inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-764 (In-Place roles should not appear when managing users and groups)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@52207 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2013-07-07 08:35:42 +00:00
parent a1f8e2d3e6
commit 89982199e9
4 changed files with 194 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
View File

@@ -24,8 +24,8 @@ import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Role service interface
*
* Role service interface
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -39,42 +39,65 @@ public interface FilePlanRoleService
public static final String ROLE_ADMIN = "Administrator";
public static final String ROLE_EXTENDED_READERS = "ExtendedReaders";
public static final String ROLE_EXTENDED_WRITERS = "ExtendedWriters";
/**
* Returns the name of the container group for all roles of a specified file
* plan.
*
*
* @param filePlan file plan node reference
* @return String group name
*/
String getAllRolesContainerGroup(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
*
* includes also the system roles
*
* @param filePlan file plan
* @return
*/
Set<Role> getRoles(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
* System roles can be filtered
*
* @param filePlan file plan
* @param includeSystemRoles system roles
* @return
*/
Set<Role> getRoles(NodeRef filePlan, boolean includeSystemRoles);
/**
* Gets the roles for a given user
* includes also the system roles
*
* @param filePlan file plan
* @param user user
* @return
*/
Set<Role> getRolesByUser(NodeRef filePlan, String user);
/**
* Gets the roles for a given user
* System roles can be filtered
*
* @param filePlan file plan
* @param user user
* @param includeSystemRoles system roles
* @return
*/
Set<Role> getRolesByUser(NodeRef filePlan, String user, boolean includeSystemRoles);
/**
* Get a role by name
*
*
* @param filePlan file plan
* @param role role
* @return
*/
Role getRole(NodeRef filePlan, String role);
Role getRole(NodeRef filePlan, String role);
/**
* Indicate whether a role exists for a given records management root node
* @param filePlan file plan
@@ -82,19 +105,19 @@ public interface FilePlanRoleService
* @return
*/
boolean existsRole(NodeRef filePlan, String role);
/**
* Determines whether the given user has the RM Admin role
*
*
* @param filePlan filePlan
* @param user user name to check
* @return true if the user has the RM Admin role, false otherwise
*/
boolean hasRMAdminRole(NodeRef filePlan, String user);
/**
* Create a new role
*
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
@@ -102,10 +125,10 @@ public interface FilePlanRoleService
* @return
*/
Role createRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Update an existing role
*
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
@@ -113,58 +136,58 @@ public interface FilePlanRoleService
* @return
*/
Role updateRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Delete a role
*
*
* @param filePlan file plan
* @param role role
*/
void deleteRole(NodeRef filePlan, String role);
/**
* Gets all the users that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of users
*/
Set<String> getUsersAssignedToRole(NodeRef filePlan, String role);
/**
* Gets all the groups that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of groups
*/
Set<String> getGroupsAssignedToRole(NodeRef filePlan, String role);
/**
* Gets all the groups and users that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of groups and users
*/
Set<String> getAllAssignedToRole(NodeRef filePlan, String role);
/**
* Assign a role to an authority
*
*
* @param filePlan file plan
* @param role role
* @param authorityName authority name
*/
void assignRoleToAuthority(NodeRef filePlan, String role, String authorityName);
/**
* Unassign a role from an authority
*
*
* @param filePlan file plan
* @param role role
* @param authorityName authority name
*/
void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName);
void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName);
}

109
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -24,6 +24,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
@@ -50,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
@@ -400,38 +402,55 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
return sb.toString();
}
/**
* Helper method for retrieving the system roles
*
* @return Returns the system roles
*/
private List<String> getSystemRoles()
{
return Arrays.asList(
FilePlanRoleService.ROLE_EXTENDED_READERS,
FilePlanRoleService.ROLE_EXTENDED_WRITERS
);
}
/**
* Helper method to check whether the current authority is a system role or not
*
* @param roleAuthority The role to check
* @return Returns true if roleAuthority is a system role, false otherwise
*/
private boolean isSystemRole(String roleAuthority)
{
boolean isSystemRole = false;
List<String> systemRoles = getSystemRoles();
for (String systemRole : systemRoles)
{
if (StringUtils.contains(roleAuthority, systemRole))
{
isSystemRole = true;
break;
}
}
return isSystemRole;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
*/
public Set<Role> getRoles(final NodeRef rmRootNode)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
result.add(role);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
return getRoles(rmRootNode, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRoles(NodeRef, boolean)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
@Override
public Set<Role> getRoles(final NodeRef rmRootNode, final boolean includeSystemRoles)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
@@ -442,8 +461,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true)
if (includeSystemRoles == true || isSystemRole(roleAuthority) == false)
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
@@ -460,6 +478,47 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
{
return getRolesByUser(rmRootNode, user, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRolesByUser(NodeRef, String, boolean)
*/
@Override
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user, final boolean includeSystemRoles)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true && (includeSystemRoles == true || isSystemRole(roleAuthority) == false))
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
result.add(role);
}
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
};
/**
*
* @param rmRootNode

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java
View File

@@ -33,7 +33,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* Get information about record management roles
*
*
* @author Roy Wetherall
*/
public class RmRolesGet extends RoleDeclarativeWebScript
@@ -62,13 +62,13 @@ public class RmRolesGet extends RoleDeclarativeWebScript
String user = req.getParameter("user");
if (user != null && user.length() != 0)
{
roles = filePlanRoleService.getRolesByUser(filePlan, user);
roles = filePlanRoleService.getRolesByUser(filePlan, user, false);
}
else
{
roles = filePlanRoleService.getRoles(filePlan);
roles = filePlanRoleService.getRoles(filePlan, false);
}
// get the auths parameter
boolean showAuths = false;
String auths = req.getParameter("auths");
@@ -76,7 +76,7 @@ public class RmRolesGet extends RoleDeclarativeWebScript
{
showAuths = Boolean.parseBoolean(auths);
}
Set<RoleItem> items = createRoleItems(filePlan, roles, showAuths);
model.put("roles", items);
return model;

94
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java
View File

@@ -23,14 +23,12 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.role.Role;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.security.AuthorityType;
/**
* File plan role service unit test
*
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -41,7 +39,7 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
return true;
}
public void testGetAllRolesContainerGroup() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -50,12 +48,12 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
String allRolesGroup = filePlanRoleService.getAllRolesContainerGroup(filePlan);
assertNotNull(allRolesGroup);
return null;
}
});
});
}
public void testGetRoles() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -65,12 +63,17 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
Set<Role> roles = filePlanRoleService.getRoles(filePlan);
assertNotNull(roles);
assertTrue(roles.size() != 0);
Set<Role> rolesIncludingSystemRoles = filePlanRoleService.getRoles(filePlan, true);
assertNotNull(rolesIncludingSystemRoles);
assertTrue(roles.size() != 0);
assertTrue(roles.size() == rolesIncludingSystemRoles.size());
return null;
}
});
});
}
public void testRolesByUser() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -80,12 +83,17 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(1, roles.size());
Set<Role> rolesIncludingSystemRoles = filePlanRoleService.getRolesByUser(filePlan, rmUserName, true);
assertNotNull(rolesIncludingSystemRoles);
assertEquals(1, rolesIncludingSystemRoles.size());
assertEquals(roles.size(), rolesIncludingSystemRoles.size());
return null;
}
});
});
}
public void testGetRole() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -95,15 +103,15 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER);
assertNotNull(role);
assertEquals(ROLE_NAME_POWER_USER, role.getName());
role = filePlanRoleService.getRole(filePlan, "donkey");
assertNull(role);
return null;
}
});
});
}
public void testExistsRole() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -112,12 +120,12 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER));
assertFalse(filePlanRoleService.existsRole(filePlan, "donkey"));
return null;
}
});
}
});
}
public void testCreateUpdateDeleteRole() throws Exception
{
doTestInTransaction(new Test<Void>()
@@ -125,36 +133,36 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
public Void run()
{
assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
Set<Capability> caps = new HashSet<Capability>(2);
caps.add(capabilityService.getCapability(RMPermissionModel.ACCESS_AUDIT));
caps.add(capabilityService.getCapability(RMPermissionModel.ADD_MODIFY_EVENT_DATES));
Role role = filePlanRoleService.createRole(filePlan, "Michelle Holt", "Michelle Holt", caps);
assertNotNull(role);
assertEquals("Michelle Holt", role.getName());
assertEquals(2, role.getCapabilities().size());
assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
caps.add(capabilityService.getCapability(RMPermissionModel.AUTHORIZE_ALL_TRANSFERS));
role = filePlanRoleService.updateRole(filePlan, "Michelle Holt", "Michelle Wetherall", caps);
assertNotNull(role);
assertEquals("Michelle Holt", role.getName());
assertEquals(3, role.getCapabilities().size());
assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
filePlanRoleService.deleteRole(filePlan, "Michelle Holt");
assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt"));
return null;
}
});
}
/**
* {@link FilePlanRoleService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, String, String)}
* {@link FilePlanRoleService#getAuthorities(org.alfresco.service.cmr.repository.NodeRef, String)
@@ -168,40 +176,40 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(1, roles.size());
Set<String> authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName);
roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(2, roles.size());
authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());
return null;
}
});
});
}
}