inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Big honkin' merge from head. Sheesh!

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3617 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-08-27 01:01:30 +00:00
parent e2c66899cc
commit 8031cc6574
322 changed files with 20776 additions and 6550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
View File

@@ -180,11 +180,14 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
*/
private String getUserName(Authentication authentication)
{
String username = authentication.getPrincipal().toString();
String username;
if (authentication.getPrincipal() instanceof UserDetails)
{
username = ((UserDetails) authentication.getPrincipal()).getUsername();
username = ((UserDetails)authentication.getPrincipal()).getUsername();
}
else
{
username = authentication.getPrincipal().toString();
}
return username;

94
source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -39,7 +39,6 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.SaltSource;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -89,8 +88,6 @@ public class AuthenticationTest extends TestCase
private AuthenticationComponent authenticationComponent;
private PermissionServiceSPI permissionServiceSPI;
private UserTransaction userTransaction;
private AuthenticationComponent authenticationComponentImpl;
@@ -117,7 +114,8 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponentImpl");
permissionServiceSPI = (PermissionServiceSPI) ctx.getBean("permissionService");
// permissionServiceSPI = (PermissionServiceSPI)
// ctx.getBean("permissionService");
dao = (MutableAuthenticationDao) ctx.getBean("alfDaoImpl");
authenticationManager = (AuthenticationManager) ctx.getBean("authenticationManager");
@@ -181,7 +179,6 @@ public class AuthenticationTest extends TestCase
public void xtestScalability()
{
long create = 0;
long count = 0;
long start;
long end;
@@ -207,6 +204,49 @@ public class AuthenticationTest extends TestCase
authenticationComponent.clearCurrentSecurityContext();
}
public void c()
{
try
{
authenticationService.authenticate("", "".toCharArray());
}
catch (AuthenticationException e)
{
// Expected
}
}
public void testCreateUsers()
{
authenticationService.createAuthentication("GUEST", "".toCharArray());
authenticationService.authenticate("GUEST", "".toCharArray());
// Guest is reported as lower case and the authentication basically
// ignored at the moment
assertEquals("guest", authenticationService.getCurrentUserName());
authenticationService.createAuthentication("Andy", "".toCharArray());
authenticationService.authenticate("Andy", "".toCharArray());
assertEquals("Andy", authenticationService.getCurrentUserName());
authenticationService.createAuthentication("Mr.Woof.Banana@chocolate.chip.cookie.com", "".toCharArray());
authenticationService.authenticate("Mr.Woof.Banana@chocolate.chip.cookie.com", "".toCharArray());
assertEquals("Mr.Woof.Banana@chocolate.chip.cookie.com", authenticationService.getCurrentUserName());
authenticationService.createAuthentication("Andy_Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_Woof/Domain", "".toCharArray());
assertEquals("Andy_Woof/Domain", authenticationService.getCurrentUserName());
authenticationService.createAuthentication("Andy_ Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_ Woof/Domain", "".toCharArray());
assertEquals("Andy_ Woof/Domain", authenticationService.getCurrentUserName());
authenticationService.createAuthentication("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", "".toCharArray());
authenticationService.authenticate("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", "".toCharArray());
assertEquals("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", authenticationService.getCurrentUserName());
}
public void testCreateAndyUserAndOtherCRUD() throws NoSuchAlgorithmException, UnsupportedEncodingException
{
RepositoryAuthenticationDao dao = new RepositoryAuthenticationDao();
@@ -225,7 +265,7 @@ public class AuthenticationTest extends TestCase
UserDetails AndyDetails = (UserDetails) dao.loadUserByUsername("Andy");
assertNotNull(AndyDetails);
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", AndyDetails.getUsername());
assertEquals("Andy", AndyDetails.getUsername());
// assertNotNull(dao.getSalt(AndyDetails));
assertTrue(AndyDetails.isAccountNonExpired());
assertTrue(AndyDetails.isAccountNonLocked());
@@ -240,7 +280,7 @@ public class AuthenticationTest extends TestCase
dao.updateUser("Andy", "carrot".toCharArray());
UserDetails newDetails = (UserDetails) dao.loadUserByUsername("Andy");
assertNotNull(newDetails);
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", newDetails.getUsername());
assertEquals("Andy", newDetails.getUsername());
// assertNotNull(dao.getSalt(newDetails));
assertTrue(newDetails.isAccountNonExpired());
assertTrue(newDetails.isAccountNonLocked());
@@ -624,7 +664,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -660,7 +700,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -696,7 +736,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -742,7 +782,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -798,7 +838,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -857,7 +897,7 @@ public class AuthenticationTest extends TestCase
authenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
authenticationService.clearCurrentSecurityContext();
@@ -918,7 +958,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
pubAuthenticationService.clearCurrentSecurityContext();
@@ -966,7 +1006,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
pubAuthenticationService.clearCurrentSecurityContext();
@@ -1013,7 +1053,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
pubAuthenticationService.clearCurrentSecurityContext();
@@ -1085,7 +1125,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
pubAuthenticationService.clearCurrentSecurityContext();
@@ -1114,7 +1154,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.invalidateTicket(ticket);
}
public void testPubAuthenticationService0()
{
// pubAuthenticationService.authenticateAsGuest();
@@ -1145,7 +1185,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
// assert the user is authenticated
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// delete the user authentication object
pubAuthenticationService.clearCurrentSecurityContext();
@@ -1172,21 +1212,21 @@ public class AuthenticationTest extends TestCase
// destroy the ticket instance
pubAuthenticationService.invalidateTicket(ticket);
authenticationComponent.clearCurrentSecurityContext();
pubAuthenticationService.authenticate("Andy", "auth3".toCharArray());
pubAuthenticationService.updateAuthentication("Andy", "auth3".toCharArray(), "auth4".toCharArray());
pubAuthenticationService.authenticate("Andy", "auth4".toCharArray());
try
{
pubAuthenticationService.updateAuthentication("Andy", "auth3".toCharArray(), "auth4".toCharArray());
fail("Should not be able to update");
pubAuthenticationService.updateAuthentication("Andy", "auth3".toCharArray(), "auth4".toCharArray());
fail("Should not be able to update");
}
catch(AuthenticationException ae)
catch (AuthenticationException ae)
{
}
}
@@ -1202,7 +1242,7 @@ public class AuthenticationTest extends TestCase
authenticationService.createAuthentication("Andy", "auth1".toCharArray());
authenticationComponent.setCurrentUser("Andy");
assertEquals(dao.getUserNamesAreCaseSensitive() ? "Andy" : "andy", authenticationService.getCurrentUserName());
assertEquals("Andy", authenticationService.getCurrentUserName());
// authenticationService.deleteAuthentication("andy");
}

11
source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
View File

@@ -22,7 +22,6 @@ import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.service.cmr.repository.StoreRef;
import org.springframework.dao.DataAccessException;
/**
@@ -246,16 +245,6 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
{
throw new AlfrescoRuntimeException("Not implemented");
}
/**
* Are user names case sensitive?
*
* @return
*/
public boolean getUserNamesAreCaseSensitive()
{
throw new AlfrescoRuntimeException("Not implemented");
}
/**
* Return the user details for the specified user

7
source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java
View File

@@ -184,11 +184,4 @@ public interface MutableAuthenticationDao extends AuthenticationDao, SaltSource
*/
public String getMD4HashedPassword(String userName);
/**
* Are user names case sensitive?
*
* @return
*/
public boolean getUserNamesAreCaseSensitive();
}

87
source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
View File

@@ -31,6 +31,7 @@ import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -54,6 +55,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
private NamespacePrefixResolver namespacePrefixResolver;
@SuppressWarnings("unused")
private DictionaryService dictionaryService;
private SearchService searchService;
@@ -97,20 +99,23 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
this.searchService = searchService;
}
public UserDetails loadUserByUsername(String caseSensitiveUserName) throws UsernameNotFoundException,
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException,
DataAccessException
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
NodeRef userRef = getUserOrNull(userName);
NodeRef userRef = getUserOrNull(incomingUserName);
if (userRef == null)
{
throw new UsernameNotFoundException("Could not find user by userName: " + caseSensitiveUserName);
throw new UsernameNotFoundException("Could not find user by userName: " + incomingUserName);
}
Map<QName, Serializable> properties = nodeService.getProperties(userRef);
String password = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_PASSWORD));
// Report back the user name as stored on the user
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USER_USERNAME));
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
@@ -119,12 +124,20 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
return ud;
}
public NodeRef getUserOrNull(String caseSensitiveUserName)
public NodeRef getUserOrNull(String searchUserName)
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
if(searchUserName == null)
{
return null;
}
if(searchUserName.length() == 0)
{
return null;
}
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("@usr\\:username:" + userName);
sp.setQuery("@usr\\:username:\"" + searchUserName + "\"");
sp.addStore(STOREREF_USERS);
sp.excludeDataInTheCurrentTransaction(false);
@@ -134,6 +147,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
@@ -142,12 +157,39 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USER_USERNAME));
if (realUserName.equals(userName))
if (userNamesAreCaseSensitive)
{
return nodeRef;
if (realUserName.equals(searchUserName))
{
if(returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for "+searchUserName+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if(returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for "+searchUserName+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
@@ -156,21 +198,18 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
rs.close();
}
}
return null;
}
public void createUser(String caseSensitiveUserName, char[] rawPassword) throws AuthenticationException
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
NodeRef userRef = getUserOrNull(userName);
NodeRef userRef = getUserOrNull(caseSensitiveUserName);
if (userRef != null)
{
throw new AuthenticationException("User already exists: " + userName);
throw new AuthenticationException("User already exists: " + caseSensitiveUserName);
}
NodeRef typesNode = getUserFolderLocation();
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USER_USERNAME, userName);
properties.put(ContentModel.PROP_USER_USERNAME, caseSensitiveUserName);
String salt = null; // GUID.generate();
properties.put(ContentModel.PROP_SALT, salt);
properties.put(ContentModel.PROP_PASSWORD, passwordEncoder.encodePassword(new String(rawPassword), salt));
@@ -178,11 +217,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false));
properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(true));
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(
typesNode,
ContentModel.ASSOC_CHILDREN,
ContentModel.TYPE_USER,
ContentModel.TYPE_USER,
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
properties);
}
@@ -190,11 +225,10 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
private NodeRef getUserFolderLocation()
{
QName qnameAssocSystem = QName.createQName("sys", "system", namespacePrefixResolver);
QName qnameAssocUsers = QName.createQName("sys", "people", namespacePrefixResolver); // see AR-527
QName qnameAssocUsers = QName.createQName("sys", "people", namespacePrefixResolver); // see
// AR-527
NodeRef rootNode = nodeService.getRootNode(STOREREF_USERS);
List<ChildAssociationRef> results = nodeService.getChildAssocs(
rootNode,
RegexQNamePattern.MATCH_ALL,
List<ChildAssociationRef> results = nodeService.getChildAssocs(rootNode, RegexQNamePattern.MATCH_ALL,
qnameAssocSystem);
NodeRef sysNodeRef = null;
if (results.size() == 0)
@@ -205,10 +239,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{
sysNodeRef = results.get(0).getChildRef();
}
results = nodeService.getChildAssocs(
sysNodeRef,
RegexQNamePattern.MATCH_ALL,
qnameAssocUsers);
results = nodeService.getChildAssocs(sysNodeRef, RegexQNamePattern.MATCH_ALL, qnameAssocUsers);
NodeRef userNodeRef = null;
if (results.size() == 0)
{

1
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

@@ -19,7 +19,6 @@ package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Writer;
import java.util.Collection;
import java.util.HashMap;

9
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
View File

@@ -662,10 +662,9 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
}
else
{
// Set using the user name, lowercase the name if hte person service is case insensitive
// Set using the user name
if ( m_personService.getUserNamesAreCaseSensitive() == false)
username = username.toLowerCase();
setCurrentUser( username);
// DEBUG
@@ -838,10 +837,8 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
}
else
{
// Set using the user name, lowercase the name if the person service is case insensitive
// Set using the user name
if ( m_personService.getUserNamesAreCaseSensitive() == false)
username = username.toLowerCase();
setCurrentUser( username);
// DEBUG

12
source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
View File

@@ -294,18 +294,6 @@ public class NullMutableAuthenticationDao implements MutableAuthenticationDao
// return null;
}
/**
* Are user names case sensitive?
*
* @return
*/
public boolean getUserNamesAreCaseSensitive()
{
throw new AlfrescoRuntimeException("Not implemented");
// return false;
}
/**
* Return the user details for the specified user

42
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -61,7 +61,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
private DictionaryService dictionaryService;
private SimpleCache<String, ArrayList<NodeRef>> userToAuthorityCache;
private SimpleCache<String, HashSet<String>> userToAuthorityCache;
public AuthorityDAOImpl()
{
@@ -90,7 +90,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
this.searchService = searchService;
}
public void setUserToAuthorityCache(SimpleCache<String, ArrayList<NodeRef>> userToAuthorityCache)
public void setUserToAuthorityCache(SimpleCache<String, HashSet<String>> userToAuthorityCache)
{
this.userToAuthorityCache = userToAuthorityCache;
}
@@ -118,7 +118,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.setProperty(parentRef, ContentModel.PROP_MEMBERS, members);
userToAuthorityCache.remove(childName);
}
else
else if (AuthorityType.getAuthorityType(childName).equals(AuthorityType.GROUP))
{
NodeRef childRef = getAuthorityOrNull(childName);
if (childRef == null)
@@ -127,6 +127,11 @@ public class AuthorityDAOImpl implements AuthorityDAO
}
nodeService.addChild(parentRef, childRef, ContentModel.ASSOC_MEMBER, QName.createQName("usr", childName,
namespacePrefixResolver));
userToAuthorityCache.clear();
}
else
{
throw new AlfrescoRuntimeException("Authorities of the type "+AuthorityType.getAuthorityType(childName)+" may not be added to other authorities");
}
}
@@ -161,7 +166,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new UnknownAuthorityException("An authority was not found for " + name);
}
nodeService.deleteNode(nodeRef);
userToAuthorityCache.clear();
}
public Set<String> getAllRootAuthorities(AuthorityType type)
@@ -230,15 +235,31 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new UnknownAuthorityException("An authority was not found for " + childName);
}
nodeService.removeChild(parentRef, childRef);
userToAuthorityCache.clear();
}
}
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)
{
HashSet<String> authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
return authorities;
if (AuthorityType.getAuthorityType(name).equals(AuthorityType.USER) && ! immediate && (type == null))
{
// Cache user to authority look ups
HashSet<String> authorities = userToAuthorityCache.get(name);
if(authorities == null)
{
authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
userToAuthorityCache.put(name, authorities);
}
return authorities;
}
else
{
HashSet<String> authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
return authorities;
}
}
private void findAuthorities(AuthorityType type, String name, Set<String> authorities, boolean parents,
@@ -272,12 +293,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
private ArrayList<NodeRef> getUserContainers(String name)
{
ArrayList<NodeRef> containers = userToAuthorityCache.get(name);
if (containers == null)
{
containers = findUserContainers(name);
userToAuthorityCache.put(name, containers);
}
ArrayList<NodeRef> containers = findUserContainers(name);
return containers;
}

7
source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
View File

@@ -156,6 +156,13 @@ public class AuthorityServiceImpl implements AuthorityService
public void addAuthority(String parentName, String childName)
{
if (AuthorityType.getAuthorityType(childName).equals(AuthorityType.USER))
{
if(!personService.personExists(childName))
{
throw new AuthorityException("The person "+childName+" does not exist and can not be added to a group");
}
}
authorityDAO.addAuthority(parentName, childName);
}

24
source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java
View File

@@ -310,6 +310,8 @@ public class AuthorityServiceTest extends TestCase
public void testCreateAuthTree()
{
personService.getPerson("andy");
String auth1;
String auth2;
String auth3;
@@ -339,12 +341,12 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
pubAuthorityService.addAuthority(auth5, "andy");
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(2, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth5));
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth2));
@@ -362,7 +364,7 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(0, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertEquals(1, pubAuthorityService.getContainingAuthorities(null, auth5, false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, auth5, false).contains(auth2));
@@ -375,6 +377,8 @@ public class AuthorityServiceTest extends TestCase
public void testCreateAuthNet()
{
personService.getPerson("andy");
String auth1;
String auth2;
String auth3;
@@ -399,14 +403,14 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
pubAuthorityService.addAuthority(auth5, "andy");
pubAuthorityService.addAuthority(auth1, "andy");
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth5));
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth2));
@@ -425,7 +429,7 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(2, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth5));
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth2));
@@ -440,6 +444,8 @@ public class AuthorityServiceTest extends TestCase
public void testCreateAuthNet2()
{
personService.getPerson("andy");
String auth1;
String auth2;
String auth3;
@@ -464,14 +470,14 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
pubAuthorityService.addAuthority(auth5, "andy");
pubAuthorityService.addAuthority(auth1, "andy");
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth5));
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth2));
@@ -491,7 +497,7 @@ public class AuthorityServiceTest extends TestCase
assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size());
assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size());
// The next call looks for people not users :-)
assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size());
assertEquals(4, pubAuthorityService.getContainingAuthorities(null, "andy", false).size());
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth5));
assertTrue(pubAuthorityService.getContainingAuthorities(null, "andy", false).contains(auth2));

4
source/java/org/alfresco/repo/security/authority/ExtendedPermissionServiceTest.java
View File

@@ -26,6 +26,8 @@ public class ExtendedPermissionServiceTest extends AbstractPermissionTest
{
public void testGroupPermission()
{
personService.getPerson("andy");
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
@@ -41,6 +43,8 @@ public class ExtendedPermissionServiceTest extends AbstractPermissionTest
public void testDeletePermissionByRecipient()
{
personService.getPerson("andy");
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),

32
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthority.java
View File

@@ -16,10 +16,13 @@
*/
package org.alfresco.repo.security.permissions.dynamic;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.service.cmr.lock.LockService;
import org.alfresco.service.cmr.lock.LockStatus;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.springframework.beans.factory.InitializingBean;
@@ -28,6 +31,9 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
{
private LockService lockService;
private NodeService nodeService;
public LockOwnerDynamicAuthority()
{
@@ -36,7 +42,19 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
public boolean hasAuthority(NodeRef nodeRef, String userName)
{
return lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER;
if(lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER)
{
return true;
}
if(nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY))
{
NodeRef originial = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE));
return (lockService.getLockStatus(originial) == LockStatus.LOCK_OWNER);
}
else
{
return false;
}
}
public String getAuthority()
@@ -48,7 +66,11 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
{
if(lockService == null)
{
throw new IllegalStateException("A lock service must be set");
throw new IllegalStateException("The LockService must be set");
}
if(nodeService == null)
{
throw new IllegalStateException("The NodeService service must be set");
}
}
@@ -58,6 +80,12 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
this.lockService = lockService;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
}

231
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java
View File

@@ -24,6 +24,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.coci.CheckOutCheckInService;
import org.alfresco.service.cmr.lock.LockService;
import org.alfresco.service.cmr.lock.LockStatus;
import org.alfresco.service.cmr.lock.LockType;
@@ -32,6 +33,7 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
@@ -50,7 +52,7 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
private MutableAuthenticationDao authenticationDAO;
private LockService lockService;
private NodeRef rootNodeRef;
private UserTransaction userTransaction;
@@ -59,6 +61,10 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
private LockOwnerDynamicAuthority dynamicAuthority;
private CheckOutCheckInService checkOutCheckInService;
private OwnableService ownableService;
public LockOwnerDynamicAuthorityTest()
{
super();
@@ -78,6 +84,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
permissionService = (PermissionService) ctx.getBean("permissionService");
authenticationDAO = (MutableAuthenticationDao) ctx.getBean("alfDaoImpl");
checkOutCheckInService = (CheckOutCheckInService) ctx.getBean("checkOutCheckInService");
ownableService = (OwnableService) ctx.getBean("ownableService");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
TransactionService transactionService = (TransactionService) ctx.getBean(ServiceRegistry.TRANSACTION_SERVICE
@@ -150,7 +159,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rootNodeRef, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT));
}
public void testPermissionWithLockAspect()
@@ -212,5 +220,224 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
}
public void testCheckOutCheckInAuthorities()
{
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true);
authenticationService.authenticate("andy", "andy".toCharArray());
NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_CMOBJECT, null).getChildRef();
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, false);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
// Check out as frog
NodeRef workingCopy = checkOutCheckInService.checkout(testNode);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
// set owner ...frog only has permissions of dynamic lock owner in wc and sourec
authenticationService.authenticate("frog", "frog".toCharArray());
ownableService.setOwner(workingCopy, "lemur");
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
// test the new owner..
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
checkOutCheckInService.cancelCheckout(workingCopy);
authenticationService.authenticate("andy", "andy".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
workingCopy = checkOutCheckInService.checkout(testNode);
ownableService.setOwner(workingCopy, "lemur");
checkOutCheckInService.checkin(workingCopy, null);
}
public void testCeckInCheckOut()
{
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true);
authenticationService.authenticate("andy", "andy".toCharArray());
NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_CMOBJECT, null).getChildRef();
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("andy", "andy".toCharArray());
lockService.unlock(testNode);
authenticationService.authenticate("lemur", "lemur".toCharArray());
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
}
}

3
source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
View File

@@ -27,6 +27,7 @@ import org.springframework.dao.InvalidDataAccessApiUsageException;
public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
private static final String MSG_READ_ONLY = "permissions.err_read_only";
public ExceptionTranslatorMethodInterceptor()
{
@@ -46,7 +47,7 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
catch (InvalidDataAccessApiUsageException e)
{
// this usually occurs when the server is in read-only mode
throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
throw new AccessDeniedException(MSG_READ_ONLY, e);
}
}
}

43
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -18,6 +18,7 @@ package org.alfresco.repo.security.permissions.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
@@ -25,7 +26,10 @@ import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
@@ -41,6 +45,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
import org.apache.commons.logging.Log;
@@ -100,6 +105,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
*/
private List<DynamicAuthority> dynamicAuthorities;
private PolicyComponent policyComponent;
/*
* Standard spring construction.
*/
@@ -150,13 +157,24 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
/**
* Set the permissions access cache.
*
* @param accessCache a transactionally safe cache
* @param accessCache
* a transactionally safe cache
*/
public void setAccessCache(SimpleCache<Serializable, AccessStatus> accessCache)
{
this.accessCache = accessCache;
}
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
public void onMoveNode(ChildAssociationRef oldChildAssocRef, ChildAssociationRef newChildAssocRef)
{
accessCache.clear();
}
public void afterPropertiesSet() throws Exception
{
if (dictionaryService == null)
@@ -187,6 +205,13 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{
throw new IllegalArgumentException("Property 'accessCache' has not been set");
}
if (policyComponent == null)
{
throw new IllegalArgumentException("Property 'policyComponent' has not been set");
}
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onMoveNode"), ContentModel.ASPECT_AUDITABLE, new JavaBehaviour(this, "onMoveNode"));
}
//
@@ -329,7 +354,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
public Set<String> getSettablePermissions(QName type)
{
Set<PermissionReference> settable = getSettablePermissionReferences(type);
Set<String> strings = new HashSet<String>(settable.size());
Set<String> strings = new LinkedHashSet<String>(settable.size());
for (PermissionReference pr : settable)
{
strings.add(getPermission(pr));
@@ -421,15 +446,17 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
}
/**
* Key for a cache object is built from all the known Authorities (which can change
* dynamically so they must all be used) the NodeRef ID and the permission reference itself.
* This gives a unique key for each permission test.
* Key for a cache object is built from all the known Authorities (which can
* change dynamically so they must all be used) the NodeRef ID and the
* permission reference itself. This gives a unique key for each permission
* test.
*/
static Serializable generateKey(Set<String> auths, NodeRef ref, PermissionReference perm)
static Serializable generateKey(Set<String> auths, NodeRef nodeRef, PermissionReference perm)
{
HashSet<Serializable> key = new HashSet<Serializable>(auths);
key.add(ref.getId());
LinkedHashSet<Serializable> key = new LinkedHashSet<Serializable>();
key.add(perm.toString());
key.addAll(auths);
key.add(nodeRef);
return key;
}

89
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -59,10 +59,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
Authentication auth = authenticationComponent.getCurrentAuthentication();
for (GrantedAuthority authority : auth.getAuthorities())
{
if (authority.getAuthority().equals(ROLE_AUTHENTICATED))
{
return;
}
if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; }
}
fail("Missing role ROLE_AUTHENTICATED ");
}
@@ -142,6 +139,32 @@ public class PermissionServiceTest extends AbstractPermissionTest
}
public void testPermissionCacheOnMove()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
runAs("admin");
nodeService.moveNode(n2, rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}oneMoved"));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.DENIED);
}
public void testSetInheritFalse()
{
runAs("andy");
@@ -222,7 +245,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
testSetNodePermissionEntry();
testSetNodePermissionEntry2();
}
public void testDoubleSetAllowDeny()
{
Set<? extends PermissionEntry> permissionEntries = null;
@@ -618,6 +641,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// Changed ny not enfocing READ
// assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(n1,
// getPermission(PermissionService.READ_PROPERTIES)) ==
// AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1479,6 +1505,59 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
}
public void testPermissionCase()
{
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
//
//
// runAs("andy");
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
// runAs("lemur");
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
}
public void testEffectiveComposite()
{

58
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModel.java
View File

@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
@@ -96,13 +97,16 @@ public class PermissionModel implements ModelDAO, InitializingBean
private AccessStatus defaultPermission;
// Cache granting permissions
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache grantees
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache the mapping of extended groups to the base
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<PermissionGroup, PermissionGroup>();
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup =
new HashMap<PermissionGroup, PermissionGroup>();
private HashMap<String, PermissionReference> uniqueMap;
@@ -111,7 +115,13 @@ public class PermissionModel implements ModelDAO, InitializingBean
private HashMap<PermissionReference, PermissionGroup> permissionGroupMap;
private HashMap<String, PermissionReference> permissionReferenceMap;
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsExposed =
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsUnexposed =
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
public PermissionModel()
{
super();
@@ -206,7 +216,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
globalPermissions.add(globalPermission);
}
}
/*
@@ -274,20 +283,35 @@ public class PermissionModel implements ModelDAO, InitializingBean
{
return getAllPermissionsImpl(type, true);
}
@SuppressWarnings("unchecked")
private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
{
Set<PermissionReference> permissions = new HashSet<PermissionReference>();
if (dictionaryService.getClass(type).isAspect())
Map<QName, LinkedHashSet<PermissionReference>> cache;
if (exposedOnly)
{
addAspectPermissions(type, permissions, exposedOnly);
cache = this.cachedTypePermissionsExposed;
}
else
{
mergeGeneralAspectPermissions(permissions, exposedOnly);
addTypePermissions(type, permissions, exposedOnly);
cache = this.cachedTypePermissionsUnexposed;
}
return permissions;
LinkedHashSet<PermissionReference> permissions = cache.get(type);
if (permissions == null)
{
permissions = new LinkedHashSet<PermissionReference>();
if (dictionaryService.getClass(type).isAspect())
{
addAspectPermissions(type, permissions, exposedOnly);
}
else
{
mergeGeneralAspectPermissions(permissions, exposedOnly);
addTypePermissions(type, permissions, exposedOnly);
}
cache.put(type, permissions);
}
return (Set<PermissionReference>)permissions.clone();
}
/**
@@ -378,7 +402,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
}
}
private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly)
{
for(QName aspect : dictionaryService.getAllAspects())
@@ -399,11 +422,15 @@ public class PermissionModel implements ModelDAO, InitializingBean
public Set<PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly)
{
//
// TODO: cache permissions based on type and exposed flag
// create JMeter test to see before/after effect!
//
QName typeName = nodeService.getType(nodeRef);
Set<PermissionReference> permissions = getAllPermissions(typeName);
mergeGeneralAspectPermissions(permissions, exposedOnly);
// Add non mandatory aspects..
// Add non mandatory aspects...
Set<QName> defaultAspects = new HashSet<QName>();
for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects())
{
@@ -417,7 +444,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
}
}
return permissions;
}
public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference)

8
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionSet.java
View File

@@ -19,6 +19,7 @@ package org.alfresco.repo.security.permissions.impl.model;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.alfresco.service.namespace.NamespacePrefixResolver;
@@ -30,7 +31,7 @@ import org.dom4j.Element;
* Store and read the definition of a permission set
* @author andyh
*/
public class PermissionSet implements XMLModelInitialisable
public final class PermissionSet implements XMLModelInitialisable
{
private static final String TYPE = "type";
private static final String PERMISSION_GROUP = "permissionGroup";
@@ -44,7 +45,7 @@ public class PermissionSet implements XMLModelInitialisable
private boolean exposeAll;
private Set<PermissionGroup> permissionGroups = new HashSet<PermissionGroup>();
private Set<PermissionGroup> permissionGroups = new LinkedHashSet<PermissionGroup>();
private Set<Permission> permissions = new HashSet<Permission>();
@@ -104,7 +105,4 @@ public class PermissionSet implements XMLModelInitialisable
{
return exposeAll;
}
}

114
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -55,23 +55,23 @@ public class PersonServiceImpl implements PersonService
private NodeService nodeService;
private SearchService searchService;
private AuthorityService authorityService;
private PermissionServiceSPI permissionServiceSPI;
private NamespacePrefixResolver namespacePrefixResolver;
private boolean createMissingPeople;
private boolean userNamesAreCaseSensitive;
private String companyHomePath;
private NodeRef companyHomeNodeRef;
private static Set<QName> mutableProperties;
private boolean userNamesAreCaseSensitive = false;
static
{
Set<QName> props = new HashSet<QName>();
@@ -99,9 +99,8 @@ public class PersonServiceImpl implements PersonService
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
public NodeRef getPerson(String caseSensitiveUserName)
public NodeRef getPerson(String userName)
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
@@ -126,12 +125,12 @@ public class PersonServiceImpl implements PersonService
return getPersonOrNull(caseSensitiveUserName) != null;
}
public NodeRef getPersonOrNull(String caseSensitiveUserName)
public NodeRef getPersonOrNull(String searchUserName)
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + userName + "\"");
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + searchUserName
+ "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
@@ -141,22 +140,51 @@ public class PersonServiceImpl implements PersonService
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(
String.class,
nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
realUserName = userNamesAreCaseSensitive ? realUserName : realUserName.toLowerCase();
if (realUserName.equals(userName))
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME));
if (userNamesAreCaseSensitive)
{
return nodeRef;
if (realUserName.equals(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
@@ -165,8 +193,6 @@ public class PersonServiceImpl implements PersonService
rs.close();
}
}
return null;
}
public boolean createMissingPeople()
@@ -179,9 +205,8 @@ public class PersonServiceImpl implements PersonService
return mutableProperties;
}
public void setPersonProperties(String caseSensitiveUserName, Map<QName, Serializable> properties)
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
{
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
@@ -195,8 +220,12 @@ public class PersonServiceImpl implements PersonService
}
}
properties.put(ContentModel.PROP_USERNAME, userName);
else
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode,
ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
nodeService.setProperties(personNode, properties);
}
@@ -231,26 +260,17 @@ public class PersonServiceImpl implements PersonService
public NodeRef createPerson(Map<QName, Serializable> properties)
{
String caseSensitiveUserName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USERNAME));
String userName = userNamesAreCaseSensitive ? caseSensitiveUserName : caseSensitiveUserName.toLowerCase();
properties.put(ContentModel.PROP_USERNAME, userName);
return nodeService.createNode(
getPeopleContainer(),
ContentModel.ASSOC_CHILDREN,
ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON,
properties).getChildRef();
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON, properties).getChildRef();
}
public NodeRef getPeopleContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
List<NodeRef> results = searchService.selectNodes(
rootNodeRef,
PEOPLE_FOLDER,
null,
namespacePrefixResolver,
List<NodeRef> results = searchService.selectNodes(rootNodeRef, PEOPLE_FOLDER, null, namespacePrefixResolver,
false);
if (results.size() == 0)
{
@@ -265,25 +285,22 @@ public class PersonServiceImpl implements PersonService
public void deletePerson(String userName)
{
NodeRef personNodeRef = getPersonOrNull(userName);
// delete the person
if (personNodeRef != null)
{
nodeService.deleteNode(personNodeRef);
}
// translate username based on user name case sensitivity
String authorityName = userNamesAreCaseSensitive ? userName : userName.toLowerCase();
// remove user from any containing authorities
Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
for (String containerAuthority : containerAuthorities)
{
authorityService.removeAuthority(containerAuthority, authorityName);
authorityService.removeAuthority(containerAuthority, userName);
}
// remove any user permissions
permissionServiceSPI.deletePermissions(authorityName);
permissionServiceSPI.deletePermissions(userName);
}
public Set<NodeRef> getAllPeople()
@@ -301,7 +318,6 @@ public class PersonServiceImpl implements PersonService
{
rs = searchService.query(sp);
for (ResultSetRow row : rs)
{
@@ -341,7 +357,7 @@ public class PersonServiceImpl implements PersonService
{
this.permissionServiceSPI = permissionServiceSPI;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
@@ -377,6 +393,18 @@ public class PersonServiceImpl implements PersonService
return companyHomeNodeRef;
}
public String getUserIdentifier(String caseSensitiveUserName)
{
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
if ((nodeRef != null) && nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME));
return realUserName;
}
return null;
}
// IOC Setters
}

216
source/java/org/alfresco/repo/security/person/PersonTest.java
View File

@@ -28,6 +28,7 @@ import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.BaseSpringTest;
import org.alfresco.util.EqualsHelper;
public class PersonTest extends BaseSpringTest
{
@@ -51,8 +52,8 @@ public class PersonTest extends BaseSpringTest
StoreRef storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
rootNodeRef = nodeService.getRootNode(storeRef);
for(NodeRef nodeRef: personService.getAllPeople())
for (NodeRef nodeRef : personService.getAllPeople())
{
nodeService.deleteNode(nodeRef);
}
@@ -67,44 +68,40 @@ public class PersonTest extends BaseSpringTest
public void xtestPerformance()
{
personService.setCreateMissingPeople(false);
personService.createPerson(createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
personService
.createPerson(createDefaultProperties("derek", "Derek", "Hulley", "dh@dh", "alfresco", rootNodeRef));
long create = 0;
long count = 0;
long start;
long end;
for(int i = 0; i < 10000; i++)
for (int i = 0; i < 10000; i++)
{
String id = "TestUser-"+i;
String id = "TestUser-" + i;
start = System.nanoTime();
personService.createPerson(createDefaultProperties(id, id, id, id,
id, rootNodeRef));
personService.createPerson(createDefaultProperties(id, id, id, id, id, rootNodeRef));
end = System.nanoTime();
create += (end - start);
if((i > 0) && (i % 100 == 0))
if ((i > 0) && (i % 100 == 0))
{
System.out.println("Count = "+i);
System.out.println("Average create : "+(create/i/1000000.0f));
System.out.println("Count = " + i);
System.out.println("Average create : " + (create / i / 1000000.0f));
start = System.nanoTime();
personService.personExists(id);
end = System.nanoTime();
System.out.println("Exists : "+((end-start)/1000000.0f));
System.out.println("Exists : " + ((end - start) / 1000000.0f));
start = System.nanoTime();
int size = personService.getAllPeople().size();
end = System.nanoTime();
System.out.println("Size ("+size+") : "+((end-start)/1000000.0f));
System.out.println("Size (" + size + ") : " + ((end - start) / 1000000.0f));
}
}
}
public void testCreateMissingPeople1()
{
personService.setCreateMissingPeople(false);
@@ -122,9 +119,9 @@ public class PersonTest extends BaseSpringTest
catch (PersonException pe)
{
}
}
}
public void testCreateMissingPeople2()
{
personService.setCreateMissingPeople(false);
@@ -137,6 +134,17 @@ public class PersonTest extends BaseSpringTest
assertNotNull(nodeRef);
testProperties(nodeRef, "andy", "andy", "", "", "");
nodeRef = personService.getPerson("Andy");
assertNotNull(nodeRef);
if (personService.getUserIdentifier("Andy").equals("Andy"))
{
testProperties(nodeRef, "Andy", "Andy", "", "", "");
}
else
{
testProperties(nodeRef, "andy", "andy", "", "", "");
}
personService.setCreateMissingPeople(false);
try
{
@@ -149,8 +157,7 @@ public class PersonTest extends BaseSpringTest
}
}
public void testCreateMissingPeople()
{
personService.setCreateMissingPeople(false);
@@ -173,7 +180,7 @@ public class PersonTest extends BaseSpringTest
assertEquals(2, personService.getAllPeople().size());
assertTrue(personService.getAllPeople().contains(personService.getPerson("andy")));
assertTrue(personService.getAllPeople().contains(personService.getPerson("derek")));
}
public void testMutableProperties()
@@ -184,7 +191,7 @@ public class PersonTest extends BaseSpringTest
assertTrue(personService.getMutableProperties().contains(ContentModel.PROP_LASTNAME));
assertTrue(personService.getMutableProperties().contains(ContentModel.PROP_EMAIL));
assertTrue(personService.getMutableProperties().contains(ContentModel.PROP_ORGID));
}
public void testPersonCRUD1()
@@ -200,27 +207,27 @@ public class PersonTest extends BaseSpringTest
}
}
public void testPersonCRUD2()
{
personService.setCreateMissingPeople(false);
personService.createPerson(createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
personService
.createPerson(createDefaultProperties("derek", "Derek", "Hulley", "dh@dh", "alfresco", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek", "Hulley", "dh@dh", "alfresco");
personService.setPersonProperties("derek", createDefaultProperties("derek", "Derek_", "Hulley_", "dh@dh_",
"alfresco_", rootNodeRef));
"alfresco_", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek_", "Hulley_", "dh@dh_", "alfresco_");
personService.setPersonProperties("derek", createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek", "Hulley", "dh@dh", "alfresco");
assertEquals(1, personService.getAllPeople().size());
assertTrue(personService.getAllPeople().contains(personService.getPerson("derek")));
personService.deletePerson("derek");
assertEquals(0, personService.getAllPeople().size());
try
@@ -233,35 +240,39 @@ public class PersonTest extends BaseSpringTest
}
}
public void testPersonCRUD()
{
personService.setCreateMissingPeople(false);
personService.createPerson(createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
personService
.createPerson(createDefaultProperties("Derek", "Derek", "Hulley", "dh@dh", "alfresco", rootNodeRef));
testProperties(personService.getPerson("Derek"), "Derek", "Derek", "Hulley", "dh@dh", "alfresco");
personService.setPersonProperties("Derek", createDefaultProperties("derek", "Derek_", "Hulley_", "dh@dh_",
"alfresco_", rootNodeRef));
testProperties(personService.getPerson("Derek"), "Derek", "Derek_", "Hulley_", "dh@dh_", "alfresco_");
personService.setPersonProperties("Derek", createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek", "Hulley", "dh@dh", "alfresco");
personService.setPersonProperties("derek", createDefaultProperties("derek", "Derek_", "Hulley_", "dh@dh_",
"alfresco_", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek_", "Hulley_", "dh@dh_", "alfresco_");
personService.setPersonProperties("derek", createDefaultProperties("derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
testProperties(personService.getPerson("derek"), "derek", "Derek", "Hulley", "dh@dh", "alfresco");
testProperties(personService.getPerson("Derek"), "Derek", "Derek", "Hulley", "dh@dh", "alfresco");
assertEquals(1, personService.getAllPeople().size());
assertTrue(personService.getAllPeople().contains(personService.getPerson("derek")));
personService.deletePerson("derek");
assertTrue(personService.getAllPeople().contains(personService.getPerson("Derek")));
assertEquals(personService.personExists("derek"), EqualsHelper.nullSafeEquals(personService.getUserIdentifier("derek"), "Derek"));
assertEquals(personService.personExists("dEREK"), EqualsHelper.nullSafeEquals(personService.getUserIdentifier("dEREK"), "Derek"));
assertEquals(personService.personExists("DEREK"), EqualsHelper.nullSafeEquals(personService.getUserIdentifier("DEREK"), "Derek"));
personService.deletePerson("Derek");
assertEquals(0, personService.getAllPeople().size());
}
private void testProperties(NodeRef nodeRef, String userName, String firstName, String lastName, String email,
String orgId)
{
Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
assertEquals(userName, DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME)));
assertNotNull(nodeService.getProperty(nodeRef, ContentModel.PROP_HOMEFOLDER));
@@ -287,56 +298,63 @@ public class PersonTest extends BaseSpringTest
properties.put(ContentModel.PROP_ORGID, orgId);
return properties;
}
public void testCaseSensitive()
{
if(personService.getUserNamesAreCaseSensitive())
personService
.createPerson(createDefaultProperties("Derek", "Derek", "Hulley", "dh@dh", "alfresco", rootNodeRef));
try
{
personService.createPerson(createDefaultProperties("Derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
try
NodeRef nodeRef = personService.getPerson("derek");
if (personService.getUserIdentifier("derek").equals("Derek"))
{
assertNotNull(nodeRef);
}
else
{
personService.getPerson("derek");
assertNotNull(null);
}
catch (PersonException pe)
{
}
try
{
personService.getPerson("deRek");
assertNotNull(null);
}
catch (PersonException pe)
{
}
try
{
personService.getPerson("DEREK");
assertNotNull(null);
}
catch (PersonException pe)
{
}
personService.getPerson("Derek");
}
}
public void testCaseInsensitive()
{
if(!personService.getUserNamesAreCaseSensitive())
catch (PersonException pe)
{
personService.createPerson(createDefaultProperties("Derek", "Derek", "Hulley", "dh@dh",
"alfresco", rootNodeRef));
personService.getPerson("derek");
personService.getPerson("deRek");
personService.getPerson("Derek");
personService.getPerson("DEREK");
}
try
{
NodeRef nodeRef = personService.getPerson("deRek");
if (personService.getUserIdentifier("deRek").equals("Derek"))
{
assertNotNull(nodeRef);
}
else
{
assertNotNull(null);
}
}
catch (PersonException pe)
{
}
try
{
NodeRef nodeRef = personService.getPerson("DEREK");
if (personService.getUserIdentifier("DEREK").equals("Derek"))
{
assertNotNull(nodeRef);
}
else
{
assertNotNull(null);
}
}
catch (PersonException pe)
{
}
personService.getPerson("Derek");
}
}