inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

[MNT-23379] Set site manager permission if node belongs to a site and inheritance flag is disabled (#1657)

Browse Source 
* [MNT-23379] Set site manager permission if node belongs to a site and inheritance flag is disabled

* [MNT-23379] Added validation. Added throwable object to error logging.

* [MNT-23379] Added unit test

* [MNT-23379] Changed 'runAs' call to 'runAsSystem' with lambda
This commit is contained in:
tiagosalvado10
2023-01-06 15:43:14 +00:00
committed by GitHub
parent 3a032b7366
commit 88a0854548
2 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
remote-api/src/main/java/org/alfresco/rest/api/impl/NodesImpl.java
View File

@@ -2402,6 +2402,9 @@ public class NodesImpl implements Nodes
// Check inherit from parent value and if it's changed set the new value // Check inherit from parent value and if it's changed set the new value
if (nodePerms.getIsInheritanceEnabled() != null) if (nodePerms.getIsInheritanceEnabled() != null)
{ {
// If inheritance flag is being disabled, the site manager needs to have permission
setSiteManagerPermission(nodeRef, nodePerms);
if (nodePerms.getIsInheritanceEnabled() != permissionService.getInheritParentPermissions(nodeRef)) if (nodePerms.getIsInheritanceEnabled() != permissionService.getInheritParentPermissions(nodeRef))
{ {
permissionService.setInheritParentPermissions(nodeRef, nodePerms.getIsInheritanceEnabled()); permissionService.setInheritParentPermissions(nodeRef, nodePerms.getIsInheritanceEnabled());
@@ -2763,6 +2766,34 @@ public class NodesImpl implements Nodes
return updateExistingFile(null, nodeRef, fileName, contentInfo, stream, parameters, versionMajor, versionComment); return updateExistingFile(null, nodeRef, fileName, contentInfo, stream, parameters, versionMajor, versionComment);
} }
private void setSiteManagerPermission(NodeRef nodeRef, NodePermissions nodePerms)
{
if (nodeRef != null && nodePerms != null)
{
try
{
if (nodePerms.getIsInheritanceEnabled() != null && !nodePerms.getIsInheritanceEnabled())
{
SiteInfo containingSite = siteService.getSite(nodeRef);
if (containingSite != null)
{
String thisSiteGroupPrefix = siteService.getSiteGroup(containingSite.getShortName());
final String siteManagerAuthority = thisSiteGroupPrefix + "_" + SiteModel.SITE_MANAGER;
AuthenticationUtil.runAsSystem(() -> {
permissionService.setPermission(nodeRef, siteManagerAuthority, SiteModel.SITE_MANAGER, true);
return null;
});
}
}
}
catch (Exception e)
{
logger.error("Error setting site manager permission on " + nodeRef, e);
}
}
}
private Node updateExistingFile(NodeRef parentNodeRef, NodeRef nodeRef, String fileName, BasicContentInfo contentInfo, InputStream stream, Parameters parameters, Boolean versionMajor, String versionComment) private Node updateExistingFile(NodeRef parentNodeRef, NodeRef nodeRef, String fileName, BasicContentInfo contentInfo, InputStream stream, Parameters parameters, Boolean versionMajor, String versionComment)
{ {
boolean isVersioned = versionService.isVersioned(nodeRef); boolean isVersioned = versionService.isVersioned(nodeRef);

41
remote-api/src/test/java/org/alfresco/rest/api/tests/NodeApiTest.java
View File

@@ -6354,5 +6354,46 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
assertEquals(Rendition.RenditionStatus.NOT_CREATED, renditionDeleted.getStatus()); assertEquals(Rendition.RenditionStatus.NOT_CREATED, renditionDeleted.getStatus());
} }
/**
* Tests if site manager permissions are kept after inheritance flag is disabled
*/
@Test
public void testSiteManagerPermission() throws Exception
{
// Change to User1 context
setRequestContext(user1);
// user1 creates a site and adds user2 as a site manager
String site1Title = "site-testSiteManagerPermissions_DocLib-" + RUNID;
String site1Id = createSite(site1Title, SiteVisibility.PUBLIC).getId();
addSiteMember(site1Id, user2, SiteRole.SiteManager);
// user1 uploads a document to the site
String site1DocLibNodeId = getSiteContainerNodeId(site1Id, "documentLibrary");
String content = "content" + RUNID;
String content1_Id = createTextFile(site1DocLibNodeId, content, "The quick brown fox jumps over the lazy dog.").getId();
NodeRef content1_Ref = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, content1_Id);
// Change to User2 context
setRequestContext(user2);
// user2 should be able to disable the inheritance flag without getting a permission denied error
Node nodeUpdate = new Node();
NodePermissions nodePerms = new NodePermissions();
nodePerms.setIsInheritanceEnabled(false);
nodeUpdate.setPermissions(nodePerms);
put(URL_NODES, content1_Id, toJsonAsStringNonNull(nodeUpdate), null, 200);
// user2 checks if has access to the document
Map<String, String> params = new HashMap<>();
HttpResponse response = getSingle(NodesEntityResource.class, content1_Id, params, 200);
Document node = jacksonUtil.parseEntry(response.getJsonResponse(), Document.class);
assertNotNull(node);
assertEquals(node.getId(), content1_Id);
// cleanup
setRequestContext(user1);
deleteSite(site1Id, true, 204);
}
} }