inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-2130 (Check classification after method execution, filtering results where appropriate)

Browse Source 
+review RM-94

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ENFORCE@107270 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2015-06-27 22:23:19 +00:00
parent 74267d0119
commit 8fa46a4e14
9 changed files with 675 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml
View File

@@ -105,18 +105,14 @@
</bean> </bean>
<bean id="collectionPostMethodInvocationProcessor" <bean id="collectionPostMethodInvocationProcessor"
abstract="true"
parent="basePostMethodInvocationProcessor" parent="basePostMethodInvocationProcessor"
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor"> class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor">
</bean> </bean>
<!-- FIXME: Implementation needs to be changed -->
<!--
<bean id="resultSetPostMethodInvocationProcessor" <bean id="resultSetPostMethodInvocationProcessor"
parent="basePostMethodInvocationProcessor" parent="basePostMethodInvocationProcessor"
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ResultSetPostMethodInvocationProcessor"> class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ResultSetPostMethodInvocationProcessor">
</bean> </bean>
-->
<bean id="queryEngineResultsPostMethodInvocationProcessor" <bean id="queryEngineResultsPostMethodInvocationProcessor"
parent="basePostMethodInvocationProcessor" parent="basePostMethodInvocationProcessor"

4
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/CollectionPostMethodInvocationProcessor.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
import java.util.Collection; import java.util.Collection;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
/** /**
* Collection Post Method Invocation Processor * Collection Post Method Invocation Processor
@@ -35,7 +36,8 @@ public class CollectionPostMethodInvocationProcessor extends BasePostMethodInvoc
@Override @Override
protected Class<?> getClassName() protected Class<?> getClassName()
{ {
return Collection.class; // FIXME!!!
return List.class;
} }
/** /**

76
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ResultSetPostMethodInvocationProcessor.java
View File

@@ -18,16 +18,18 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor; package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor;
import static org.alfresco.service.cmr.search.PermissionEvaluationMode.EAGER;
import java.util.BitSet; import java.util.BitSet;
import java.util.Iterator;
import java.util.List;
import org.alfresco.repo.search.SimpleResultSetMetaData; import org.alfresco.repo.search.SimpleResultSetMetaData;
import org.alfresco.repo.security.permissions.impl.acegi.FilteringResultSet; import org.alfresco.repo.security.permissions.impl.acegi.FilteringResultSet;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.search.PermissionEvaluationMode;
import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetMetaData;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
/** /**
* ResultSet Post Method Invocation Processor * ResultSet Post Method Invocation Processor
@@ -46,7 +48,6 @@ public class ResultSetPostMethodInvocationProcessor extends BasePostMethodInvoca
return ResultSet.class; return ResultSet.class;
} }
// FIXME: Change implementation
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor#process(java.lang.Object) * @see org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor#process(java.lang.Object)
*/ */
@@ -55,46 +56,61 @@ public class ResultSetPostMethodInvocationProcessor extends BasePostMethodInvoca
public <T> T process(T object) public <T> T process(T object)
{ {
T result = object; T result = object;
ResultSet resultSet = getClassName().cast(result);
BitSet inclusionMask = new BitSet(resultSet.length());
FilteringResultSet filteringResultSet = new FilteringResultSet(resultSet, inclusionMask);
filteringResultSet.setResultSetMetaData( if (result != null)
new SimpleResultSetMetaData(
resultSet.getResultSetMetaData().getLimitedBy(),
PermissionEvaluationMode.EAGER,
resultSet.getResultSetMetaData().getSearchParameters()));
List<NodeRef> nodeRefs = resultSet.getNodeRefs();
if (!nodeRefs.isEmpty())
{ {
Iterator<NodeRef> iterator = nodeRefs.iterator(); ResultSet returnedObject = getClassName().cast(object);
BasePostMethodInvocationProcessor processor = getPostMethodInvocationProcessor().getProcessor(iterator.next());
for (int i = 0; i < nodeRefs.size(); i++) BitSet inclusionMask = new BitSet(returnedObject.length());
FilteringResultSet filteringResultSet = new FilteringResultSet(returnedObject, inclusionMask);
ResultSetMetaData resultSetMetaData = returnedObject.getResultSetMetaData();
SearchParameters searchParameters = resultSetMetaData.getSearchParameters();
BasePostMethodInvocationProcessor nodeRefProcessor = null;
BasePostMethodInvocationProcessor childAssociationRefProcessor = null;
for (int i = 0; i < returnedObject.length(); i++)
{ {
if (processor.process(nodeRefs.get(i)) == null) ResultSetRow row = returnedObject.getRow(i);
NodeRef nodeRef = row.getNodeRef();
if (nodeRefProcessor == null)
{
nodeRefProcessor = getPostMethodInvocationProcessor().getProcessor(nodeRef);
}
NodeRef processedNodeRef = nodeRefProcessor.process(nodeRef);
if (processedNodeRef == null)
{ {
inclusionMask.set(i, false); inclusionMask.set(i, false);
} }
} else
{
ChildAssociationRef childAssocRef = row.getChildAssocRef();
if (childAssociationRefProcessor == null)
{
childAssociationRefProcessor = getPostMethodInvocationProcessor().getProcessor(childAssocRef);
} }
List<ChildAssociationRef> childAssocRefs = getClassName().cast(filteringResultSet).getChildAssocRefs(); ChildAssociationRef childAssociationRef = childAssociationRefProcessor.process(childAssocRef);
if (!childAssocRefs.isEmpty()) if (childAssociationRef == null)
{
Iterator<ChildAssociationRef> iterator = childAssocRefs.iterator();
BasePostMethodInvocationProcessor processor = getPostMethodInvocationProcessor().getProcessor(iterator.next());
for (int i = 0; i < childAssocRefs.size(); i++)
{
if (processor.process(nodeRefs.get(i)) == null)
{ {
inclusionMask.set(i, false); inclusionMask.set(i, false);
} }
else
{
inclusionMask.set(i, true);
}
} }
} }
return (T) filteringResultSet; SimpleResultSetMetaData simpleResultSetMetaData = new SimpleResultSetMetaData(resultSetMetaData.getLimitedBy(), EAGER, searchParameters);
filteringResultSet.setResultSetMetaData(simpleResultSetMetaData);
result = (T) filteringResultSet;
}
return result;
} }
} }

63
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/BrowseClassificationEnforcementTestBase.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Base class for classification enforcement tests for the browse action
*
* @author Tuna Aksoy
* @since 3.0
*/
public class BrowseClassificationEnforcementTestBase extends BaseRMTestCase
{
protected String testUser;
protected static final String LEVEL1 = "level1";
protected static final String LEVEL2 = "level2";
protected static final String REASON = "Test Reason 1";
protected List<ChildAssociationRef> browse(NodeRef folder, String userName)
{
return doTestInTransaction(new Test<List<ChildAssociationRef>>()
{
@Override
public List<ChildAssociationRef> run()
{
return nodeService.getChildAssocs(folder);
}
}, userName);
}
protected List<ChildAssociationRef> browseAsAdmin(NodeRef folder)
{
return browse(folder, getAdminUserName());
}
protected List<ChildAssociationRef> browseAsTestUser(NodeRef folder)
{
return browse(folder, testUser);
}
}

160
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/DocumentClassificationEnforcementTest.java → rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/DocumentBrowseClassificationEnforcementTest.java
View File

@@ -23,10 +23,8 @@ import static com.google.common.collect.Sets.newHashSet;
import static org.alfresco.repo.site.SiteModel.SITE_MANAGER; import static org.alfresco.repo.site.SiteModel.SITE_MANAGER;
import static org.alfresco.util.GUID.generate; import static org.alfresco.util.GUID.generate;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
@@ -36,12 +34,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
* @author Tuna Aksoy * @author Tuna Aksoy
* @since 3.0 * @since 3.0
*/ */
public class DocumentClassificationEnforcementTest extends BaseRMTestCase public class DocumentBrowseClassificationEnforcementTest extends BrowseClassificationEnforcementTestBase
{ {
private static final String LEVEL1 = "level1";
private static final String LEVEL2 = "level2";
private static final String REASON = "Test Reason 1";
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isCollaborationSiteTest() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isCollaborationSiteTest()
*/ */
@@ -56,18 +50,21 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
/** /**
* Given that a test user without security clearance exists * Given that a test user without security clearance exists
* and two documents are created in the document library * and two documents are created in the document library
* and one of the documents is classified with the highest security level
* *
* When one of the documents is classified with the highest security level * When I browse the document library as admin
* Then I will see both documents
* *
* Then as the admin user I will see both documents * When I browse the document library as the test user
* and as the test user I will only see the unclassified document * Then I will only see the unclassified document
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef folder; private NodeRef folder;
private NodeRef doc1; private NodeRef doc1;
private NodeRef doc2; private NodeRef doc2;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -75,13 +72,15 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
siteService.setMembership(collabSiteId, myUser, SITE_MANAGER); siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef(); folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
} }
/** /**
@@ -90,7 +89,8 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1); resultsForAdmin = browseAsAdmin(folder);
resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -104,13 +104,12 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertNotNull(childAssociationRefs); assertEquals(2, resultsForAdmin.size());
assertEquals(2, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(doc1, doc2); List<NodeRef> docs = newArrayList(doc1, doc2);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(1).getChildRef()));
return null; return null;
} }
@@ -121,14 +120,13 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertNotNull(childAssociationRefs); assertEquals(1, resultsForTestUser.size());
assertEquals(1, childAssociationRefs.size()); assertEquals(doc2, resultsForTestUser.get(0).getChildRef());
assertEquals(doc2, childAssociationRefs.get(0).getChildRef());
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }
@@ -138,22 +136,25 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
/** /**
* Given that a test user with mid-level security clearance exists * Given that a test user with mid-level security clearance exists
* and three documents are created in the document library * and three documents are created in the document library
* * and one of the documents is classified with the highest security level
* When one of the documents is classified with the highest security level
* and another document is classified with the mid-level security level * and another document is classified with the mid-level security level
* *
* Then as the admin user I will see all three documents * When I browse the document library as admin
* and as the test user I will see the unclassified document * Then I will see all three documents
*
* When I browse the document library as the test user
* Then I will see the unclassified document
* and the document with the mid-level classification * and the document with the mid-level classification
* and I won't be able to see the document with the classification greater than my clearance level * and I won't be able to see the document with the classification greater than my clearance level
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef folder; private NodeRef folder;
private NodeRef doc1; private NodeRef doc1;
private NodeRef doc2; private NodeRef doc2;
private NodeRef doc3; private NodeRef doc3;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -161,15 +162,18 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
siteService.setMembership(collabSiteId, myUser, SITE_MANAGER); siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
securityClearanceService.setUserSecurityClearance(myUser, LEVEL2); securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef(); folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
doc3 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc3 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2);
} }
/** /**
@@ -178,8 +182,8 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1); resultsForAdmin = browseAsAdmin(folder);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2); resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -193,14 +197,13 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForAdmin.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(doc1, doc2, doc3); List<NodeRef> docs = newArrayList(doc1, doc2, doc3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(2).getChildRef()));
return null; return null;
} }
@@ -211,17 +214,16 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertNotNull(childAssociationRefs); assertEquals(2, resultsForTestUser.size());
assertEquals(2, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(doc2, doc3); List<NodeRef> docs = newArrayList(doc2, doc3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(docs.contains(resultsForTestUser.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(docs.contains(resultsForTestUser.get(1).getChildRef()));
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }
@@ -231,20 +233,23 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
/** /**
* Given that a test user with highest level security clearance exists * Given that a test user with highest level security clearance exists
* and three documents are created in the document library * and three documents are created in the document library
* * and one of the documents is classified with the highest security level
* When one of the documents is classified with the highest security level
* and another document is classified with the mid-level security level * and another document is classified with the mid-level security level
* *
* Then as the admin user I will see all three documents * When I browse the document library as admin
* and as the test user I will see all three documents * The I will see all three documents
*
* When I browse the document library as the test user
* The I will see all three documents
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef folder; private NodeRef folder;
private NodeRef doc1; private NodeRef doc1;
private NodeRef doc2; private NodeRef doc2;
private NodeRef doc3; private NodeRef doc3;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -252,15 +257,18 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
siteService.setMembership(collabSiteId, myUser, SITE_MANAGER); siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
securityClearanceService.setUserSecurityClearance(myUser, LEVEL1); securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef(); folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc1 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc2 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
doc3 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef(); doc3 = fileFolderService.create(folder, generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2);
} }
/** /**
@@ -269,8 +277,8 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1); resultsForAdmin = browseAsAdmin(folder);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2); resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -284,14 +292,13 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForAdmin.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(doc1, doc2, doc3); List<NodeRef> docs = newArrayList(doc1, doc2, doc3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(docs.contains(resultsForAdmin.get(2).getChildRef()));
return null; return null;
} }
@@ -302,18 +309,17 @@ public class DocumentClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForTestUser.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(doc1, doc2, doc3); List<NodeRef> docs = newArrayList(doc1, doc2, doc3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(docs.contains(resultsForTestUser.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(docs.contains(resultsForTestUser.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(docs.contains(resultsForTestUser.get(2).getChildRef()));
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }

317
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/DocumentSearchClassificationEnforcementTest.java Normal file
View File

@@ -0,0 +1,317 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
import static com.google.common.collect.Sets.newHashSet;
import static org.alfresco.repo.site.SiteModel.SITE_MANAGER;
import static org.alfresco.util.GUID.generate;
import java.util.List;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Tests for enforcement of classification when searching documents in the document library
*
* @author Tuna Aksoy
* @since 3.0
*/
public class DocumentSearchClassificationEnforcementTest extends SearchClassificationEnforcementTestBase
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isCollaborationSiteTest()
*/
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
public void testUserWithNoSecurityClearance()
{
/**
* Given that a test user without security clearance exists
* and two documents are created in the document library
* and one of the documents is classified with the highest security level
*
* When I search for the documents as admin
* Then I will see both documents
*
* When I search for the documents as the test user
* Then I will only see the unclassified document
*/
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
private NodeRef folder;
private NodeRef doc1;
private NodeRef doc2;
private String searchQuery = generate();
private List<NodeRef> resultsForAdmin;
private List<NodeRef> resultsForTestUser;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() throws Exception
{
testUser = generate();
createPerson(testUser);
siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() throws Exception
{
resultsForAdmin = searchAsAdmin(searchQuery);
resultsForTestUser = searchAsTestUser(searchQuery);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForAdmin);
assertEquals(2, resultsForAdmin.size());
assertTrue(resultsForAdmin.contains(doc1));
assertTrue(resultsForAdmin.contains(doc2));
return null;
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForTestUser);
assertEquals(1, resultsForTestUser.size());
assertTrue(resultsForTestUser.contains(doc2));
return null;
}
}, testUser);
}
});
}
public void testUserWithMidlevelSecurityClearance()
{
/**
* Given that a test user with mid-level security clearance exists
* and three documents are created in the document library
* and one of the documents is classified with the highest security level
* and another document is classified with the mid-level security level
*
* When I search for the documents as admin
* Then I will see all three documents
*
* When I search for the documents as the test user
* Then I will see the unclassified document
* and the document with the mid-level classification
* and I won't be able to see the document with the classification greater than my clearance level
*/
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
private NodeRef folder;
private NodeRef doc1;
private NodeRef doc2;
private NodeRef doc3;
private String searchQuery = generate();
private List<NodeRef> resultsForAdmin;
private List<NodeRef> resultsForTestUser;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() throws Exception
{
testUser = generate();
createPerson(testUser);
siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc3 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() throws Exception
{
resultsForAdmin = searchAsAdmin(searchQuery);
resultsForTestUser = searchAsTestUser(searchQuery);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForAdmin);
assertEquals(3, resultsForAdmin.size());
assertTrue(resultsForAdmin.contains(doc1));
assertTrue(resultsForAdmin.contains(doc2));
assertTrue(resultsForAdmin.contains(doc3));
return null;
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForTestUser);
assertEquals(2, resultsForTestUser.size());
assertTrue(resultsForTestUser.contains(doc2));
assertTrue(resultsForTestUser.contains(doc3));
return null;
}
}, testUser);
}
});
}
public void testUseWithHighestLevelSecurityClearance()
{
/**
* Given that a test user with highest level security clearance exists
* and three documents are created in the document library
* and one of the documents is classified with the highest security level
* and another document is classified with the mid-level security level
*
* When I search for the documents as admin
* Then I will see all three documents
*
* When I search for the documents as the test user
* Then I will see all three documents
*/
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
private NodeRef folder;
private NodeRef doc1;
private NodeRef doc2;
private NodeRef doc3;
private String searchQuery = generate();
private List<NodeRef> resultsForAdmin;
private List<NodeRef> resultsForTestUser;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() throws Exception
{
testUser = generate();
createPerson(testUser);
siteService.setMembership(collabSiteId, testUser, SITE_MANAGER);
securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
folder = fileFolderService.create(documentLibrary, generate(), TYPE_FOLDER).getNodeRef();
doc1 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc3 = fileFolderService.create(folder, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), doc2);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() throws Exception
{
resultsForAdmin = searchAsAdmin(searchQuery);
resultsForTestUser = searchAsTestUser(searchQuery);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForAdmin);
assertEquals(3, resultsForAdmin.size());
assertTrue(resultsForAdmin.contains(doc1));
assertTrue(resultsForAdmin.contains(doc2));
assertTrue(resultsForAdmin.contains(doc3));
return null;
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertNotNull(resultsForTestUser);
assertEquals(3, resultsForTestUser.size());
assertTrue(resultsForTestUser.contains(doc1));
assertTrue(resultsForTestUser.contains(doc2));
assertTrue(resultsForTestUser.contains(doc3));
return null;
}
}, testUser);
}
});
}
}

168
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/RecordClassificationEnforcementTest.java → rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/RecordBrowseClassificationEnforcementTest.java
View File

@@ -23,10 +23,8 @@ import static com.google.common.collect.Sets.newHashSet;
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_USER; import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_USER;
import static org.alfresco.util.GUID.generate; import static org.alfresco.util.GUID.generate;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
@@ -36,33 +34,31 @@ import org.alfresco.service.cmr.repository.NodeRef;
* @author Tuna Aksoy * @author Tuna Aksoy
* @since 3.0 * @since 3.0
*/ */
public class RecordClassificationEnforcementTest extends BaseRMTestCase public class RecordBrowseClassificationEnforcementTest extends BrowseClassificationEnforcementTestBase
{ {
private static final String LEVEL1 = "level1";
private static final String LEVEL2 = "level2";
private static final String REASON = "Test Reason 1";
public void testUserWithNoSecurityClearance() public void testUserWithNoSecurityClearance()
{ {
/** /**
* Given that a test user without security clearance exists * Given that a test user without security clearance exists
* and the test user is added to the RM Users role * and the test user is added to the RM Users role
* and a category, a folder and two records are created in the file plan * and a category, a folder and two records are created in the file plan
* * and the test user is given read permissions on the category
* When the test user is given read permissions on the category
* and one of the records is classified with the highest security level * and one of the records is classified with the highest security level
* *
* When I browse the file plan as admin
* Then I will see both documents
* *
* Then as the admin user I will see both records * When I browse the file plan as the test user
* and as the test user I will only see the unclassified record * Then I will only see the unclassified record
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef category; private NodeRef category;
private NodeRef folder; private NodeRef folder;
private NodeRef record1; private NodeRef record1;
private NodeRef record2; private NodeRef record2;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -70,14 +66,16 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, myUser); filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
category = filePlanService.createRecordCategory(filePlan, generate()); category = filePlanService.createRecordCategory(filePlan, generate());
folder = recordFolderService.createRecordFolder(category, generate()); folder = recordFolderService.createRecordFolder(category, generate());
record1 = utils.createRecord(folder, generate()); record1 = utils.createRecord(folder, generate());
record2 = utils.createRecord(folder, generate()); record2 = utils.createRecord(folder, generate());
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
} }
/** /**
@@ -86,8 +84,10 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
filePlanPermissionService.setPermission(category, myUser, READ_RECORDS); filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
resultsForAdmin = browseAsAdmin(folder);
resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -101,12 +101,12 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertEquals(2, childAssocs.size()); assertEquals(2, resultsForAdmin.size());
List<NodeRef> recordList = newArrayList(record1, record2); List<NodeRef> records = newArrayList(record1, record2);
assertTrue(recordList.contains(childAssocs.get(0).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(recordList.contains(childAssocs.get(1).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(1).getChildRef()));
return null; return null;
} }
@@ -117,13 +117,13 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertEquals(1, childAssocs.size()); assertEquals(1, resultsForTestUser.size());
assertEquals(record2, childAssocs.get(0).getChildRef()); assertEquals(record2, resultsForTestUser.get(0).getChildRef());
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }
@@ -134,24 +134,27 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
* Given that a test user with mid-level security clearance exists * Given that a test user with mid-level security clearance exists
* and the test user is added to the RM Users role * and the test user is added to the RM Users role
* and a category, a folder and three records are created in the file plan * and a category, a folder and three records are created in the file plan
* * and the test user is given read permissions on the category
* When the test user is given read permissions on the category
* and one of the records is classified with the highest security level * and one of the records is classified with the highest security level
* and another record is classified with the mid-level security level * and another record is classified with the mid-level security level
* *
* Then as the admin user I will see all three records * When I browse the file plan as admin
* and as the test user I will see the unclassified record * Then I will see all three records
*
* When I browse the file plan as the test user
* Then I will see the unclassified record
* and the record with the mid-level classification * and the record with the mid-level classification
* and I won't be able to see the record with the classification greater than my clearance level * and I won't be able to see the record with the classification greater than my clearance level
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef category; private NodeRef category;
private NodeRef folder; private NodeRef folder;
private NodeRef record1; private NodeRef record1;
private NodeRef record2; private NodeRef record2;
private NodeRef record3; private NodeRef record3;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -159,16 +162,19 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, myUser); filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
securityClearanceService.setUserSecurityClearance(myUser, LEVEL2); securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
category = filePlanService.createRecordCategory(filePlan, generate()); category = filePlanService.createRecordCategory(filePlan, generate());
folder = recordFolderService.createRecordFolder(category, generate()); folder = recordFolderService.createRecordFolder(category, generate());
record1 = utils.createRecord(folder, generate()); record1 = utils.createRecord(folder, generate());
record2 = utils.createRecord(folder, generate()); record2 = utils.createRecord(folder, generate());
record3 = utils.createRecord(folder, generate()); record3 = utils.createRecord(folder, generate());
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
} }
/** /**
@@ -177,9 +183,10 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
filePlanPermissionService.setPermission(category, myUser, READ_RECORDS); filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2); resultsForAdmin = browseAsAdmin(folder);
resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -193,14 +200,13 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForAdmin.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(record1, record2, record3); List<NodeRef> records = newArrayList(record1, record2, record3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(2).getChildRef()));
return null; return null;
} }
@@ -211,17 +217,16 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertNotNull(childAssociationRefs); assertEquals(2, resultsForTestUser.size());
assertEquals(2, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(record2, record3); List<NodeRef> records = newArrayList(record2, record3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(records.contains(resultsForTestUser.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(records.contains(resultsForTestUser.get(1).getChildRef()));
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }
@@ -232,22 +237,25 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
* Given that a test user with highest level security clearance exists * Given that a test user with highest level security clearance exists
* and the test user is added to the RM Users role * and the test user is added to the RM Users role
* and a category, a folder and three records are created in the file plan * and a category, a folder and three records are created in the file plan
* * and the test user is given read permissions on the category
* When the test user is given read permissions on the category
* and one of the records is classified with the highest security level * and one of the records is classified with the highest security level
* and another record is classified with the mid-level security level * and another record is classified with the mid-level security level
* *
* Then as the admin user I will see all three records * When I browse the file plan as admin
* and as the test user I will see all three records * The I will see all three records
*
* When I browse the file plan as the test user
* The I will see all three records
*/ */
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
private String myUser;
private NodeRef category; private NodeRef category;
private NodeRef folder; private NodeRef folder;
private NodeRef record1; private NodeRef record1;
private NodeRef record2; private NodeRef record2;
private NodeRef record3; private NodeRef record3;
private List<ChildAssociationRef> resultsForAdmin;
private List<ChildAssociationRef> resultsForTestUser;
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
@@ -255,16 +263,19 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void given() throws Exception public void given() throws Exception
{ {
myUser = generate(); testUser = generate();
createPerson(myUser); createPerson(testUser);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, myUser); filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
securityClearanceService.setUserSecurityClearance(myUser, LEVEL1); securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
category = filePlanService.createRecordCategory(filePlan, generate()); category = filePlanService.createRecordCategory(filePlan, generate());
folder = recordFolderService.createRecordFolder(category, generate()); folder = recordFolderService.createRecordFolder(category, generate());
record1 = utils.createRecord(folder, generate()); record1 = utils.createRecord(folder, generate());
record2 = utils.createRecord(folder, generate()); record2 = utils.createRecord(folder, generate());
record3 = utils.createRecord(folder, generate()); record3 = utils.createRecord(folder, generate());
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
} }
/** /**
@@ -273,9 +284,10 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public void when() throws Exception public void when() throws Exception
{ {
filePlanPermissionService.setPermission(category, myUser, READ_RECORDS); filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2); resultsForAdmin = browseAsAdmin(folder);
resultsForTestUser = browseAsTestUser(folder);
} }
/** /**
@@ -289,14 +301,13 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForAdmin);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForAdmin.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(record1, record2, record3); List<NodeRef> records = newArrayList(record1, record2, record3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(records.contains(resultsForAdmin.get(2).getChildRef()));
return null; return null;
} }
@@ -307,18 +318,17 @@ public class RecordClassificationEnforcementTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
List<ChildAssociationRef> childAssociationRefs = nodeService.getChildAssocs(folder); assertNotNull(resultsForTestUser);
assertNotNull(childAssociationRefs); assertEquals(3, resultsForTestUser.size());
assertEquals(3, childAssociationRefs.size());
ArrayList<NodeRef> docs = newArrayList(record1, record2, record3); List<NodeRef> records = newArrayList(record1, record2, record3);
assertTrue(docs.contains(childAssociationRefs.get(0).getChildRef())); assertTrue(records.contains(resultsForTestUser.get(0).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(1).getChildRef())); assertTrue(records.contains(resultsForTestUser.get(1).getChildRef()));
assertTrue(docs.contains(childAssociationRefs.get(2).getChildRef())); assertTrue(records.contains(resultsForTestUser.get(2).getChildRef()));
return null; return null;
} }
}, myUser); }, testUser);
} }
}); });
} }

138
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/ResultSetPostMethodInvocationProcessorTest.java
View File

@@ -1,138 +0,0 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
import static com.google.common.collect.Sets.newHashSet;
import static java.lang.Integer.MAX_VALUE;
import static org.alfresco.repo.site.SiteModel.SITE_MANAGER;
import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
import static org.alfresco.service.namespace.NamespaceService.CONTENT_MODEL_1_0_URI;
import static org.alfresco.util.GUID.generate;
import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchParameters;
/**
* Integration test for ResultTest post method invocation processor
*
* @author Tuna Aksoy
* @since 3.0
*/
public class ResultSetPostMethodInvocationProcessorTest extends BaseRMTestCase
{
private static final String LEVEL1 = "level1";
private static final String REASON = "Test Reason 1";
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isCollaborationSiteTest()
*/
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
public void testResultSetPostMethodInvocationProcessor()
{
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
private String myUser;
private NodeRef doc1;
private NodeRef doc2;
private String searchQuery = generate();
private ResultSet result;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() throws Exception
{
myUser = generate();
createPerson(myUser);
siteService.setMembership(collabSiteId, myUser, SITE_MANAGER);
doc1 = fileFolderService.create(documentLibrary, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
doc2 = fileFolderService.create(documentLibrary, searchQuery + generate(), TYPE_CONTENT).getNodeRef();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), doc1);
return null;
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
SearchParameters searchParameters = new SearchParameters();
searchParameters.setQuery("@cm\\:name:" + searchQuery + "*");
searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
searchParameters.setMaxItems(MAX_VALUE);
searchParameters.setNamespace(CONTENT_MODEL_1_0_URI);
result = searchService.query(searchParameters);
return null;
}
}, myUser);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() throws Exception
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
List<NodeRef> nodeRefs = result.getNodeRefs();
assertEquals(2, nodeRefs.size());
assertTrue(nodeRefs.contains(doc1));
assertTrue(nodeRefs.contains(doc2));
return null;
}
}, myUser);
}
});
}
}

71
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/SearchClassificationEnforcementTestBase.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
import static java.lang.Integer.MAX_VALUE;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.search.SearchParameters;
/**
* Base class for classification enforcement tests for the search action
*
* @author Tuna Aksoy
* @since 3.0
*/
public class SearchClassificationEnforcementTestBase extends BaseRMTestCase
{
protected String testUser;
protected static final String LEVEL1 = "level1";
protected static final String LEVEL2 = "level2";
protected static final String REASON = "Test Reason 1";
protected List<NodeRef> search(String searchQuery, String userName)
{
return doTestInTransaction(new Test<List<NodeRef>>()
{
@Override
public List<NodeRef> run()
{
SearchParameters searchParameters = new SearchParameters();
searchParameters.setQuery("cm:name:" + searchQuery + "*");
searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
searchParameters.setMaxItems(MAX_VALUE);
return searchService.query(searchParameters).getNodeRefs();
}
}, userName);
}
protected List<NodeRef> searchAsAdmin(String searchQuery)
{
return search(searchQuery, getAdminUserName());
}
protected List<NodeRef> searchAsTestUser(String searchQuery)
{
return search(searchQuery, testUser);
}
}