inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 1.4 to HEAD

Browse Source 
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4229 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4230 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4232 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4233 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4234 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4235 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4239 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4240 .
   svn resolved root\projects\web-client\source\java\org\alfresco\web\app\AlfrescoNavigationHandler.java
   svn resolved root\projects\web-client\source\web\WEB-INF\faces-config-beans.xml
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4241 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4242 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4243 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4244 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4244 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4245 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4245 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4246 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4247 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4248 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4248 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4249 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4250 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4251 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4251 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4252 .


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4633 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2006-12-18 13:18:44 +00:00
parent 08759fbe26
commit 8e0a637886
21 changed files with 636 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -389,10 +389,13 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return AccessStatus.ALLOWED;
}
// Get the current authentications
// Use the smart authentication cache to improve permissions performance
Authentication auth = authenticationComponent.getCurrentAuthentication();
Set<String> authorisations = getAuthorisations(auth, nodeRef);
Serializable key = generateKey(
authorisations,
nodeRef,
@@ -415,6 +418,11 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return AccessStatus.DENIED;
}
if (authenticationComponent.getCurrentUserName().equals(authenticationComponent.getSystemUserName()))
{
return AccessStatus.ALLOWED;
}
//
// TODO: Dynamic permissions via evaluators
//

41
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -23,6 +23,7 @@ import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
@@ -84,6 +85,46 @@ public class PermissionServiceTest extends AbstractPermissionTest
"andy", AccessStatus.ALLOWED);
}
public void testSystemUserPermissions()
{
AuthenticationUtil.setSystemUserAsCurrentUser();
try
{
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CONSUMER) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.DELETE) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.READ) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.ADD_CHILDREN) == AccessStatus.ALLOWED);
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CHECK_OUT) == AccessStatus.ALLOWED);
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.COORDINATOR) == AccessStatus.ALLOWED);
}
finally
{
AuthenticationUtil.clearCurrentSecurityContext();
}
}
public void testAdminUserPermissions()
{
runAs("admin");
try
{
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CONSUMER) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.DELETE) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.READ) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.ADD_CHILDREN) == AccessStatus.ALLOWED);
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CHECK_OUT) == AccessStatus.ALLOWED);
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.COORDINATOR) == AccessStatus.ALLOWED);
}
finally
{
AuthenticationUtil.clearCurrentSecurityContext();
}
}
public void testWeSetConsumerOnRootIsNotSupportedByHasPermisssionAsItIsTheWrongType()
{
runAs("andy");

23
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
View File

@@ -203,6 +203,8 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
Method method = invocation.getMethod();
Class[] params = method.getParameterTypes();
Boolean hasMethodEntry = null;
for (ConfigAttributeDefintion cad : supportedDefinitions)
{
NodeRef testNodeRef = null;
@@ -213,14 +215,18 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
}
else if (cad.typeString.equals(ACL_METHOD))
{
if(hasMethodEntry == null)
{
hasMethodEntry = Boolean.FALSE;
}
if (authenticationService.getCurrentUserName().equals(cad.authority))
{
return AccessDecisionVoter.ACCESS_GRANTED;
hasMethodEntry = Boolean.TRUE;
}
else
else if(authorityService.getAuthorities().contains(cad.authority))
{
return authorityService.getAuthorities().contains(cad.authority) ? AccessDecisionVoter.ACCESS_GRANTED
: AccessDecisionVoter.ACCESS_DENIED;
hasMethodEntry = Boolean.TRUE;
}
}
else if (cad.parameter >= invocation.getArguments().length)
@@ -353,7 +359,14 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
}
}
return AccessDecisionVoter.ACCESS_GRANTED;
if((hasMethodEntry == null) || (hasMethodEntry.booleanValue()))
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
else
{
return AccessDecisionVoter.ACCESS_DENIED;
}
}
private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)

170
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoterTest.java
View File

@@ -70,7 +70,7 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
}
try
{
method.invoke(proxy, new Object[] { systemNodeRef });
@@ -80,16 +80,15 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
}
// Check we are allowed access to deleted nodes ..
nodeService.deleteNode(systemNodeRef);
assertNull(method.invoke(proxy, new Object[] { systemNodeRef }));
}
public void testBasicDenyStore() throws Exception
{
runAs("andy");
@@ -137,7 +136,7 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
method.invoke(proxy, new Object[] { null });
}
public void testAllowNullStore() throws Exception
{
runAs("andy");
@@ -276,7 +275,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
@@ -292,13 +292,13 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
method.invoke(proxy, new Object[] { rootNodeRef });
}
public void testBasicAllow() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
@@ -314,12 +314,13 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
method.invoke(proxy, new Object[] { rootNodeRef });
}
public void testBasicAllowStore() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneStoreRef", new Class[] { StoreRef.class });
@@ -340,7 +341,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
@@ -361,7 +363,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
@@ -382,7 +385,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
@@ -411,9 +415,10 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy",
AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
@@ -458,7 +463,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { rootNodeRef, null, null, null });
}
@@ -489,7 +495,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, rootNodeRef, null, null });
}
@@ -520,7 +527,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, rootNodeRef, null });
}
@@ -551,7 +559,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, null, rootNodeRef });
}
@@ -584,7 +593,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef), null, null, null });
}
@@ -617,7 +627,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null });
}
@@ -650,7 +661,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, nodeService.getPrimaryParent(rootNodeRef), null });
}
@@ -683,7 +695,8 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, null, nodeService.getPrimaryParent(rootNodeRef) });
}
@@ -692,52 +705,91 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testMethod",
new Class[] { });
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.andy")));
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.andy", "ACL_METHOD.BANANA")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { });
method.invoke(proxy, new Object[] {});
}
public void testMethodACL2() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testMethod",
new Class[] { });
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD."+PermissionService.ALL_AUTHORITIES)));
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.BANANA", "ACL_METHOD."
+ PermissionService.ALL_AUTHORITIES)));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { });
method.invoke(proxy, new Object[] {});
}
public void testMethodACL3() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.andy", "ACL_METHOD."
+ PermissionService.ALL_AUTHORITIES)));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] {});
}
public void testMethodACL4() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.woof", "ACL_METHOD.BOO")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] {});
}
catch (InvocationTargetException e)
{
}
}
public static class ClassWithMethods
{
public void testMethod()
{
}
public void testOneStoreRef(StoreRef storeRef)
{
}
public void testOneNodeRef(NodeRef nodeRef)
{
@@ -764,6 +816,38 @@ public class ACLEntryVoterTest extends AbstractPermissionTest
{
ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
Interceptor(final String config1, final String config2)
{
cad.addConfigAttribute(new ConfigAttribute()
{
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
public String getAttribute()
{
return config1;
}
});
cad.addConfigAttribute(new ConfigAttribute()
{
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
public String getAttribute()
{
return config2;
}
});
}
Interceptor(final String config)
{
cad.addConfigAttribute(new ConfigAttribute()