inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
75514: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (5.0/Cloud)
      75123: Merged DEV to V4.2-BUG-FIX (4.2.3)
         74367: MNT-11725 : Unable to manage permissions when granted coordinator role.
         Changed the order of adding and deleting a permission for the downgrading of permissions use case.
         75098: MNT-11725 : Unable to manage permissions when granted coordinator role.
         Added a test to simulate the issue.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@77476 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Mark Rogers
2014-07-22 12:47:56 +00:00
parent 8a96e0b8a5
commit 94597c622a
2 changed files with 197 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/permissions.post.json.js
View File

@@ -35,6 +35,23 @@ function main()
status.setCode(status.STATUS_BAD_REQUEST, "Permissions value missing from request."); status.setCode(status.STATUS_BAD_REQUEST, "Permissions value missing from request.");
} }
// Inherited permissions flag
// First set inherit and then modify permissions
// See MNT-11725
if (json.has("isInherited"))
{
var isInherited = json.getBoolean("isInherited");
if (location.site != null)
{
if (isInherited == false)
{
// Insure Site Managers can still manage content.
node.setPermission("SiteManager", siteManagerAuthority);
}
}
node.setInheritsPermissions(isInherited);
}
var permissions = json.getJSONArray("permissions"); var permissions = json.getJSONArray("permissions");
for (var i = 0; i < permissions.length(); i++) for (var i = 0; i < permissions.length(); i++)
{ {
@@ -63,21 +80,6 @@ function main()
node.setPermission(role, authority); node.setPermission(role, authority);
} }
} }
// Inherited permissions flag
if (json.has("isInherited"))
{
var isInherited = json.getBoolean("isInherited");
if (location.site != null)
{
if (isInherited == false)
{
// Insure Site Managers can still manage content.
node.setPermission("SiteManager", siteManagerAuthority);
}
}
node.setInheritsPermissions(isInherited);
}
} }
main(); main();

180
source/test-java/org/alfresco/repo/web/scripts/permission/PermissionServiceTest.java Normal file
View File

@@ -0,0 +1,180 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.web.scripts.permission;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
/**
* Test for RestAPI permission services
*
* @author alex.mukha
* @since 4.2.3
*/
public class PermissionServiceTest extends BaseWebScriptTest
{
private MutableAuthenticationService authenticationService;
private AuthenticationComponent authenticationComponent;
private PersonService personService;
private NodeService nodeService;
private PermissionService permissionService;
private static final String USER_ONE = "USER" + GUID.generate();
private static final String URL_DOCLIB_PERMISSIONS = "/slingshot/doclib/permissions";
@Override
protected void setUp() throws Exception
{
super.setUp();
this.authenticationService = (MutableAuthenticationService)getServer().getApplicationContext().getBean("AuthenticationService");
this.authenticationComponent = (AuthenticationComponent)getServer().getApplicationContext().getBean("authenticationComponent");
this.personService = (PersonService)getServer().getApplicationContext().getBean("PersonService");
this.nodeService = (NodeService)getServer().getApplicationContext().getBean("NodeService");
this.permissionService = (PermissionService)getServer().getApplicationContext().getBean("PermissionService");
this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
// Create users
createUser(USER_ONE);
}
@Override
protected void tearDown() throws Exception
{
super.tearDown();
this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
// Clear the users
deleteUser(USER_ONE);
}
/**
* Test for MNT-11725
*/
public void testDowngradePermissions() throws Exception
{
NodeRef rootNodeRef = this.nodeService.getRootNode(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
NodeRef folderRef = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName(NamespaceService.ALFRESCO_URI, "testFolder"),
ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(folderRef, USER_ONE, PermissionService.COORDINATOR, true);
permissionService.setInheritParentPermissions(folderRef, false);
authenticationComponent.setCurrentUser(USER_ONE);
// JSON fromat
// {"permissions":
// [{"authority":"userA",
// "role":"Consumer"},
// {"authority":"userA",
// "role":"Coordinator",
// "remove":true}],
// "isInherited":true}
/* negative test, we are first deleting the coordinator role and then try to add consumer */
JSONObject changePermission = new JSONObject();
JSONArray permissions = new JSONArray();
// First delete permission, then add
JSONObject addPermission = new JSONObject();
addPermission.put("authority", USER_ONE);
addPermission.put("role", PermissionService.CONSUMER);
JSONObject removePermission = new JSONObject();
removePermission.put("authority", USER_ONE);
removePermission.put("role", PermissionService.COORDINATOR);
removePermission.put("remove","true");
permissions.put(removePermission);
permissions.put(addPermission);
changePermission.put("permissions", permissions);
changePermission.put("isInherited", "true");
sendRequest(new PostRequest(URL_DOCLIB_PERMISSIONS +
"/" + StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getProtocol() +
"/" + StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getIdentifier() +
"/" + folderRef.getId(), changePermission.toString(), "application/json"), Status.STATUS_INTERNAL_SERVER_ERROR);
/* positive test */
changePermission = new JSONObject();
permissions = new JSONArray();
// First add permission, then delete
addPermission = new JSONObject();
addPermission.put("authority", USER_ONE);
addPermission.put("role", PermissionService.CONSUMER);
removePermission = new JSONObject();
removePermission.put("authority", USER_ONE);
removePermission.put("role", PermissionService.COORDINATOR);
removePermission.put("remove","true");
permissions.put(addPermission);
permissions.put(removePermission);
changePermission.put("permissions", permissions);
changePermission.put("isInherited", "true");
sendRequest(new PostRequest(URL_DOCLIB_PERMISSIONS +
"/" + StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getProtocol() +
"/" + StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getIdentifier() +
"/" + folderRef.getId(), changePermission.toString(), "application/json"), Status.STATUS_OK);
AccessStatus accessStatus = permissionService.hasPermission(folderRef, PermissionService.CONSUMER);
assertTrue("The permission was not set correctly", accessStatus == AccessStatus.ALLOWED);
this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
nodeService.deleteNode(folderRef);
}
private void createUser(String userName)
{
if (this.authenticationService.authenticationExists(userName) == false)
{
this.authenticationService.createAuthentication(userName, "PWD".toCharArray());
PropertyMap properties = new PropertyMap(4);
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_FIRSTNAME, "firstName");
properties.put(ContentModel.PROP_LASTNAME, "lastName");
properties.put(ContentModel.PROP_EMAIL, "email@email.com");
properties.put(ContentModel.PROP_JOBTITLE, "jobTitle");
this.personService.createPerson(properties);
}
}
private void deleteUser(String username)
{
this.personService.deletePerson(username);
if(this.authenticationService.authenticationExists(username))
{
this.authenticationService.deleteAuthentication(username);
}
}
}