inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1008: It's possible to Edit Hold Details by user with suitable rights BUT with Read Only permissions in File Plan

Browse Source 
* hold and transfer container permissions are set up the same as unfiled .. they can not be explicitly set .. instead they inherit from file plan
  * holds and transfers inherit permissions from the containers .. in turn they are effected by changes to overall fileplan permissions
  * in the future explicit permissions will be able to be set or implied but the held or transfered records
  * edit freeze details capability requires filling permission
  * unit test for the various scenarios



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56187 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-10-01 07:28:31 +00:00
parent b042674eab
commit 7ff26e1158
9 changed files with 491 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-freeze-context.xml
View File

@@ -45,6 +45,7 @@
<property name="permission" value="ViewUpdateReasonsForFreeze"/> <property name="permission" value="ViewUpdateReasonsForFreeze"/>
<property name="conditions"> <property name="conditions">
<map> <map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozenOrHold" value="true"/> <entry key="capabilityCondition.frozenOrHold" value="true"/>
</map> </map>
</property> </property>

2
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -501,10 +501,10 @@
<!-- File Plan Permission Service --> <!-- File Plan Permission Service -->
<bean id="filePlanPermissionService" <bean id="filePlanPermissionService"
parent="baseService"
class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionServiceImpl" class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionServiceImpl"
init-method="init"> init-method="init">
<property name="permissionService" ref="PermissionService"/> <property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent"/> <property name="policyComponent" ref="policyComponent"/>
<property name="recordsManagementService" ref="RecordsManagementService"/> <property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="filePlanService" ref="FilePlanService" /> <property name="filePlanService" ref="FilePlanService" />

23
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java
View File

@@ -450,7 +450,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
*/ */
public NodeRef createUnfiledContainer(NodeRef filePlan) public NodeRef createUnfiledContainer(NodeRef filePlan)
{ {
return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER, false); return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER);
} }
/** /**
@@ -459,7 +459,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
@Override @Override
public NodeRef createHoldContainer(NodeRef filePlan) public NodeRef createHoldContainer(NodeRef filePlan)
{ {
return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER, true); return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER);
} }
/** /**
@@ -468,7 +468,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
@Override @Override
public NodeRef createTransferContainer(NodeRef filePlan) public NodeRef createTransferContainer(NodeRef filePlan)
{ {
return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER, true); return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER);
} }
/** /**
@@ -479,7 +479,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
* @param inheritPermissions * @param inheritPermissions
* @return * @return
*/ */
private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName, boolean inheritPermissions) private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName)
{ {
ParameterCheck.mandatory("filePlan", filePlan); ParameterCheck.mandatory("filePlan", filePlan);
if (isFilePlan(filePlan) == false) if (isFilePlan(filePlan) == false)
@@ -502,23 +502,24 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
properties).getChildRef(); properties).getChildRef();
if (inheritPermissions == false) // if (inheritPermissions == false)
{ // {
// set inheritance to false // set inheritance to false
getPermissionService().setInheritParentPermissions(container, false); getPermissionService().setInheritParentPermissions(container, false);
getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
getPermissionService().setPermission(container, "Administrator", RMPermissionModel.FILING, true);
// TODO set the admin users to have filing permissions on the unfiled container!!! // TODO set the admin users to have filing permissions on the unfiled container!!!
// TODO we will need to be able to get a list of the admin roles from the service // TODO we will need to be able to get a list of the admin roles from the service
} // }
else // else
{ // {
// just inherit eveything // just inherit eveything
// TODO will change this when we are able to set permissions on holds and transfers! // TODO will change this when we are able to set permissions on holds and transfers!
getPermissionService().setInheritParentPermissions(container, true); // getPermissionService().setInheritParentPermissions(container, true);
} // }
return container; return container;
} }

16
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java
View File

@@ -29,7 +29,6 @@ import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
@@ -161,7 +160,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl
{ {
AuthenticationUtil.runAsSystem(new RunAsWork<Void>() AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{ {
@Override @Override
public Void doWork() throws Exception public Void doWork() throws Exception
{ {
@@ -616,20 +614,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl
msg.append("Created hold object '").append(holdNodeRef).append("' with name '").append(holdQName).append("'."); msg.append("Created hold object '").append(holdNodeRef).append("' with name '").append(holdQName).append("'.");
logger.debug(msg.toString()); logger.debug(msg.toString());
} }
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
// set inherit to false
permissionService.setInheritParentPermissions(holdNodeRef, false);
String allGroup = filePlanRoleService.getAllRolesContainerGroup(root);
permissionService.setPermission(holdNodeRef, allGroup, RMPermissionModel.FILING, true);
return null;
}
});
// Bind the hold node reference to the transaction // Bind the hold node reference to the transaction
AlfrescoTransactionSupport.bindResource(KEY_HOLD_NODEREF, holdNodeRef); AlfrescoTransactionSupport.bindResource(KEY_HOLD_NODEREF, holdNodeRef);

28
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -23,9 +23,11 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@@ -238,10 +240,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
if (nodeService.exists(rmRootNode) == true) if (nodeService.exists(rmRootNode) == true)
{ {
NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() List<NodeRef> systemContainers = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<List<NodeRef>>()
{ {
public NodeRef doWork() public List<NodeRef> doWork()
{ {
List<NodeRef> systemContainers = new ArrayList<NodeRef>(3);
//In a multi tenant store we need to initialize the rm config if it has been done yet //In a multi tenant store we need to initialize the rm config if it has been done yet
NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, CONFIG_NODEID); NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, CONFIG_NODEID);
if (nodeService.exists(nodeRef) == false) if (nodeService.exists(nodeRef) == false)
@@ -263,17 +267,18 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
// Create the transfer and hold containers // Create the transfer and hold containers
// NOTE: don't need to worry about the admin permissions as for now we just inherit all systemContainers.add(filePlanService.createHoldContainer(rmRootNode));
filePlanService.createHoldContainer(rmRootNode); systemContainers.add(filePlanService.createTransferContainer(rmRootNode));
filePlanService.createTransferContainer(rmRootNode);
// Create the unfiled record container // Create the unfiled record container
return filePlanService.createUnfiledContainer(rmRootNode); systemContainers.add(filePlanService.createUnfiledContainer(rmRootNode));
return systemContainers;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
// Bootstrap in the default set of roles for the newly created root node // Bootstrap in the default set of roles for the newly created root node
bootstrapDefaultRoles(rmRootNode, unfiledContainer); bootstrapDefaultRoles(rmRootNode, systemContainers);
} }
} }
@@ -324,7 +329,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
* @param rmRootNode * @param rmRootNode
* @param unfiledContainer * @param unfiledContainer
*/ */
private void bootstrapDefaultRoles(final NodeRef filePlan, final NodeRef unfiledContainer) private void bootstrapDefaultRoles(final NodeRef filePlan, final List<NodeRef> systemContainers)
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{ {
@@ -408,9 +413,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{ {
// Admin has filing // Admin has filing
permissionService.setPermission(filePlan, role.getRoleGroupName(), RMPermissionModel.FILING, true); permissionService.setPermission(filePlan, role.getRoleGroupName(), RMPermissionModel.FILING, true);
if (unfiledContainer != null) if (systemContainers != null)
{ {
permissionService.setPermission(unfiledContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true); for (NodeRef systemContainer : systemContainers)
{
permissionService.setPermission(systemContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true);
}
} }
// Add the creating user to the administration group // Add the creating user to the administration group

80
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -28,10 +28,11 @@ import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
@@ -51,29 +52,27 @@ import org.apache.commons.logging.LogFactory;
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.1 * @since 2.1
*/ */
public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
implements FilePlanPermissionService,
RecordsManagementModel RecordsManagementModel
{ {
/** Permission service */ /** Permission service */
private PermissionService permissionService; protected PermissionService permissionService;
/** Policy component */ /** Policy component */
private PolicyComponent policyComponent; protected PolicyComponent policyComponent;
/** Records management service */ /** Records management service */
private RecordsManagementService recordsManagementService; protected RecordsManagementService recordsManagementService;
/** Node service */
private NodeService nodeService;
/** File plan service */ /** File plan service */
private FilePlanService filePlanService; protected FilePlanService filePlanService;
/** Record service */ /** Record service */
private RecordService recordService; protected RecordService recordService;
/** Logger */ /** Logger */
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
/** /**
* Initialisation method * Initialisation method
@@ -96,6 +95,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeServicePolicies.OnMoveNodePolicy.QNAME, NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_HOLD,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_TRANSFER,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
} }
/** /**
@@ -264,6 +271,49 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/**
* Sets up permissions for transfer and hold objects
*
* @param childAssocRef
*/
public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef)
{
AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
NodeRef nodeRef = childAssocRef.getChildRef();
if (nodeService.exists(nodeRef) == true)
{
setUpPermissions(nodeRef);
NodeRef parent = childAssocRef.getParentRef();
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
nodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
return null;
}
});
}
/** /**
* Initialise the record permissions for the given parent. * Initialise the record permissions for the given parent.
* *
@@ -469,7 +519,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef(); NodeRef child = assoc.getChildRef();
if (filePlanService.isFilePlanContainer(child) == true || if (filePlanService.isFilePlanContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true || recordsManagementService.isRecordFolder(child) == true ||
recordService.isRecord(child) == true) recordService.isRecord(child) == true ||
instanceOf(child, TYPE_HOLD) == true ||
instanceOf(child, TYPE_TRANSFER) == true)
{ {
setPermissionDown(child, authority, permission); setPermissionDown(child, authority, permission);
} }
@@ -520,7 +572,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef(); NodeRef child = assoc.getChildRef();
if (filePlanService.isFilePlanContainer(child) == true || if (filePlanService.isFilePlanContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true || recordsManagementService.isRecordFolder(child) == true ||
recordService.isRecord(child) == true) recordService.isRecord(child) == true||
instanceOf(child, TYPE_HOLD) == true ||
instanceOf(child, TYPE_TRANSFER) == true)
{ {
deletePermission(child, authority, permission); deletePermission(child, authority, permission);
} }

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java
View File

@@ -18,6 +18,7 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.test; package org.alfresco.module.org_alfresco_module_rm.test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM1008Test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM452Test; import org.alfresco.module.org_alfresco_module_rm.test.issue.RM452Test;
import org.alfresco.module.org_alfresco_module_rm.test.issue.RM994Test; import org.alfresco.module.org_alfresco_module_rm.test.issue.RM994Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
@@ -34,7 +35,8 @@ import org.junit.runners.Suite.SuiteClasses;
@SuiteClasses( @SuiteClasses(
{ {
RM452Test.class, RM452Test.class,
RM994Test.class RM994Test.class,
RM1008Test.class
}) })
public class IssueTestSuite public class IssueTestSuite
{ {

363
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM1008Test.java Normal file
View File

@@ -0,0 +1,363 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.issue;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.GUID;
/**
* System test for RM-1008
*
* @author Roy Wetherall
*/
public class RM1008Test extends BaseRMTestCase
{
private String myUser;
@Override
protected void initServices()
{
super.initServices();
}
@Override
protected boolean isRecordTest()
{
return true;
}
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
myUser = GUID.generate();
createPerson(myUser);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, myUser);
}
public void testContainers() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
NodeRef holdContainer = filePlanService.getHoldContainer(filePlan);
assertNotNull(holdContainer);
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
assertNotNull(transferContainer);
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer));
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
NodeRef holdContainer = filePlanService.getHoldContainer(filePlan);
assertNotNull(holdContainer);
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
assertNotNull(transferContainer);
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(holdContainer));
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transferContainer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(holdContainer, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transferContainer, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
public void testHold()
{
final NodeRef hold = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create hold object
freezeService.freeze("test", rmFolder);
Set<NodeRef> holds = freezeService.getHolds(filePlan);
return holds.iterator().next();
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.setPermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.deletePermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
public void testTransfer()
{
final NodeRef transferFolder = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
NodeRef transferCat = filePlanService.createRecordCategory(filePlan, "transferCat");
Map<QName, Serializable> dsProps = new HashMap<QName, Serializable>(3);
dsProps.put(PROP_DISPOSITION_AUTHORITY, "test");
dsProps.put(PROP_DISPOSITION_INSTRUCTIONS, "test");
dsProps.put(PROP_RECORD_LEVEL_DISPOSITION, false);
DispositionSchedule dispositionSchedule = dispositionService.createDispositionSchedule(transferCat, dsProps);
Map<QName, Serializable> adParams = new HashMap<QName, Serializable>(3);
adParams.put(PROP_DISPOSITION_ACTION_NAME, "cutoff");
adParams.put(PROP_DISPOSITION_DESCRIPTION, "test");
adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0");
dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams);
adParams = new HashMap<QName, Serializable>(3);
adParams.put(PROP_DISPOSITION_ACTION_NAME, "transfer");
adParams.put(PROP_DISPOSITION_DESCRIPTION, "test");
adParams.put(PROP_DISPOSITION_PERIOD, "immediately|0");
dispositionService.addDispositionActionDefinition(dispositionSchedule, adParams);
return rmService.createRecordFolder(transferCat, "transferFolder");
}
});
final NodeRef transfer = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
actionService.executeRecordsManagementAction(transferFolder, "cutoff");
actionService.executeRecordsManagementAction(transferFolder, "transfer");
NodeRef transferContainer = filePlanService.getTransferContainer(filePlan);
List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(transferContainer, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
return childAssocs.get(0).getChildRef();
}
@Override
public void test(NodeRef result) throws Exception
{
assertNotNull(result);
assertEquals(TYPE_TRANSFER, nodeService.getType(result));
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.setPermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanPermissionService.deletePermission(filePlan, myUser, FILING);
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
}

35
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.util;
import java.io.Serializable; import java.io.Serializable;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
@@ -42,6 +43,7 @@ import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearch
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService; import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
import org.alfresco.repo.policy.BehaviourFilter;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.AuthorityDAO; import org.alfresco.repo.security.authority.AuthorityDAO;
@@ -400,16 +402,31 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
*/ */
protected void tearDownImpl() protected void tearDownImpl()
{ {
// Delete the folder BehaviourFilter filter = (BehaviourFilter)applicationContext.getBean("policyBehaviourFilter");
nodeService.deleteNode(folder); filter.disableBehaviour();
try
// Delete the site
siteService.deleteSite(siteId);
// delete the collaboration site (if required)
if (isCollaborationSiteTest() == true)
{ {
siteService.deleteSite(COLLABORATION_SITE_ID); Set<NodeRef> holds = freezeService.getHolds(filePlan);
for (NodeRef hold : holds)
{
freezeService.relinquish(hold);
}
// Delete the folder
nodeService.deleteNode(folder);
// Delete the site
siteService.deleteSite(siteId);
// delete the collaboration site (if required)
if (isCollaborationSiteTest() == true)
{
siteService.deleteSite(COLLABORATION_SITE_ID);
}
}
finally
{
filter.enableBehaviour();
} }
} }