From 7ff26e11581e5527292fbfb0671ccf2a910f4514 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Tue, 1 Oct 2013 07:28:31 +0000 Subject: [PATCH] RM-1008: It's possible to Edit Hold Details by user with suitable rights BUT with Read Only permissions in File Plan * hold and transfer container permissions are set up the same as unfiled .. they can not be explicitly set .. instead they inherit from file plan * holds and transfers inherit permissions from the containers .. in turn they are effected by changes to overall fileplan permissions * in the future explicit permissions will be able to be set or implied but the held or transfered records * edit freeze details capability requires filling permission * unit test for the various scenarios git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56187 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-capabilities-freeze-context.xml | 1 + .../rm-service-context.xml | 2 +- .../fileplan/FilePlanServiceImpl.java | 23 +- .../freeze/FreezeServiceImpl.java | 16 - .../role/FilePlanRoleServiceImpl.java | 28 +- .../FilePlanPermissionServiceImpl.java | 80 +++- .../test/IssueTestSuite.java | 4 +- .../test/issue/RM1008Test.java | 363 ++++++++++++++++++ .../test/util/BaseRMTestCase.java | 35 +- 9 files changed, 491 insertions(+), 61 deletions(-) create mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-freeze-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-freeze-context.xml index a6ae91c265..c1e03ffe59 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-freeze-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-freeze-context.xml @@ -45,6 +45,7 @@ + diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 048cc35f4b..764b920c5b 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -501,10 +501,10 @@ - diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java index 10d648b3b1..28942f6497 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java @@ -450,7 +450,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl */ public NodeRef createUnfiledContainer(NodeRef filePlan) { - return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER, false); + return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER); } /** @@ -459,7 +459,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl @Override public NodeRef createHoldContainer(NodeRef filePlan) { - return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER, true); + return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER); } /** @@ -468,7 +468,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl @Override public NodeRef createTransferContainer(NodeRef filePlan) { - return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER, true); + return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER); } /** @@ -479,7 +479,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl * @param inheritPermissions * @return */ - private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName, boolean inheritPermissions) + private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName) { ParameterCheck.mandatory("filePlan", filePlan); if (isFilePlan(filePlan) == false) @@ -502,23 +502,24 @@ public class FilePlanServiceImpl extends ServiceBaseImpl properties).getChildRef(); - if (inheritPermissions == false) - { + // if (inheritPermissions == false) + // { // set inheritance to false getPermissionService().setInheritParentPermissions(container, false); getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); + getPermissionService().setPermission(container, "Administrator", RMPermissionModel.FILING, true); // TODO set the admin users to have filing permissions on the unfiled container!!! // TODO we will need to be able to get a list of the admin roles from the service - } - else - { + // } + // else + // { // just inherit eveything // TODO will change this when we are able to set permissions on holds and transfers! - getPermissionService().setInheritParentPermissions(container, true); - } + // getPermissionService().setInheritParentPermissions(container, true); + // } return container; } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java index a8ba156b74..045b66b72c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java @@ -29,7 +29,6 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; @@ -161,7 +160,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl { AuthenticationUtil.runAsSystem(new RunAsWork() { - @Override public Void doWork() throws Exception { @@ -616,20 +614,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl msg.append("Created hold object '").append(holdNodeRef).append("' with name '").append(holdQName).append("'."); logger.debug(msg.toString()); } - - AuthenticationUtil.runAsSystem(new RunAsWork() - { - @Override - public Void doWork() throws Exception - { - // set inherit to false - permissionService.setInheritParentPermissions(holdNodeRef, false); - String allGroup = filePlanRoleService.getAllRolesContainerGroup(root); - permissionService.setPermission(holdNodeRef, allGroup, RMPermissionModel.FILING, true); - - return null; - } - }); // Bind the hold node reference to the transaction AlfrescoTransactionSupport.bindResource(KEY_HOLD_NODEREF, holdNodeRef); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java index 50e545acfe..908500eabd 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java @@ -23,9 +23,11 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Serializable; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; @@ -238,10 +240,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, if (nodeService.exists(rmRootNode) == true) { - NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() + List systemContainers = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork>() { - public NodeRef doWork() + public List doWork() { + List systemContainers = new ArrayList(3); + //In a multi tenant store we need to initialize the rm config if it has been done yet NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, CONFIG_NODEID); if (nodeService.exists(nodeRef) == false) @@ -263,17 +267,18 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); // Create the transfer and hold containers - // NOTE: don't need to worry about the admin permissions as for now we just inherit all - filePlanService.createHoldContainer(rmRootNode); - filePlanService.createTransferContainer(rmRootNode); + systemContainers.add(filePlanService.createHoldContainer(rmRootNode)); + systemContainers.add(filePlanService.createTransferContainer(rmRootNode)); // Create the unfiled record container - return filePlanService.createUnfiledContainer(rmRootNode); + systemContainers.add(filePlanService.createUnfiledContainer(rmRootNode)); + + return systemContainers; } }, AuthenticationUtil.getSystemUserName()); // Bootstrap in the default set of roles for the newly created root node - bootstrapDefaultRoles(rmRootNode, unfiledContainer); + bootstrapDefaultRoles(rmRootNode, systemContainers); } } @@ -324,7 +329,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, * @param rmRootNode * @param unfiledContainer */ - private void bootstrapDefaultRoles(final NodeRef filePlan, final NodeRef unfiledContainer) + private void bootstrapDefaultRoles(final NodeRef filePlan, final List systemContainers) { AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { @@ -408,9 +413,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { // Admin has filing permissionService.setPermission(filePlan, role.getRoleGroupName(), RMPermissionModel.FILING, true); - if (unfiledContainer != null) + if (systemContainers != null) { - permissionService.setPermission(unfiledContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true); + for (NodeRef systemContainer : systemContainers) + { + permissionService.setPermission(systemContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true); + } } // Add the creating user to the administration group diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java index 8002801ecf..e821ab5e19 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java @@ -28,10 +28,11 @@ import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; +import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl; import org.alfresco.repo.node.NodeServicePolicies; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; -import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; @@ -51,29 +52,27 @@ import org.apache.commons.logging.LogFactory; * @author Roy Wetherall * @since 2.1 */ -public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, +public class FilePlanPermissionServiceImpl extends ServiceBaseImpl + implements FilePlanPermissionService, RecordsManagementModel { /** Permission service */ - private PermissionService permissionService; + protected PermissionService permissionService; /** Policy component */ - private PolicyComponent policyComponent; + protected PolicyComponent policyComponent; /** Records management service */ - private RecordsManagementService recordsManagementService; - - /** Node service */ - private NodeService nodeService; + protected RecordsManagementService recordsManagementService; /** File plan service */ - private FilePlanService filePlanService; + protected FilePlanService filePlanService; /** Record service */ - private RecordService recordService; + protected RecordService recordService; /** Logger */ - private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); + protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); /** * Initialisation method @@ -96,6 +95,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, NodeServicePolicies.OnMoveNodePolicy.QNAME, ASPECT_RECORD, new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT)); + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnCreateNodePolicy.QNAME, + TYPE_HOLD, + new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnCreateNodePolicy.QNAME, + TYPE_TRANSFER, + new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); } /** @@ -264,6 +271,49 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, }, AuthenticationUtil.getSystemUserName()); } + /** + * Sets up permissions for transfer and hold objects + * + * @param childAssocRef + */ + public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef) + { + AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork() + { + public Void doWork() + { + NodeRef nodeRef = childAssocRef.getChildRef(); + if (nodeService.exists(nodeRef) == true) + { + setUpPermissions(nodeRef); + + NodeRef parent = childAssocRef.getParentRef(); + Set perms = permissionService.getAllSetPermissions(parent); + for (AccessPermission perm : perms) + { + if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && + ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) + { + AccessStatus accessStatus = perm.getAccessStatus(); + boolean allow = false; + if (AccessStatus.ALLOWED.equals(accessStatus) == true) + { + allow = true; + } + permissionService.setPermission( + nodeRef, + perm.getAuthority(), + perm.getPermission(), + allow); + } + } + } + + return null; + } + }); + } + /** * Initialise the record permissions for the given parent. * @@ -469,7 +519,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, NodeRef child = assoc.getChildRef(); if (filePlanService.isFilePlanContainer(child) == true || recordsManagementService.isRecordFolder(child) == true || - recordService.isRecord(child) == true) + recordService.isRecord(child) == true || + instanceOf(child, TYPE_HOLD) == true || + instanceOf(child, TYPE_TRANSFER) == true) { setPermissionDown(child, authority, permission); } @@ -520,7 +572,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, NodeRef child = assoc.getChildRef(); if (filePlanService.isFilePlanContainer(child) == true || recordsManagementService.isRecordFolder(child) == true || - recordService.isRecord(child) == true) + recordService.isRecord(child) == true|| + instanceOf(child, TYPE_HOLD) == true || + instanceOf(child, TYPE_TRANSFER) == true) { deletePermission(child, authority, permission); } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java index 1a55e7b651..f330d13846 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java @@ -18,6 +18,7 @@ */ package org.alfresco.module.org_alfresco_module_rm.test; +import org.alfresco.module.org_alfresco_module_rm.test.issue.RM1008Test; import org.alfresco.module.org_alfresco_module_rm.test.issue.RM452Test; import org.alfresco.module.org_alfresco_module_rm.test.issue.RM994Test; import org.junit.runner.RunWith; @@ -34,7 +35,8 @@ import org.junit.runners.Suite.SuiteClasses; @SuiteClasses( { RM452Test.class, - RM994Test.class + RM994Test.class, + RM1008Test.class }) public class IssueTestSuite { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java new file mode 100644 index 0000000000..c0ed653f4b --- /dev/null +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java @@ -0,0 +1,363 @@ +/* + * Copyright (C) 2005-2011 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.test.issue; + +import java.io.Serializable; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.model.ContentModel; +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; +import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; +import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.namespace.QName; +import org.alfresco.service.namespace.RegexQNamePattern; +import org.alfresco.util.GUID; + + +/** + * System test for RM-1008 + * + * @author Roy Wetherall + */ +public class RM1008Test extends BaseRMTestCase +{ + private String myUser; + + @Override + protected void initServices() + { + super.initServices(); + } + + @Override + protected boolean isRecordTest() + { + return true; + } + + @Override + protected boolean isUserTest() + { + return true; + } + + @Override + protected void setupTestUsersImpl(NodeRef filePlan) + { + super.setupTestUsersImpl(filePlan); + + myUser = GUID.generate(); + createPerson(myUser); + filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, myUser); + } + + public void testContainers() throws Exception + { + doTestInTransaction(new Test() + { + @Override + public Void run() + { + NodeRef holdContainer = filePlanService.getHoldContainer(filePlan); + assertNotNull(holdContainer); + NodeRef transferContainer = filePlanService.getTransferContainer(filePlan); + assertNotNull(transferContainer); + + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer)); + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer)); + + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING)); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + NodeRef holdContainer = filePlanService.getHoldContainer(filePlan); + assertNotNull(holdContainer); + NodeRef transferContainer = filePlanService.getTransferContainer(filePlan); + assertNotNull(transferContainer); + + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer)); + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer)); + + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + } + + public void testHold() + { + final NodeRef hold = doTestInTransaction(new Test() + { + @Override + public NodeRef run() + { + // create hold object + freezeService.freeze("test", rmFolder); + Set holds = freezeService.getHolds(filePlan); + return holds.iterator().next(); + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING)); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + filePlanPermissionService.setPermission(filePlan, myUser, FILING); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + filePlanPermissionService.deletePermission(filePlan, myUser, FILING); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + } + + public void testTransfer() + { + final NodeRef transferFolder = doTestInTransaction(new Test() + { + @Override + public NodeRef run() + { + NodeRef transferCat = filePlanService.createRecordCategory(filePlan, "transferCat"); + + Map dsProps = new HashMap(3); + dsProps.put(PROP_DISPOSITION_AUTHORITY, "test"); + dsProps.put(PROP_DISPOSITION_INSTRUCTIONS, "test"); + dsProps.put(PROP_RECORD_LEVEL_DISPOSITION, false); + DispositionSchedule dispositionSchedule = dispositionService.createDispositionSchedule(transferCat, dsProps); + + Map adParams = new HashMap(3); + adParams.put(PROP_DISPOSITION_ACTION_NAME, "cutoff"); + adParams.put(PROP_DISPOSITION_DESCRIPTION, "test"); + adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0"); + + dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams); + + adParams = new HashMap(3); + adParams.put(PROP_DISPOSITION_ACTION_NAME, "transfer"); + adParams.put(PROP_DISPOSITION_DESCRIPTION, "test"); + adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0"); + + dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams); + + return rmService.createRecordFolder(transferCat, "transferFolder"); + } + }); + + final NodeRef transfer = doTestInTransaction(new Test() + { + @Override + public NodeRef run() + { + actionService.executeRecordsManagementAction(transferFolder, "cutoff"); + actionService.executeRecordsManagementAction(transferFolder, "transfer"); + + NodeRef transferContainer = filePlanService.getTransferContainer(filePlan); + List childAssocs = nodeService.getChildAssocs(transferContainer, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); + return childAssocs.get(0).getChildRef(); + } + + @Override + public void test(NodeRef result) throws Exception + { + assertNotNull(result); + assertEquals(TYPE_TRANSFER, nodeService.getType(result)); + } + }); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + filePlanPermissionService.setPermission(filePlan, myUser, FILING); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); + assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + filePlanPermissionService.deletePermission(filePlan, myUser, FILING); + + return null; + } + }, rmAdminName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + Capability viewRecords = capabilityService.getCapability("ViewRecords"); + assertNotNull(viewRecords); + + assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); + + return null; + } + }, myUser); + + + } + +} diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java index 597076045b..9f6ff57ae4 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java @@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.util; import java.io.Serializable; import java.util.HashMap; import java.util.Map; +import java.util.Set; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; @@ -42,6 +43,7 @@ import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearch import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService; +import org.alfresco.repo.policy.BehaviourFilter; import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authority.AuthorityDAO; @@ -400,16 +402,31 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase */ protected void tearDownImpl() { - // Delete the folder - nodeService.deleteNode(folder); - - // Delete the site - siteService.deleteSite(siteId); - - // delete the collaboration site (if required) - if (isCollaborationSiteTest() == true) + BehaviourFilter filter = (BehaviourFilter)applicationContext.getBean("policyBehaviourFilter"); + filter.disableBehaviour(); + try { - siteService.deleteSite(COLLABORATION_SITE_ID); + Set holds = freezeService.getHolds(filePlan); + for (NodeRef hold : holds) + { + freezeService.relinquish(hold); + } + + // Delete the folder + nodeService.deleteNode(folder); + + // Delete the site + siteService.deleteSite(siteId); + + // delete the collaboration site (if required) + if (isCollaborationSiteTest() == true) + { + siteService.deleteSite(COLLABORATION_SITE_ID); + } + } + finally + { + filter.enableBehaviour(); } }