From 9d7fe7fd4a75f7cf81eb7e3327df887fc1557a14 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Mon, 16 Apr 2012 02:59:54 +0000 Subject: [PATCH] RM Bug Fixes: * Fixed up issues seen during QA security knowledge transfer session * hard coded "Read" evaluation in DocLib js is overridden in RM to account for "ReadRecord" ... not ideal solution but no other option for the moment * property pages now show for non-admin users * actions on toolbar showing and hidding correctly when capabilities missing * other actions showing and hiding correctly when capabilities missing * view details UI action to capability link now working correctly * some unit test monkeying * gradle scripts have 'explodedDeploy' taget which does deploys content of AMP (or at least what would be the contents of the AMP) to the exploded web apps ... speeds up dev time heaps! git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@35251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- build.gradle | 52 +- rm-server/.classpath | 2 +- rm-server/build.gradle | 3 - .../rm-capabilities-context.xml | 17 +- .../documentlibrary-v2/doclist.lib.js | 264 +++++ .../slingshot/documentlibrary-v2/node.get.js | 77 ++ .../action/RMActionExecuterAbstractBase.java | 2 +- .../{impl => }/AbstractCapability.java | 7 +- .../declarative/DeclarativeCapability.java | 6 +- .../condition/FillingCapabilityCondition.java | 73 +- .../capability/group/DeclareCapability.java | 2 +- .../capability/group/DeleteCapability.java | 2 +- .../capability/group/UpdateCapability.java | 2 +- .../group/UpdatePropertiesCapability.java | 2 +- .../ChangeOrDeleteReferencesCapability.java | 2 +- .../impl/DeleteLinksCapability.java | 2 +- .../impl/EditRecordMetadataCapability.java | 20 +- .../AddModifyEventDatesCapabilityTest.java | 282 ------ ...veRecordsScheduledForCutoffCapability.java | 307 ------ .../capabilities/BaseTestCapabilities.java | 903 ------------------ .../DeclarativeCapabilityTest.java | 5 - .../capabilities/GroupCapabilityTest.java | 163 ++++ 22 files changed, 580 insertions(+), 1615 deletions(-) create mode 100644 rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/doclist.lib.js create mode 100644 rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/node.get.js rename rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/{impl => }/AbstractCapability.java (91%) delete mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java delete mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java delete mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java create mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java diff --git a/build.gradle b/build.gradle index 4faaac8596..bb38b225da 100644 --- a/build.gradle +++ b/build.gradle @@ -15,16 +15,6 @@ task wrapper(type: Wrapper) { gradleVersion = '1.0-milestone-8' } -task downloadAlfresco << { - - def address = "https://bamboo.alfresco.com/bamboo/artifact/ALF-ENTERPRISEV40/JOB1/build-891/ALL/alfresco-enterprise-4.0.1.zip?os_authType=basic&os_username=rwetherall&os_password=31vegaleg" - - def file = new FileOutputStream(file('alfresco.zip')) - def out = new BufferedOutputStream(file) - out << new URL(address).openStream() - out.close() -} - /** Subproject configuration */ subprojects { @@ -50,6 +40,7 @@ subprojects { jarFile = "${baseName}.jar" ampFile = "${baseName}.amp" tomcatRoot = System.getenv(tomcatEnv) + jarFilePath = "${buildLibDir}/${jarFile}" sourceSets { main { @@ -161,7 +152,6 @@ subprojects { task amp(dependsOn: 'jar') << { - def jarFilePath = "${buildLibDir}/${jarFile}" def jarFileObj = file(jarFilePath) def configDirObj = file(configDir) def sourceWebObj = file(sourceWebDir) @@ -197,6 +187,46 @@ subprojects { } } + task deployExploded(dependsOn: 'jar') << { + + def jarFileObj = file(jarFilePath) + def configDirObj = file(configDir) + def sourceWebObj = file(sourceWebDir) + + explodedWebAppDir = new File("${tomcatRoot}/webapps/${webAppName}") + if (explodedWebAppDir.exists() == true) { + + // copy module properties + + // copy jars + if (jarFileObj.exists()) { + copy { + from jarFilePath + into "${explodedWebAppDir}/WEB-INF/lib" + } + } + + // copy config + if (configDirObj.exists() == true) { + copy { + from(configDir) { + exclude "**/${moduleProperties}" + exclude "**/${fileMapping}" + } + into "${explodedWebAppDir}/WEB-INF/classes" + + } + } + + // copy web + if (sourceWebObj.exists() == true) { + } + } + else { + println "Exploded webapp directory ${explodedWebAppDir} does not exist." + } + } + task installAmp(dependsOn: ['amp', 'copyWar']) << { def warFileLocation = file("${buildDistDir}/${warFile}") diff --git a/rm-server/.classpath b/rm-server/.classpath index 10f3e73b1d..e2ff39fa0f 100644 --- a/rm-server/.classpath +++ b/rm-server/.classpath @@ -249,7 +249,7 @@ - + diff --git a/rm-server/build.gradle b/rm-server/build.gradle index 75520e3ae5..0008684d53 100644 --- a/rm-server/build.gradle +++ b/rm-server/build.gradle @@ -20,7 +20,4 @@ test { beforeTest { descriptor -> logger.lifecycle("Running test: " + descriptor) } - //onOutput { descriptor, event -> - // logger.lifecycle(event.message) - //} } \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml index dce641860e..29354fe42d 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml @@ -48,7 +48,6 @@ - RECORD_CATEGORY DISPOSITION_SCHEDULE - + + + + + + - - - + RECORD @@ -827,7 +830,9 @@ - + diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/doclist.lib.js b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/doclist.lib.js new file mode 100644 index 0000000000..947666762f --- /dev/null +++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/doclist.lib.js @@ -0,0 +1,264 @@ +const REQUEST_MAX = 1000; + +/** + * Main entry point: Create collection of documents and folders in the given space + * + * @method doclist_main + */ +function doclist_main() +{ + // Use helper function to get the arguments + var parsedArgs = ParseArgs.getParsedArgs(); + if (parsedArgs === null) + { + return; + } + + var filter = args.filter, + items = []; + + // Try to find a filter query based on the passed-in arguments + var allNodes = [], + totalRecords = 0, + requestTotalCountMax = 0, + paged = false, + favourites = Common.getFavourites(), + filterParams = Filters.getFilterParams(filter, parsedArgs, + { + favourites: favourites + }), + query = filterParams.query; + + if ((filter || "path") == "path") + { + // TODO also add DB filter by "node" (in addition to "path") + var parentNode = parsedArgs.pathNode; + if (parentNode !== null) + { + var skip = -1, + max = -1; + + if (args.size != null) + { + max = args.size; + + if (args.pos > 0) + { + skip = (args.pos - 1) * max; + } + } + + var sortField = (args.sortField == null ? "cm:name" : args.sortField), + sortAsc = (((args.sortAsc == null) || (args.sortAsc == "true")) ? true : false); + + // Get paged set + requestTotalCountMax = skip + REQUEST_MAX; + var pagedResult = parentNode.childFileFolders(true, true, filterParams.ignoreTypes, skip, max, requestTotalCountMax, sortField, sortAsc, "TODO"); + + allNodes = pagedResult.page; + totalRecords = pagedResult.totalResultCountUpper; + paged = true; + } + } + else + { + // Query the nodes - passing in sort and result limit parameters + if (query !== "") + { + allNodes = search.query( + { + query: query, + language: filterParams.language, + page: + { + maxItems: (filterParams.limitResults ? parseInt(filterParams.limitResults, 10) : 0) + }, + sort: filterParams.sort, + templates: filterParams.templates, + namespace: (filterParams.namespace ? filterParams.namespace : null) + }); + + totalRecords = allNodes.length; + } + } + + // Ensure folders and folderlinks appear at the top of the list + var folderNodes = [], + documentNodes = []; + + for each (node in allNodes) + { + try + { + if (node.isContainer || node.isLinkToContainer) + { + folderNodes.push(node); + } + else + { + documentNodes.push(node); + } + } + catch (e) + { + // Possibly an old indexed node - ignore it + } + } + + // Node type counts + var folderNodesCount = folderNodes.length, + documentNodesCount = documentNodes.length, + nodes; + + if (parsedArgs.type === "documents") + { + nodes = documentNodes; + totalRecords -= folderNodesCount; + } + else + { + // TODO: Sorting with folders at end -- swap order of concat() + nodes = folderNodes.concat(documentNodes); + } + + // Pagination + var pageSize = args.size || nodes.length, + pagePos = args.pos || "1", + startIndex = (pagePos - 1) * pageSize; + + if (!paged) + { + // Trim the nodes array down to the page size + nodes = nodes.slice(startIndex, pagePos * pageSize); + } + + // Common or variable parent container? + var parent = null; + + if (!filterParams.variablePath) + { + // Parent node permissions (and Site role if applicable) + parent = Evaluator.run(parsedArgs.pathNode, true); + } + + var isThumbnailNameRegistered = thumbnailService.isThumbnailNameRegistered(THUMBNAIL_NAME), + thumbnail = null, + locationNode, + item; + + // Loop through and evaluate each node in this result set + for each (node in nodes) + { + // Get evaluated properties. + item = Evaluator.run(node); + if (item !== null) + { + item.isFavourite = (favourites[item.node.nodeRef] === true); + item.likes = Common.getLikes(node); + + // Does this collection of nodes have potentially differering paths? + if (filterParams.variablePath || item.isLink) + { + locationNode = item.isLink ? item.linkedNode : item.node; + location = Common.getLocation(locationNode, parsedArgs.libraryRoot); + // Parent node + if (node.parent != null && + (node.parent.hasPermission("Read") || node.parent.hasPermission("ReadRecords"))) + { + item.parent = Evaluator.run(node.parent, true); + } + } + else + { + location = + { + site: parsedArgs.location.site, + siteTitle: parsedArgs.location.siteTitle, + sitePreset: parsedArgs.location.sitePreset, + container: parsedArgs.location.container, + containerType: parsedArgs.location.containerType, + path: parsedArgs.location.path, + file: node.name + }; + } + + // Resolved location + item.location = location; + + // Check: thumbnail type is registered && node is a cm:content subtype && valid inputStream for content property + if (isThumbnailNameRegistered && item.node.isSubType("cm:content") && item.node.properties.content.inputStream != null) + { + // Make sure we have a thumbnail. + thumbnail = item.node.getThumbnail(THUMBNAIL_NAME); + if (thumbnail === null) + { + // No thumbnail, so queue creation + item.node.createThumbnail(THUMBNAIL_NAME, true); + } + } + + items.push(item); + } + else + { + --totalRecords; + } + } + + // Array Remove - By John Resig (MIT Licensed) + var fnArrayRemove = function fnArrayRemove(array, from, to) + { + var rest = array.slice((to || from) + 1 || array.length); + array.length = from < 0 ? array.length + from : from; + return array.push.apply(array, rest); + }; + + /** + * De-duplicate orignals for any existing working copies. + * This can't be done in evaluator.lib.js as it has no knowledge of the current filter or UI operation. + * Note: This may result in pages containing less than the configured amount of items (50 by default). + */ + for each (item in items) + { + if (item.workingCopy.isWorkingCopy) + { + var workingCopySource = String(item.workingCopy.sourceNodeRef); + for (var i = 0, ii = items.length; i < ii; i++) + { + if (String(items[i].node.nodeRef) == workingCopySource) + { + fnArrayRemove(items, i); + --totalRecords; + break; + } + } + } + } + + var paging = + { + totalRecords: totalRecords, + startIndex: startIndex + }; + + if (paged && (totalRecords == requestTotalCountMax)) + { + paging.totalRecordsUpper = requestTotalCountMax; + } + + return ( + { + luceneQuery: query, + paging: paging, + container: parsedArgs.rootNode, + parent: parent, + onlineEditing: utils.moduleInstalled("org.alfresco.module.vti"), + itemCount: + { + folders: folderNodesCount, + documents: documentNodesCount + }, + items: items, + customJSON: slingshotDocLib.getJSON() + }); +} diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/node.get.js b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/node.get.js new file mode 100644 index 0000000000..145314fb8c --- /dev/null +++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/node.get.js @@ -0,0 +1,77 @@ + + + +/** + * Main entry point: Return single document or folder given it's nodeRef + * + * @method getDoclist + */ +function getDoclist() +{ + // Use helper function to get the arguments + var parsedArgs = ParseArgs.getParsedArgs(); + if (parsedArgs === null) + { + return; + } + + parsedArgs.pathNode = ParseArgs.resolveNode(parsedArgs.nodeRef); + parsedArgs.location = Common.getLocation(parsedArgs.pathNode, parsedArgs.libraryRoot); + + var favourites = Common.getFavourites(), + node = parsedArgs.pathNode; + + var isThumbnailNameRegistered = thumbnailService.isThumbnailNameRegistered(THUMBNAIL_NAME), + thumbnail = null, + item = Evaluator.run(node); + + item.isFavourite = (favourites[node.nodeRef] === true); + item.likes = Common.getLikes(node); + item.location = + { + site: parsedArgs.location.site, + siteTitle: parsedArgs.location.siteTitle, + container: parsedArgs.location.container, + containerType: parsedArgs.location.containerType, + path: parsedArgs.location.path, + file: node.name + }; + + item.parent = {}; + if (node.parent != null && (node.parent.hasPermission("Read") || node.parent.hasPermission("ReadRecords"))) + { + item.parent = Evaluator.run(node.parent, true); + } + + // Special case for container and libraryRoot nodes + if ((parsedArgs.location.containerNode && String(parsedArgs.location.containerNode.nodeRef) == String(node.nodeRef)) || + (parsedArgs.libraryRoot && String(parsedArgs.libraryRoot.nodeRef) == String(node.nodeRef))) + { + item.location.file = ""; + } + + // Check: thumbnail type is registered && node is a cm:content subtype && valid inputStream for content property + if (isThumbnailNameRegistered && item.node.isSubType("cm:content") && item.node.properties.content.inputStream != null) + { + // Make sure we have a thumbnail. + thumbnail = item.node.getThumbnail(THUMBNAIL_NAME); + if (thumbnail === null) + { + // No thumbnail, so queue creation + item.node.createThumbnail(THUMBNAIL_NAME, true); + } + } + + return ( + { + container: parsedArgs.rootNode, + onlineEditing: utils.moduleInstalled("org.alfresco.module.vti"), + item: item, + customJSON: slingshotDocLib.getJSON() + }); +} + +/** + * Document List Component: doclist + */ +model.doclist = getDoclist(); \ No newline at end of file diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java index 92543eaf4b..9ab72d3ae2 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java @@ -31,7 +31,7 @@ import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/AbstractCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java similarity index 91% rename from rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/AbstractCapability.java rename to rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java index 081d5db447..5ad0a2c4fa 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/AbstractCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with Alfresco. If not, see . */ -package org.alfresco.module.org_alfresco_module_rm.capability.impl; +package org.alfresco.module.org_alfresco_module_rm.capability; import java.util.ArrayList; import java.util.List; @@ -24,11 +24,6 @@ import java.util.List; import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; -import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.capability.RMSecurityCommon; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java index 5b9927d1a5..40e1a9ac17 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java @@ -26,7 +26,7 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; import org.springframework.beans.BeansException; @@ -41,7 +41,7 @@ import org.springframework.context.ApplicationContextAware; public class DeclarativeCapability extends AbstractCapability implements ApplicationContextAware { /** Application Context */ - private ApplicationContext applicationContext; + protected ApplicationContext applicationContext; /** Required permissions */ private List permissions; @@ -233,7 +233,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica } /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#hasPermissionImpl(org.alfresco.service.cmr.repository.NodeRef) + * @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#hasPermissionImpl(org.alfresco.service.cmr.repository.NodeRef) */ @Override public int evaluate(NodeRef nodeRef) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingCapabilityCondition.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingCapabilityCondition.java index 61366a9629..f199155f3e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingCapabilityCondition.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingCapabilityCondition.java @@ -18,14 +18,10 @@ */ package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition; -import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; -import org.alfresco.service.namespace.QName; /** * Filling capability condition. @@ -34,17 +30,6 @@ import org.alfresco.service.namespace.QName; */ public class FillingCapabilityCondition extends AbstractCapabilityCondition { - /** Dictionary service */ - private DictionaryService dictionaryService; - - /** - * @param dictionaryService dictionary service - */ - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.CapabilityCondition#evaluate(org.alfresco.service.cmr.repository.NodeRef) */ @@ -53,65 +38,11 @@ public class FillingCapabilityCondition extends AbstractCapabilityCondition { boolean result = false; - NodeRef filePlan = rmService.getFilePlan(nodeRef); - - if (permissionService.hasPermission(filePlan, RMPermissionModel.ROLE_ADMINISTRATOR) == AccessStatus.ALLOWED) + if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED) { result = true; } - else - { - QName nodeType = nodeService.getType(nodeRef); - if (rmService.isRecord(nodeRef) == true || - dictionaryService.isSubClass(nodeType, ContentModel.TYPE_CONTENT) == true) - { - // Multifiling - if you have filing rights to any of the folders in which the record resides - // then you have filing rights. - for (ChildAssociationRef car : nodeService.getParentAssocs(nodeRef)) - { - if (car != null) - { - if (permissionService.hasPermission(car.getParentRef(), RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) - { - result = true; - break; - } - } - } - } - else if (rmService.isRecordFolder(nodeRef) == true) - { - if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED) - { - result = true; - } - } - else if (rmService.isRecordCategory(nodeRef) == true) - { - if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED) - { - result = true; - } - else if (permissionService.hasPermission(filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS) != AccessStatus.DENIED) - { - result = true; - } - } - // else other file plan component - else - { - if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED) - { - result = true; - } - else if (permissionService.hasPermission(filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA) != AccessStatus.DENIED) - { - result = true; - } - } - - } - return result; + return result; } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java index 9e696f855a..060b5f83c6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java @@ -20,9 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.capability.group; import net.sf.acegisecurity.vote.AccessDecisionVoter; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; import org.alfresco.service.cmr.repository.NodeRef; /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java index 2af89a535a..9b7395d851 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java @@ -20,9 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.capability.group; import net.sf.acegisecurity.vote.AccessDecisionVoter; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; import org.alfresco.service.cmr.repository.NodeRef; /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java index 39160cd70b..671dad38a9 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java @@ -23,8 +23,8 @@ import java.util.Map; import net.sf.acegisecurity.vote.AccessDecisionVoter; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java index cf36f4909a..b1423fcd29 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java @@ -23,8 +23,8 @@ import java.util.Map; import net.sf.acegisecurity.vote.AccessDecisionVoter; +import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java index 121cf3b263..1d7143be12 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java @@ -41,7 +41,7 @@ public class ChangeOrDeleteReferencesCapability extends DeclarativeCapability } /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) + * @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) */ public int evaluate(NodeRef source, NodeRef target) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/DeleteLinksCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/DeleteLinksCapability.java index 20273a3e43..75d7347ae2 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/DeleteLinksCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/DeleteLinksCapability.java @@ -41,7 +41,7 @@ public class DeleteLinksCapability extends DeclarativeCapability } /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) + * @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) */ public int evaluate(NodeRef source, NodeRef target) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/EditRecordMetadataCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/EditRecordMetadataCapability.java index aaa806b263..e93f534173 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/EditRecordMetadataCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/EditRecordMetadataCapability.java @@ -31,17 +31,17 @@ import org.alfresco.service.cmr.security.OwnableService; * * @author Roy Wetherall */ -public class EditRecordMetadataCapability extends DeclarativeCapability +public class EditRecordMetadataCapability extends DeclarativeCapability { - /** Ownable service */ private OwnableService ownableService; - - /** - * @param ownableService ownable service - */ - public void setOwnableService(OwnableService ownableService) + + private OwnableService getOwnableService() { - this.ownableService = ownableService; + if (ownableService == null) + { + ownableService = (OwnableService)applicationContext.getBean("OwnableService"); + } + return ownableService; } /** @@ -76,11 +76,11 @@ public class EditRecordMetadataCapability extends DeclarativeCapability // Since we know this is undeclared if you are the owner then you should be able to // edit the records meta-data (otherwise how can it be declared by the user?) - if (ownableService.hasOwner(nodeRef) == true) + if (getOwnableService().hasOwner(nodeRef) == true) { String user = AuthenticationUtil.getFullyAuthenticatedUser(); if (user != null && - ownableService.getOwner(nodeRef).equals(user) == true) + getOwnableService().getOwner(nodeRef).equals(user) == true) { result = Integer.valueOf(AccessDecisionVoter.ACCESS_GRANTED); } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java deleted file mode 100644 index 4d2dba2b8d..0000000000 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.test.capabilities; - -import java.io.Serializable; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; - -import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction; -import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; -import org.alfresco.service.cmr.security.AccessStatus; - -/** - * @author Roy Wetherall - */ -public class AddModifyEventDatesCapabilityTest extends BaseTestCapabilities -{ - /** - * - * @throws Exception - */ - public void testAddModifyEventDatesCapability() throws Exception - { - // Check file plan permissions - checkPermissions( - filePlan, - ADD_MODIFY_EVENT_DATES, - stdUsers, - new AccessStatus[] - { - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED - }); - - checkCapabilities( - recordFolder_1, - ADD_MODIFY_EVENT_DATES, - stdUsers, - new AccessStatus[] - { - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED - }); - - checkCapabilities( - record_1, - ADD_MODIFY_EVENT_DATES, - stdUsers, - new AccessStatus[] - { - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED - }); - - checkCapabilities( - recordFolder_2, - ADD_MODIFY_EVENT_DATES, - stdUsers, - new AccessStatus[] - { - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED - }); - - checkCapabilities( - record_2, - ADD_MODIFY_EVENT_DATES, - stdUsers, - new AccessStatus[] - { - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED - }); - - /** Test user has no capabilities */ - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Add filing to both record folders */ - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - - permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true); - permissionService.setInheritParentPermissions(recordCategory_1, false); - permissionService.setInheritParentPermissions(recordCategory_2, false); - permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true); - permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true); - permissionService.setPermission(recordFolder_1, testers, FILING, true); - permissionService.setPermission(recordFolder_2, testers, FILING, true); - - return null; - } - }, false, true); - - /** Check capabilities */ - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Add declare record capability */ - addCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Add modify event date capability */ - addCapability(ADD_MODIFY_EVENT_DATES, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Remove declare capability */ - removeCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Add declare capability */ - addCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Remove view records capability */ - removeCapability(VIEW_RECORDS, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Add view records capability */ - addCapability(VIEW_RECORDS, testers, filePlan); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Remove filing from record folders */ - removeCapability(FILING, testers, recordFolder_1, recordFolder_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Set filing permission on records folders */ - addCapability(FILING, testers, recordFolder_1, recordFolder_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Freeze folder 1 */ - Map params = new HashMap(1); - params.put(FreezeAction.PARAM_REASON, "one"); - executeAction("freeze", params, recordFolder_1); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Freeze record_2 */ - params = new HashMap(1); - params.put(FreezeAction.PARAM_REASON, "Two"); - executeAction("freeze", params, record_2); - - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - /** Unfreeze */ - executeAction("unfreeze", recordFolder_1, record_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Close record folders */ - executeAction("closeRecordFolder", recordFolder_1, recordFolder_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Open record folders */ - executeAction("openRecordFolder", recordFolder_1, recordFolder_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - /** Try and complete events*/ - Map eventDetails = new HashMap(3); - eventDetails.put(CompleteEventAction.PARAM_EVENT_NAME, "event"); - eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_AT, new Date()); - eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_BY, test_user); - executeAction("completeEvent", eventDetails, test_user, recordFolder_1); - checkExecuteActionFail("completeEvent", eventDetails, test_user, recordFolder_2); - checkExecuteActionFail("completeEvent", eventDetails, test_user, record_1); - executeAction("completeEvent", eventDetails, test_user, record_2); - - /** Check properties can not be set */ - checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETE, test_user, true); - checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, new Date()); - checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, "me"); - - /** Declare and cutoff */ - declare(record_1, record_2); - cutoff(recordFolder_1, record_2); - checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - } -} diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java deleted file mode 100644 index 06a6b598ae..0000000000 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.test.capabilities; - -import java.io.Serializable; -import java.util.HashMap; -import java.util.Map; - -import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; -import org.alfresco.service.cmr.security.AccessStatus; - -/** - * @author Roy Wetherall - */ -public class ApproveRecordsScheduledForCutoffCapability extends BaseTestCapabilities -{ - public void testApproveRecordsScheduledForCutoffCapability() - { - // File plan permissions - checkPermissions(filePlan, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - - // Not yet eligible - checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - - // Set appropriate state - declare records and make eligible - declare(record_1, record_2); - makeEligible(recordFolder_1, record_2); - - checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.ALLOWED, - AccessStatus.DENIED, - AccessStatus.DENIED, - AccessStatus.DENIED); - - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - - permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true); - permissionService.setInheritParentPermissions(recordCategory_1, false); - permissionService.setInheritParentPermissions(recordCategory_2, false); - permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true); - permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true); - permissionService.setPermission(recordFolder_1, testers, FILING, true); - permissionService.setPermission(recordFolder_2, testers, FILING, true); - - return null; - } - }, false, true); - - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - addCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - addCapability(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - removeCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - addCapability(DECLARE_RECORDS, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - removeCapability(VIEW_RECORDS, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - addCapability(VIEW_RECORDS, testers, filePlan); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - removeCapability(FILING, testers, recordFolder_1, recordFolder_2); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - addCapability(FILING, testers, recordFolder_1, recordFolder_2); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - // Freeze record folder - Map params = new HashMap(1); - params.put(FreezeAction.PARAM_REASON, "one"); - executeAction("freeze", params, recordFolder_1); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - // Freeze record - executeAction("freeze", params, record_2); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.DENIED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.DENIED); // record_2 - - // Unfreeze - executeAction("unfreeze", recordFolder_1, record_2); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - - // Close folders - executeAction("closeRecordFolder", recordFolder_1, recordFolder_2); - checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - AccessStatus.ALLOWED, // recordFolder_1 - AccessStatus.DENIED, // record_1 - AccessStatus.DENIED, // recordFolder_2 - AccessStatus.ALLOWED); // record_2 - -// -// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); -// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder"); -// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder"); -// -// checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED); -// checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED); -// checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED); -// checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED); -// -// // try and cut off -// -// AuthenticationUtil.setFullyAuthenticatedUser(test_user); -// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null); -// try -// { -// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "cutoff", null); -// fail(); -// } -// catch (AccessDeniedException ade) -// { -// -// } -// try -// { -// recordsManagementActionService.executeRecordsManagementAction(record_1, "cutoff", null); -// fail(); -// } -// catch (AccessDeniedException ade) -// { -// -// } -// recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null); -// -// // check protected properties -// -// try -// { -// publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_CUT_OFF_DATE, new Date()); -// fail(); -// } -// catch (AccessDeniedException ade) -// { -// -// } - - // check cutoff again (it is already cut off) - - // try - // { - // recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null); - // fail(); - // } - // catch (AccessDeniedException ade) - // { - // - // } - // try - // { - // recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null); - // fail(); - // } - // catch (AccessDeniedException ade) - // { - // - // } - - // checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - // AccessStatus.DENIED); - // checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - // AccessStatus.DENIED); - // checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - // AccessStatus.DENIED); - // checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, - // AccessStatus.DENIED); - } - -} diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java deleted file mode 100644 index dc3a734c99..0000000000 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java +++ /dev/null @@ -1,903 +0,0 @@ -/* - * Copyright (C) 2005-2011 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.test.capabilities; - -import java.io.Serializable; -import java.util.ArrayList; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.transaction.UserTransaction; - -import junit.framework.TestCase; - -import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; -import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService; -import org.alfresco.module.org_alfresco_module_rm.capability.Capability; -import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; -import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; -import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService; -import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; -import org.alfresco.repo.content.MimetypeMap; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.security.permissions.AccessDeniedException; -import org.alfresco.repo.security.permissions.impl.model.PermissionModel; -import org.alfresco.repo.transaction.RetryingTransactionHelper; -import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; -import org.alfresco.service.cmr.repository.ContentService; -import org.alfresco.service.cmr.repository.ContentWriter; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.security.AccessStatus; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.AuthorityType; -import org.alfresco.service.cmr.security.PermissionService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.alfresco.service.namespace.RegexQNamePattern; -import org.alfresco.service.transaction.TransactionService; -import org.alfresco.util.ApplicationContextHelper; -import org.springframework.context.ApplicationContext; - -/** - * @author Roy Wetherall - */ -public abstract class BaseTestCapabilities extends TestCase - implements RMPermissionModel, RecordsManagementModel -{ - /* Application context */ - protected ApplicationContext ctx; - - /* Root node reference */ - protected StoreRef storeRef; - protected NodeRef rootNodeRef; - - /* Services */ - protected NodeService nodeService; - protected NodeService publicNodeService; - protected TransactionService transactionService; - protected PermissionService permissionService; - protected RecordsManagementService recordsManagementService; - protected RecordsManagementSecurityService recordsManagementSecurityService; - protected RecordsManagementActionService recordsManagementActionService; - protected RecordsManagementEventService recordsManagementEventService; - protected DispositionService dispositionService; - protected CapabilityService capabilityService; - protected PermissionModel permissionModel; - protected ContentService contentService; - protected AuthorityService authorityService; - protected PersonService personService; - protected ContentService publicContentService; - protected RetryingTransactionHelper retryingTransactionHelper; - - protected RMEntryVoter rmEntryVoter; - - protected UserTransaction testTX; - - protected NodeRef filePlan; - protected NodeRef recordSeries; - protected NodeRef recordCategory_1; - protected NodeRef recordCategory_2; - protected NodeRef recordFolder_1; - protected NodeRef recordFolder_2; - protected NodeRef record_1; - protected NodeRef record_2; - protected NodeRef recordCategory_3; - protected NodeRef recordFolder_3; - protected NodeRef record_3; - - // protected String rmUsers; - // protected String rmPowerUsers; - // protected String rmSecurityOfficers; - // protected String rmRecordsManagers; - // protected String rmAdministrators; - - protected String rm_user; - protected String rm_power_user; - protected String rm_security_officer; - protected String rm_records_manager; - protected String rm_administrator; - protected String test_user; - - protected String testers; - - protected String[] stdUsers; - protected NodeRef[] stdNodeRefs;; - - /** - * Test setup - * @throws Exception - */ - protected void setUp() throws Exception - { - // Get the application context - ctx = ApplicationContextHelper.getApplicationContext(); - - // Get beans - nodeService = (NodeService) ctx.getBean("dbNodeService"); - publicNodeService = (NodeService) ctx.getBean("NodeService"); - transactionService = (TransactionService) ctx.getBean("transactionComponent"); - permissionService = (PermissionService) ctx.getBean("permissionService"); - permissionModel = (PermissionModel) ctx.getBean("permissionsModelDAO"); - contentService = (ContentService) ctx.getBean("contentService"); - publicContentService = (ContentService) ctx.getBean("ContentService"); - authorityService = (AuthorityService) ctx.getBean("authorityService"); - personService = (PersonService) ctx.getBean("personService"); - capabilityService = (CapabilityService)ctx.getBean("CapabilityService"); - dispositionService = (DispositionService)ctx.getBean("DispositionService"); - recordsManagementService = (RecordsManagementService) ctx.getBean("RecordsManagementService"); - recordsManagementSecurityService = (RecordsManagementSecurityService) ctx.getBean("RecordsManagementSecurityService"); - recordsManagementActionService = (RecordsManagementActionService) ctx.getBean("RecordsManagementActionService"); - recordsManagementEventService = (RecordsManagementEventService) ctx.getBean("RecordsManagementEventService"); - rmEntryVoter = (RMEntryVoter) ctx.getBean("rmEntryVoter"); - retryingTransactionHelper = (RetryingTransactionHelper)ctx.getBean("retryingTransactionHelper"); - - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - // As system user - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); - - // Create store and get the root node reference - storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis()); - rootNodeRef = nodeService.getRootNode(storeRef); - - // As admin user - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - - // Create test events - recordsManagementEventService.getEvents(); - recordsManagementEventService.addEvent("rmEventType.simple", "event", "My Event"); - - // Create file plan node - filePlan = nodeService.createNode( - rootNodeRef, - ContentModel.ASSOC_CHILDREN, - TYPE_FILE_PLAN, - TYPE_FILE_PLAN).getChildRef(); - - return null; - } - }, false, true); - - - // Load in the plan data required for the test - loadFilePlanData(); - - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - // As system user - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); - - // create people ... - rm_user = "rm_user_" + storeRef.getIdentifier(); - rm_power_user = "rm_power_user_" + storeRef.getIdentifier(); - rm_security_officer = "rm_security_officer_" + storeRef.getIdentifier(); - rm_records_manager = "rm_records_manager_" + storeRef.getIdentifier(); - rm_administrator = "rm_administrator_" + storeRef.getIdentifier(); - test_user = "test_user_" + storeRef.getIdentifier(); - - personService.createPerson(createDefaultProperties(rm_user)); - personService.createPerson(createDefaultProperties(rm_power_user)); - personService.createPerson(createDefaultProperties(rm_security_officer)); - personService.createPerson(createDefaultProperties(rm_records_manager)); - personService.createPerson(createDefaultProperties(rm_administrator)); - personService.createPerson(createDefaultProperties(test_user)); - - // create roles as groups -// rmUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_USER_" + storeRef.getIdentifier()); -// rmPowerUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_POWER_USER_" + storeRef.getIdentifier()); -// rmSecurityOfficers = authorityService.createAuthority(AuthorityType.GROUP, "RM_SECURITY_OFFICER_" + storeRef.getIdentifier()); -// rmRecordsManagers = authorityService.createAuthority(AuthorityType.GROUP, "RM_RECORDS_MANAGER_" + storeRef.getIdentifier()); -// rmAdministrators = authorityService.createAuthority(AuthorityType.GROUP, "RM_ADMINISTRATOR_" + storeRef.getIdentifier()); - - testers = authorityService.createAuthority(AuthorityType.GROUP, "RM_TESTOR_" + storeRef.getIdentifier()); - authorityService.addAuthority(testers, test_user); - - // rmUsers = recordsManagementSecurityService.assignRoleToAuthority(filePlan, ROLE, rm_user); - - - setPermissions(rm_user, ROLE_NAME_USER); - setPermissions(rm_power_user, ROLE_NAME_POWER_USER); - setPermissions(rm_security_officer, ROLE_NAME_SECURITY_OFFICER); - setPermissions(rm_records_manager, ROLE_NAME_RECORDS_MANAGER); - setPermissions(rm_administrator, ROLE_NAME_ADMINISTRATOR); - - stdUsers = new String[] - { - AuthenticationUtil.getSystemUserName(), - rm_administrator, - rm_records_manager, - rm_security_officer, - rm_power_user, - rm_user - }; - - stdNodeRefs = new NodeRef[] - { - recordFolder_1, - record_1, - recordFolder_2, - record_2 - }; - - return null; - } - }, false, true); - } - - /** - * Test tear down - * @throws Exception - */ - @Override - protected void tearDown() throws Exception - { - // TODO we should clean up as much as we can .... - } - - /** - * Set the permissions for a group, user and role - * @param group - * @param user - * @param role - */ - private void setPermissions(String user, String role) - { - recordsManagementSecurityService.assignRoleToAuthority(filePlan, role, user); - recordsManagementSecurityService.setPermission(filePlan, user, FILING); - } - - /** - * Loads the file plan date required for the tests - */ - protected void loadFilePlanData() - { - recordSeries = createRecordSeries(filePlan, "RS", "Record Series", "My record series"); - - recordCategory_1 = createRecordCategory(recordSeries, "Docs", "Docs", "Docs", "week|1", true, false); - recordCategory_2 = createRecordCategory(recordSeries, "More Docs", "More Docs", "More Docs", "week|1", true, true); - recordCategory_3 = createRecordSeries(recordSeries, "No Dis", "No disp schedule", "No disp schedule"); - - recordFolder_1 = createRecordFolder(recordCategory_1, "F1", "title", "description"); - recordFolder_2 = createRecordFolder(recordCategory_2, "F2", "title", "description"); - recordFolder_3 = createRecordFolder(recordCategory_3, "F3", "title", "description"); - - record_1 = createRecord(recordFolder_1); - record_2 = createRecord(recordFolder_2); - record_3 = createRecord(recordFolder_3); - } - - /** - * Set permission for authority on node reference. - * @param nodeRef - * @param authority - * @param permission - * @param allow - */ -// private void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow) -// { -// permissionService.setPermission(nodeRef, authority, permission, allow); -// if (permission.equals(FILING)) -// { -// if (recordsManagementService.isRecordCategory(nodeRef) == true) -// { -// List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); -// for (ChildAssociationRef assoc : assocs) -// { -// NodeRef child = assoc.getChildRef(); -// if (recordsManagementService.isRecordFolder(child) == true || -// recordsManagementService.isRecordCategory(child) == true) -// { -// setPermission(child, authority, permission, allow); -// } -// } -// } -// } -// } - - /** - * Create the default person properties - * @param userName - * @return - */ - private Map createDefaultProperties(String userName) - { - HashMap properties = new HashMap(); - properties.put(ContentModel.PROP_USERNAME, userName); - properties.put(ContentModel.PROP_HOMEFOLDER, null); - properties.put(ContentModel.PROP_FIRSTNAME, userName); - properties.put(ContentModel.PROP_LASTNAME, userName); - properties.put(ContentModel.PROP_EMAIL, userName); - properties.put(ContentModel.PROP_ORGID, ""); - return properties; - } - - /** - * Create a new record. Executed in a new transaction. - */ - private NodeRef createRecord(final NodeRef recordFolder) - { - return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public NodeRef execute() throws Throwable - { - // As admin - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - - // Create the record - Map props = new HashMap(1); - props.put(ContentModel.PROP_NAME, "MyRecord.txt"); - NodeRef recordOne = nodeService.createNode(recordFolder, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "MyRecord.txt"), - ContentModel.TYPE_CONTENT, props).getChildRef(); - - // Set the content - ContentWriter writer = contentService.getWriter(recordOne, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent("There is some content in this record"); - return recordOne; - } - }, false, true); - } - - /** - * Create a test record series. Executed in a new transaction. - */ - private NodeRef createRecordSeries(final NodeRef filePlan, final String name, final String title, final String description) - { - return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public NodeRef execute() throws Throwable - { - // As admin - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - - HashMap properties = new HashMap(); - properties.put(ContentModel.PROP_TITLE, title); - properties.put(ContentModel.PROP_DESCRIPTION, description); - - return recordsManagementService.createRecordCategory(filePlan, name, properties); - - } - }, false, true); - } - - /** - * Create a test record category in a new transaction. - */ - private NodeRef createRecordCategory( - final NodeRef recordSeries, - final String name, - final String title, - final String description, - final String review, - final boolean vital, - final boolean recordLevelDisposition) - { - return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public NodeRef execute() throws Throwable - { - // As admin - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - - HashMap properties = new HashMap(); - properties.put(ContentModel.PROP_TITLE, title); - properties.put(ContentModel.PROP_DESCRIPTION, description); - - if (vital == true) - { - properties.put(PROP_REVIEW_PERIOD, review); - properties.put(PROP_VITAL_RECORD_INDICATOR, vital); - } - - NodeRef rc = recordsManagementService.createRecordCategory(recordSeries, name, properties); - - properties = new HashMap(); - properties.put(PROP_DISPOSITION_AUTHORITY, "N1-218-00-4 item 023"); - properties.put(PROP_DISPOSITION_INSTRUCTIONS, "Cut off monthly, hold 1 month, then destroy."); - properties.put(PROP_RECORD_LEVEL_DISPOSITION, recordLevelDisposition); - - DispositionSchedule ds = dispositionService.createDispositionSchedule(rc, properties); - - addDispositionAction(ds, "cutoff", "monthend|1", null, "event"); - addDispositionAction(ds, "transfer", "month|1", null, null); - addDispositionAction(ds, "accession", "month|1", null, null); - addDispositionAction(ds, "destroy", "month|1", "{http://www.alfresco.org/model/recordsmanagement/1.0}cutOffDate", null); - - return rc; - } - }, false, true); - } - - /** - * Create disposition action. - * @param disposition - * @param actionName - * @param period - * @param periodProperty - * @param event - * @return - */ - private void addDispositionAction(DispositionSchedule disposition, String actionName, String period, String periodProperty, String event) - { - HashMap properties = new HashMap(); - properties.put(PROP_DISPOSITION_ACTION_NAME, actionName); - properties.put(PROP_DISPOSITION_PERIOD, period); - if (periodProperty != null) - { - properties.put(PROP_DISPOSITION_PERIOD_PROPERTY, periodProperty); - } - if (event != null) - { - properties.put(PROP_DISPOSITION_EVENT, event); - } - dispositionService.addDispositionActionDefinition(disposition, properties); - } - - /** - * Create record folder. Executed in a new transaction. - * @param recordCategory - * @param name - * @param identifier - * @param title - * @param description - * @param review - * @param vital - * @return - */ - private NodeRef createRecordFolder( - final NodeRef recordCategory, - final String name, - final String title, - final String description) - { - return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public NodeRef execute() throws Throwable - { - // As admin - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); - - HashMap properties = new HashMap(); - properties.put(ContentModel.PROP_TITLE, title); - properties.put(ContentModel.PROP_DESCRIPTION, description); - - return recordsManagementService.createRecordFolder(recordCategory, name, properties); - } - }, false, true); - } - - /** - * - * @param user - * @param nodeRef - * @param capabilityName - * @param accessStstus - */ - protected void checkCapability(final String user, final NodeRef nodeRef, final String capabilityName, final AccessStatus expected) - { - AuthenticationUtil.runAs(new RunAsWork() - { - @Override - public Object doWork() throws Exception - { - Capability capability = recordsManagementSecurityService.getCapability(capabilityName); - assertNotNull(capability); - - List capabilities = new ArrayList(1); - capabilities.add(capabilityName); - Map access = capabilityService.getCapabilitiesAccessState(nodeRef, capabilities); - - AccessStatus actual = access.get(capability); - - assertEquals( - "for user: " + user, - expected, - actual); - - return null; - } - }, user); - } - - /** - * - * @param access - * @param name - * @param accessStatus - */ - protected void check(Map access, String name, AccessStatus accessStatus) - { - Capability capability = recordsManagementSecurityService.getCapability(name); - assertNotNull(capability); - assertEquals(accessStatus, access.get(capability)); - } - - /** - * - * @param user - * @param nodeRef - * @param permission - * @param accessStstus - */ - protected void checkPermission(final String user, final NodeRef nodeRef, final String permission, final AccessStatus accessStstus) - { - AuthenticationUtil.runAs(new RunAsWork() - { - @Override - public Object doWork() throws Exception - { - AccessStatus actualAccessStatus = permissionService.hasPermission(nodeRef, permission); - assertTrue(actualAccessStatus == accessStstus); - return null; - } - }, user); - } - - /** - * - * @param nodeRef - * @param permission - * @param users - * @param expectedAccessStatus - */ - protected void checkPermissions( - final NodeRef nodeRef, - final String permission, - final String[] users, - final AccessStatus ... expectedAccessStatus) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - assertEquals( - "The number of users should match the number of expected access status", - users.length, - expectedAccessStatus.length); - - for (int i = 0; i < users.length; i++) - { - checkPermission(users[i], nodeRef, permission, expectedAccessStatus[i]); - } - - return null; - } - }, true, true); - } - - /** - * - * @param nodeRef - * @param capability - * @param users - * @param expectedAccessStatus - */ - protected void checkCapabilities( - final NodeRef nodeRef, - final String capability, - final String[] users, - final AccessStatus ... expectedAccessStatus) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - assertEquals( - "The number of users should match the number of expected access status", - users.length, - expectedAccessStatus.length); - - for (int i = 0; i < users.length; i++) - { - checkCapability(users[i], nodeRef, capability, expectedAccessStatus[i]); - } - - return null; - } - }, true, true); - } - - /** - * - * @param user - * @param capability - * @param nodeRefs - * @param expectedAccessStatus - */ - protected void checkCapabilities( - final String user, - final String capability, - final NodeRef[] nodeRefs, - final AccessStatus ... expectedAccessStatus) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - assertEquals( - "The number of node references should match the number of expected access status", - nodeRefs.length, - expectedAccessStatus.length); - - for (int i = 0; i < nodeRefs.length; i++) - { - checkCapability(user, nodeRefs[i], capability, expectedAccessStatus[i]); - } - - return null; - } - }, true, true); - } - - /** - * - * @param capability - * @param accessStatus - */ - protected void checkTestUserCapabilities(String capability, AccessStatus ... accessStatus) - { - checkCapabilities( - test_user, - capability, - stdNodeRefs, - accessStatus); - } - - /** - * Execute RM action - * @param action - * @param params - * @param nodeRefs - */ - protected void executeAction(final String action, final Map params, final String user, final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(user); - - for (NodeRef nodeRef : nodeRefs) - { - recordsManagementActionService.executeRecordsManagementAction(nodeRef, action, params); - } - - return null; - } - }, false, true); - } - - /** - * - * @param action - * @param nodeRefs - */ - protected void executeAction(final String action, final NodeRef ... nodeRefs) - { - executeAction(action, null, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs); - } - - /** - * - * @param action - * @param params - * @param nodeRefs - */ - protected void executeAction(final String action, final Map params, final NodeRef ... nodeRefs) - { - executeAction(action, params, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs); - } - - /** - * - * @param action - * @param params - * @param user - * @param nodeRefs - */ - protected void checkExecuteActionFail(final String action, final Map params, final String user, final NodeRef ... nodeRefs) - { - try - { - executeAction(action, params, user, nodeRefs); - fail("Action " + action + " has succeded and was expected to fail"); - } - catch (AccessDeniedException ade) - {} - } - - /** - * - * @param nodeRef - * @param property - * @param user - */ - protected void checkSetPropertyFail(final NodeRef nodeRef, final QName property, final String user, final Serializable value) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(user); - - try - { - publicNodeService.setProperty(nodeRef, property, value); - fail("Expected failure when setting property"); - } - catch (AccessDeniedException ade) - {} - - return null; - } - }, false, true); - } - - /** - * Add a capability - * @param capability - * @param authority - * @param nodeRefs - */ - protected void addCapability(final String capability, final String authority, final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - for (NodeRef nodeRef : nodeRefs) - { - permissionService.setPermission(nodeRef, authority, capability, true); - } - return null; - } - }, false, true); - } - - /** - * Remove capability - * @param capability - * @param authority - * @param nodeRef - */ - protected void removeCapability(final String capability, final String authority, final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - for (NodeRef nodeRef : nodeRefs) - { - permissionService.deletePermission(nodeRef, authority, capability); - } - return null; - } - }, false, true); - } - - /** - * - * @param nodeRefs - */ - protected void declare(final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - - for (NodeRef nodeRef : nodeRefs) - { - nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATOR, "origValue"); - nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue"); - nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date()); - nodeService.setProperty(nodeRef, ContentModel.PROP_TITLE, "titleValue"); - recordsManagementActionService.executeRecordsManagementAction(nodeRef, "declareRecord"); - } - - return null; - } - }, false, true); - } - - protected void cutoff(final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - - Calendar calendar = Calendar.getInstance(); - calendar.set(Calendar.HOUR, 0); - calendar.set(Calendar.MINUTE, 0); - calendar.set(Calendar.SECOND, 0); - - for (NodeRef nodeRef : nodeRefs) - { - NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef(); - nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime()); - recordsManagementActionService.executeRecordsManagementAction(nodeRef, "cutoff", null); - } - - return null; - } - }, false, true); - } - - protected void makeEligible(final NodeRef ... nodeRefs) - { - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME); - - Calendar calendar = Calendar.getInstance(); - calendar.set(Calendar.HOUR, 0); - calendar.set(Calendar.MINUTE, 0); - calendar.set(Calendar.SECOND, 0); - - for (NodeRef nodeRef : nodeRefs) - { - NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef(); - nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime()); - } - - return null; - } - }, false, true); - } -} diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java index 2c63548ed6..f20582d61a 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java @@ -237,9 +237,4 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase return result; } - - public void testFrozenCondition() - { - - } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java new file mode 100644 index 0000000000..10ac2abccd --- /dev/null +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java @@ -0,0 +1,163 @@ +/* + * Copyright (C) 2005-2011 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.test.capabilities; + +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessStatus; + +/** + * Declarative capability unit test + * + * @author Roy Wetherall + */ +public class GroupCapabilityTest extends BaseRMTestCase +{ + private NodeRef record; + private NodeRef declaredRecord; + + @Override + protected boolean isUserTest() + { + return true; + } + + @Override + protected void setupTestDataImpl() + { + super.setupTestDataImpl(); + + // Pre-filed content + record = utils.createRecord(rmFolder, "record.txt"); + declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt"); + } + + @Override + protected void setupTestData() + { + super.setupTestData(); + + retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() + { + @Override + public Object execute() throws Throwable + { + AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); + + utils.declareRecord(declaredRecord); + + return null; + } + }); + } + + @Override + protected void tearDownImpl() + { + super.tearDownImpl(); + } + + @Override + protected void setupTestUsersImpl(NodeRef filePlan) + { + super.setupTestUsersImpl(filePlan); + + // Give all the users file permission objects + for (String user : testUsers) + { + securityService.setPermission(rmContainer, user, RMPermissionModel.FILING); + } + } + + public void testUpdate() + { + final Capability capability = capabilityService.getCapability("Update"); + assertNotNull(capability); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord)); + + return null; + } + }, recordsManagerName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(record)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord)); + + return null; + } + }, userName); + + + } + + public void testUpdateProperties() + { + final Capability capability = capabilityService.getCapability("UpdateProperties"); + assertNotNull(capability); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record)); + assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord)); + + return null; + } + }, recordsManagerName); + + doTestInTransaction(new Test() + { + @Override + public Void run() + { + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(record)); + assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord)); + + return null; + } + }, userName); + + + } +}