit 7a70b40cc0
16 changed files with 1061 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

278
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java
View File

@@ -26,18 +26,24 @@
package org.alfresco.rest.rules;
import static java.util.stream.Collectors.toList;
import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
import static org.alfresco.rest.actions.access.AccessRestrictionUtil.MAIL_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.CHECKIN_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.ID;
import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED;
import static org.alfresco.rest.rules.RulesTestsUtils.IS_SHARED;
import static org.alfresco.rest.rules.RulesTestsUtils.RULE_NAME_DEFAULT;
import static org.alfresco.rest.rules.RulesTestsUtils.RULE_SCRIPT_PARAM_ID;
import static org.alfresco.rest.rules.RulesTestsUtils.SCRIPT_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.TEMPLATE_PARAM;
import static org.alfresco.utility.constants.UserRole.SiteCollaborator;
import static org.alfresco.utility.constants.UserRole.SiteConsumer;
import static org.alfresco.utility.constants.UserRole.SiteContributor;
import static org.alfresco.utility.constants.UserRole.SiteManager;
import static org.alfresco.utility.model.FileModel.getRandomFileModel;
import static org.alfresco.utility.model.FileType.TEXT_PLAIN;
import static org.alfresco.utility.model.UserModel.getRandomUserModel;
import static org.alfresco.utility.report.log.Step.STEP;
import static org.junit.Assert.assertEquals;
import static org.springframework.http.HttpStatus.BAD_REQUEST;
@@ -45,21 +51,27 @@ import static org.springframework.http.HttpStatus.CREATED;
import static org.springframework.http.HttpStatus.FORBIDDEN;
import static org.springframework.http.HttpStatus.NOT_FOUND;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.IntStream;
import org.alfresco.rest.RestTest;
import org.alfresco.rest.model.RestActionBodyExecTemplateModel;
import org.alfresco.rest.model.RestActionConstraintModel;
import org.alfresco.rest.model.RestCompositeConditionDefinitionModel;
import org.alfresco.rest.model.RestRuleModel;
import org.alfresco.rest.model.RestRuleModelsCollection;
import org.alfresco.utility.constants.UserRole;
import org.alfresco.utility.model.ContentModel;
import org.alfresco.utility.model.FileModel;
import org.alfresco.utility.model.FolderModel;
import org.alfresco.utility.model.SiteModel;
import org.alfresco.utility.model.TestGroup;
import org.alfresco.utility.model.UserModel;
import org.apache.chemistry.opencmis.client.api.CmisObject;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
@@ -368,10 +380,10 @@ public class CreateRulesTests extends RestTest
final UserModel admin = dataUser.getAdminUser();
final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(rulesUtils.createVariousActions());
.createSingleRule(rulesUtils.createRuleWithVariousActions());
RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues();
expectedRuleModel.setActions(rulesUtils.createVariousActions().getActions());
expectedRuleModel.setActions(rulesUtils.createRuleWithVariousActions().getActions());
expectedRuleModel.setTriggers(List.of("inbound"));
restClient.assertStatusCodeIs(CREATED);
@@ -379,8 +391,38 @@ public class CreateRulesTests extends RestTest
.assertThat().field(IS_SHARED).isNull();
}
/**
* Check get an error when creating a rule with action with empty parameter value.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithEmptyActionParameterValueShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, Map.of("description", ""));
ruleModel.setActions(List.of(checkinAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST).assertLastError().containsSummary("Action parameter should not have empty or null value");
}
/**
* Check can create a rule with action without any parameters when action definition states all of them are optional.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithoutParameterWhenTheyAreOptional()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, null);
ruleModel.setActions(List.of(checkinAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
restClient.assertStatusCodeIs(CREATED);
}
/** Check that a normal user cannot create rules that use private actions. */
@Test
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithActions_userCannotUsePrivateAction()
{
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -391,7 +433,7 @@ public class CreateRulesTests extends RestTest
}
/** Check that an administrator can create rules that use private actions. */
@Test
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithActions_adminCanUsePrivateAction()
{
restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -400,6 +442,33 @@ public class CreateRulesTests extends RestTest
restClient.assertStatusCodeIs(CREATED);
}
/**
* Check that an administrator can create rules with email (private) action with reference to an email template.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithActions_adminCanUseMailActionWithTemplate()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel();
mailAction.setActionDefinitionId(MAIL_ACTION);
final Map<String, Serializable> params = new HashMap<>();
final UserModel sender = getRandomUserModel();
final UserModel recipient = getRandomUserModel();
params.put("from", sender.getEmailAddress());
params.put("to", recipient.getEmailAddress());
params.put("subject", "Test");
final RestActionConstraintModel constraint = rulesUtils.getConstraintsForActionParam(user, MAIL_ACTION, TEMPLATE_PARAM);
String templateScriptRef = constraint.getConstraintValues().stream().findFirst().get().getValue();
params.put(TEMPLATE_PARAM, templateScriptRef);
mailAction.setParams(params);
ruleModel.setActions(List.of(mailAction));
restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(CREATED);
}
/**
* Check we get error when attempt to create a rule without any actions.
*/
@@ -423,17 +492,32 @@ public class CreateRulesTests extends RestTest
public void createRuleWithInvalidActionsShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
final String actionDefinitionId = "invalid-definition-value";
invalidAction.setActionDefinitionId(actionDefinitionId);
invalidAction.setParams(Map.of("dummy-key", "dummy-value"));
final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of("dummy-key", "dummy-value"));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary(String.format("Invalid action definition requested %s", actionDefinitionId));
restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId));
}
/**
* Check we get error when attempt to create a rule with an action tha is not applicable to rules.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithNotApplicableActionShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction =
rulesUtils.createCustomActionModel(RulesTestsUtils.DELETE_RENDITION_ACTION, Map.of("dummy-key", "dummy-value"));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", RulesTestsUtils.DELETE_RENDITION_ACTION));
}
/**
@@ -443,9 +527,8 @@ public class CreateRulesTests extends RestTest
public void createRuleWithMissingActionParametersShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
final String actionDefinitionId = "copy";
invalidAction.setActionDefinitionId(actionDefinitionId);
final RestActionBodyExecTemplateModel invalidAction =
rulesUtils.createCustomActionModel(RulesTestsUtils.COPY_ACTION, Collections.emptyMap());
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -454,7 +537,7 @@ public class CreateRulesTests extends RestTest
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary(
String.format("Action parameters should not be null or empty for this action. See Action Definition for action of: %s",
actionDefinitionId));
COPY_ACTION));
}
/**
@@ -464,8 +547,8 @@ public class CreateRulesTests extends RestTest
public void createRuleWithActionParameterNotFulfillingConstraint()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final String actionDefinitionId = "script";
final String scriptRef = "script-ref";
final String actionDefinitionId = SCRIPT_ACTION;
final String scriptRef = RULE_SCRIPT_PARAM_ID;
final String scriptNodeId = "dummy-script-node-id";
final RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of(scriptRef, scriptNodeId));
ruleModel.setActions(List.of(scriptAction));
@@ -484,14 +567,12 @@ public class CreateRulesTests extends RestTest
* Check we get error when attempt to create a rule with action parameter that should not be passed.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithoutInvalidActionParameterShouldFail()
public void createRuleWithInvalidActionParameterShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
final String actionDefinitionId = "add-features";
invalidAction.setActionDefinitionId(actionDefinitionId);
final String invalidParameterKey = "invalidParameterKey";
invalidAction.setParams(Map.of(invalidParameterKey,"dummyValue"));
final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
RulesTestsUtils.ADD_FEATURES_ACTION, Map.of(invalidParameterKey, "dummyValue"));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -499,7 +580,7 @@ public class CreateRulesTests extends RestTest
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary(
String.format("Action of definition id: %s must not contain parameter of name: %s", actionDefinitionId, invalidParameterKey));
String.format("Action of definition id: %s must not contain parameter of name: %s", RulesTestsUtils.ADD_FEATURES_ACTION, invalidParameterKey));
}
/**
@@ -509,10 +590,7 @@ public class CreateRulesTests extends RestTest
public void createRuleWithoutMandatoryActionParametersShouldFail()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
final String actionDefinitionId = "copy";
invalidAction.setActionDefinitionId(actionDefinitionId);
invalidAction.setParams(Map.of("deep-copy",false));
final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(COPY_ACTION, Map.of("deep-copy",false));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -529,10 +607,8 @@ public class CreateRulesTests extends RestTest
public void createRuleThatUsesNonExistentNode()
{
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
String actionDefinitionId = "copy";
invalidAction.setActionDefinitionId(actionDefinitionId);
invalidAction.setParams(Map.of("destination-folder", "non-existent-node"));
RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
COPY_ACTION, Map.of("destination-folder", "non-existent-node"));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -552,10 +628,8 @@ public class CreateRulesTests extends RestTest
FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
String actionDefinitionId = "copy";
invalidAction.setActionDefinitionId(actionDefinitionId);
invalidAction.setParams(Map.of("destination-folder", privateFolder.getNodeRef()));
RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef()));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
@@ -565,6 +639,144 @@ public class CreateRulesTests extends RestTest
restClient.assertLastError().containsSummary("The entity with id: " + privateFolder.getNodeRef() + " was not found");
}
/**
* Check we get error when attempting to create a rule that copies files to a folder that a user only has read permission for.
*/
@Test (groups = { TestGroup.REST_API, TestGroup.RULES })
public void createRuleThatWritesToNodeWithoutPermission()
{
SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer);
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef()));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(FORBIDDEN);
restClient.assertLastError().containsSummary("No proper permissions for node: " + privateFolder.getNodeRef());
}
/**
* Check we get error when attempting to create a rule that moves files to a node which is not a folder
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleThatMovesToNodeWhichIsNotAFolderShouldFail()
{
final FileModel fileModel = dataContent.usingUser(user).usingSite(site).createContent(getRandomFileModel(TEXT_PLAIN));
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
RulesTestsUtils.MOVE_ACTION, Map.of("destination-folder", fileModel.getNodeRef()));
ruleModel.setActions(List.of(invalidAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary("Node is not a folder " + fileModel.getNodeRef());
}
/**
* Check we get error when attempting to create a rule with mail action defined with non-existing mail template.
*/
@Test(groups = {TestGroup.REST_API, TestGroup.RULES})
public void createRuleWithMailActionReferringToNonExistingTemplate()
{
final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel();
mailAction.setActionDefinitionId(MAIL_ACTION);
final Map<String, Serializable> params = new HashMap<>();
final UserModel sender = getRandomUserModel();
final UserModel recipient = getRandomUserModel();
params.put("from", sender.getEmailAddress());
params.put("to", recipient.getEmailAddress());
params.put("subject", "Test");
final String mailTemplate = "non-existing-node-id";
params.put(TEMPLATE_PARAM, mailTemplate);
mailAction.setParams(params);
ruleModel.setActions(List.of(mailAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary("Action parameter: template has invalid value (" + mailTemplate +
"). Look up possible values for constraint name ac-email-templates");
}
/**
* Check the admin user can create a rule with a script.
*/
@Test (groups = { TestGroup.REST_API, TestGroup.RULES })
public void checkAdminCanUseScriptInRule()
{
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(
SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, rulesUtils.getReviewAndApproveWorkflowNode()));
ruleModel.setActions(List.of(scriptAction));
restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(CREATED);
}
/**
* Check the script has to be stored in the scripts directory in the data dictionary.
*/
@Test (groups = { TestGroup.REST_API, TestGroup.RULES })
public void checkCantUseNodeOutsideScriptsDirectory()
{
STEP("Copy script to location outside data dictionary.");
FolderModel folderOutsideDataDictionary = dataContent.usingUser(user).usingSite(site).createFolder();
String sourceNodeId = rulesUtils.getReviewAndApproveWorkflowNode();
ContentModel sourceNode = new ContentModel("/Data Dictionary/Scripts/start-pooled-review-workflow.js");
sourceNode.setNodeRef("/workspace://SpacesStore/" + sourceNodeId);
CmisObject scriptOutsideDataDictionary = dataContent.getContentActions().copyTo(dataUser.getAdminUser().getUsername(),
dataUser.getAdminUser().getPassword(),
sourceNode.getCmisLocation(),
folderOutsideDataDictionary.getCmisLocation());
String scriptId = scriptOutsideDataDictionary.getId().substring(0, scriptOutsideDataDictionary.getId().indexOf(";"));
STEP("Try to use this script in rule.");
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(
SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, scriptId));
ruleModel.setActions(List.of(scriptAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST)
.assertLastError().containsSummary("script-ref has invalid value");
}
/**
* Check a real category needs to be supplied when linking to a category.
*/
@Test (groups = { TestGroup.REST_API, TestGroup.RULES })
public void checkLinkToCategoryNeedsRealCategory()
{
STEP("Attempt to link to a category with a folder node, rather than a category node.");
String nonCategoryNodeRef = ruleFolder.getNodeRef();
RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
RestActionBodyExecTemplateModel categoryAction = rulesUtils.createCustomActionModel(
RulesTestsUtils.LINK_CATEGORY_ACTION, Map.of("category-value", nonCategoryNodeRef));
ruleModel.setActions(List.of(categoryAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.createSingleRule(ruleModel);
restClient.assertStatusCodeIs(BAD_REQUEST);
}
/**
* Check we can create a rule with multiple conditions
*/

3
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java
View File

@@ -26,6 +26,7 @@
package org.alfresco.rest.rules;
import static org.alfresco.rest.requests.RuleSettings.IS_INHERITANCE_ENABLED;
import static org.alfresco.rest.rules.RulesTestsUtils.MOVE_ACTION;
import static org.alfresco.utility.report.log.Step.STEP;
import static org.junit.Assert.assertTrue;
import static org.springframework.http.HttpStatus.FORBIDDEN;
@@ -341,7 +342,7 @@ public class GetRuleSetsTests extends RestTest
dataContent.usingAdmin().usingResource(privateFolder).setInheritPermissions(false);
// Create the grandchild with user and use admin to move it under the private folder.
FolderModel publicGrandchild = dataContent.usingUser(user).usingSite(siteModel).createFolder();
coreAPIForAdmin().usingActions().executeAction("move", publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef()));
coreAPIForAdmin().usingActions().executeAction(MOVE_ACTION, publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef()));
// Create the non-inheriting folder.
FolderModel nonInheritingFolder = dataContent.usingUser(user).usingResource(folder).createFolder();
RestRuleSettingsModel nonInheriting = new RestRuleSettingsModel();

8
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java
View File

@@ -314,9 +314,11 @@ public class GetRulesTests extends RestTest
public void getRuleActions()
{
STEP("Create a rule with a few actions");
FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
final RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
.createSingleRule(rulesUtils.createVariousActions());
final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
final RestRuleModel ruleWithVariousActions = rulesUtils.createRuleWithVariousActions();
final UserModel admin = dataUser.getAdminUser();
final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
.createSingleRule(ruleWithVariousActions);
STEP("Retrieve the created rule via the GET endpoint");
final RestRuleModel getRuleBody = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId());

61
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java
View File

@@ -63,8 +63,6 @@ public class RulesTestsUtils
static final boolean RULE_CASCADE_DEFAULT = true;
static final boolean RULE_ASYNC_DEFAULT = true;
static final boolean RULE_SHARED_DEFAULT = false;
static final String RULE_SCRIPT_ID = "script";
static final String RULE_SCRIPT_PARAM_ID = "script-ref";
static final String RULE_ERROR_SCRIPT_LABEL = "Start Pooled Review and Approve Workflow";
static final String INBOUND = "inbound";
static final String UPDATE = "update";
@@ -76,6 +74,15 @@ public class RulesTestsUtils
static final String IS_SHARED = "isShared";
static final String AUDIO_ASPECT = "audio:audio";
static final String LOCKABLE_ASPECT = "cm:lockable";
static final String TEMPLATE_PARAM = "template";
static final String RULE_SCRIPT_PARAM_ID = "script-ref";
static final String CHECKIN_ACTION = "check-in";
static final String LINK_CATEGORY_ACTION = "link-category";
static final String DELETE_RENDITION_ACTION = "delete-rendition";
static final String COPY_ACTION = "copy";
static final String ADD_FEATURES_ACTION = "add-features";
static final String MOVE_ACTION = "move";
static final String SCRIPT_ACTION = "script";
@Autowired
private RestWrapper restClient;
@@ -95,6 +102,42 @@ public class RulesTestsUtils
/** Destination folder for check out action used by these helper methods. This is populated by the getter and should not be accessed directly. */
private FolderModel checkOutDestinationFolder;
/**
* Get the constraint value for a given action parameter label.
*
* @param user The user to use to obtain the information.
* @param actionId The id of the action definition.
* @param paramId The id of the parameter for the action.
* @param constraintLabel The label of the desired value of the parameter.
* @return The value to use for the parameter.
*/
public String findConstraintValue(UserModel user, String actionId, String paramId, String constraintLabel)
{
RestActionConstraintModel constraintDef = getConstraintsForActionParam(user, actionId, paramId);
RestActionConstraintDataModel constraintDataModel = constraintDef.getConstraintValues().stream().filter(constraintValue -> constraintValue.getLabel().equals(constraintLabel)).findFirst().get();
return constraintDataModel.getValue();
}
/**
* Get all constraint values for a given action parameter.
*
* @param user The user to use to obtain the information.
* @param actionId The id of the action definition.
* @param paramId The id of the parameter for the action.
* @return The value to use for the parameter.
*/
public RestActionConstraintModel getConstraintsForActionParam(UserModel user, String actionId, String paramId)
{
RestActionDefinitionModel actionDef = restClient.authenticateUser(user).withCoreAPI().usingActions().getActionDefinitionById(actionId);
RestParameterDefinitionModel paramDef = actionDef.getParameterDefinitions().stream().filter(param -> param.getName().equals(paramId)).findFirst().get();
if (paramDef.getParameterConstraintName() == null)
{
throw new IllegalArgumentException("Supplied parameter " + paramId + " for action " + actionId + " does not have a defined constraint.");
}
String constraintName = paramDef.getParameterConstraintName();
return restClient.authenticateUser(user).withCoreAPI().usingActions().getActionConstraintByName(constraintName);
}
/**
* Get the review and approve workflow node (throwing an exception if this utility class has not been initialised).
*
@@ -105,13 +148,7 @@ public class RulesTestsUtils
if (reviewAndApproveWorkflowNode == null)
{
UserModel admin = dataUser.getAdminUser();
// Obtain the node ref for the review and approve workflow.
RestActionDefinitionModel actionDef = restClient.authenticateUser(admin).withCoreAPI().usingActions().getActionDefinitionById(RULE_SCRIPT_ID);
RestParameterDefinitionModel paramDef = actionDef.getParameterDefinitions().stream().filter(param -> param.getName().equals(RULE_SCRIPT_PARAM_ID)).findFirst().get();
String constraintName = paramDef.getParameterConstraintName();
RestActionConstraintModel constraintDef = restClient.authenticateUser(admin).withCoreAPI().usingActions().getActionConstraintByName(constraintName);
RestActionConstraintDataModel reviewAndApprove = constraintDef.getConstraintValues().stream().filter(constraintValue -> constraintValue.getLabel().equals(RULE_ERROR_SCRIPT_LABEL)).findFirst().get();
reviewAndApproveWorkflowNode = reviewAndApprove.getValue();
reviewAndApproveWorkflowNode = findConstraintValue(admin, SCRIPT_ACTION, RULE_SCRIPT_PARAM_ID, RULE_ERROR_SCRIPT_LABEL);
}
return reviewAndApproveWorkflowNode;
}
@@ -209,7 +246,7 @@ public class RulesTestsUtils
public RestActionBodyExecTemplateModel createAddAspectAction(String aspect)
{
return createCustomActionModel("add-features", Map.of("aspect-name", aspect));
return createCustomActionModel(ADD_FEATURES_ACTION, Map.of("aspect-name", aspect));
}
public RestActionBodyExecTemplateModel createCustomActionModel(String actionDefinitionId, Map<String, Serializable> params)
@@ -247,11 +284,11 @@ public class RulesTestsUtils
));
}
public RestRuleModel createVariousActions()
public RestRuleModel createRuleWithVariousActions()
{
final Map<String, Serializable> copyParams =
Map.of("destination-folder", getCopyDestinationFolder().getNodeRef(), "deep-copy", true);
final RestActionBodyExecTemplateModel copyAction = createCustomActionModel("copy", copyParams);
final RestActionBodyExecTemplateModel copyAction = createCustomActionModel(COPY_ACTION, copyParams);
final Map<String, Serializable> checkOutParams =
Map.of("destination-folder", getCheckOutDestinationFolder().getNodeRef(), "assoc-name", "cm:checkout",
"assoc-type", "cm:contains");

21
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java
View File

@@ -26,6 +26,8 @@
package org.alfresco.rest.rules;
import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
import static org.alfresco.rest.rules.RulesTestsUtils.ADD_FEATURES_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION;
import static org.alfresco.rest.rules.RulesTestsUtils.ID;
import static org.alfresco.rest.rules.RulesTestsUtils.INBOUND;
import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED;
@@ -247,7 +249,7 @@ public class UpdateRulesTests extends RestTest
.updateRule(rule.getId(), rule);
restClient.assertStatusCodeIs(BAD_REQUEST);
restClient.assertLastError().containsSummary(String.format("Invalid action definition requested %s", actionDefinitionId));
restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId));
}
/** Check we can use the POST response to create the new rule. */
@@ -257,7 +259,7 @@ public class UpdateRulesTests extends RestTest
FolderModel destination = dataContent.usingUser(user).usingSite(site).createFolder();
RestActionBodyExecTemplateModel copyAction = new RestActionBodyExecTemplateModel();
copyAction.setActionDefinitionId("copy");
copyAction.setActionDefinitionId(COPY_ACTION);
copyAction.setParams(ImmutableMap.of("destination-folder", destination.getNodeRef()));
RestRuleModel rule = createAndSaveRule("Rule name", List.of(copyAction));
@@ -269,7 +271,7 @@ public class UpdateRulesTests extends RestTest
restClient.assertStatusCodeIs(OK);
updatedRule.assertThat().field("name").is("Updated rule name")
.assertThat().field("actions.actionDefinitionId").is(List.of("copy"))
.assertThat().field("actions.actionDefinitionId").is(List.of(COPY_ACTION))
.assertThat().field("actions.params").is(List.of(ImmutableMap.of("destination-folder", destination.getNodeRef())));
}
@@ -459,12 +461,10 @@ public class UpdateRulesTests extends RestTest
final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
STEP("Try to update the rule by adding several actions");
final Map<String, Serializable> copyParams =
Map.of("destination-folder", rulesUtils.getCopyDestinationFolder().getNodeRef(), "deep-copy", true);
final RestActionBodyExecTemplateModel copyAction = rulesUtils.createCustomActionModel("copy", copyParams);
final RestActionBodyExecTemplateModel counterAction = rulesUtils.createCustomActionModel("counter", null);
final Map<String, Serializable> addAspectParams = Map.of("aspect-name", "cm:taggable");
final RestActionBodyExecTemplateModel addAspectAction = rulesUtils.createCustomActionModel("add-features", addAspectParams);
rule.setActions(Arrays.asList(copyAction, addAspectAction));
final RestActionBodyExecTemplateModel addAspectAction = rulesUtils.createCustomActionModel(ADD_FEATURES_ACTION, addAspectParams);
rule.setActions(Arrays.asList(counterAction, addAspectAction));
final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.updateRule(rule.getId(), rule);
@@ -489,7 +489,8 @@ public class UpdateRulesTests extends RestTest
final RestActionBodyExecTemplateModel checkOutAction = rulesUtils.createCustomActionModel("check-out", checkOutParams);
rule.setActions(List.of(checkOutAction));
restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
final UserModel admin = dataUser.getAdminUser();
restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
.updateRule(rule.getId(), rule);
restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -507,7 +508,7 @@ public class UpdateRulesTests extends RestTest
STEP("Try to update the rule by adding action with invalid parameter (non-existing namespace in value)");
final RestActionBodyExecTemplateModel action = new RestActionBodyExecTemplateModel();
action.setActionDefinitionId("add-features");
action.setActionDefinitionId(ADD_FEATURES_ACTION);
final String aspectNameParam = "aspect-name";
final String paramValue = "dummy:dummy";
action.setParams(Map.of(aspectNameParam, paramValue));

4
remote-api/src/main/java/org/alfresco/rest/api/Actions.java
View File

@@ -27,6 +27,8 @@
package org.alfresco.rest.api;
import java.util.List;
import org.alfresco.rest.api.model.Action;
import org.alfresco.rest.api.model.ActionDefinition;
import org.alfresco.rest.api.model.ActionParameterConstraint;
@@ -53,4 +55,6 @@ public interface Actions
@Experimental
ActionParameterConstraint getActionConstraint(String constraintName);
@Experimental
ActionDefinition getRuleActionDefinitionById(String actionDefinitionId);
}

24
remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java
View File

@@ -26,13 +26,35 @@
package org.alfresco.rest.api.actions;
import java.util.List;
import org.alfresco.rest.api.model.rules.Action;
import org.alfresco.service.Experimental;
@Experimental
public interface ActionValidator
{
String ALL_ACTIONS = "all";
/**
* Provides validation logic for given action.
*/
void validate(Action action);
boolean isEnabled();
/**
* Returns priority of validator (applied to bulk validation in @see {@link org.alfresco.rest.api.impl.mapper.rules.RestRuleActionModelMapper})
* The lower number, the higher priority is set for the validator.
* @return priority expressed as int
*/
int getPriority();
/**
* By default validator is applied to all actions
*
* @return indicator for all defined action definition ids
*/
default List<String> getActionDefinitionIds() {
return List.of(ALL_ACTIONS);
}
}

68
remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java
View File

@@ -145,21 +145,7 @@ public class ActionsImpl implements Actions
private ActionDefinition getActionDefinition(
org.alfresco.service.cmr.action.ActionDefinition actionDefinitionId)
{
List<ActionDefinition.ParameterDefinition> paramDefs =
actionDefinitionId.
getParameterDefinitions().
stream().
map(this::toModel).
collect(Collectors.toList());
return new ActionDefinition(
actionDefinitionId.getName(), // ID is a synonym for name.
actionDefinitionId.getName(),
actionDefinitionId.getTitle(),
actionDefinitionId.getDescription(),
toShortQNames(actionDefinitionId.getApplicableTypes()),
actionDefinitionId.getAdhocPropertiesAllowed(),
actionDefinitionId.getTrackStatus(),
paramDefs);
return mapFromServiceModel(actionDefinitionId);
}
@Override
@@ -215,23 +201,7 @@ public class ActionsImpl implements Actions
List<ActionDefinition> sortedPage = actionDefinitions.
stream().
map(actionDefinition -> {
List<ActionDefinition.ParameterDefinition> paramDefs =
actionDefinition.
getParameterDefinitions().
stream().
map(this::toModel).
collect(Collectors.toList());
return new ActionDefinition(
actionDefinition.getName(), // ID is a synonym for name.
actionDefinition.getName(),
actionDefinition.getTitle(),
actionDefinition.getDescription(),
toShortQNames(actionDefinition.getApplicableTypes()),
actionDefinition.getAdhocPropertiesAllowed(),
actionDefinition.getTrackStatus(),
paramDefs);
}).
map(this::mapFromServiceModel).
sorted(comparator).
skip(skip).
limit(maxItems).
@@ -246,6 +216,40 @@ public class ActionsImpl implements Actions
actionDefinitions.size());
}
@Override
@Experimental
public ActionDefinition getRuleActionDefinitionById(String actionDefinitionId)
{
if (actionDefinitionId == null)
{
throw new InvalidArgumentException("actionDefinitionId is null");
}
return actionService.getActionDefinitions().stream()
.filter(a -> actionDefinitionId.equals(a.getName()))
.map(this::mapFromServiceModel)
.findFirst()
.orElseThrow(() -> new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] {actionDefinitionId}));
}
private ActionDefinition mapFromServiceModel(org.alfresco.service.cmr.action.ActionDefinition actionDefinition)
{
List<ActionDefinition.ParameterDefinition> paramDefs =
actionDefinition.
getParameterDefinitions().
stream().
map(this::toModel).
collect(Collectors.toList());
return new ActionDefinition(
actionDefinition.getName(), // ID is a synonym for name.
actionDefinition.getName(),
actionDefinition.getTitle(),
actionDefinition.getDescription(),
toShortQNames(actionDefinition.getApplicableTypes()),
actionDefinition.getAdhocPropertiesAllowed(),
actionDefinition.getTrackStatus(),
paramDefs);
}
@Override
public Action executeAction(Action action, Parameters parameters)
{

8
remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java
View File

@@ -29,10 +29,12 @@ package org.alfresco.rest.api.impl.mapper.rules;
import static java.util.Collections.emptyMap;
import static org.alfresco.repo.action.access.ActionAccessRestriction.ACTION_CONTEXT_PARAM_NAME;
import static org.alfresco.rest.api.actions.ActionValidator.ALL_ACTIONS;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashMap;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -116,7 +118,9 @@ public class RestRuleActionModelMapper implements RestModelMapper<Action, org.al
}
private void validateAction(Action action) {
actionValidators.stream()
.filter(ActionValidator::isEnabled)
.forEach(v -> v.validate(action));
.filter(v -> (v.getActionDefinitionIds().contains(action.getActionDefinitionId()) ||
v.getActionDefinitionIds().equals(List.of(ALL_ACTIONS))))
.sorted(Comparator.comparing(ActionValidator::getPriority))
.forEachOrdered(v -> v.validate(action));
}
}

171
remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidator.java Normal file
View File

@@ -0,0 +1,171 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2022 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.impl.validator.actions;
import static org.alfresco.model.ContentModel.TYPE_CATEGORY;
import static org.alfresco.model.ContentModel.TYPE_FOLDER;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF;
import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
import static org.alfresco.service.cmr.security.PermissionService.WRITE;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.alfresco.repo.action.executer.CheckOutActionExecuter;
import org.alfresco.repo.action.executer.CopyActionExecuter;
import org.alfresco.repo.action.executer.ImageTransformActionExecuter;
import org.alfresco.repo.action.executer.ImporterActionExecuter;
import org.alfresco.repo.action.executer.LinkCategoryActionExecuter;
import org.alfresco.repo.action.executer.MoveActionExecuter;
import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter;
import org.alfresco.repo.action.executer.TransformActionExecuter;
import org.alfresco.rest.api.Actions;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.actions.ActionValidator;
import org.alfresco.rest.api.model.ActionDefinition;
import org.alfresco.rest.api.model.rules.Action;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.apache.commons.collections.MapUtils;
import org.apache.logging.log4j.util.Strings;
/**
* This class provides logic for validation of permissions for action parameters which reference node.
*/
public class ActionNodeParameterValidator implements ActionValidator
{
/**
* This list holds action parameter names which require only READ permission on a referenced node
* That means, all other parameters that reference nodes will require WRITE permission
*/
static final Map<String, List<String>> REQUIRE_READ_PERMISSION_PARAMS =
Map.of(LinkCategoryActionExecuter.NAME, List.of(LinkCategoryActionExecuter.PARAM_CATEGORY_VALUE));
static final String NO_PROPER_PERMISSIONS_FOR_NODE = "No proper permissions for node: ";
static final String NOT_A_CATEGORY = "Node is not a category ";
static final String NOT_A_FOLDER = "Node is not a folder ";
private final Actions actions;
private final NamespaceService namespaceService;
private final Nodes nodes;
private final PermissionService permissionService;
public ActionNodeParameterValidator(Actions actions, NamespaceService namespaceService, Nodes nodes,
PermissionService permissionService)
{
this.actions = actions;
this.namespaceService = namespaceService;
this.nodes = nodes;
this.permissionService = permissionService;
}
/**
* Validates action parameters that reference nodes against access permissions for executing user.
*
* @param action Action to be validated
*/
@Override
public void validate(Action action)
{
final ActionDefinition actionDefinition = actions.getRuleActionDefinitionById(action.getActionDefinitionId());
final List<ActionDefinition.ParameterDefinition> nodeRefParams = actionDefinition.getParameterDefinitions().stream()
.filter(pd -> NODE_REF.toPrefixString(namespaceService).equals(pd.getType()))
.collect(Collectors.toList());
validateNodes(nodeRefParams, action);
}
/**
* @return List of action definitions applicable to this validator
*/
@Override
public List<String> getActionDefinitionIds()
{
return List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME,
LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME,
ImageTransformActionExecuter.NAME);
}
@Override
public int getPriority()
{
return Integer.MIN_VALUE + 1;
}
private void validateNodes(final List<ActionDefinition.ParameterDefinition> nodeRefParamDefinitions,
final Action action)
{
if (MapUtils.isNotEmpty(action.getParams()))
{
nodeRefParamDefinitions.stream()
.filter(pd -> action.getParams().containsKey(pd.getName()))
.forEach(p -> {
final String nodeId = Objects.toString(action.getParams().get(p.getName()), Strings.EMPTY);
final NodeRef nodeRef = nodes.validateNode(nodeId);
validatePermission(action.getActionDefinitionId(), p.getName(), nodeRef);
validateType(action.getActionDefinitionId(), nodeRef);
});
}
}
private void validatePermission(final String actionDefinitionId, final String paramName, final NodeRef nodeRef)
{
if (permissionService.hasReadPermission(nodeRef) != ALLOWED)
{
throw new EntityNotFoundException(nodeRef.getId());
}
if (!REQUIRE_READ_PERMISSION_PARAMS.containsKey(actionDefinitionId) ||
REQUIRE_READ_PERMISSION_PARAMS.get(actionDefinitionId).stream().noneMatch(paramName::equals))
{
if (permissionService.hasPermission(nodeRef, WRITE) != ALLOWED)
{
throw new PermissionDeniedException(NO_PROPER_PERMISSIONS_FOR_NODE + nodeRef.getId());
}
}
}
private void validateType(final String actionDefinitionId, final NodeRef nodeRef)
{
if (!LinkCategoryActionExecuter.NAME.equals(actionDefinitionId))
{
if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet()))
{
throw new InvalidArgumentException(NOT_A_FOLDER + nodeRef.getId());
}
} else if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet()))
{
throw new InvalidArgumentException(NOT_A_CATEGORY + nodeRef.getId());
}
}
}

67
remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java
View File

@@ -27,7 +27,11 @@
package org.alfresco.rest.api.impl.validator.actions;
import java.io.Serializable;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.alfresco.rest.api.Actions;
import org.alfresco.rest.api.actions.ActionValidator;
@@ -39,6 +43,7 @@ import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.service.Experimental;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.logging.log4j.util.Strings;
/**
* This class will validate all action types against action parameters definitions (mandatory parameters, parameter constraints)
@@ -46,14 +51,14 @@ import org.apache.commons.collections.MapUtils;
@Experimental
public class ActionParameterDefinitionValidator implements ActionValidator
{
private static final boolean IS_ENABLED = true;
static final String INVALID_PARAMETER_VALUE =
"Action parameter: %s has invalid value (%s). Look up possible values for constraint name %s";
static final String MISSING_PARAMETER = "Missing action's mandatory parameter: %s";
static final String MUST_NOT_CONTAIN_PARAMETER = "Action of definition id: %s must not contain parameter of name: %s";
static final String PARAMS_SHOULD_NOT_BE_EMPTY =
"Action parameters should not be null or empty for this action. See Action Definition for action of: %s";
static final String INVALID_ACTION_DEFINITION = "Invalid action definition requested %s";
static final String INVALID_ACTION_DEFINITION = "Invalid rule action definition requested %s";
static final String EMPTY_ACTION_DEFINITION = "Empty/null rule action definition id";
private final Actions actions;
@@ -71,51 +76,81 @@ public class ActionParameterDefinitionValidator implements ActionValidator
public void validate(Action action)
{
ActionDefinition actionDefinition;
final String actionDefinitionId = action.getActionDefinitionId();
if (Strings.isBlank(actionDefinitionId))
{
throw new InvalidArgumentException(EMPTY_ACTION_DEFINITION);
}
try
{
actionDefinition = actions.getActionDefinitionById(action.getActionDefinitionId());
} catch (NotFoundException e) {
throw new InvalidArgumentException(String.format(INVALID_ACTION_DEFINITION, action.getActionDefinitionId()));
actionDefinition = actions.getRuleActionDefinitionById(actionDefinitionId);
} catch (NotFoundException e)
{
throw new InvalidArgumentException(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId));
}
validateParametersSize(action.getParams(), actionDefinition);
final Map<String, Serializable> params = action.getParams();
if (MapUtils.isNotEmpty(params))
{
params.forEach((key, value) -> checkParameterShouldExist(key, actionDefinition));
actionDefinition.getParameterDefinitions().forEach(p -> validateParameterDefinitions(p, params));
getParameterDefinitions(actionDefinition).forEach(p -> validateParameterDefinitions(p, params));
}
}
/**
* This validator should be applied to all actions
*
* @return list of all defined action definition ids
*/
@Override
public boolean isEnabled()
public List<String> getActionDefinitionIds()
{
return IS_ENABLED;
return List.of(ALL_ACTIONS);
}
/**
* This validator should have highest priority and be executed first of all (thus minimal integer is returned here).
*
* @return minimal integer value
*/
@Override
public int getPriority()
{
return Integer.MIN_VALUE;
}
private void validateParametersSize(final Map<String, Serializable> params, final ActionDefinition actionDefinition)
{
if (CollectionUtils.isNotEmpty(actionDefinition.getParameterDefinitions()) && MapUtils.isEmpty(params))
final List<ActionDefinition.ParameterDefinition> parameterDefinitions = getParameterDefinitions(actionDefinition);
if (CollectionUtils.isNotEmpty(
parameterDefinitions.stream().filter(ActionDefinition.ParameterDefinition::isMandatory).collect(Collectors.toList())) &&
MapUtils.isEmpty(params))
{
throw new IllegalArgumentException(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinition.getName()));
throw new InvalidArgumentException(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinition.getName()));
}
}
private List<ActionDefinition.ParameterDefinition> getParameterDefinitions(ActionDefinition actionDefinition)
{
return actionDefinition.getParameterDefinitions() == null ? Collections.emptyList() : actionDefinition.getParameterDefinitions();
}
private void validateParameterDefinitions(final ActionDefinition.ParameterDefinition parameterDefinition,
final Map<String, Serializable> params)
{
final Serializable parameterValue = params.get(parameterDefinition.getName());
if (parameterDefinition.isMandatory() && parameterValue == null)
{
throw new IllegalArgumentException(String.format(MISSING_PARAMETER, parameterDefinition.getName()));
throw new InvalidArgumentException(String.format(MISSING_PARAMETER, parameterDefinition.getName()));
}
if (parameterDefinition.getParameterConstraintName() != null)
{
final ActionParameterConstraint actionConstraint =
actions.getActionConstraint(parameterDefinition.getParameterConstraintName());
if (parameterValue != null && actionConstraint.getConstraintValues().stream()
.noneMatch(constraintData -> constraintData.getValue().equals(parameterValue.toString())))
.noneMatch(constraintData -> constraintData.getValue().equals(Objects.toString(parameterValue, null))))
{
throw new IllegalArgumentException(String.format(INVALID_PARAMETER_VALUE, parameterDefinition.getName(), parameterValue,
throw new InvalidArgumentException(String.format(INVALID_PARAMETER_VALUE, parameterDefinition.getName(), parameterValue,
actionConstraint.getConstraintName()));
}
}
@@ -123,11 +158,9 @@ public class ActionParameterDefinitionValidator implements ActionValidator
private void checkParameterShouldExist(final String parameterName, final ActionDefinition actionDefinition)
{
if (actionDefinition.getParameterDefinitions().stream().noneMatch(pd -> parameterName.equals(pd.getName())))
if (getParameterDefinitions(actionDefinition).stream().noneMatch(pd -> parameterName.equals(pd.getName())))
{
throw new IllegalArgumentException(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinition.getName(), parameterName));
throw new InvalidArgumentException(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinition.getName(), parameterName));
}
}
}

7
remote-api/src/main/resources/alfresco/public-rest-context.xml
View File

@@ -593,6 +593,12 @@
<bean id="actionParameterConstraintsValidator" class="org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator">
<constructor-arg name="actions" ref="Actions"/>
</bean>
<bean id="actionNodeParameterValidator" class="org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator">
<constructor-arg name="actions" ref="Actions"/>
<constructor-arg name="namespaceService" ref="NamespaceService"/>
<constructor-arg name="nodes" ref="Nodes"/>
<constructor-arg name="permissionService" ref="PermissionService"/>
</bean>
<!-- action parameter validators end here-->
@@ -977,6 +983,7 @@
<constructor-arg name="actionValidators">
<list>
<ref bean="actionParameterConstraintsValidator"/>
<ref bean="actionNodeParameterValidator"/>
</list>
</constructor-arg>
</bean>

4
remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java
View File

@@ -36,6 +36,8 @@ import org.alfresco.rest.api.impl.rules.NodeValidatorTest;
import org.alfresco.rest.api.impl.rules.RuleLoaderTest;
import org.alfresco.rest.api.impl.rules.RuleSetsImplTest;
import org.alfresco.rest.api.impl.rules.RulesImplTest;
import org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidatorTest;
import org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidatorTest;
import org.alfresco.rest.api.rules.NodeRuleSetsRelationTest;
import org.alfresco.rest.api.rules.NodeRulesRelationTest;
import org.alfresco.service.Experimental;
@@ -53,6 +55,8 @@ import org.junit.runners.Suite;
RuleLoaderTest.class,
ActionParameterConverterTest.class,
ActionPermissionValidatorTest.class,
ActionParameterDefinitionValidatorTest.class,
ActionNodeParameterValidatorTest.class,
RestRuleSimpleConditionModelMapperTest.class,
RestRuleCompositeConditionModelMapperTest.class,
RestRuleActionModelMapperTest.class,

1
remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java
View File

@@ -76,7 +76,6 @@ public class RestRuleActionModelMapperTest
@Before
public void setUp() {
objectUnderTest = new RestRuleActionModelMapper(parameterConverter, List.of(sampleValidatorMock));
given(sampleValidatorMock.isEnabled()).willReturn(true);
}
@Test

366
remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidatorTest.java Normal file
View File

@@ -0,0 +1,366 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2022 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.impl.validator.actions;
import static org.alfresco.model.ContentModel.TYPE_CATEGORY;
import static org.alfresco.model.ContentModel.TYPE_FOLDER;
import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_CATEGORY;
import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_FOLDER;
import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NO_PROPER_PERMISSIONS_FOR_NODE;
import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.REQUIRE_READ_PERMISSION_PARAMS;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.CATEGORY;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT;
import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
import static org.alfresco.service.namespace.NamespaceService.DEFAULT_PREFIX;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.junit.Assert.assertEquals;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.then;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.action.executer.CheckOutActionExecuter;
import org.alfresco.repo.action.executer.CopyActionExecuter;
import org.alfresco.repo.action.executer.ImageTransformActionExecuter;
import org.alfresco.repo.action.executer.ImporterActionExecuter;
import org.alfresco.repo.action.executer.LinkCategoryActionExecuter;
import org.alfresco.repo.action.executer.MoveActionExecuter;
import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter;
import org.alfresco.repo.action.executer.TransformActionExecuter;
import org.alfresco.rest.api.Actions;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.model.ActionDefinition;
import org.alfresco.rest.api.model.rules.Action;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
@RunWith(MockitoJUnitRunner.class)
public class ActionNodeParameterValidatorTest
{
private static final String READ_RIGHTS_REQUIRED_DEFINITION_ID = LinkCategoryActionExecuter.NAME;
private static final String CATEGORY_NODE_REF_PARAM = REQUIRE_READ_PERMISSION_PARAMS.get(READ_RIGHTS_REQUIRED_DEFINITION_ID).get(0);
private static final String DESTINATION_FOLDER_PARAM = "destination-folder";
private static final String NODE_ID = "node-id";
private static final String COPY_ACTION = CopyActionExecuter.NAME;
@Mock
private Actions actionsMock;
@Mock
private NamespaceService namespaceServiceMock;
@Mock
private Nodes nodesMock;
@Mock
private PermissionService permissionServiceMock;
@InjectMocks
private ActionNodeParameterValidator objectUnderTest;
@Test
public void testProperPermissionsForReadRights()
{
final Action action = new Action();
action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID);
action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(true);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet());
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testNotEnoughPermissionsForReadRights()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.DENIED);
//when
assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action));
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testValidateForNodeNotFound()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
given(nodesMock.validateNode(NODE_ID)).willThrow(EntityNotFoundException.class);
//when
assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action));
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).shouldHaveNoInteractions();
}
@Test
public void testProperPermissionsForWriteRights()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED);
given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(true);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet());
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testNotEnoughPermissionsForWriteRights()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.DENIED);
//when
assertThatExceptionOfType(PermissionDeniedException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(NO_PROPER_PERMISSIONS_FOR_NODE + NODE_ID);
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testNoValidationExecutedForNonNodeRefParam()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
final String dummyParam = "dummyParam";
action.setParams(Map.of(dummyParam, "dummyValue"));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(dummyParam, TEXT.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
//when
objectUnderTest.validate(action);
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).shouldHaveNoInteractions();
then(permissionServiceMock).shouldHaveNoInteractions();
}
@Test
public void testWrongTypeOfNodeWhenFolderExpected()
{
final Action action = new Action();
action.setActionDefinitionId(COPY_ACTION);
action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED);
given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(false);
//when
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(NOT_A_FOLDER + NODE_ID);
then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet());
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testWrongTypeOfNodeWhenCategoryExpected()
{
final Action action = new Action();
action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID);
action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID));
ActionDefinition.ParameterDefinition parameterDef =
new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
final ActionDefinition actionDefinition =
new ActionDefinition(READ_RIGHTS_REQUIRED_DEFINITION_ID, READ_RIGHTS_REQUIRED_DEFINITION_ID, null, null, null, false, false,
List.of(parameterDef));
given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition);
given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(false);
//when
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(NOT_A_CATEGORY + NODE_ID);
then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID);
then(actionsMock).shouldHaveNoMoreInteractions();
then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
then(namespaceServiceMock).shouldHaveNoMoreInteractions();
then(nodesMock).should().validateNode(NODE_ID);
then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet());
then(nodesMock).shouldHaveNoMoreInteractions();
then(permissionServiceMock).should().hasReadPermission(nodeRef);
then(permissionServiceMock).shouldHaveNoMoreInteractions();
}
@Test
public void testGetDefinitionIds()
{
final List<String> expectedIds =
List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME,
LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME,
ImageTransformActionExecuter.NAME);
final List<String> actualIds = objectUnderTest.getActionDefinitionIds();
assertEquals(expectedIds, actualIds);
}
@Test
public void testHasProperPriority()
{
final int expectedPriority = Integer.MIN_VALUE + 1;
final int actualPriority = objectUnderTest.getPriority();
assertEquals(expectedPriority, actualPriority);
}
}

102
remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java
View File

@@ -26,12 +26,16 @@
package org.alfresco.rest.api.impl.validator.actions;
import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.EMPTY_ACTION_DEFINITION;
import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.INVALID_ACTION_DEFINITION;
import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MISSING_PARAMETER;
import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MUST_NOT_CONTAIN_PARAMETER;
import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.PARAMS_SHOULD_NOT_BE_EMPTY;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.BOOLEAN;
import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.junit.Assert.assertEquals;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.then;
import java.util.Collections;
@@ -42,11 +46,12 @@ import java.util.Map;
import org.alfresco.rest.api.Actions;
import org.alfresco.rest.api.model.ActionDefinition;
import org.alfresco.rest.api.model.rules.Action;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.service.Experimental;
import org.alfresco.service.namespace.QName;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.BDDMockito;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
@@ -74,12 +79,12 @@ public class ActionParameterDefinitionValidatorTest
final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@@ -90,17 +95,34 @@ public class ActionParameterDefinitionValidatorTest
final String actionDefinitionId = "properActionDefinition";
action.setActionDefinitionId(actionDefinitionId);
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, null);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@Test
public void testValidationPassesWhenNoMandatoryParameters()
public void testValidationPassesWhenNoMandatoryParametersNeeded()
{
final Action action = new Action();
final String actionDefinitionId = "properActionDefinition";
action.setActionDefinitionId(actionDefinitionId);
final ActionDefinition actionDefinition =
createActionDefinition(actionDefinitionId, List.of(createParameterDefinition(NON_MANDATORY_PARAM_KEY, TEXT, false, null)));
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@Test
public void testValidationPassesWhenOptionalParametersNotProvided()
{
final Action action = new Action();
final String actionDefinitionId = "properActionDefinition";
@@ -110,12 +132,12 @@ public class ActionParameterDefinitionValidatorTest
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null),
createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
objectUnderTest.validate(action);
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@@ -129,13 +151,13 @@ public class ActionParameterDefinitionValidatorTest
final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinitionId, NON_MANDATORY_PARAM_KEY));
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@@ -148,13 +170,13 @@ public class ActionParameterDefinitionValidatorTest
final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinitionId));
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@@ -170,13 +192,13 @@ public class ActionParameterDefinitionValidatorTest
final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY));
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@@ -191,16 +213,56 @@ public class ActionParameterDefinitionValidatorTest
List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null),
createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null));
final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
BDDMockito.given(actionsMock.getActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
//when
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY));
then(actionsMock).should().getActionDefinitionById(actionDefinitionId);
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@Test
public void testValidationFailsWhenActionWithNullActionDefinition()
{
final Action action = new Action();
action.setActionDefinitionId(null);
action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
//when
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(EMPTY_ACTION_DEFINITION);
then(actionsMock).shouldHaveNoInteractions();
}
@Test
public void testValidationFailsWhenNotApplicableActionDefinition()
{
final Action action = new Action();
final String actionDefinitionId = "notApplicableActionDefinition";
action.setActionDefinitionId(actionDefinitionId);
action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willThrow(NotFoundException.class);
//when
assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
.withMessageContaining(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId));
then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
then(actionsMock).shouldHaveNoMoreInteractions();
}
@Test
public void testHasProperPriority()
{
final int expectedPriority = Integer.MIN_VALUE;
final int actualPriority = objectUnderTest.getPriority();
assertEquals(expectedPriority, actualPriority);
}
private ActionDefinition createActionDefinition(final String actionDefinitionId,
List<ActionDefinition.ParameterDefinition> parameterDefinitions)
{