inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.2 to HEAD

Browse Source 
8014: Extended support for RunAs - real and effctive authorities
   8032: Build Fix - there is a special check for the effective user
   8094: Fix for NPE in AuthenticationUtil noticed on first upgrade from V2.1.x to V2.2


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8471 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2008-03-07 20:39:18 +00:00
parent 18a7f69241
commit 8f2123ff16
7 changed files with 697 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -392,9 +392,19 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
perm = permIn;
}
if(AuthenticationUtil.getCurrentEffectiveUserName() == null)
{
return AccessStatus.DENIED;
}
if(AuthenticationUtil.getCurrentEffectiveUserName().equals(AuthenticationUtil.getSystemUserName()))
{
return AccessStatus.ALLOWED;
}
// Get the current authentications
// Use the smart authentication cache to improve permissions performance
Authentication auth = authenticationComponent.getCurrentAuthentication();
Authentication auth = AuthenticationUtil.getCurrentEffectiveAuthentication();
final Set<String> authorisations = getAuthorisations(auth, nodeRef);
// If the node does not support the given permission there is no point
@@ -496,9 +506,19 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return AccessStatus.DENIED;
}
if(AuthenticationUtil.getCurrentEffectiveUserName() == null)
{
return AccessStatus.DENIED;
}
if(AuthenticationUtil.getCurrentEffectiveUserName().equals(AuthenticationUtil.getSystemUserName()))
{
return AccessStatus.ALLOWED;
}
// Get the current authentications
// Use the smart authentication cache to improve permissions performance
Authentication auth = authenticationComponent.getCurrentAuthentication();
Authentication auth = AuthenticationUtil.getCurrentEffectiveAuthentication();
if (auth == null)
{
throw new IllegalStateException("Unauthenticated");

28
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -89,6 +89,34 @@ public class PermissionServiceTest extends AbstractPermissionTest
allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED);
}
public void testRunAsRealAndEffectiveUsers()
{
runAs("admin");
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() {
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}}, "admin");
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
}
public void testDefaultModelPermissions()
{
runAs("admin");