From 8aa3a6615c73e62d569954e4ba4231ac2528ff1e Mon Sep 17 00:00:00 2001
From: Tom Page <tom.page@alfresco.com>
Date: Wed, 20 May 2015 15:39:46 +0000
Subject: [PATCH] RM-2123 Fix comparator to be the correct way around.

Also add application context tests to cover this case.

+review RM-58

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104700 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../ClassificationLevelComparator.java        |  8 +-
 .../classification/SecurityClearanceTest.java | 93 +++++++++++++++++++
 2 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/SecurityClearanceTest.java

diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationLevelComparator.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationLevelComparator.java
index 7527ba3bf3..4cb6eb48d4 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationLevelComparator.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationLevelComparator.java
@@ -21,7 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification;
 import java.util.Comparator;
 
 /**
- * A class to compare classification levels.
+ * A class to compare classification levels. More secure classification levels are "higher" than less secure levels.
  *
  * @author tpage
  * @since 3.0
@@ -35,11 +35,15 @@ public class ClassificationLevelComparator implements Comparator<ClassificationL
         this.classificationLevelManager = classificationLevelManager;
     }
 
+    /**
+     * Return a positive number if the first classification level is more secure than the second. {@inheritDoc}
+     */
     @Override
     public int compare(ClassificationLevel oneLevel, ClassificationLevel otherLevel)
     {
         int oneIndex = classificationLevelManager.getClassificationLevels().indexOf(oneLevel);
         int otherIndex = classificationLevelManager.getClassificationLevels().indexOf(otherLevel);
-        return oneIndex - otherIndex;
+        // Smaller indexes are more secure.
+        return otherIndex - oneIndex;
     }
 }
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/SecurityClearanceTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/SecurityClearanceTest.java
new file mode 100644
index 0000000000..d0b72a8511
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/SecurityClearanceTest.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.classification;
+
+import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationLevel;
+import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceException.LevelIdNotFound;
+import org.alfresco.module.org_alfresco_module_rm.classification.ClearanceLevel;
+import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearance;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+
+/**
+ * Application context tests for the security clearance service.
+ *
+ * @author tpage
+ */
+public class SecurityClearanceTest extends BaseRMTestCase
+{
+    @Override
+    protected boolean isUserTest()
+    {
+        return true;
+    };
+
+    /**
+     * Given I am admin
+     * When I try to give a user maximum clearance
+     * Then I am successful.
+     */
+    public void testGiveClearance() throws Exception
+    {
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            private SecurityClearance securityClearance;
+
+            public void when() throws Exception
+            {
+                securityClearance = securityClearanceService.setUserSecurityClearance(userName, "level1");
+            }
+
+            public void then() throws Exception
+            {
+                ClearanceLevel clearanceLevel = securityClearance.getClearanceLevel();
+                ClassificationLevel highestClassificationLevel = clearanceLevel.getHighestClassificationLevel();
+                assertEquals("level1", highestClassificationLevel.getId());
+            }
+        });
+    }
+
+    /**
+     * Given I am a user with level2 access
+     * And I try to give another user level1 access
+     * Then an exception is thrown.
+     */
+    public void testCantGiveClearance() throws Exception
+    {
+        doBehaviourDrivenTest(new BehaviourDrivenTest(LevelIdNotFound.class)
+        {
+            public void given() throws Exception
+            {
+                securityClearanceService.setUserSecurityClearance(userName, "level2");
+            }
+
+            public void when() throws Exception
+            {
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        securityClearanceService.setUserSecurityClearance(rmUserName, "level1");
+                        return null;
+                    }
+                }, userName);
+            }
+        });
+    }
+}