ACE-2181 : Merged DEV to HEAD (5.0)

76214 : MNT-10946 : Admin is no longer able to unlock files 
      - Drop check for lockowner from AbstractLockStore.set. Fix related test 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85881 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java

@@ -18,16 +18,11 @@
  */
 package org.alfresco.repo.lock.mem;
 
-import java.util.Date;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentMap;
 
-import org.alfresco.repo.lock.LockUtils;
-import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.transaction.TransactionalResourceHelper;
-import org.alfresco.service.cmr.lock.LockStatus;
-import org.alfresco.service.cmr.lock.UnableToAquireLockException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.springframework.dao.ConcurrencyFailureException;
 import org.springframework.transaction.support.TransactionSynchronizationManager;
@@ -99,13 +94,6 @@ public abstract class AbstractLockStore<T extends ConcurrentMap<NodeRef, LockSta
         
         if (previousLockState != null)
         {
-            String userName = AuthenticationUtil.getFullyAuthenticatedUser();
-            String owner = previousLockState.getOwner();
-            Date expires = previousLockState.getExpires();
-            if (LockUtils.lockStatus(userName, owner, expires) == LockStatus.LOCKED)
-            {
-                throw new UnableToAquireLockException(nodeRef);
-            }            
             // Use ConcurrentMap.replace(key, old, new) so that we can ensure we don't encounter a
             // 'lost update' (i.e. someone else has locked a node while we were thinking about it).
             updated = map.replace(nodeRef, previousLockState, lockState);

source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java

@@ -33,6 +33,8 @@ import org.alfresco.repo.lock.mem.LockStore;
 import org.alfresco.repo.search.IndexerAndSearcher;
 import org.alfresco.repo.search.SearcherComponent;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.cmr.coci.CheckOutCheckInService;
 import org.alfresco.service.cmr.lock.LockService;
 import org.alfresco.service.cmr.lock.LockStatus;
@@ -46,6 +48,7 @@ import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.security.MutableAuthenticationService;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.test_category.BaseSpringTestsCategory;
 import org.alfresco.test_category.OwnJVMTestsCategory;
@@ -70,6 +73,8 @@ public class LockServiceImplTest extends BaseSpringTest
     private MutableAuthenticationService authenticationService;
     private CheckOutCheckInService cociService;
     
+    private PermissionService permissionService;
+    private LockService securedLockService;
     /**
      * Data used in tests
      */
@@ -93,6 +98,10 @@ public class LockServiceImplTest extends BaseSpringTest
     {
         this.nodeService = (NodeService)applicationContext.getBean("dbNodeService");
         this.lockService = (LockService)applicationContext.getBean("lockService");
+        
+        this.securedLockService = (LockService)applicationContext.getBean("LockService");
+        this.permissionService = (PermissionService)applicationContext.getBean("PermissionService");
+        
         this.authenticationService = (MutableAuthenticationService)applicationContext.getBean("authenticationService");
         this.cociService = (CheckOutCheckInService) applicationContext.getBean("checkOutCheckInService");
         
@@ -170,6 +179,11 @@ public class LockServiceImplTest extends BaseSpringTest
         TestWithUserUtils.createUser(GOOD_USER_NAME, PWD, rootNodeRef, this.nodeService, this.authenticationService);
         TestWithUserUtils.createUser(BAD_USER_NAME, PWD, rootNodeRef, this.nodeService, this.authenticationService);
         
+        this.permissionService.setPermission(rootNodeRef, GOOD_USER_NAME, PermissionService.ALL_PERMISSIONS, true);
+        this.permissionService.setPermission(rootNodeRef, BAD_USER_NAME, PermissionService.CHECK_OUT, true);
+        this.permissionService.setPermission(rootNodeRef, BAD_USER_NAME, PermissionService.WRITE, true);
+        this.permissionService.setPermission(rootNodeRef, BAD_USER_NAME, PermissionService.READ, true);
+        
         // Stash the user node ref's for later use
         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
@@ -904,4 +918,44 @@ public class LockServiceImplTest extends BaseSpringTest
         }
     }
     
+    @SuppressWarnings("deprecation")
+	public void testUnlockNodeWithAdminUser()
+    {
+        for (Lifetime lt : new Lifetime[]{Lifetime.EPHEMERAL, Lifetime.PERSISTENT})
+        {
+            TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
+        
+            /* create node */
+            final NodeRef testNode = 
+                this.nodeService.createNode(parentNode, ContentModel.ASSOC_CONTAINS, QName.createQName("{}testNode"), ContentModel.TYPE_CONTAINER).getChildRef();
+        
+            // lock it as GOOD user
+            this.securedLockService.lock(testNode, LockType.WRITE_LOCK, 2 * 86400, lt, null);
+        
+            TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
+        
+            try
+            {
+                // try to unlock as bad user
+                this.securedLockService.unlock(testNode);
+                fail("BAD user shouldn't be able to unlock " + lt + " lock");
+            }
+            catch(AccessDeniedException e)
+            {
+                // expected expetion
+            }
+        
+            TestWithUserUtils.authenticateUser(AuthenticationUtil.getAdminUserName(), "admin", rootNodeRef, this.authenticationService);
+        
+            // try to unlock as ADMIN user
+            this.securedLockService.unlock(testNode);
+            
+            // test that bad use able to lock/unlock node
+            TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
+            this.securedLockService.lock(testNode, LockType.WRITE_LOCK, 2 * 86400, lt, null);
+            this.securedLockService.unlock(testNode);
+        
+            this.nodeService.deleteNode(testNode);
+        }
+    }
 }