diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java index 89e53bc613..c0b54f35dc 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java @@ -24,8 +24,8 @@ import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.service.cmr.repository.NodeRef; /** - * Role service interface - * + * Role service interface + * * @author Roy Wetherall * @since 2.1 */ @@ -39,42 +39,65 @@ public interface FilePlanRoleService public static final String ROLE_ADMIN = "Administrator"; public static final String ROLE_EXTENDED_READERS = "ExtendedReaders"; public static final String ROLE_EXTENDED_WRITERS = "ExtendedWriters"; - + /** * Returns the name of the container group for all roles of a specified file * plan. - * + * * @param filePlan file plan node reference * @return String group name */ String getAllRolesContainerGroup(NodeRef filePlan); - + /** * Get all the available roles for the given records management root node - * + * includes also the system roles + * * @param filePlan file plan * @return */ Set getRoles(NodeRef filePlan); - + + /** + * Get all the available roles for the given records management root node + * System roles can be filtered + * + * @param filePlan file plan + * @param includeSystemRoles system roles + * @return + */ + Set getRoles(NodeRef filePlan, boolean includeSystemRoles); + /** * Gets the roles for a given user + * includes also the system roles * * @param filePlan file plan * @param user user * @return */ Set getRolesByUser(NodeRef filePlan, String user); - + + /** + * Gets the roles for a given user + * System roles can be filtered + * + * @param filePlan file plan + * @param user user + * @param includeSystemRoles system roles + * @return + */ + Set getRolesByUser(NodeRef filePlan, String user, boolean includeSystemRoles); + /** * Get a role by name - * + * * @param filePlan file plan * @param role role * @return */ - Role getRole(NodeRef filePlan, String role); - + Role getRole(NodeRef filePlan, String role); + /** * Indicate whether a role exists for a given records management root node * @param filePlan file plan @@ -82,19 +105,19 @@ public interface FilePlanRoleService * @return */ boolean existsRole(NodeRef filePlan, String role); - + /** * Determines whether the given user has the RM Admin role - * + * * @param filePlan filePlan * @param user user name to check * @return true if the user has the RM Admin role, false otherwise */ boolean hasRMAdminRole(NodeRef filePlan, String user); - + /** * Create a new role - * + * * @param filePlan file plan * @param role * @param roleDisplayLabel @@ -102,10 +125,10 @@ public interface FilePlanRoleService * @return */ Role createRole(NodeRef filePlan, String role, String roleDisplayLabel, Set capabilities); - + /** * Update an existing role - * + * * @param filePlan file plan * @param role * @param roleDisplayLabel @@ -113,58 +136,58 @@ public interface FilePlanRoleService * @return */ Role updateRole(NodeRef filePlan, String role, String roleDisplayLabel, Set capabilities); - + /** * Delete a role - * + * * @param filePlan file plan * @param role role */ void deleteRole(NodeRef filePlan, String role); - + /** * Gets all the users that have been directly assigned to a role. - * + * * @param filePlan file plan * @param role role * @return {@link Set}<{@link String}> set of users */ Set getUsersAssignedToRole(NodeRef filePlan, String role); - + /** * Gets all the groups that have been directly assigned to a role. - * + * * @param filePlan file plan * @param role role * @return {@link Set}<{@link String}> set of groups */ Set getGroupsAssignedToRole(NodeRef filePlan, String role); - + /** * Gets all the groups and users that have been directly assigned to a role. - * + * * @param filePlan file plan * @param role role * @return {@link Set}<{@link String}> set of groups and users */ Set getAllAssignedToRole(NodeRef filePlan, String role); - + /** * Assign a role to an authority - * + * * @param filePlan file plan * @param role role * @param authorityName authority name */ void assignRoleToAuthority(NodeRef filePlan, String role, String authorityName); - - + + /** * Unassign a role from an authority - * + * * @param filePlan file plan * @param role role * @param authorityName authority name */ - void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName); + void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java index 311012abe1..d3410a0ff1 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java @@ -24,6 +24,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.util.Arrays; import java.util.HashSet; +import java.util.List; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; @@ -50,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.util.ParameterCheck; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.json.JSONArray; @@ -400,38 +402,55 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, return sb.toString(); } + /** + * Helper method for retrieving the system roles + * + * @return Returns the system roles + */ + private List getSystemRoles() + { + return Arrays.asList( + FilePlanRoleService.ROLE_EXTENDED_READERS, + FilePlanRoleService.ROLE_EXTENDED_WRITERS + ); + } + + /** + * Helper method to check whether the current authority is a system role or not + * + * @param roleAuthority The role to check + * @return Returns true if roleAuthority is a system role, false otherwise + */ + private boolean isSystemRole(String roleAuthority) + { + boolean isSystemRole = false; + List systemRoles = getSystemRoles(); + + for (String systemRole : systemRoles) + { + if (StringUtils.contains(roleAuthority, systemRole)) + { + isSystemRole = true; + break; + } + } + + return isSystemRole; + } + /** * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles() */ public Set getRoles(final NodeRef rmRootNode) { - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork>() - { - public Set doWork() throws Exception - { - Set result = new HashSet(13); - - Set roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP); - for (String roleAuthority : roleAuthorities) - { - String groupShortName = authorityService.getShortName(roleAuthority); - String name = getShortRoleName(groupShortName, rmRootNode); - String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority); - Set capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority); - - Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName); - result.add(role); - } - - return result; - } - }, AuthenticationUtil.getSystemUserName()); + return getRoles(rmRootNode, true); } /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) + * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRoles(NodeRef, boolean) */ - public Set getRolesByUser(final NodeRef rmRootNode, final String user) + @Override + public Set getRoles(final NodeRef rmRootNode, final boolean includeSystemRoles) { return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork>() { @@ -442,8 +461,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, Set roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP); for (String roleAuthority : roleAuthorities) { - Set users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false); - if (users.contains(user) == true) + if (includeSystemRoles == true || isSystemRole(roleAuthority) == false) { String groupShortName = authorityService.getShortName(roleAuthority); String name = getShortRoleName(groupShortName, rmRootNode); @@ -460,6 +478,47 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, }, AuthenticationUtil.getSystemUserName()); } + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) + */ + public Set getRolesByUser(final NodeRef rmRootNode, final String user) + { + return getRolesByUser(rmRootNode, user, true); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRolesByUser(NodeRef, String, boolean) + */ + @Override + public Set getRolesByUser(final NodeRef rmRootNode, final String user, final boolean includeSystemRoles) + { + return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork>() + { + public Set doWork() throws Exception + { + Set result = new HashSet(13); + + Set roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP); + for (String roleAuthority : roleAuthorities) + { + Set users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false); + if (users.contains(user) == true && (includeSystemRoles == true || isSystemRole(roleAuthority) == false)) + { + String groupShortName = authorityService.getShortName(roleAuthority); + String name = getShortRoleName(groupShortName, rmRootNode); + String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority); + Set capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority); + + Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName); + result.add(role); + } + } + + return result; + } + }, AuthenticationUtil.getSystemUserName()); + }; + /** * * @param rmRootNode diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java index f1ce61c27b..1baeadc026 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java @@ -33,7 +33,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest; /** * Get information about record management roles - * + * * @author Roy Wetherall */ public class RmRolesGet extends RoleDeclarativeWebScript @@ -62,13 +62,13 @@ public class RmRolesGet extends RoleDeclarativeWebScript String user = req.getParameter("user"); if (user != null && user.length() != 0) { - roles = filePlanRoleService.getRolesByUser(filePlan, user); + roles = filePlanRoleService.getRolesByUser(filePlan, user, false); } else { - roles = filePlanRoleService.getRoles(filePlan); + roles = filePlanRoleService.getRoles(filePlan, false); } - + // get the auths parameter boolean showAuths = false; String auths = req.getParameter("auths"); @@ -76,7 +76,7 @@ public class RmRolesGet extends RoleDeclarativeWebScript { showAuths = Boolean.parseBoolean(auths); } - + Set items = createRoleItems(filePlan, roles, showAuths); model.put("roles", items); return model; diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java index ea39abd892..b809c30889 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java @@ -23,14 +23,12 @@ import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.role.Role; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; -import org.alfresco.service.cmr.security.AuthorityType; /** * File plan role service unit test - * + * * @author Roy Wetherall * @since 2.1 */ @@ -41,7 +39,7 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase { return true; } - + public void testGetAllRolesContainerGroup() throws Exception { doTestInTransaction(new Test() @@ -50,12 +48,12 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase { String allRolesGroup = filePlanRoleService.getAllRolesContainerGroup(filePlan); assertNotNull(allRolesGroup); - + return null; } - }); + }); } - + public void testGetRoles() throws Exception { doTestInTransaction(new Test() @@ -65,12 +63,17 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase Set roles = filePlanRoleService.getRoles(filePlan); assertNotNull(roles); assertTrue(roles.size() != 0); - + + Set rolesIncludingSystemRoles = filePlanRoleService.getRoles(filePlan, true); + assertNotNull(rolesIncludingSystemRoles); + assertTrue(roles.size() != 0); + assertTrue(roles.size() == rolesIncludingSystemRoles.size()); + return null; } - }); + }); } - + public void testRolesByUser() throws Exception { doTestInTransaction(new Test() @@ -80,12 +83,17 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase Set roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName); assertNotNull(roles); assertEquals(1, roles.size()); - + + Set rolesIncludingSystemRoles = filePlanRoleService.getRolesByUser(filePlan, rmUserName, true); + assertNotNull(rolesIncludingSystemRoles); + assertEquals(1, rolesIncludingSystemRoles.size()); + assertEquals(roles.size(), rolesIncludingSystemRoles.size()); + return null; } - }); + }); } - + public void testGetRole() throws Exception { doTestInTransaction(new Test() @@ -95,15 +103,15 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER); assertNotNull(role); assertEquals(ROLE_NAME_POWER_USER, role.getName()); - + role = filePlanRoleService.getRole(filePlan, "donkey"); assertNull(role); - + return null; } - }); + }); } - + public void testExistsRole() throws Exception { doTestInTransaction(new Test() @@ -112,12 +120,12 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase { assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER)); assertFalse(filePlanRoleService.existsRole(filePlan, "donkey")); - + return null; } - }); - } - + }); + } + public void testCreateUpdateDeleteRole() throws Exception { doTestInTransaction(new Test() @@ -125,36 +133,36 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase public Void run() { assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt")); - + Set caps = new HashSet(2); caps.add(capabilityService.getCapability(RMPermissionModel.ACCESS_AUDIT)); caps.add(capabilityService.getCapability(RMPermissionModel.ADD_MODIFY_EVENT_DATES)); - + Role role = filePlanRoleService.createRole(filePlan, "Michelle Holt", "Michelle Holt", caps); assertNotNull(role); assertEquals("Michelle Holt", role.getName()); assertEquals(2, role.getCapabilities().size()); - + assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt")); - + caps.add(capabilityService.getCapability(RMPermissionModel.AUTHORIZE_ALL_TRANSFERS)); - + role = filePlanRoleService.updateRole(filePlan, "Michelle Holt", "Michelle Wetherall", caps); assertNotNull(role); assertEquals("Michelle Holt", role.getName()); assertEquals(3, role.getCapabilities().size()); - - assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt")); - + + assertTrue(filePlanRoleService.existsRole(filePlan, "Michelle Holt")); + filePlanRoleService.deleteRole(filePlan, "Michelle Holt"); - + assertFalse(filePlanRoleService.existsRole(filePlan, "Michelle Holt")); - + return null; } }); } - + /** * {@link FilePlanRoleService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, String, String)} * {@link FilePlanRoleService#getAuthorities(org.alfresco.service.cmr.repository.NodeRef, String) @@ -168,40 +176,40 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase Set roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName); assertNotNull(roles); assertEquals(1, roles.size()); - + Set authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(1, authorities.size()); - + authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(0, authorities.size()); - + authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(1, authorities.size()); - + filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName); - + roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName); assertNotNull(roles); assertEquals(2, roles.size()); - + authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(2, authorities.size()); - + authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(0, authorities.size()); - + authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER); assertNotNull(authorities); assertEquals(2, authorities.size()); - - + + return null; } - }); + }); } }