inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM Bug Fixes:

Browse Source 
* Fixed up issues seen during QA security knowledge transfer session
  * hard coded "Read" evaluation in DocLib js is overridden in RM to account for "ReadRecord" ... not ideal solution but no other option for the moment
  * property pages now show for non-admin users
  * actions on toolbar showing and hidding correctly when capabilities missing
  * other actions showing and hiding correctly when capabilities missing
  * view details UI action to capability link now working correctly
  * some unit test monkeying
  * gradle scripts have 'explodedDeploy' taget which does deploys content of AMP (or at least what would be the contents of the AMP) to the exploded web apps ... speeds up dev time heaps!



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@35251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-04-16 02:59:54 +00:00
parent e767ce187a
commit 9d7fe7fd4a
22 changed files with 580 additions and 1615 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
build.gradle
View File

@@ -15,16 +15,6 @@ task wrapper(type: Wrapper) {
gradleVersion = '1.0-milestone-8'
}
task downloadAlfresco << {
def address = "https://bamboo.alfresco.com/bamboo/artifact/ALF-ENTERPRISEV40/JOB1/build-891/ALL/alfresco-enterprise-4.0.1.zip?os_authType=basic&os_username=rwetherall&os_password=31vegaleg"
def file = new FileOutputStream(file('alfresco.zip'))
def out = new BufferedOutputStream(file)
out << new URL(address).openStream()
out.close()
}
/** Subproject configuration */
subprojects {
@@ -50,6 +40,7 @@ subprojects {
jarFile = "${baseName}.jar"
ampFile = "${baseName}.amp"
tomcatRoot = System.getenv(tomcatEnv)
jarFilePath = "${buildLibDir}/${jarFile}"
sourceSets {
main {
@@ -161,7 +152,6 @@ subprojects {
task amp(dependsOn: 'jar') << {
def jarFilePath = "${buildLibDir}/${jarFile}"
def jarFileObj = file(jarFilePath)
def configDirObj = file(configDir)
def sourceWebObj = file(sourceWebDir)
@@ -197,6 +187,46 @@ subprojects {
}
}
task deployExploded(dependsOn: 'jar') << {
def jarFileObj = file(jarFilePath)
def configDirObj = file(configDir)
def sourceWebObj = file(sourceWebDir)
explodedWebAppDir = new File("${tomcatRoot}/webapps/${webAppName}")
if (explodedWebAppDir.exists() == true) {
// copy module properties
// copy jars
if (jarFileObj.exists()) {
copy {
from jarFilePath
into "${explodedWebAppDir}/WEB-INF/lib"
}
}
// copy config
if (configDirObj.exists() == true) {
copy {
from(configDir) {
exclude "**/${moduleProperties}"
exclude "**/${fileMapping}"
}
into "${explodedWebAppDir}/WEB-INF/classes"
}
}
// copy web
if (sourceWebObj.exists() == true) {
}
}
else {
println "Exploded webapp directory ${explodedWebAppDir} does not exist."
}
}
task installAmp(dependsOn: ['amp', 'copyWar']) << {
def warFileLocation = file("${buildDistDir}/${warFile}")

2
rm-server/.classpath
View File

@@ -249,7 +249,7 @@
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-surf-api-1.0.0.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-surf-core-1.0.0.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-surf-core-configservice-1.0.0.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-webscripts-1.0.0.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-webscripts-1.0.0.jar" sourcepath="C:/mywork/projects/v4/code/root/projects/3rd-party/src/spring-webscripts-1.0.0-sources.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/spring-webscripts-api-1.0.0.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/springmodules-jbpm31.jar"/>
<classpathentry exported="true" kind="lib" path="C:/mywork/projects/rmhead/code/rm-server/explodedDeps/lib/standard.jar"/>

3
rm-server/build.gradle
View File

@@ -20,7 +20,4 @@ test {
beforeTest { descriptor ->
logger.lifecycle("Running test: " + descriptor)
}
//onOutput { descriptor, event ->
// logger.lifecycle(event.message)
//}
}

17
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
View File

@@ -48,7 +48,6 @@
<bean id="capabilityCondition.filling"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FillingCapabilityCondition">
<property name="dictionaryService" ref="DictionaryService" />
</bean>
<bean id="capabilityCondition.transferred"
@@ -244,7 +243,12 @@
<value>RECORD_CATEGORY</value>
<value>DISPOSITION_SCHEDULE</value>
</list>
</property>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
</map>
</property>
</bean>
<bean id="rmCreateModifyDestroyFileplanTypesCapability"
@@ -513,12 +517,11 @@
</property>
</bean>
<bean id="rmEditRecordMetadataCapability"
<bean id="rmEditRecordMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.EditRecordMetadataCapability">
<property name="name" value="EditRecordMetadata"/>
<property name="permission" value="EditRecordMetadata"/>
<property name="ownableService" ref="OwnableService"/>
<property name="permission" value="EditRecordMetadata"/>
<property name="kinds">
<list>
<value>RECORD</value>
@@ -827,7 +830,9 @@
<property name="groupCapability" value="true"/>
</bean>
<bean id="rmUpdateProperties" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability">
<bean id="rmUpdateProperties"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability">
<property name="name" value="UpdateProperties"/>
<property name="groupCapability" value="true"/>
</bean>

264
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/doclist.lib.js Normal file
View File

@@ -0,0 +1,264 @@
const REQUEST_MAX = 1000;
/**
* Main entry point: Create collection of documents and folders in the given space
*
* @method doclist_main
*/
function doclist_main()
{
// Use helper function to get the arguments
var parsedArgs = ParseArgs.getParsedArgs();
if (parsedArgs === null)
{
return;
}
var filter = args.filter,
items = [];
// Try to find a filter query based on the passed-in arguments
var allNodes = [],
totalRecords = 0,
requestTotalCountMax = 0,
paged = false,
favourites = Common.getFavourites(),
filterParams = Filters.getFilterParams(filter, parsedArgs,
{
favourites: favourites
}),
query = filterParams.query;
if ((filter || "path") == "path")
{
// TODO also add DB filter by "node" (in addition to "path")
var parentNode = parsedArgs.pathNode;
if (parentNode !== null)
{
var skip = -1,
max = -1;
if (args.size != null)
{
max = args.size;
if (args.pos > 0)
{
skip = (args.pos - 1) * max;
}
}
var sortField = (args.sortField == null ? "cm:name" : args.sortField),
sortAsc = (((args.sortAsc == null) || (args.sortAsc == "true")) ? true : false);
// Get paged set
requestTotalCountMax = skip + REQUEST_MAX;
var pagedResult = parentNode.childFileFolders(true, true, filterParams.ignoreTypes, skip, max, requestTotalCountMax, sortField, sortAsc, "TODO");
allNodes = pagedResult.page;
totalRecords = pagedResult.totalResultCountUpper;
paged = true;
}
}
else
{
// Query the nodes - passing in sort and result limit parameters
if (query !== "")
{
allNodes = search.query(
{
query: query,
language: filterParams.language,
page:
{
maxItems: (filterParams.limitResults ? parseInt(filterParams.limitResults, 10) : 0)
},
sort: filterParams.sort,
templates: filterParams.templates,
namespace: (filterParams.namespace ? filterParams.namespace : null)
});
totalRecords = allNodes.length;
}
}
// Ensure folders and folderlinks appear at the top of the list
var folderNodes = [],
documentNodes = [];
for each (node in allNodes)
{
try
{
if (node.isContainer || node.isLinkToContainer)
{
folderNodes.push(node);
}
else
{
documentNodes.push(node);
}
}
catch (e)
{
// Possibly an old indexed node - ignore it
}
}
// Node type counts
var folderNodesCount = folderNodes.length,
documentNodesCount = documentNodes.length,
nodes;
if (parsedArgs.type === "documents")
{
nodes = documentNodes;
totalRecords -= folderNodesCount;
}
else
{
// TODO: Sorting with folders at end -- swap order of concat()
nodes = folderNodes.concat(documentNodes);
}
// Pagination
var pageSize = args.size || nodes.length,
pagePos = args.pos || "1",
startIndex = (pagePos - 1) * pageSize;
if (!paged)
{
// Trim the nodes array down to the page size
nodes = nodes.slice(startIndex, pagePos * pageSize);
}
// Common or variable parent container?
var parent = null;
if (!filterParams.variablePath)
{
// Parent node permissions (and Site role if applicable)
parent = Evaluator.run(parsedArgs.pathNode, true);
}
var isThumbnailNameRegistered = thumbnailService.isThumbnailNameRegistered(THUMBNAIL_NAME),
thumbnail = null,
locationNode,
item;
// Loop through and evaluate each node in this result set
for each (node in nodes)
{
// Get evaluated properties.
item = Evaluator.run(node);
if (item !== null)
{
item.isFavourite = (favourites[item.node.nodeRef] === true);
item.likes = Common.getLikes(node);
// Does this collection of nodes have potentially differering paths?
if (filterParams.variablePath || item.isLink)
{
locationNode = item.isLink ? item.linkedNode : item.node;
location = Common.getLocation(locationNode, parsedArgs.libraryRoot);
// Parent node
if (node.parent != null &&
(node.parent.hasPermission("Read") || node.parent.hasPermission("ReadRecords")))
{
item.parent = Evaluator.run(node.parent, true);
}
}
else
{
location =
{
site: parsedArgs.location.site,
siteTitle: parsedArgs.location.siteTitle,
sitePreset: parsedArgs.location.sitePreset,
container: parsedArgs.location.container,
containerType: parsedArgs.location.containerType,
path: parsedArgs.location.path,
file: node.name
};
}
// Resolved location
item.location = location;
// Check: thumbnail type is registered && node is a cm:content subtype && valid inputStream for content property
if (isThumbnailNameRegistered && item.node.isSubType("cm:content") && item.node.properties.content.inputStream != null)
{
// Make sure we have a thumbnail.
thumbnail = item.node.getThumbnail(THUMBNAIL_NAME);
if (thumbnail === null)
{
// No thumbnail, so queue creation
item.node.createThumbnail(THUMBNAIL_NAME, true);
}
}
items.push(item);
}
else
{
--totalRecords;
}
}
// Array Remove - By John Resig (MIT Licensed)
var fnArrayRemove = function fnArrayRemove(array, from, to)
{
var rest = array.slice((to || from) + 1 || array.length);
array.length = from < 0 ? array.length + from : from;
return array.push.apply(array, rest);
};
/**
* De-duplicate orignals for any existing working copies.
* This can't be done in evaluator.lib.js as it has no knowledge of the current filter or UI operation.
* Note: This may result in pages containing less than the configured amount of items (50 by default).
*/
for each (item in items)
{
if (item.workingCopy.isWorkingCopy)
{
var workingCopySource = String(item.workingCopy.sourceNodeRef);
for (var i = 0, ii = items.length; i < ii; i++)
{
if (String(items[i].node.nodeRef) == workingCopySource)
{
fnArrayRemove(items, i);
--totalRecords;
break;
}
}
}
}
var paging =
{
totalRecords: totalRecords,
startIndex: startIndex
};
if (paged && (totalRecords == requestTotalCountMax))
{
paging.totalRecordsUpper = requestTotalCountMax;
}
return (
{
luceneQuery: query,
paging: paging,
container: parsedArgs.rootNode,
parent: parent,
onlineEditing: utils.moduleInstalled("org.alfresco.module.vti"),
itemCount:
{
folders: folderNodesCount,
documents: documentNodesCount
},
items: items,
customJSON: slingshotDocLib.getJSON()
});
}

77
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/node.get.js Normal file
View File

@@ -0,0 +1,77 @@
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/evaluator.lib.js">
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/parse-args.lib.js">
/**
* Main entry point: Return single document or folder given it's nodeRef
*
* @method getDoclist
*/
function getDoclist()
{
// Use helper function to get the arguments
var parsedArgs = ParseArgs.getParsedArgs();
if (parsedArgs === null)
{
return;
}
parsedArgs.pathNode = ParseArgs.resolveNode(parsedArgs.nodeRef);
parsedArgs.location = Common.getLocation(parsedArgs.pathNode, parsedArgs.libraryRoot);
var favourites = Common.getFavourites(),
node = parsedArgs.pathNode;
var isThumbnailNameRegistered = thumbnailService.isThumbnailNameRegistered(THUMBNAIL_NAME),
thumbnail = null,
item = Evaluator.run(node);
item.isFavourite = (favourites[node.nodeRef] === true);
item.likes = Common.getLikes(node);
item.location =
{
site: parsedArgs.location.site,
siteTitle: parsedArgs.location.siteTitle,
container: parsedArgs.location.container,
containerType: parsedArgs.location.containerType,
path: parsedArgs.location.path,
file: node.name
};
item.parent = {};
if (node.parent != null && (node.parent.hasPermission("Read") || node.parent.hasPermission("ReadRecords")))
{
item.parent = Evaluator.run(node.parent, true);
}
// Special case for container and libraryRoot nodes
if ((parsedArgs.location.containerNode && String(parsedArgs.location.containerNode.nodeRef) == String(node.nodeRef)) ||
(parsedArgs.libraryRoot && String(parsedArgs.libraryRoot.nodeRef) == String(node.nodeRef)))
{
item.location.file = "";
}
// Check: thumbnail type is registered && node is a cm:content subtype && valid inputStream for content property
if (isThumbnailNameRegistered && item.node.isSubType("cm:content") && item.node.properties.content.inputStream != null)
{
// Make sure we have a thumbnail.
thumbnail = item.node.getThumbnail(THUMBNAIL_NAME);
if (thumbnail === null)
{
// No thumbnail, so queue creation
item.node.createThumbnail(THUMBNAIL_NAME, true);
}
}
return (
{
container: parsedArgs.rootNode,
onlineEditing: utils.moduleInstalled("org.alfresco.module.vti"),
item: item,
customJSON: slingshotDocLib.getJSON()
});
}
/**
* Document List Component: doclist
*/
model.doclist = getDoclist();

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java
View File

@@ -31,7 +31,7 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/AbstractCapability.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
package org.alfresco.module.org_alfresco_module_rm.capability;
import java.util.ArrayList;
import java.util.List;
@@ -24,11 +24,6 @@ import java.util.List;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMSecurityCommon;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;

6
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
View File

@@ -26,7 +26,7 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.springframework.beans.BeansException;
@@ -41,7 +41,7 @@ import org.springframework.context.ApplicationContextAware;
public class DeclarativeCapability extends AbstractCapability implements ApplicationContextAware
{
/** Application Context */
private ApplicationContext applicationContext;
protected ApplicationContext applicationContext;
/** Required permissions */
private List<String> permissions;
@@ -233,7 +233,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#hasPermissionImpl(org.alfresco.service.cmr.repository.NodeRef)
* @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#hasPermissionImpl(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public int evaluate(NodeRef nodeRef)

73
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingCapabilityCondition.java
View File

@@ -18,14 +18,10 @@
*/
package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
/**
* Filling capability condition.
@@ -34,17 +30,6 @@ import org.alfresco.service.namespace.QName;
*/
public class FillingCapabilityCondition extends AbstractCapabilityCondition
{
/** Dictionary service */
private DictionaryService dictionaryService;
/**
* @param dictionaryService dictionary service
*/
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.CapabilityCondition#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -53,65 +38,11 @@ public class FillingCapabilityCondition extends AbstractCapabilityCondition
{
boolean result = false;
NodeRef filePlan = rmService.getFilePlan(nodeRef);
if (permissionService.hasPermission(filePlan, RMPermissionModel.ROLE_ADMINISTRATOR) == AccessStatus.ALLOWED)
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED)
{
result = true;
}
else
{
QName nodeType = nodeService.getType(nodeRef);
if (rmService.isRecord(nodeRef) == true ||
dictionaryService.isSubClass(nodeType, ContentModel.TYPE_CONTENT) == true)
{
// Multifiling - if you have filing rights to any of the folders in which the record resides
// then you have filing rights.
for (ChildAssociationRef car : nodeService.getParentAssocs(nodeRef))
{
if (car != null)
{
if (permissionService.hasPermission(car.getParentRef(), RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{
result = true;
break;
}
}
}
}
else if (rmService.isRecordFolder(nodeRef) == true)
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED)
{
result = true;
}
}
else if (rmService.isRecordCategory(nodeRef) == true)
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED)
{
result = true;
}
else if (permissionService.hasPermission(filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS) != AccessStatus.DENIED)
{
result = true;
}
}
// else other file plan component
else
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) != AccessStatus.DENIED)
{
result = true;
}
else if (permissionService.hasPermission(filePlan, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA) != AccessStatus.DENIED)
{
result = true;
}
}
}
return result;
return result;
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java
View File

@@ -20,9 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.capability.group;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.service.cmr.repository.NodeRef;
/**

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java
View File

@@ -20,9 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.capability.group;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.service.cmr.repository.NodeRef;
/**

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java
View File

@@ -23,8 +23,8 @@ import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java
View File

@@ -23,8 +23,8 @@ import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ChangeOrDeleteReferencesCapability.java
View File

@@ -41,7 +41,7 @@ public class ChangeOrDeleteReferencesCapability extends DeclarativeCapability
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
* @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef source, NodeRef target)
{

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/DeleteLinksCapability.java
View File

@@ -41,7 +41,7 @@ public class DeleteLinksCapability extends DeclarativeCapability
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.impl.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
* @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef source, NodeRef target)
{

20
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/EditRecordMetadataCapability.java
View File

@@ -31,17 +31,17 @@ import org.alfresco.service.cmr.security.OwnableService;
*
* @author Roy Wetherall
*/
public class EditRecordMetadataCapability extends DeclarativeCapability
public class EditRecordMetadataCapability extends DeclarativeCapability
{
/** Ownable service */
private OwnableService ownableService;
/**
* @param ownableService ownable service
*/
public void setOwnableService(OwnableService ownableService)
private OwnableService getOwnableService()
{
this.ownableService = ownableService;
if (ownableService == null)
{
ownableService = (OwnableService)applicationContext.getBean("OwnableService");
}
return ownableService;
}
/**
@@ -76,11 +76,11 @@ public class EditRecordMetadataCapability extends DeclarativeCapability
// Since we know this is undeclared if you are the owner then you should be able to
// edit the records meta-data (otherwise how can it be declared by the user?)
if (ownableService.hasOwner(nodeRef) == true)
if (getOwnableService().hasOwner(nodeRef) == true)
{
String user = AuthenticationUtil.getFullyAuthenticatedUser();
if (user != null &&
ownableService.getOwner(nodeRef).equals(user) == true)
getOwnableService().getOwner(nodeRef).equals(user) == true)
{
result = Integer.valueOf(AccessDecisionVoter.ACCESS_GRANTED);
}

282
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/AddModifyEventDatesCapabilityTest.java
View File

@@ -1,282 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* @author Roy Wetherall
*/
public class AddModifyEventDatesCapabilityTest extends BaseTestCapabilities
{
/**
*
* @throws Exception
*/
public void testAddModifyEventDatesCapability() throws Exception
{
// Check file plan permissions
checkPermissions(
filePlan,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
checkCapabilities(
recordFolder_1,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
checkCapabilities(
record_1,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED
});
checkCapabilities(
recordFolder_2,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED
});
checkCapabilities(
record_2,
ADD_MODIFY_EVENT_DATES,
stdUsers,
new AccessStatus[]
{
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED
});
/** Test user has no capabilities */
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add filing to both record folders */
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true);
permissionService.setInheritParentPermissions(recordCategory_1, false);
permissionService.setInheritParentPermissions(recordCategory_2, false);
permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true);
permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true);
permissionService.setPermission(recordFolder_1, testers, FILING, true);
permissionService.setPermission(recordFolder_2, testers, FILING, true);
return null;
}
}, false, true);
/** Check capabilities */
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add declare record capability */
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add modify event date capability */
addCapability(ADD_MODIFY_EVENT_DATES, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove declare capability */
removeCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Add declare capability */
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove view records capability */
removeCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Add view records capability */
addCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Remove filing from record folders */
removeCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Set filing permission on records folders */
addCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Freeze folder 1 */
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "one");
executeAction("freeze", params, recordFolder_1);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Freeze record_2 */
params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "Two");
executeAction("freeze", params, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
/** Unfreeze */
executeAction("unfreeze", recordFolder_1, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Close record folders */
executeAction("closeRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Open record folders */
executeAction("openRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
/** Try and complete events*/
Map<String, Serializable> eventDetails = new HashMap<String, Serializable>(3);
eventDetails.put(CompleteEventAction.PARAM_EVENT_NAME, "event");
eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_AT, new Date());
eventDetails.put(CompleteEventAction.PARAM_EVENT_COMPLETED_BY, test_user);
executeAction("completeEvent", eventDetails, test_user, recordFolder_1);
checkExecuteActionFail("completeEvent", eventDetails, test_user, recordFolder_2);
checkExecuteActionFail("completeEvent", eventDetails, test_user, record_1);
executeAction("completeEvent", eventDetails, test_user, record_2);
/** Check properties can not be set */
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETE, test_user, true);
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, new Date());
checkSetPropertyFail(record_1, RecordsManagementModel.PROP_EVENT_EXECUTION_COMPLETED_AT, test_user, "me");
/** Declare and cutoff */
declare(record_1, record_2);
cutoff(recordFolder_1, record_2);
checkTestUserCapabilities(ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
}
}

307
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/ApproveRecordsScheduledForCutoffCapability.java
View File

@@ -1,307 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* @author Roy Wetherall
*/
public class ApproveRecordsScheduledForCutoffCapability extends BaseTestCapabilities
{
public void testApproveRecordsScheduledForCutoffCapability()
{
// File plan permissions
checkPermissions(filePlan, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
// Not yet eligible
checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
// Set appropriate state - declare records and make eligible
declare(record_1, record_2);
makeEligible(recordFolder_1, record_2);
checkCapabilities(recordFolder_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_1, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(recordFolder_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkCapabilities(record_2, APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, stdUsers,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.ALLOWED,
AccessStatus.DENIED,
AccessStatus.DENIED,
AccessStatus.DENIED);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
permissionService.setPermission(filePlan, testers, VIEW_RECORDS, true);
permissionService.setInheritParentPermissions(recordCategory_1, false);
permissionService.setInheritParentPermissions(recordCategory_2, false);
permissionService.setPermission(recordCategory_1, testers, READ_RECORDS, true);
permissionService.setPermission(recordCategory_2, testers, READ_RECORDS, true);
permissionService.setPermission(recordFolder_1, testers, FILING, true);
permissionService.setPermission(recordFolder_2, testers, FILING, true);
return null;
}
}, false, true);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
addCapability(DECLARE_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(VIEW_RECORDS, testers, filePlan);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
removeCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
addCapability(FILING, testers, recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Freeze record folder
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(FreezeAction.PARAM_REASON, "one");
executeAction("freeze", params, recordFolder_1);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Freeze record
executeAction("freeze", params, record_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.DENIED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.DENIED); // record_2
// Unfreeze
executeAction("unfreeze", recordFolder_1, record_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
// Close folders
executeAction("closeRecordFolder", recordFolder_1, recordFolder_2);
checkTestUserCapabilities(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
AccessStatus.ALLOWED, // recordFolder_1
AccessStatus.DENIED, // record_1
AccessStatus.DENIED, // recordFolder_2
AccessStatus.ALLOWED); // record_2
//
// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "openRecordFolder");
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "openRecordFolder");
//
// checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
// checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
// checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.DENIED);
// checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF, AccessStatus.ALLOWED);
//
// // try and cut off
//
// AuthenticationUtil.setFullyAuthenticatedUser(test_user);
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_2, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(record_1, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
//
// // check protected properties
//
// try
// {
// publicNodeService.setProperty(record_1, RecordsManagementModel.PROP_CUT_OFF_DATE, new Date());
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// check cutoff again (it is already cut off)
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(recordFolder_1, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// try
// {
// recordsManagementActionService.executeRecordsManagementAction(record_2, "cutoff", null);
// fail();
// }
// catch (AccessDeniedException ade)
// {
//
// }
// checkCapability(test_user, recordFolder_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, record_1, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, recordFolder_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
// checkCapability(test_user, record_2, RMPermissionModel.APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
// AccessStatus.DENIED);
}
}

903
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/BaseTestCapabilities.java
View File

@@ -1,903 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.transaction.UserTransaction;
import junit.framework.TestCase;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.security.permissions.impl.model.PermissionModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext;
/**
* @author Roy Wetherall
*/
public abstract class BaseTestCapabilities extends TestCase
implements RMPermissionModel, RecordsManagementModel
{
/* Application context */
protected ApplicationContext ctx;
/* Root node reference */
protected StoreRef storeRef;
protected NodeRef rootNodeRef;
/* Services */
protected NodeService nodeService;
protected NodeService publicNodeService;
protected TransactionService transactionService;
protected PermissionService permissionService;
protected RecordsManagementService recordsManagementService;
protected RecordsManagementSecurityService recordsManagementSecurityService;
protected RecordsManagementActionService recordsManagementActionService;
protected RecordsManagementEventService recordsManagementEventService;
protected DispositionService dispositionService;
protected CapabilityService capabilityService;
protected PermissionModel permissionModel;
protected ContentService contentService;
protected AuthorityService authorityService;
protected PersonService personService;
protected ContentService publicContentService;
protected RetryingTransactionHelper retryingTransactionHelper;
protected RMEntryVoter rmEntryVoter;
protected UserTransaction testTX;
protected NodeRef filePlan;
protected NodeRef recordSeries;
protected NodeRef recordCategory_1;
protected NodeRef recordCategory_2;
protected NodeRef recordFolder_1;
protected NodeRef recordFolder_2;
protected NodeRef record_1;
protected NodeRef record_2;
protected NodeRef recordCategory_3;
protected NodeRef recordFolder_3;
protected NodeRef record_3;
// protected String rmUsers;
// protected String rmPowerUsers;
// protected String rmSecurityOfficers;
// protected String rmRecordsManagers;
// protected String rmAdministrators;
protected String rm_user;
protected String rm_power_user;
protected String rm_security_officer;
protected String rm_records_manager;
protected String rm_administrator;
protected String test_user;
protected String testers;
protected String[] stdUsers;
protected NodeRef[] stdNodeRefs;;
/**
* Test setup
* @throws Exception
*/
protected void setUp() throws Exception
{
// Get the application context
ctx = ApplicationContextHelper.getApplicationContext();
// Get beans
nodeService = (NodeService) ctx.getBean("dbNodeService");
publicNodeService = (NodeService) ctx.getBean("NodeService");
transactionService = (TransactionService) ctx.getBean("transactionComponent");
permissionService = (PermissionService) ctx.getBean("permissionService");
permissionModel = (PermissionModel) ctx.getBean("permissionsModelDAO");
contentService = (ContentService) ctx.getBean("contentService");
publicContentService = (ContentService) ctx.getBean("ContentService");
authorityService = (AuthorityService) ctx.getBean("authorityService");
personService = (PersonService) ctx.getBean("personService");
capabilityService = (CapabilityService)ctx.getBean("CapabilityService");
dispositionService = (DispositionService)ctx.getBean("DispositionService");
recordsManagementService = (RecordsManagementService) ctx.getBean("RecordsManagementService");
recordsManagementSecurityService = (RecordsManagementSecurityService) ctx.getBean("RecordsManagementSecurityService");
recordsManagementActionService = (RecordsManagementActionService) ctx.getBean("RecordsManagementActionService");
recordsManagementEventService = (RecordsManagementEventService) ctx.getBean("RecordsManagementEventService");
rmEntryVoter = (RMEntryVoter) ctx.getBean("rmEntryVoter");
retryingTransactionHelper = (RetryingTransactionHelper)ctx.getBean("retryingTransactionHelper");
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// Create store and get the root node reference
storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
rootNodeRef = nodeService.getRootNode(storeRef);
// As admin user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
// Create test events
recordsManagementEventService.getEvents();
recordsManagementEventService.addEvent("rmEventType.simple", "event", "My Event");
// Create file plan node
filePlan = nodeService.createNode(
rootNodeRef,
ContentModel.ASSOC_CHILDREN,
TYPE_FILE_PLAN,
TYPE_FILE_PLAN).getChildRef();
return null;
}
}, false, true);
// Load in the plan data required for the test
loadFilePlanData();
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
// create people ...
rm_user = "rm_user_" + storeRef.getIdentifier();
rm_power_user = "rm_power_user_" + storeRef.getIdentifier();
rm_security_officer = "rm_security_officer_" + storeRef.getIdentifier();
rm_records_manager = "rm_records_manager_" + storeRef.getIdentifier();
rm_administrator = "rm_administrator_" + storeRef.getIdentifier();
test_user = "test_user_" + storeRef.getIdentifier();
personService.createPerson(createDefaultProperties(rm_user));
personService.createPerson(createDefaultProperties(rm_power_user));
personService.createPerson(createDefaultProperties(rm_security_officer));
personService.createPerson(createDefaultProperties(rm_records_manager));
personService.createPerson(createDefaultProperties(rm_administrator));
personService.createPerson(createDefaultProperties(test_user));
// create roles as groups
// rmUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_USER_" + storeRef.getIdentifier());
// rmPowerUsers = authorityService.createAuthority(AuthorityType.GROUP, "RM_POWER_USER_" + storeRef.getIdentifier());
// rmSecurityOfficers = authorityService.createAuthority(AuthorityType.GROUP, "RM_SECURITY_OFFICER_" + storeRef.getIdentifier());
// rmRecordsManagers = authorityService.createAuthority(AuthorityType.GROUP, "RM_RECORDS_MANAGER_" + storeRef.getIdentifier());
// rmAdministrators = authorityService.createAuthority(AuthorityType.GROUP, "RM_ADMINISTRATOR_" + storeRef.getIdentifier());
testers = authorityService.createAuthority(AuthorityType.GROUP, "RM_TESTOR_" + storeRef.getIdentifier());
authorityService.addAuthority(testers, test_user);
// rmUsers = recordsManagementSecurityService.assignRoleToAuthority(filePlan, ROLE, rm_user);
setPermissions(rm_user, ROLE_NAME_USER);
setPermissions(rm_power_user, ROLE_NAME_POWER_USER);
setPermissions(rm_security_officer, ROLE_NAME_SECURITY_OFFICER);
setPermissions(rm_records_manager, ROLE_NAME_RECORDS_MANAGER);
setPermissions(rm_administrator, ROLE_NAME_ADMINISTRATOR);
stdUsers = new String[]
{
AuthenticationUtil.getSystemUserName(),
rm_administrator,
rm_records_manager,
rm_security_officer,
rm_power_user,
rm_user
};
stdNodeRefs = new NodeRef[]
{
recordFolder_1,
record_1,
recordFolder_2,
record_2
};
return null;
}
}, false, true);
}
/**
* Test tear down
* @throws Exception
*/
@Override
protected void tearDown() throws Exception
{
// TODO we should clean up as much as we can ....
}
/**
* Set the permissions for a group, user and role
* @param group
* @param user
* @param role
*/
private void setPermissions(String user, String role)
{
recordsManagementSecurityService.assignRoleToAuthority(filePlan, role, user);
recordsManagementSecurityService.setPermission(filePlan, user, FILING);
}
/**
* Loads the file plan date required for the tests
*/
protected void loadFilePlanData()
{
recordSeries = createRecordSeries(filePlan, "RS", "Record Series", "My record series");
recordCategory_1 = createRecordCategory(recordSeries, "Docs", "Docs", "Docs", "week|1", true, false);
recordCategory_2 = createRecordCategory(recordSeries, "More Docs", "More Docs", "More Docs", "week|1", true, true);
recordCategory_3 = createRecordSeries(recordSeries, "No Dis", "No disp schedule", "No disp schedule");
recordFolder_1 = createRecordFolder(recordCategory_1, "F1", "title", "description");
recordFolder_2 = createRecordFolder(recordCategory_2, "F2", "title", "description");
recordFolder_3 = createRecordFolder(recordCategory_3, "F3", "title", "description");
record_1 = createRecord(recordFolder_1);
record_2 = createRecord(recordFolder_2);
record_3 = createRecord(recordFolder_3);
}
/**
* Set permission for authority on node reference.
* @param nodeRef
* @param authority
* @param permission
* @param allow
*/
// private void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
// {
// permissionService.setPermission(nodeRef, authority, permission, allow);
// if (permission.equals(FILING))
// {
// if (recordsManagementService.isRecordCategory(nodeRef) == true)
// {
// List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
// for (ChildAssociationRef assoc : assocs)
// {
// NodeRef child = assoc.getChildRef();
// if (recordsManagementService.isRecordFolder(child) == true ||
// recordsManagementService.isRecordCategory(child) == true)
// {
// setPermission(child, authority, permission, allow);
// }
// }
// }
// }
// }
/**
* Create the default person properties
* @param userName
* @return
*/
private Map<QName, Serializable> createDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_HOMEFOLDER, null);
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, userName);
properties.put(ContentModel.PROP_EMAIL, userName);
properties.put(ContentModel.PROP_ORGID, "");
return properties;
}
/**
* Create a new record. Executed in a new transaction.
*/
private NodeRef createRecord(final NodeRef recordFolder)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
// Create the record
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1);
props.put(ContentModel.PROP_NAME, "MyRecord.txt");
NodeRef recordOne = nodeService.createNode(recordFolder, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "MyRecord.txt"),
ContentModel.TYPE_CONTENT, props).getChildRef();
// Set the content
ContentWriter writer = contentService.getWriter(recordOne, ContentModel.PROP_CONTENT, true);
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
writer.setEncoding("UTF-8");
writer.putContent("There is some content in this record");
return recordOne;
}
}, false, true);
}
/**
* Create a test record series. Executed in a new transaction.
*/
private NodeRef createRecordSeries(final NodeRef filePlan, final String name, final String title, final String description)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
return recordsManagementService.createRecordCategory(filePlan, name, properties);
}
}, false, true);
}
/**
* Create a test record category in a new transaction.
*/
private NodeRef createRecordCategory(
final NodeRef recordSeries,
final String name,
final String title,
final String description,
final String review,
final boolean vital,
final boolean recordLevelDisposition)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
if (vital == true)
{
properties.put(PROP_REVIEW_PERIOD, review);
properties.put(PROP_VITAL_RECORD_INDICATOR, vital);
}
NodeRef rc = recordsManagementService.createRecordCategory(recordSeries, name, properties);
properties = new HashMap<QName, Serializable>();
properties.put(PROP_DISPOSITION_AUTHORITY, "N1-218-00-4 item 023");
properties.put(PROP_DISPOSITION_INSTRUCTIONS, "Cut off monthly, hold 1 month, then destroy.");
properties.put(PROP_RECORD_LEVEL_DISPOSITION, recordLevelDisposition);
DispositionSchedule ds = dispositionService.createDispositionSchedule(rc, properties);
addDispositionAction(ds, "cutoff", "monthend|1", null, "event");
addDispositionAction(ds, "transfer", "month|1", null, null);
addDispositionAction(ds, "accession", "month|1", null, null);
addDispositionAction(ds, "destroy", "month|1", "{http://www.alfresco.org/model/recordsmanagement/1.0}cutOffDate", null);
return rc;
}
}, false, true);
}
/**
* Create disposition action.
* @param disposition
* @param actionName
* @param period
* @param periodProperty
* @param event
* @return
*/
private void addDispositionAction(DispositionSchedule disposition, String actionName, String period, String periodProperty, String event)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(PROP_DISPOSITION_ACTION_NAME, actionName);
properties.put(PROP_DISPOSITION_PERIOD, period);
if (periodProperty != null)
{
properties.put(PROP_DISPOSITION_PERIOD_PROPERTY, periodProperty);
}
if (event != null)
{
properties.put(PROP_DISPOSITION_EVENT, event);
}
dispositionService.addDispositionActionDefinition(disposition, properties);
}
/**
* Create record folder. Executed in a new transaction.
* @param recordCategory
* @param name
* @param identifier
* @param title
* @param description
* @param review
* @param vital
* @return
*/
private NodeRef createRecordFolder(
final NodeRef recordCategory,
final String name,
final String title,
final String description)
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
@Override
public NodeRef execute() throws Throwable
{
// As admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_TITLE, title);
properties.put(ContentModel.PROP_DESCRIPTION, description);
return recordsManagementService.createRecordFolder(recordCategory, name, properties);
}
}, false, true);
}
/**
*
* @param user
* @param nodeRef
* @param capabilityName
* @param accessStstus
*/
protected void checkCapability(final String user, final NodeRef nodeRef, final String capabilityName, final AccessStatus expected)
{
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
@Override
public Object doWork() throws Exception
{
Capability capability = recordsManagementSecurityService.getCapability(capabilityName);
assertNotNull(capability);
List<String> capabilities = new ArrayList<String>(1);
capabilities.add(capabilityName);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(nodeRef, capabilities);
AccessStatus actual = access.get(capability);
assertEquals(
"for user: " + user,
expected,
actual);
return null;
}
}, user);
}
/**
*
* @param access
* @param name
* @param accessStatus
*/
protected void check(Map<Capability, AccessStatus> access, String name, AccessStatus accessStatus)
{
Capability capability = recordsManagementSecurityService.getCapability(name);
assertNotNull(capability);
assertEquals(accessStatus, access.get(capability));
}
/**
*
* @param user
* @param nodeRef
* @param permission
* @param accessStstus
*/
protected void checkPermission(final String user, final NodeRef nodeRef, final String permission, final AccessStatus accessStstus)
{
AuthenticationUtil.runAs(new RunAsWork<Object>()
{
@Override
public Object doWork() throws Exception
{
AccessStatus actualAccessStatus = permissionService.hasPermission(nodeRef, permission);
assertTrue(actualAccessStatus == accessStstus);
return null;
}
}, user);
}
/**
*
* @param nodeRef
* @param permission
* @param users
* @param expectedAccessStatus
*/
protected void checkPermissions(
final NodeRef nodeRef,
final String permission,
final String[] users,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of users should match the number of expected access status",
users.length,
expectedAccessStatus.length);
for (int i = 0; i < users.length; i++)
{
checkPermission(users[i], nodeRef, permission, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param nodeRef
* @param capability
* @param users
* @param expectedAccessStatus
*/
protected void checkCapabilities(
final NodeRef nodeRef,
final String capability,
final String[] users,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of users should match the number of expected access status",
users.length,
expectedAccessStatus.length);
for (int i = 0; i < users.length; i++)
{
checkCapability(users[i], nodeRef, capability, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param user
* @param capability
* @param nodeRefs
* @param expectedAccessStatus
*/
protected void checkCapabilities(
final String user,
final String capability,
final NodeRef[] nodeRefs,
final AccessStatus ... expectedAccessStatus)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
assertEquals(
"The number of node references should match the number of expected access status",
nodeRefs.length,
expectedAccessStatus.length);
for (int i = 0; i < nodeRefs.length; i++)
{
checkCapability(user, nodeRefs[i], capability, expectedAccessStatus[i]);
}
return null;
}
}, true, true);
}
/**
*
* @param capability
* @param accessStatus
*/
protected void checkTestUserCapabilities(String capability, AccessStatus ... accessStatus)
{
checkCapabilities(
test_user,
capability,
stdNodeRefs,
accessStatus);
}
/**
* Execute RM action
* @param action
* @param params
* @param nodeRefs
*/
protected void executeAction(final String action, final Map<String, Serializable> params, final String user, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(user);
for (NodeRef nodeRef : nodeRefs)
{
recordsManagementActionService.executeRecordsManagementAction(nodeRef, action, params);
}
return null;
}
}, false, true);
}
/**
*
* @param action
* @param nodeRefs
*/
protected void executeAction(final String action, final NodeRef ... nodeRefs)
{
executeAction(action, null, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs);
}
/**
*
* @param action
* @param params
* @param nodeRefs
*/
protected void executeAction(final String action, final Map<String, Serializable> params, final NodeRef ... nodeRefs)
{
executeAction(action, params, AuthenticationUtil.SYSTEM_USER_NAME, nodeRefs);
}
/**
*
* @param action
* @param params
* @param user
* @param nodeRefs
*/
protected void checkExecuteActionFail(final String action, final Map<String, Serializable> params, final String user, final NodeRef ... nodeRefs)
{
try
{
executeAction(action, params, user, nodeRefs);
fail("Action " + action + " has succeded and was expected to fail");
}
catch (AccessDeniedException ade)
{}
}
/**
*
* @param nodeRef
* @param property
* @param user
*/
protected void checkSetPropertyFail(final NodeRef nodeRef, final QName property, final String user, final Serializable value)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(user);
try
{
publicNodeService.setProperty(nodeRef, property, value);
fail("Expected failure when setting property");
}
catch (AccessDeniedException ade)
{}
return null;
}
}, false, true);
}
/**
* Add a capability
* @param capability
* @param authority
* @param nodeRefs
*/
protected void addCapability(final String capability, final String authority, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
permissionService.setPermission(nodeRef, authority, capability, true);
}
return null;
}
}, false, true);
}
/**
* Remove capability
* @param capability
* @param authority
* @param nodeRef
*/
protected void removeCapability(final String capability, final String authority, final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
permissionService.deletePermission(nodeRef, authority, capability);
}
return null;
}
}, false, true);
}
/**
*
* @param nodeRefs
*/
protected void declare(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
for (NodeRef nodeRef : nodeRefs)
{
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATOR, "origValue");
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_ORIGINATING_ORGANIZATION, "origOrgValue");
nodeService.setProperty(nodeRef, RecordsManagementModel.PROP_PUBLICATION_DATE, new Date());
nodeService.setProperty(nodeRef, ContentModel.PROP_TITLE, "titleValue");
recordsManagementActionService.executeRecordsManagementAction(nodeRef, "declareRecord");
}
return null;
}
}, false, true);
}
protected void cutoff(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.HOUR, 0);
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
for (NodeRef nodeRef : nodeRefs)
{
NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
recordsManagementActionService.executeRecordsManagementAction(nodeRef, "cutoff", null);
}
return null;
}
}, false, true);
}
protected void makeEligible(final NodeRef ... nodeRefs)
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.HOUR, 0);
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
for (NodeRef nodeRef : nodeRefs)
{
NodeRef ndNodeRef = nodeService.getChildAssocs(nodeRef, RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION, RegexQNamePattern.MATCH_ALL).get(0).getChildRef();
nodeService.setProperty(ndNodeRef, RecordsManagementModel.PROP_DISPOSITION_AS_OF, calendar.getTime());
}
return null;
}
}, false, true);
}
}

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -237,9 +237,4 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
return result;
}
public void testFrozenCondition()
{
}
}

163
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java Normal file
View File

@@ -0,0 +1,163 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.capabilities;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* Declarative capability unit test
*
* @author Roy Wetherall
*/
public class GroupCapabilityTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef declaredRecord;
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
// Pre-filed content
record = utils.createRecord(rmFolder, "record.txt");
declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
}
@Override
protected void setupTestData()
{
super.setupTestData();
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
utils.declareRecord(declaredRecord);
return null;
}
});
}
@Override
protected void tearDownImpl()
{
super.tearDownImpl();
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(rmContainer, user, RMPermissionModel.FILING);
}
}
public void testUpdate()
{
final Capability capability = capabilityService.getCapability("Update");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
return null;
}
}, userName);
}
public void testUpdateProperties()
{
final Capability capability = capabilityService.getCapability("UpdateProperties");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
return null;
}
}, userName);
}
}