inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1008: It's possible to Edit Hold Details by user with suitable rights BUT with Read Only permissions in File Plan

Browse Source 
* hold and transfer container permissions are set up the same as unfiled .. they can not be explicitly set .. instead they inherit from file plan
  * holds and transfers inherit permissions from the containers .. in turn they are effected by changes to overall fileplan permissions
  * in the future explicit permissions will be able to be set or implied but the held or transfered records
  * edit freeze details capability requires filling permission
  * unit test for the various scenarios



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56187 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-10-01 07:28:31 +00:00
parent b042674eab
commit 7ff26e1158
9 changed files with 491 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java
View File

@@ -18,6 +18,7 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM1008Test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM452Test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM994Test;
import org.junit.runner.RunWith;
@@ -34,7 +35,8 @@ import org.junit.runners.Suite.SuiteClasses;
@SuiteClasses(
{
RM452Test.class,
RM994Test.class
RM994Test.class,
RM1008Test.class
})
public class IssueTestSuite
{

363
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java Normal file
View File

@@ -0,0 +1,363 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.issue;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.GUID;
/**
* System test for RM-1008
*
* @author Roy Wetherall
*/
public class RM1008Test extends BaseRMTestCase
{
private String myUser;
@Override
protected void initServices()
{
super.initServices();
}
@Override
protected boolean isRecordTest()
{
return true;
}
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
myUser = GUID.generate();
createPerson(myUser);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, myUser);
}
public void testContainers() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
NodeRef holdContainer = filePlanService.getHoldContainer(filePlan);
assertNotNull(holdContainer);
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
assertNotNull(transferContainer);
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer));
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
NodeRef holdContainer = filePlanService.getHoldContainer(filePlan);
assertNotNull(holdContainer);
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
assertNotNull(transferContainer);
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer));
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
public void testHold()
{
final NodeRef hold = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create hold object
freezeService.freeze("test", rmFolder);
Set<NodeRef> holds = freezeService.getHolds(filePlan);
return holds.iterator().next();
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.setPermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.deletePermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
public void testTransfer()
{
final NodeRef transferFolder = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
NodeRef transferCat = filePlanService.createRecordCategory(filePlan, "transferCat");
Map<QName, Serializable> dsProps = new HashMap<QName, Serializable>(3);
dsProps.put(PROP_DISPOSITION_AUTHORITY, "test");
dsProps.put(PROP_DISPOSITION_INSTRUCTIONS, "test");
dsProps.put(PROP_RECORD_LEVEL_DISPOSITION, false);
DispositionSchedule dispositionSchedule = dispositionService.createDispositionSchedule(transferCat, dsProps);
Map<QName, Serializable> adParams = new HashMap<QName, Serializable>(3);
adParams.put(PROP_DISPOSITION_ACTION_NAME, "cutoff");
adParams.put(PROP_DISPOSITION_DESCRIPTION, "test");
adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0");
dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams);
adParams = new HashMap<QName, Serializable>(3);
adParams.put(PROP_DISPOSITION_ACTION_NAME, "transfer");
adParams.put(PROP_DISPOSITION_DESCRIPTION, "test");
adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0");
dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams);
return rmService.createRecordFolder(transferCat, "transferFolder");
}
});
final NodeRef transfer = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
actionService.executeRecordsManagementAction(transferFolder, "cutoff");
actionService.executeRecordsManagementAction(transferFolder, "transfer");
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(transferContainer, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
return childAssocs.get(0).getChildRef();
}
@Override
public void test(NodeRef result) throws Exception
{
assertNotNull(result);
assertEquals(TYPE_TRANSFER, nodeService.getType(result));
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.setPermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.deletePermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
}

35
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.util;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
@@ -42,6 +43,7 @@ import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearch
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
import org.alfresco.repo.policy.BehaviourFilter;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.AuthorityDAO;
@@ -400,16 +402,31 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
*/
protected void tearDownImpl()
{
// Delete the folder
nodeService.deleteNode(folder);
// Delete the site
siteService.deleteSite(siteId);
// delete the collaboration site (if required)
if (isCollaborationSiteTest() == true)
BehaviourFilter filter = (BehaviourFilter)applicationContext.getBean("policyBehaviourFilter");
filter.disableBehaviour();
try
{
siteService.deleteSite(COLLABORATION_SITE_ID);
Set<NodeRef> holds = freezeService.getHolds(filePlan);
for (NodeRef hold : holds)
{
freezeService.relinquish(hold);
}
// Delete the folder
nodeService.deleteNode(folder);
// Delete the site
siteService.deleteSite(siteId);
// delete the collaboration site (if required)
if (isCollaborationSiteTest() == true)
{
siteService.deleteSite(COLLABORATION_SITE_ID);
}
}
finally
{
filter.enableBehaviour();
}
}