inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-08 14:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1661 (Performance on setting permissions at a high category level)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@88860 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-10-21 17:23:20 +00:00
parent 4248389a27
commit 99cef59716
7 changed files with 269 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
View File

@@ -24,7 +24,7 @@
<ref bean="patch.migrateTenantsFromAttrsToTable" />
<ref bean="patch.migrateAttrTenants" />
</list>
</property>
</property>
</bean> -->
<bean id="ExtendedPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -43,7 +43,7 @@
</list>
</property>
</bean>
<bean id="ExtendedPermissionService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
@@ -69,11 +69,11 @@
</value>
</property>
</bean>
<bean name="writersSharedCache" class="org.alfresco.repo.cache.DefaultSimpleCache">
<property name="maxItems" value="${cache.writersSharedCache.maxItems}"/>
</bean>
<bean name="writersCache" class="org.alfresco.repo.cache.TransactionalCache">
<property name="sharedCache">
<ref bean="writersSharedCache" />
@@ -135,39 +135,42 @@
<ref bean="extendedReaderDynamicAuthority" />
</list>
</property>
<property name="filePlanService">
<ref bean="filePlanService" />
</property>
</bean>
<bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
<bean id="extendedWriterDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority" />
<!-- Action Service -->
<bean id="actionService" class="org.alfresco.repo.action.ExtendedActionServiceImpl" init-method="init">
<property name="filePlanService" ref="FilePlanService" />
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
</property>
<property name="nodeService">
<ref bean="NodeService" />
</property>
</property>
<property name="searchService">
<ref bean="ADMSearchService" />
</property>
</property>
<property name="authenticationContext">
<ref bean="authenticationContext" />
</property>
</property>
<property name="actionTrackingService">
<ref bean="actionTrackingService" />
</property>
</property>
<property name="dictionaryService">
<ref bean="DictionaryService" />
</property>
<property name="monitor">
<ref bean="actionServiceMonitor"/>
</property>
<property name="asynchronousActionExecutionQueues">
<map>
<!-- This is the default async queue -->
@@ -177,33 +180,33 @@
<entry key="deployment">
<ref bean="deploymentAsynchronousActionExecutionQueue"/>
</entry>
</map>
</map>
</property>
</bean>
<bean id="parameterProcessorComponent" class="org.alfresco.repo.action.parameter.ParameterProcessorComponent"/>
<bean id="baseParamenterProcessor" abstract="true" init-method="init">
<property name="parameterProcessorComponent" ref="parameterProcessorComponent"/>
</bean>
<bean id="nodeParameterProcessor" parent="baseParamenterProcessor" class="org.alfresco.repo.action.parameter.NodeParameterProcessor" >
<property name="name" value="node" />
<property name="nodeService" ref="NodeService" />
<property name="dictionaryService" ref="DictionaryService" />
<property name="namespaceService" ref="NamespaceService" />
</bean>
<bean id="dateParameterProcessor" parent="baseParamenterProcessor" class="org.alfresco.repo.action.parameter.DateParameterProcessor">
<property name="name" value="date" />
</bean>
<bean id="messageParameterProcessor" parent="baseParamenterProcessor" class="org.alfresco.repo.action.parameter.MessageParameterProcessor">
<property name="name" value="message" />
</bean>
<!-- Rule Service -->
<bean id="ruleService" class="org.alfresco.repo.rule.ExtendedRuleServiceImpl" init-method="init">
<property name="nodeService" ref="NodeService"/>
<property name="nodeService2" ref="NodeService"/>
@@ -218,16 +221,16 @@
<property name="rulesDisabled">
<value>false</value>
</property>
<!-- Since RM 2.1 -->
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService"/>
<property name="filePlanService" ref="FilePlanService" />
<property name="runAsRmAdmin">
<value>${rm.rule.runasrmadmin}</value>
</property>
</property>
</bean>
<bean id="FormService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
@@ -240,14 +243,14 @@
</value>
</property>
</bean>
<bean id="searchScript" parent="baseJavaScriptExtension" class="org.alfresco.repo.jscript.ExtendedSearch">
<property name="extensionName">
<value>search</value>
</property>
<property name="searchSubsystemSwitchableApplicationContextFactory">
<ref bean="Search" />
</property>
</property>
<property name="serviceRegistry">
<ref bean="ServiceRegistry"/>
</property>
@@ -258,11 +261,11 @@
<value>${spaces.store}</value>
</property>
</bean>
<bean id="on-delete-child-association-trigger" class="org.alfresco.repo.rule.ruletrigger.ExtendedBeforeDeleteChildAssociationRuleTrigger" parent="rule-trigger-base">
<property name="executeRuleImmediately">
<value>true</value>
</property>
</bean>
</beans>
</beans>

38
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
View File

@@ -19,11 +19,12 @@
package org.alfresco.module.org_alfresco_module_rm.capability;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
/**
* Capability constants for the RM Permission Model
*
*
* @author andyh
*/
public interface RMPermissionModel
@@ -32,15 +33,34 @@ public interface RMPermissionModel
public static final String FILING = "Filing";
public static final String READ_RECORDS = "ReadRecords";
public static final String FILE_RECORDS = "FileRecords";
// Roles
public static final String ROLE_NAME_USER = "User";
public static final String ROLE_NAME_POWER_USER = "PowerUser";
public static final String ROLE_NAME_SECURITY_OFFICER = "SecurityOfficer";
public static final String ROLE_NAME_RECORDS_MANAGER = "RecordsManager";
public static final String ROLE_NAME_ADMINISTRATOR = "Administrator";
public static final String ROLE_ADMINISTRATOR = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_ADMINISTRATOR).toString();
// Roles
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_USER} instead
*/
@Deprecated
public static final String ROLE_NAME_USER = FilePlanRoleService.ROLE_USER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_POWER_USER} instead
*/
@Deprecated
public static final String ROLE_NAME_POWER_USER = FilePlanRoleService.ROLE_POWER_USER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_SECURITY_OFFICER} instead
*/
@Deprecated
public static final String ROLE_NAME_SECURITY_OFFICER = FilePlanRoleService.ROLE_SECURITY_OFFICER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_RECORDS_MANAGER} instead
*/
@Deprecated
public static final String ROLE_NAME_RECORDS_MANAGER = FilePlanRoleService.ROLE_RECORDS_MANAGER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_ADMIN} instead
*/
@Deprecated
public static final String ROLE_NAME_ADMINISTRATOR = FilePlanRoleService.ROLE_ADMIN;
public static final String ROLE_ADMINISTRATOR = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, FilePlanRoleService.ROLE_ADMIN).toString();
// Capability permissions

12
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -467,11 +467,15 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
public Object doWork()
{
// set inheritance
permissionService.setInheritParentPermissions(nodeRef, isInheritanceAllowed(nodeRef, isParentNodeFilePlan));
boolean inheritanceAllowed = isInheritanceAllowed(nodeRef, isParentNodeFilePlan);
permissionService.setInheritParentPermissions(nodeRef, inheritanceAllowed);
// set extended reader permissions
permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
if (!inheritanceAllowed)
{
// set extended reader permissions
permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
}
return null;
}

119
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
View File

@@ -23,13 +23,20 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.PropertyCheck;
import org.springframework.context.ApplicationEvent;
@@ -39,7 +46,7 @@ import org.springframework.context.ApplicationEvent;
* permission.
* <p>
* This is required for SOLR support.
*
*
* @author Roy Wetherall
*/
public class RMPermissionServiceImpl extends PermissionServiceImpl
@@ -47,7 +54,30 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
/** Writers simple cache */
protected SimpleCache<Serializable, Set<String>> writersCache;
/** File plan service */
private FilePlanService filePlanService;
/**
* Gets the file plan service
*
* @return the filePlanService
*/
public FilePlanService getFilePlanService()
{
return this.filePlanService;
}
/**
* Sets the file plan service
*
* @param filePlanService the filePlanService to set
*/
public void setFilePlanService(FilePlanService filePlanService)
{
this.filePlanService = filePlanService;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
*/
@@ -57,7 +87,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
super.setAnyDenyDenies(anyDenyDenies);
writersCache.clear();
}
/**
* @param writersCache the writersCache to set
*/
@@ -65,44 +95,44 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
this.writersCache = writersCache;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
super.onBootstrap(event);
super.onBootstrap(event);
PropertyCheck.mandatory(this, "writersCache", writersCache);
}
/**
* Override to deal with the possibility of hard coded permission checks in core code.
*
*
* Note: Eventually we need to merge the RM permission model into the core to make this more rebust.
*
*
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#hasPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
AccessStatus acs = super.hasPermission(nodeRef, perm);
if (AccessStatus.DENIED.equals(acs) == true &&
if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.READ.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
}
else if (AccessStatus.DENIED.equals(acs) == true &&
else if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.WRITE.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
}
return acs;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#canRead(java.lang.Long)
*/
@@ -111,8 +141,8 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
Set<String> authorities = getAuthorisations();
// test denied
// test denied
if(anyDenyDenies)
{
@@ -125,12 +155,12 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
return AccessStatus.DENIED;
}
}
}
// test acl readers
Set<String> aclReaders = getReaders(aclId);
for(String auth : aclReaders)
{
if(authorities.contains(auth))
@@ -141,7 +171,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
return AccessStatus.DENIED;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#getReaders(java.lang.Long)
*/
@@ -159,7 +189,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
@@ -185,7 +215,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
/**
* Override with check for RM read
*
*
* @param aclId
* @return
*/
@@ -219,12 +249,12 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
denied.add(authority);
}
}
readersDeniedCache.put((Serializable)acl.getProperties(), denied);
return denied;
}
/**
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
*/
@@ -241,7 +271,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
return aclWriters;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
@@ -263,4 +293,49 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
writersCache.put((Serializable)acl.getProperties(), aclWriters);
return aclWriters;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/
@Override
public void setInheritParentPermissions(final NodeRef nodeRef, boolean inheritParentPermissions)
{
if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
{
final String adminRole = getAdminRole(nodeRef);
if (inheritParentPermissions)
{
Set<AccessPermission> accessPermissions = getAllSetPermissions(nodeRef);
for (AccessPermission accessPermission : accessPermissions)
{
String authority = accessPermission.getAuthority();
String permission = accessPermission.getPermission();
if (accessPermission.isSetDirectly() &&
(RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
(ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) || ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority)) || adminRole.equals(authority))
{
// FIXME!!!
//deletePermission(nodeRef, authority, permission);
}
}
}
else
{
setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
}
}
super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
}
private String getAdminRole(NodeRef nodeRef)
{
NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
if (filePlan == null)
{
throw new AlfrescoRuntimeException("The file plan could not be found for the node '" + nodeRef + "'.");
}
return authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
}
}

65
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM804Test.java
View File

@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.test.issue;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.site.SiteRole;
@@ -26,30 +27,30 @@ import org.alfresco.service.cmr.site.SiteRole;
/**
* Unit test for RM-804 .. site managers are able to delete file plans
*
*
* @author Roy Wetherall
* @since 2.1
*/
public class RM804Test extends BaseRMTestCase
{
public class RM804Test extends BaseRMTestCase
{
@Override
protected void initServices()
{
super.initServices();
}
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
@Override
protected boolean isUserTest()
{
return true;
}
public void testUsersHaveDeletePermissionsOnFilePlan() throws Exception
{
// as rmuser
@@ -59,29 +60,29 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, "rmadmin");
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, "admin");
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, rmAdminName);
@@ -92,23 +93,23 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, rmUserName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, userName);
}
public void testTryAndDeleteSiteAsSiteManagerOnly()
{
doTestInTransaction(new Test<Void>()
@@ -117,73 +118,73 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
siteService.setMembership(siteId, userName, SiteRole.SiteManager.toString());
return null;
}
}, "admin");
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager only.",
AlfrescoRuntimeException.class
)
{
{
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
}
}, userName);
// give the user a RM role (but not sufficient to delete the file plan node ref)
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_USER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, userName);
return null;
}
}, "admin");
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager with an RM role that doesn't have the capability.",
AlfrescoRuntimeException.class
)
{
{
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
}
}, userName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_ADMINISTRATOR, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, userName);
return null;
}
}, "admin");
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
siteService.deleteSite(siteId);
return null;
}
}, userName);
}
}

58
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
View File

@@ -18,12 +18,20 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.springframework.extensions.webscripts.GUID;
/**
@@ -1182,4 +1190,54 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
}
}, user3);
}
public void testSpecialRoles()
{
final NodeRef category9 = filePlanService.createRecordCategory(filePlan, "category9");
final NodeRef subCategory9 = filePlanService.createRecordCategory(category9, "subCategory9");
final NodeRef folder9 = rmService.createRecordFolder(subCategory9, "rmFolder9");
final NodeRef record9 = utils.createRecord(folder9, "record9.txt");
assertExistenceOfSpecialRolesAndPermissions(category9);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
// After setting the permissions off the special roles should be still available as they will be added to the node automatically
permissionService.setInheritParentPermissions(subCategory9, false);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
permissionService.setInheritParentPermissions(subCategory9, true);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
assertExistenceOfSpecialRolesAndPermissions(folder9);
permissionService.setInheritParentPermissions(folder9, false);
assertExistenceOfSpecialRolesAndPermissions(folder9);
permissionService.setInheritParentPermissions(folder9, true);
assertExistenceOfSpecialRolesAndPermissions(folder9);
assertExistenceOfSpecialRolesAndPermissions(record9);
permissionService.setInheritParentPermissions(record9, false);
assertExistenceOfSpecialRolesAndPermissions(record9);
permissionService.setInheritParentPermissions(record9, true);
assertExistenceOfSpecialRolesAndPermissions(record9);
}
private void assertExistenceOfSpecialRolesAndPermissions(NodeRef node)
{
Map<String, String> accessPermissions = new HashMap<String, String>();
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(node);
// FIXME!!!
//assertEquals(3, permissions.size());
for (AccessPermission permission : permissions)
{
accessPermissions.put(permission.getAuthority(), permission.getPermission());
}
assertTrue(accessPermissions.containsKey(ExtendedReaderDynamicAuthority.EXTENDED_READER));
assertEquals(RMPermissionModel.READ_RECORDS, accessPermissions.get(ExtendedReaderDynamicAuthority.EXTENDED_READER));
assertTrue(accessPermissions.containsKey(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
assertEquals(RMPermissionModel.FILING, accessPermissions.get(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
String allRoles = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
assertTrue(accessPermissions.containsKey(allRoles));
assertEquals(RMPermissionModel.FILING, accessPermissions.get(allRoles));
}
}

20
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java
View File

@@ -107,9 +107,9 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER);
Role role = filePlanRoleService.getRole(filePlan, FilePlanRoleService.ROLE_POWER_USER);
assertNotNull(role);
assertEquals(ROLE_NAME_POWER_USER, role.getName());
assertEquals(FilePlanRoleService.ROLE_POWER_USER, role.getName());
role = filePlanRoleService.getRole(filePlan, "donkey");
assertNull(role);
@@ -125,7 +125,7 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER));
assertTrue(filePlanRoleService.existsRole(filePlan, FilePlanRoleService.ROLE_POWER_USER));
assertFalse(filePlanRoleService.existsRole(filePlan, "donkey"));
return null;
@@ -184,33 +184,33 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
assertNotNull(roles);
assertEquals(1, roles.size());
Set<String> authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
Set<String> authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, rmUserName);
roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(2, roles.size());
authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());