inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-01 14:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM Bug Fixes:

Browse Source 
* Fixed up issues seen during QA security knowledge transfer session
  * hard coded "Read" evaluation in DocLib js is overridden in RM to account for "ReadRecord" ... not ideal solution but no other option for the moment
  * property pages now show for non-admin users
  * actions on toolbar showing and hidding correctly when capabilities missing
  * other actions showing and hiding correctly when capabilities missing
  * view details UI action to capability link now working correctly
  * some unit test monkeying
  * gradle scripts have 'explodedDeploy' taget which does deploys content of AMP (or at least what would be the contents of the AMP) to the exploded web apps ... speeds up dev time heaps!



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@35251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-04-16 02:59:54 +00:00
parent e767ce187a
commit 9d7fe7fd4a
22 changed files with 580 additions and 1615 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java
View File

@@ -1,282 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* @author Roy Wetherall
*/
public class AddModifyEventDatesCapabilityTest extends BaseTestCapabilities
{
/**
*
* @throws Exception
*/
public void testAddModifyEventDatesCapability() throws Exception
{
// Check file plan permissions
checkPermissions(
filePlan,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
checkCapabilities(
recordFolder_1,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
checkCapabilities(
record_1,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED
});
checkCapabilities(
recordFolder_2,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED
});
checkCapabilities(
record_2,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
/** Test user has no capabilities */
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add filing to both record folders */
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true);
permissionService.setInheritParentPermissions(recordCategory_1, false);
permissionService.setInheritParentPermissions(recordCategory_2, false);
permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true);
permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true);
permissionService.setPermission(recordFolder_1, testers, FILING, true);
permissionService.setPermission(recordFolder_2, testers, FILING, true);
return null;
}
}, false, true);
/** Check capabilities */
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add declare record capability */
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add modify event date capability */
addCapability(ADD_MODIFY_EVENT_DATES, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove declare capability */
removeCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Add declare capability */
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove view records capability */
removeCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add view records capability */
addCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove filing from record folders */
removeCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Set filing permission on records folders */
addCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Freeze folder 1 */
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "one");
executeAction("freeze", params, recordFolder_1);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Freeze record_2 */
params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "Two");
executeAction("freeze", params, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Unfreeze */
executeAction("unfreeze", recordFolder_1, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Close record folders */
executeAction("closeRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Open record folders */
executeAction("openRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Try and complete events*/
Map<String, Serializable> eventDetails = new HashMap<String, Serializable>(3);
eventDetails.put(CompleteEventAction.PARAM_EVENT_NAME, "event");
eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_AT, new Date());
eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_BY, test_user);
executeAction("completeEvent", eventDetails, test_user, recordFolder_1);
checkExecuteActionFail("completeEvent", eventDetails, test_user, recordFolder_2);
checkExecuteActionFail("completeEvent", eventDetails, test_user, record_1);
executeAction("completeEvent", eventDetails, test_user, record_2);
/** Check properties can not be set */
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETE, test_user, true);
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, new Date());
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, "me");
/** Declare and cutoff */
declare(record_1, record_2);
cutoff(recordFolder_1, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
}
}

307
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java
View File

@@ -1,307 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* @author Roy Wetherall
*/
public class ApproveRecordsScheduledForCutoffCapability extends BaseTestCapabilities
{
public void testApproveRecordsScheduledForCutoffCapability()
{
// File plan permissions
checkPermissions(filePlan, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
// Not yet eligible
checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
// Set appropriate state - declare records and make eligible
declare(record_1, record_2);
makeEligible(recordFolder_1, record_2);
checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true);
permissionService.setInheritParentPermissions(recordCategory_1, false);
permissionService.setInheritParentPermissions(recordCategory_2, false);
permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true);
permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true);
permissionService.setPermission(recordFolder_1, testers, FILING, true);
permissionService.setPermission(recordFolder_2, testers, FILING, true);
return null;
}
}, false, true);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Freeze record folder
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "one");
executeAction("freeze", params, recordFolder_1);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Freeze record
executeAction("freeze", params, record_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
// Unfreeze
executeAction("unfreeze", recordFolder_1, record_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Close folders
executeAction("closeRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
//
// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
//
// checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
// checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
// checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
// checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
//
// // try and cut off
//
// AuthenticationUtil.setFullyAuthenticatedUser(test_user);
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(record_1, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
//
// // check protected properties
//
// try
// {
// publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_CUT_OFF_DATE, new Date());
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// check cutoff again (it is already cut off)
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
}
}

903
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java
View File

@@ -1,903 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.transaction.UserTransaction;
import junit.framework.TestCase;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.security.permissions.impl.model.PermissionModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext;
/**
* @author Roy Wetherall
*/
public abstract class BaseTestCapabilities extends TestCase
implements RMPermissionModel, RecordsManagementModel
{
/* Application context */
protected ApplicationContext ctx;
/* Root node reference */
protected StoreRef storeRef;
protected NodeRef rootNodeRef;
/* Services */
protected NodeService nodeService;
protected NodeService publicNodeService;
protected TransactionService transactionService;
protected PermissionService permissionService;
protected RecordsManagementService recordsManagementService;
protected RecordsManagementSecurityService recordsManagementSecurityService;
protected RecordsManagementActionService recordsManagementActionService;
protected RecordsManagementEventService recordsManagementEventService;
protected DispositionService dispositionService;
protected CapabilityService capabilityService;
protected PermissionModel permissionModel;
protected ContentService contentService;
protected AuthorityService authorityService;
protected PersonService personService;
protected ContentService publicContentService;
protected RetryingTransactionHelper retryingTransactionHelper;
protected RMEntryVoter rmEntryVoter;
protected UserTransaction testTX;
protected NodeRef filePlan;
protected NodeRef recordSeries;
protected NodeRef recordCategory_1;
protected NodeRef recordCategory_2;
protected NodeRef recordFolder_1;
protected NodeRef recordFolder_2;
protected NodeRef record_1;
protected NodeRef record_2;
protected NodeRef recordCategory_3;
protected NodeRef recordFolder_3;
protected NodeRef record_3;
// protected String rmUsers;
// protected String rmPowerUsers;
// protected String rmSecurityOfficers;
// protected String rmRecordsManagers;
// protected String rmAdministrators;
protected String rm_user;
protected String rm_power_user;
protected String rm_security_officer;
protected String rm_records_manager;
protected String rm_administrator;
protected String test_user;
protected String testers;
protected String[] stdUsers;
protected NodeRef[] stdNodeRefs;;
/**
* Test setup
* @throws Exception
*/
protected void setUp() throws Exception
{
// Get the application context
ctx = ApplicationContextHelper.getApplicationContext();
// Get beans
nodeService = (NodeService) ctx.getBean("dbNodeService");
publicNodeService = (NodeService) ctx.getBean("NodeService");
transactionService = (TransactionService) ctx.getBean("transactionComponent");
permissionService = (PermissionService) ctx.getBean("permissionService");
permissionModel = (PermissionModel) ctx.getBean("permissionsModelDAO");
contentService = (ContentService) ctx.getBean("contentService");
publicContentService = (ContentService) ctx.getBean("ContentService");
authorityService = (AuthorityService) ctx.getBean("authorityService");
personService = (PersonService) ctx.getBean("personService");
capabilityService = (CapabilityService)ctx.getBean("CapabilityService");
dispositionService = (DispositionService)ctx.getBean("DispositionService");
recordsManagementService = (RecordsManagementService) ctx.getBean("RecordsManagementService");
recordsManagementSecurityService = (RecordsManagementSecurityService) ctx.getBean("RecordsManagementSecurityService");
recordsManagementActionService = (RecordsManagementActionService) ctx.getBean("RecordsManagementActionService");
recordsManagementEventService = (RecordsManagementEventService) ctx.getBean("RecordsManagementEventService");
rmEntryVoter = (RMEntryVoter) ctx.getBean("rmEntryVoter");
retryingTransactionHelper = (RetryingTransactionHelper)ctx.getBean("retryingTransactionHelper");
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// Create store and get the root node reference
storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
rootNodeRef = nodeService.getRootNode(storeRef);
// As admin user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
// Create test events
recordsManagementEventService.getEvents();
recordsManagementEventService.addEvent("rmEventType.simple", "event", "My Event");
// Create file plan node
filePlan = nodeService.createNode(
rootNodeRef,
ContentModel.ASSOC_CHILDREN,
TYPE_FILE_PLAN,
TYPE_FILE_PLAN).getChildRef();
return null;
}
}, false, true);
// Load in the plan data required for the test
loadFilePlanData();
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// create people ...
rm_user = "rm_user_" + storeRef.getIdentifier();
rm_power_user = "rm_power_user_" + storeRef.getIdentifier();
rm_security_officer = "rm_security_officer_" + storeRef.getIdentifier();
rm_records_manager = "rm_records_manager_" + storeRef.getIdentifier();
rm_administrator = "rm_administrator_" + storeRef.getIdentifier();
test_user = "test_user_" + storeRef.getIdentifier();
personService.createPerson(createDefaultProperties(rm_user));
personService.createPerson(createDefaultProperties(rm_power_user));
personService.createPerson(createDefaultProperties(rm_security_officer));
personService.createPerson(createDefaultProperties(rm_records_manager));
personService.createPerson(createDefaultProperties(rm_administrator));
personService.createPerson(createDefaultProperties(test_user));
// create roles as groups
// rmUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_USER_" + storeRef.getIdentifier());
// rmPowerUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_POWER_USER_" + storeRef.getIdentifier());
// rmSecurityOfficers = authorityService.createAuthority(AuthorityType.GROUP, "RM_SECURITY_OFFICER_" + storeRef.getIdentifier());
// rmRecordsManagers = authorityService.createAuthority(AuthorityType.GROUP, "RM_RECORDS_MANAGER_" + storeRef.getIdentifier());
// rmAdministrators = authorityService.createAuthority(AuthorityType.GROUP, "RM_ADMINISTRATOR_" + storeRef.getIdentifier());
testers = authorityService.createAuthority(AuthorityType.GROUP, "RM_TESTOR_" + storeRef.getIdentifier());
authorityService.addAuthority(testers, test_user);
// rmUsers = recordsManagementSecurityService.assignRoleToAuthority(filePlan, ROLE, rm_user);
setPermissions(rm_user, ROLE_NAME_USER);
setPermissions(rm_power_user, ROLE_NAME_POWER_USER);
setPermissions(rm_security_officer, ROLE_NAME_SECURITY_OFFICER);
setPermissions(rm_records_manager, ROLE_NAME_RECORDS_MANAGER);
setPermissions(rm_administrator, ROLE_NAME_ADMINISTRATOR);
stdUsers = new String[]
{
AuthenticationUtil.getSystemUserName(),
rm_administrator,
rm_records_manager,
rm_security_officer,
rm_power_user,
rm_user
};
stdNodeRefs = new NodeRef[]
{
recordFolder_1,
record_1,
recordFolder_2,
record_2
};
return null;
}
}, false, true);
}
/**
* Test tear down
* @throws Exception
*/
@Override
protected void tearDown() throws Exception
{
// TODO we should clean up as much as we can ....
}
/**
* Set the permissions for a group, user and role
* @param group
* @param user
* @param role
*/
private void setPermissions(String user, String role)
{
recordsManagementSecurityService.assignRoleToAuthority(filePlan, role, user);
recordsManagementSecurityService.setPermission(filePlan, user, FILING);
}
/**
* Loads the file plan date required for the tests
*/
protected void loadFilePlanData()
{
recordSeries = createRecordSeries(filePlan, "RS", "Record Series", "My record series");
recordCategory_1 = createRecordCategory(recordSeries, "Docs", "Docs", "Docs", "week|1", true, false);
recordCategory_2 = createRecordCategory(recordSeries, "More Docs", "More Docs", "More Docs", "week|1", true, true);
recordCategory_3 = createRecordSeries(recordSeries, "No Dis", "No disp schedule", "No disp schedule");
recordFolder_1 = createRecordFolder(recordCategory_1, "F1", "title", "description");
recordFolder_2 = createRecordFolder(recordCategory_2, "F2", "title", "description");
recordFolder_3 = createRecordFolder(recordCategory_3, "F3", "title", "description");
record_1 = createRecord(recordFolder_1);
record_2 = createRecord(recordFolder_2);
record_3 = createRecord(recordFolder_3);
}
/**
* Set permission for authority on node reference.
* @param nodeRef
* @param authority
* @param permission
* @param allow
*/
// private void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
// {
// permissionService.setPermission(nodeRef, authority, permission, allow);
// if (permission.equals(FILING))
// {
// if (recordsManagementService.isRecordCategory(nodeRef) == true)
// {
// List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
// for (ChildAssociationRef assoc : assocs)
// {
// NodeRef child = assoc.getChildRef();
// if (recordsManagementService.isRecordFolder(child) == true ||
// recordsManagementService.isRecordCategory(child) == true)
// {
// setPermission(child, authority, permission, allow);
// }
// }
// }
// }
// }
/**
* Create the default person properties
* @param userName
* @return
*/
private Map<QName, Serializable> createDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_HOMEFOLDER, null);
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, userName);
properties.put(ContentModel.PROP_EMAIL, userName);
properties.put(ContentModel.PROP_ORGID, "");
return properties;
}
/**
* Create a new record. Executed in a new transaction.
*/
private NodeRef createRecord(final NodeRef recordFolder)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
// Create the record
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1);
props.put(ContentModel.PROP_NAME, "MyRecord.txt");
NodeRef recordOne = nodeService.createNode(recordFolder, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "MyRecord.txt"),
ContentModel.TYPE_CONTENT, props).getChildRef();
// Set the content
ContentWriter writer = contentService.getWriter(recordOne, ContentModel.PROP_CONTENT, true);
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
writer.setEncoding("UTF-8");
writer.putContent("There is some content in this record");
return recordOne;
}
}, false, true);
}
/**
* Create a test record series. Executed in a new transaction.
*/
private NodeRef createRecordSeries(final NodeRef filePlan, final String name, final String title, final String description)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
return recordsManagementService.createRecordCategory(filePlan, name, properties);
}
}, false, true);
}
/**
* Create a test record category in a new transaction.
*/
private NodeRef createRecordCategory(
final NodeRef recordSeries,
final String name,
final String title,
final String description,
final String review,
final boolean vital,
final boolean recordLevelDisposition)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
if (vital == true)
{
properties.put(PROP_REVIEW_PERIOD, review);
properties.put(PROP_VITAL_RECORD_INDICATOR, vital);
}
NodeRef rc = recordsManagementService.createRecordCategory(recordSeries, name, properties);
properties = new HashMap<QName, Serializable>();
properties.put(PROP_DISPOSITION_AUTHORITY, "N1-218-00-4 item 023");
properties.put(PROP_DISPOSITION_INSTRUCTIONS, "Cut off monthly, hold 1 month, then destroy.");
properties.put(PROP_RECORD_LEVEL_DISPOSITION, recordLevelDisposition);
DispositionSchedule ds = dispositionService.createDispositionSchedule(rc, properties);
addDispositionAction(ds, "cutoff", "monthend|1", null, "event");
addDispositionAction(ds, "transfer", "month|1", null, null);
addDispositionAction(ds, "accession", "month|1", null, null);
addDispositionAction(ds, "destroy", "month|1", "{http://www.alfresco.org/model/recordsmanagement/1.0}cutOffDate", null);
return rc;
}
}, false, true);
}
/**
* Create disposition action.
* @param disposition
* @param actionName
* @param period
* @param periodProperty
* @param event
* @return
*/
private void addDispositionAction(DispositionSchedule disposition, String actionName, String period, String periodProperty, String event)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(PROP_DISPOSITION_ACTION_NAME, actionName);
properties.put(PROP_DISPOSITION_PERIOD, period);
if (periodProperty != null)
{
properties.put(PROP_DISPOSITION_PERIOD_PROPERTY, periodProperty);
}
if (event != null)
{
properties.put(PROP_DISPOSITION_EVENT, event);
}
dispositionService.addDispositionActionDefinition(disposition, properties);
}
/**
* Create record folder. Executed in a new transaction.
* @param recordCategory
* @param name
* @param identifier
* @param title
* @param description
* @param review
* @param vital
* @return
*/
private NodeRef createRecordFolder(
final NodeRef recordCategory,
final String name,
final String title,
final String description)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
return recordsManagementService.createRecordFolder(recordCategory, name, properties);
}
}, false, true);
}
/**
*
* @param user
* @param nodeRef
* @param capabilityName
* @param accessStstus
*/
protected void checkCapability(final String user, final NodeRef nodeRef, final String capabilityName, final AccessStatus expected)
{
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
@Override
public Object doWork() throws Exception
{
Capability capability = recordsManagementSecurityService.getCapability(capabilityName);
assertNotNull(capability);
List<String> capabilities = new ArrayList<String>(1);
capabilities.add(capabilityName);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(nodeRef, capabilities);
AccessStatus actual = access.get(capability);
assertEquals(
"for user: " + user,
expected,
actual);
return null;
}
}, user);
}
/**
*
* @param access
* @param name
* @param accessStatus
*/
protected void check(Map<Capability, AccessStatus> access, String name, AccessStatus accessStatus)
{
Capability capability = recordsManagementSecurityService.getCapability(name);
assertNotNull(capability);
assertEquals(accessStatus, access.get(capability));
}
/**
*
* @param user
* @param nodeRef
* @param permission
* @param accessStstus
*/
protected void checkPermission(final String user, final NodeRef nodeRef, final String permission, final AccessStatus accessStstus)
{
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
@Override
public Object doWork() throws Exception
{
AccessStatus actualAccessStatus = permissionService.hasPermission(nodeRef, permission);
assertTrue(actualAccessStatus == accessStstus);
return null;
}
}, user);
}
/**
*
* @param nodeRef
* @param permission
* @param users
* @param expectedAccessStatus
*/
protected void checkPermissions(
final NodeRef nodeRef,
final String permission,
final String[] users,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of users should match the number of expected access status",
users.length,
expectedAccessStatus.length);
for (int i = 0; i < users.length; i++)
{
checkPermission(users[i], nodeRef, permission, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param nodeRef
* @param capability
* @param users
* @param expectedAccessStatus
*/
protected void checkCapabilities(
final NodeRef nodeRef,
final String capability,
final String[] users,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of users should match the number of expected access status",
users.length,
expectedAccessStatus.length);
for (int i = 0; i < users.length; i++)
{
checkCapability(users[i], nodeRef, capability, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param user
* @param capability
* @param nodeRefs
* @param expectedAccessStatus
*/
protected void checkCapabilities(
final String user,
final String capability,
final NodeRef[] nodeRefs,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of node references should match the number of expected access status",
nodeRefs.length,
expectedAccessStatus.length);
for (int i = 0; i < nodeRefs.length; i++)
{
checkCapability(user, nodeRefs[i], capability, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param capability
* @param accessStatus
*/
protected void checkTestUserCapabilities(String capability, AccessStatus ... accessStatus)
{
checkCapabilities(
test_user,
capability,
stdNodeRefs,
accessStatus);
}
/**
* Execute RM action
* @param action
* @param params
* @param nodeRefs
*/
protected void executeAction(final String action, final Map<String, Serializable> params, final String user, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(user);
for (NodeRef nodeRef : nodeRefs)
{
recordsManagementActionService.executeRecordsManagementAction(nodeRef, action, params);
}
return null;
}
}, false, true);
}
/**
*
* @param action
* @param nodeRefs
*/
protected void executeAction(final String action, final NodeRef ... nodeRefs)
{
executeAction(action, null, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs);
}
/**
*
* @param action
* @param params
* @param nodeRefs
*/
protected void executeAction(final String action, final Map<String, Serializable> params, final NodeRef ... nodeRefs)
{
executeAction(action, params, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs);
}
/**
*
* @param action
* @param params
* @param user
* @param nodeRefs
*/
protected void checkExecuteActionFail(final String action, final Map<String, Serializable> params, final String user, final NodeRef ... nodeRefs)
{
try
{
executeAction(action, params, user, nodeRefs);
fail("Action " + action + " has succeded and was expected to fail");
}
catch (AccessDeniedException ade)
{}
}
/**
*
* @param nodeRef
* @param property
* @param user
*/
protected void checkSetPropertyFail(final NodeRef nodeRef, final QName property, final String user, final Serializable value)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(user);
try
{
publicNodeService.setProperty(nodeRef, property, value);
fail("Expected failure when setting property");
}
catch (AccessDeniedException ade)
{}
return null;
}
}, false, true);
}
/**
* Add a capability
* @param capability
* @param authority
* @param nodeRefs
*/
protected void addCapability(final String capability, final String authority, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
permissionService.setPermission(nodeRef, authority, capability, true);
}
return null;
}
}, false, true);
}
/**
* Remove capability
* @param capability
* @param authority
* @param nodeRef
*/
protected void removeCapability(final String capability, final String authority, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
permissionService.deletePermission(nodeRef, authority, capability);
}
return null;
}
}, false, true);
}
/**
*
* @param nodeRefs
*/
protected void declare(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
nodeService.setProperty(nodeRef, ContentModel.PROP_TITLE, "titleValue");
recordsManagementActionService.executeRecordsManagementAction(nodeRef, "declareRecord");
}
return null;
}
}, false, true);
}
protected void cutoff(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.HOUR, 0);
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
for (NodeRef nodeRef : nodeRefs)
{
NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
recordsManagementActionService.executeRecordsManagementAction(nodeRef, "cutoff", null);
}
return null;
}
}, false, true);
}
protected void makeEligible(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.HOUR, 0);
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
for (NodeRef nodeRef : nodeRefs)
{
NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
}
return null;
}
}, false, true);
}
}

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -237,9 +237,4 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
return result;
}
public void testFrozenCondition()
{
}
}

163
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java Normal file
View File

@@ -0,0 +1,163 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* Declarative capability unit test
*
* @author Roy Wetherall
*/
public class GroupCapabilityTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef declaredRecord;
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
// Pre-filed content
record = utils.createRecord(rmFolder, "record.txt");
declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
}
@Override
protected void setupTestData()
{
super.setupTestData();
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
utils.declareRecord(declaredRecord);
return null;
}
});
}
@Override
protected void tearDownImpl()
{
super.tearDownImpl();
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(rmContainer, user, RMPermissionModel.FILING);
}
}
public void testUpdate()
{
final Capability capability = capabilityService.getCapability("Update");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
return null;
}
}, userName);
}
public void testUpdateProperties()
{
final Capability capability = capabilityService.getCapability("UpdateProperties");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
return null;
}
}, userName);
}
}