PublishingQueue.scheduleNewEvent() now includes a permission check to ensure user has 'Add CHild' access to the relevant Channels.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@29440 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/publishing/PublishingQueueImplTest.java

@@ -32,8 +32,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
+import org.alfresco.repo.security.person.TestPersonManager;
+import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.publishing.MutablePublishingPackage;
 import org.alfresco.service.cmr.publishing.PublishingEvent;
 import org.alfresco.service.cmr.publishing.PublishingPackage;
@@ -41,11 +45,17 @@ import org.alfresco.service.cmr.publishing.PublishingPackageEntry;
 import org.alfresco.service.cmr.publishing.PublishingService;
 import org.alfresco.service.cmr.publishing.Status;
 import org.alfresco.service.cmr.publishing.StatusUpdate;
+import org.alfresco.service.cmr.publishing.channels.Channel;
+import org.alfresco.service.cmr.publishing.channels.ChannelType;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.cmr.workflow.WorkflowInstance;
 import org.alfresco.service.cmr.workflow.WorkflowPath;
 import org.alfresco.service.cmr.workflow.WorkflowService;
 import org.alfresco.service.namespace.QName;
+import org.alfresco.util.GUID;
 import org.junit.Test;
 
 /**
@@ -58,10 +68,12 @@ public class PublishingQueueImplTest extends AbstractPublishingIntegrationTest
     private static final String channelId = "test://channel/node";
     private static final String comment = "The Comment";
     
-    protected PublishingService publishingService;
-    
+    private PublishingService publishingService;
     private WorkflowService workflowService;
-
+    private PermissionService permissionService;
+    private TestPersonManager personManager;
+    private ChannelServiceImpl channelService;
+    
     private String eventId;
     
     @Test
@@ -142,7 +154,7 @@ public class PublishingQueueImplTest extends AbstractPublishingIntegrationTest
         NodeRef firstNode = createContent("First");
         NodeRef secondNode = createContent("Second");
         
-        List<String> channelNames = Arrays.asList("Channel1", "Channel2", "Channel3" );
+        List<String> channelNames = Arrays.asList("test://channel/Channel1", "test://channel/Channel2", "test://channel/Channel3" );
         String message = "The message";
         StatusUpdate update = queue.createStatusUpdate(message, secondNode, channelNames);
         
@@ -162,6 +174,74 @@ public class PublishingQueueImplTest extends AbstractPublishingIntegrationTest
         assertTrue(names.containsAll(channelNames));
     }
     
+    @Test
+    public void testScheduleNewEventPermissions() throws Exception
+    {
+        // Create Channels as Admin
+        ChannelType channelType = mockChannelType();
+        channelService.register(channelType);
+        Channel publishChannel = channelService.createChannel(channelType.getId(), "Channel1", null);
+        NodeRef publishChannelNode = new NodeRef(publishChannel.getId());
+        Channel statusChannel = channelService.createChannel(channelType.getId(), "Channel2", null);
+        NodeRef statusChannelNode = new NodeRef(statusChannel.getId());
+        
+        NodeRef firstNode = createContent("First");
+        NodeRef secondNode = createContent("Second");
+        
+        // Create User1, add read permissions and set as current user.
+        String user1 = GUID.generate();
+        personManager.createPerson(user1);
+        permissionService.setPermission(publishChannelNode, user1, PermissionService.READ, true);
+        permissionService.setPermission(statusChannelNode, user1, PermissionService.READ, true);
+        personManager.setUser(user1);
+
+        // Publish an event
+        MutablePublishingPackage publishingPackage = queue.createPublishingPackage();
+        publishingPackage.addNodesToPublish(firstNode, secondNode);
+        Calendar schedule = Calendar.getInstance();
+        schedule.add(Calendar.HOUR, 2);
+        try
+        {
+            this.eventId = queue.scheduleNewEvent(publishingPackage, publishChannel.getId(), schedule, comment, null);
+            fail("shceduleNewEvent should have thrown an AccessDeniedException!");
+        }
+        catch(AlfrescoRuntimeException e)
+        {
+            //NOOP
+        }
+        
+        // Set Add Child permission on publish channel.
+        AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
+        permissionService.setPermission(publishChannelNode, user1, PermissionService.ADD_CHILDREN, true);
+        personManager.setUser(user1);
+        
+        // Check publish works now.
+        this.eventId = queue.scheduleNewEvent(publishingPackage, publishChannel.getId(), schedule, comment, null);
+        assertNotNull(eventId);
+        publishingService.cancelPublishingEvent(eventId);
+        
+        String message = "The message";
+        StatusUpdate update = queue.createStatusUpdate(message, secondNode, statusChannel.getId());
+        try
+        {
+            this.eventId = queue.scheduleNewEvent(publishingPackage, publishChannel.getId(), schedule, comment, update);
+            fail("shceduleNewEvent with status update should have thrown an AccessDeniedException!");
+        }
+        catch(AlfrescoRuntimeException e)
+        {
+            //NOOP
+        }
+        
+        // Set Add Child permission on status channel.
+        AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
+        permissionService.setPermission(statusChannelNode, user1, PermissionService.ADD_CHILDREN, true);
+        personManager.setUser(user1);
+        
+        // Check publish works now.
+        this.eventId = queue.scheduleNewEvent(publishingPackage, publishChannel.getId(), schedule, comment, null);
+        assertNotNull(eventId);
+    }
+
     private NodeRef createContent(String name)
     {
         return fileFolderService.create(docLib, name, ContentModel.TYPE_CONTENT).getNodeRef();
@@ -176,6 +256,13 @@ public class PublishingQueueImplTest extends AbstractPublishingIntegrationTest
         super.onSetUp();
         this.workflowService = serviceRegistry.getWorkflowService();
         this.publishingService = (PublishingService) getApplicationContext().getBean("publishingService");
+        this.channelService = (ChannelServiceImpl) getApplicationContext().getBean("channelService");
+
+        this.permissionService = (PermissionService) getApplicationContext().getBean(ServiceRegistry.PERMISSIONS_SERVICE.getLocalName());
+        MutableAuthenticationService authenticationService= (MutableAuthenticationService) getApplicationContext().getBean(ServiceRegistry.AUTHENTICATION_SERVICE.getLocalName());
+        PersonService personService= (PersonService) getApplicationContext().getBean(ServiceRegistry.PERSON_SERVICE.getLocalName());
+        
+        this.personManager = new TestPersonManager(authenticationService, personService, nodeService);
     }
     
     /**
@@ -185,6 +272,7 @@ public class PublishingQueueImplTest extends AbstractPublishingIntegrationTest
     @Override
     public void onTearDown() throws Exception
     {
+        AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
         if(eventId!=null)
         {
             try