From 8db8094c57c37eda328fe9f3ef41817c2077d6c3 Mon Sep 17 00:00:00 2001 From: Mark Rogers Date: Tue, 22 Jul 2014 12:55:23 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud) 75525: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (5.0/Cloud) 75287: Merged V4.1-BUG-FIX (4.1.10) to V4.2-BUG-FIX (4.2.3) 75284: Merged V4.1.8 (4.1.8.11) to V4.1-BUG-FIX (4.1.10) 75265: MNT-11766 : User with username starting with admin gets admin rights - Previous fix was corrected according to Derek's review. - Unit test that demonstrates fix added. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@77485 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../repo/tenant/MultiTServiceImpl.java | 23 +++++------------- .../authority/AuthorityServiceTest.java | 24 +++++++++++++++++++ 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java b/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java index fc92ebeafb..b953f96c26 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java +++ b/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java @@ -398,26 +398,15 @@ public class MultiTServiceImpl implements TenantService public String getBaseNameUser(String name) { // can be null (e.g. for System user / during app ctx init) - if (name != null) + // We only bother with MT username@domain format if MT is enabled + if (name != null && isEnabled()) { int idx = name.lastIndexOf(SEPARATOR); - if (idx > 0 && (idx < (name.length() - 1))) + if (idx != -1) { - String domainPart = getTenantDomain(name.substring(idx + 1)); - String baseName = name.substring(0, idx); - - // MNT-11766 fix, check whether tenant domain actually exists - Tenant tenant = getTenant(domainPart); - if (tenant == null) - { - // tenant domain doesn't exists but we are allowed to create non-tenant users with name like admin@test - // no base name can be resolved for such users -> return original name - return name; - } - else - { - return baseName; - } + return name.substring(0, idx); + // tenant domain doesn't exists but we are allowed to create + // no base name can be resolved for such users -> return } } return name; diff --git a/source/test-java/org/alfresco/repo/security/authority/AuthorityServiceTest.java b/source/test-java/org/alfresco/repo/security/authority/AuthorityServiceTest.java index 0e7d112277..4c725935aa 100644 --- a/source/test-java/org/alfresco/repo/security/authority/AuthorityServiceTest.java +++ b/source/test-java/org/alfresco/repo/security/authority/AuthorityServiceTest.java @@ -1420,6 +1420,30 @@ public class AuthorityServiceTest extends TestCase assertEquals("Count of groups must increment", (groupCountBefore+1), groupCountAfter); } + public void testMNT_11766() + { + Set admins = authenticationComponent.getDefaultAdministratorUserNames(); + + for (String admin : admins) + { + // create user with MT format name (i.e. username@domain) + String user = admin + "@" + System.currentTimeMillis(); + + Map props = new HashMap(4, 1.0f); + props.put(ContentModel.PROP_USERNAME, user); + props.put(ContentModel.PROP_FIRSTNAME, user); + props.put(ContentModel.PROP_LASTNAME, user); + props.put(ContentModel.PROP_EMAIL, user + "@gmail.com"); + + personService.createPerson(props); + authenticationService.createAuthentication(user, "123123".toCharArray()); + + authenticationComponent.setCurrentUser(user); + assertFalse("User should not have administrator role.", authorityService.hasAdminAuthority()); + assertFalse("User should not have administrator role.", pubAuthorityService.hasAdminAuthority()); + } + } + private void assertContains(List results, List checklist, boolean included) { for (String check : checklist)