inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Big honkin' merge from head. Sheesh!

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3617 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-08-27 01:01:30 +00:00
parent e2c66899cc
commit 8031cc6574
322 changed files with 20776 additions and 6550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthority.java
View File

@@ -16,10 +16,13 @@
*/
package org.alfresco.repo.security.permissions.dynamic;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.service.cmr.lock.LockService;
import org.alfresco.service.cmr.lock.LockStatus;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.springframework.beans.factory.InitializingBean;
@@ -28,6 +31,9 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
{
private LockService lockService;
private NodeService nodeService;
public LockOwnerDynamicAuthority()
{
@@ -36,7 +42,19 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
public boolean hasAuthority(NodeRef nodeRef, String userName)
{
return lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER;
if(lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER)
{
return true;
}
if(nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY))
{
NodeRef originial = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE));
return (lockService.getLockStatus(originial) == LockStatus.LOCK_OWNER);
}
else
{
return false;
}
}
public String getAuthority()
@@ -48,7 +66,11 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
{
if(lockService == null)
{
throw new IllegalStateException("A lock service must be set");
throw new IllegalStateException("The LockService must be set");
}
if(nodeService == null)
{
throw new IllegalStateException("The NodeService service must be set");
}
}
@@ -58,6 +80,12 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
this.lockService = lockService;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
}

231
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthorityTest.java
View File

@@ -24,6 +24,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.coci.CheckOutCheckInService;
import org.alfresco.service.cmr.lock.LockService;
import org.alfresco.service.cmr.lock.LockStatus;
import org.alfresco.service.cmr.lock.LockType;
@@ -32,6 +33,7 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
@@ -50,7 +52,7 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
private MutableAuthenticationDao authenticationDAO;
private LockService lockService;
private NodeRef rootNodeRef;
private UserTransaction userTransaction;
@@ -59,6 +61,10 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
private LockOwnerDynamicAuthority dynamicAuthority;
private CheckOutCheckInService checkOutCheckInService;
private OwnableService ownableService;
public LockOwnerDynamicAuthorityTest()
{
super();
@@ -78,6 +84,9 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
permissionService = (PermissionService) ctx.getBean("permissionService");
authenticationDAO = (MutableAuthenticationDao) ctx.getBean("alfDaoImpl");
checkOutCheckInService = (CheckOutCheckInService) ctx.getBean("checkOutCheckInService");
ownableService = (OwnableService) ctx.getBean("ownableService");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
TransactionService transactionService = (TransactionService) ctx.getBean(ServiceRegistry.TRANSACTION_SERVICE
@@ -150,7 +159,6 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rootNodeRef, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT));
}
public void testPermissionWithLockAspect()
@@ -212,5 +220,224 @@ public class LockOwnerDynamicAuthorityTest extends TestCase
}
public void testCheckOutCheckInAuthorities()
{
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true);
authenticationService.authenticate("andy", "andy".toCharArray());
NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_CMOBJECT, null).getChildRef();
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, false);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
// Check out as frog
NodeRef workingCopy = checkOutCheckInService.checkout(testNode);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
// set owner ...frog only has permissions of dynamic lock owner in wc and sourec
authenticationService.authenticate("frog", "frog".toCharArray());
ownableService.setOwner(workingCopy, "lemur");
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
// test the new owner..
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(workingCopy, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
checkOutCheckInService.cancelCheckout(workingCopy);
authenticationService.authenticate("andy", "andy".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
workingCopy = checkOutCheckInService.checkout(testNode);
ownableService.setOwner(workingCopy, "lemur");
checkOutCheckInService.checkin(workingCopy, null);
}
public void testCeckInCheckOut()
{
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true);
authenticationService.authenticate("andy", "andy".toCharArray());
NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_CMOBJECT, null).getChildRef();
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("andy", "andy".toCharArray());
lockService.unlock(testNode);
authenticationService.authenticate("lemur", "lemur".toCharArray());
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode,
PermissionService.LOCK));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode,
PermissionService.UNLOCK));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_OUT));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
}
}

3
source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
View File

@@ -27,6 +27,7 @@ import org.springframework.dao.InvalidDataAccessApiUsageException;
public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
private static final String MSG_READ_ONLY = "permissions.err_read_only";
public ExceptionTranslatorMethodInterceptor()
{
@@ -46,7 +47,7 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
catch (InvalidDataAccessApiUsageException e)
{
// this usually occurs when the server is in read-only mode
throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
throw new AccessDeniedException(MSG_READ_ONLY, e);
}
}
}

43
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -18,6 +18,7 @@ package org.alfresco.repo.security.permissions.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
@@ -25,7 +26,10 @@ import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
@@ -41,6 +45,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
import org.apache.commons.logging.Log;
@@ -100,6 +105,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
*/
private List<DynamicAuthority> dynamicAuthorities;
private PolicyComponent policyComponent;
/*
* Standard spring construction.
*/
@@ -150,13 +157,24 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
/**
* Set the permissions access cache.
*
* @param accessCache a transactionally safe cache
* @param accessCache
* a transactionally safe cache
*/
public void setAccessCache(SimpleCache<Serializable, AccessStatus> accessCache)
{
this.accessCache = accessCache;
}
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
public void onMoveNode(ChildAssociationRef oldChildAssocRef, ChildAssociationRef newChildAssocRef)
{
accessCache.clear();
}
public void afterPropertiesSet() throws Exception
{
if (dictionaryService == null)
@@ -187,6 +205,13 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{
throw new IllegalArgumentException("Property 'accessCache' has not been set");
}
if (policyComponent == null)
{
throw new IllegalArgumentException("Property 'policyComponent' has not been set");
}
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onMoveNode"), ContentModel.ASPECT_AUDITABLE, new JavaBehaviour(this, "onMoveNode"));
}
//
@@ -329,7 +354,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
public Set<String> getSettablePermissions(QName type)
{
Set<PermissionReference> settable = getSettablePermissionReferences(type);
Set<String> strings = new HashSet<String>(settable.size());
Set<String> strings = new LinkedHashSet<String>(settable.size());
for (PermissionReference pr : settable)
{
strings.add(getPermission(pr));
@@ -421,15 +446,17 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
}
/**
* Key for a cache object is built from all the known Authorities (which can change
* dynamically so they must all be used) the NodeRef ID and the permission reference itself.
* This gives a unique key for each permission test.
* Key for a cache object is built from all the known Authorities (which can
* change dynamically so they must all be used) the NodeRef ID and the
* permission reference itself. This gives a unique key for each permission
* test.
*/
static Serializable generateKey(Set<String> auths, NodeRef ref, PermissionReference perm)
static Serializable generateKey(Set<String> auths, NodeRef nodeRef, PermissionReference perm)
{
HashSet<Serializable> key = new HashSet<Serializable>(auths);
key.add(ref.getId());
LinkedHashSet<Serializable> key = new LinkedHashSet<Serializable>();
key.add(perm.toString());
key.addAll(auths);
key.add(nodeRef);
return key;
}

89
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -59,10 +59,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
Authentication auth = authenticationComponent.getCurrentAuthentication();
for (GrantedAuthority authority : auth.getAuthorities())
{
if (authority.getAuthority().equals(ROLE_AUTHENTICATED))
{
return;
}
if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; }
}
fail("Missing role ROLE_AUTHENTICATED ");
}
@@ -142,6 +139,32 @@ public class PermissionServiceTest extends AbstractPermissionTest
}
public void testPermissionCacheOnMove()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
runAs("admin");
nodeService.moveNode(n2, rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}oneMoved"));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.DENIED);
}
public void testSetInheritFalse()
{
runAs("andy");
@@ -222,7 +245,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
testSetNodePermissionEntry();
testSetNodePermissionEntry2();
}
public void testDoubleSetAllowDeny()
{
Set<? extends PermissionEntry> permissionEntries = null;
@@ -618,6 +641,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// Changed ny not enfocing READ
// assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(n1,
// getPermission(PermissionService.READ_PROPERTIES)) ==
// AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1479,6 +1505,59 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
}
public void testPermissionCase()
{
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
// getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
//
//
// runAs("andy");
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
// runAs("lemur");
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
}
public void testEffectiveComposite()
{

58
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModel.java
View File

@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
@@ -96,13 +97,16 @@ public class PermissionModel implements ModelDAO, InitializingBean
private AccessStatus defaultPermission;
// Cache granting permissions
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache grantees
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache the mapping of extended groups to the base
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<PermissionGroup, PermissionGroup>();
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup =
new HashMap<PermissionGroup, PermissionGroup>();
private HashMap<String, PermissionReference> uniqueMap;
@@ -111,7 +115,13 @@ public class PermissionModel implements ModelDAO, InitializingBean
private HashMap<PermissionReference, PermissionGroup> permissionGroupMap;
private HashMap<String, PermissionReference> permissionReferenceMap;
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsExposed =
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsUnexposed =
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
public PermissionModel()
{
super();
@@ -206,7 +216,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
globalPermissions.add(globalPermission);
}
}
/*
@@ -274,20 +283,35 @@ public class PermissionModel implements ModelDAO, InitializingBean
{
return getAllPermissionsImpl(type, true);
}
@SuppressWarnings("unchecked")
private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
{
Set<PermissionReference> permissions = new HashSet<PermissionReference>();
if (dictionaryService.getClass(type).isAspect())
Map<QName, LinkedHashSet<PermissionReference>> cache;
if (exposedOnly)
{
addAspectPermissions(type, permissions, exposedOnly);
cache = this.cachedTypePermissionsExposed;
}
else
{
mergeGeneralAspectPermissions(permissions, exposedOnly);
addTypePermissions(type, permissions, exposedOnly);
cache = this.cachedTypePermissionsUnexposed;
}
return permissions;
LinkedHashSet<PermissionReference> permissions = cache.get(type);
if (permissions == null)
{
permissions = new LinkedHashSet<PermissionReference>();
if (dictionaryService.getClass(type).isAspect())
{
addAspectPermissions(type, permissions, exposedOnly);
}
else
{
mergeGeneralAspectPermissions(permissions, exposedOnly);
addTypePermissions(type, permissions, exposedOnly);
}
cache.put(type, permissions);
}
return (Set<PermissionReference>)permissions.clone();
}
/**
@@ -378,7 +402,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
}
}
private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly)
{
for(QName aspect : dictionaryService.getAllAspects())
@@ -399,11 +422,15 @@ public class PermissionModel implements ModelDAO, InitializingBean
public Set<PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly)
{
//
// TODO: cache permissions based on type and exposed flag
// create JMeter test to see before/after effect!
//
QName typeName = nodeService.getType(nodeRef);
Set<PermissionReference> permissions = getAllPermissions(typeName);
mergeGeneralAspectPermissions(permissions, exposedOnly);
// Add non mandatory aspects..
// Add non mandatory aspects...
Set<QName> defaultAspects = new HashSet<QName>();
for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects())
{
@@ -417,7 +444,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
}
}
return permissions;
}
public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference)

8
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionSet.java
View File

@@ -19,6 +19,7 @@ package org.alfresco.repo.security.permissions.impl.model;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.alfresco.service.namespace.NamespacePrefixResolver;
@@ -30,7 +31,7 @@ import org.dom4j.Element;
* Store and read the definition of a permission set
* @author andyh
*/
public class PermissionSet implements XMLModelInitialisable
public final class PermissionSet implements XMLModelInitialisable
{
private static final String TYPE = "type";
private static final String PERMISSION_GROUP = "permissionGroup";
@@ -44,7 +45,7 @@ public class PermissionSet implements XMLModelInitialisable
private boolean exposeAll;
private Set<PermissionGroup> permissionGroups = new HashSet<PermissionGroup>();
private Set<PermissionGroup> permissionGroups = new LinkedHashSet<PermissionGroup>();
private Set<Permission> permissions = new HashSet<Permission>();
@@ -104,7 +105,4 @@ public class PermissionSet implements XMLModelInitialisable
{
return exposeAll;
}
}