inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1224 (Rmadmin user is not created if auth chain contains not only ALfrescoNTLM)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@73546 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-06-11 08:53:23 +00:00
parent 249c03c345
commit a2400a047c
27 changed files with 225 additions and 733 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml
View File

@@ -14,7 +14,6 @@
<!-- Create record action -->
<bean id="create-record" parent="action-executer" class="org.alfresco.module.org_alfresco_module_rm.action.dm.CreateRecordAction">
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService"/>
<property name="recordService" ref="RecordService" />
<property name="nodeService" ref="NodeService" />
<property name="filePlanService" ref="FilePlanService" />

12
rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
View File

@@ -25,17 +25,9 @@ cache.writersSharedCache.maxItems=10000
cache.writersSharedCache.cluster.type=fully-distributed
#
# Global RM admin default bootstrap details
# Indicates whether RM rules will be run as Admin or not by default
#
# Note: rmadmin is created with a randomly generated password. This can be changed by 'admin' if
# required.
#
bootstrap.rmadmin.name=rmadmin
#
# Indicates whether RM rules will be run as RM Admin or not by default
#
rm.rule.runasrmadmin=true
rm.rule.runasadmin=true
#
# Auto-complete suggestion parameters

5
rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
View File

@@ -219,10 +219,9 @@
</property>
<!-- Since RM 2.1 -->
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService"/>
<property name="filePlanService" ref="FilePlanService" />
<property name="runAsRmAdmin">
<value>${rm.rule.runasrmadmin}</value>
<property name="runAsAdmin">
<value>${rm.rule.runasadmin}</value>
</property>
<property name="recordService" ref="RecordService" />

3
rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties
View File

@@ -1,6 +1,3 @@
bootstrap.rmadmin.firstName=Records Management
bootstrap.rmadmin.lastName=System Administrator
rm.hold.name=Hold
## Defaut roles

17
rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v21-context.xml
View File

@@ -52,21 +52,6 @@
<property name="capabilityService" ref="CapabilityService"/>
</bean>
<bean id="org_alfresco_module_rm_RMv21RMAdminUserPatch"
parent="rm.baseModulePatch"
class="org.alfresco.module.org_alfresco_module_rm.patch.v21.RMv21RMAdminUserPatch">
<property name="moduleId" value="org_alfresco_module_rm"/>
<property name="name" value="org_alfresco_module_rm_RMv21RMAdminUserPatch"/>
<property name="description" value="Adds the global RM admin user to all existing file plans."/>
<property name="sinceVersion" value="2.1"/>
<property name="appliesFromVersion" value="2.1"/>
<property name="filePlanService" ref="FilePlanService"/>
<property name="filePlanRoleService" ref="FilePlanRoleService"/>
<property name="authenticationService" ref="AuthenticationService" />
<property name="personService" ref="PersonService" />
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
</bean>
<bean id="org_alfresco_module_rm_RMv21RecordInheritancePatch"
parent="rm.baseModulePatch"
class="org.alfresco.module.org_alfresco_module_rm.patch.v21.RMv21RecordInheritancePatch">
@@ -118,5 +103,5 @@
<property name="fileFolderService" ref="FileFolderService"/>
<property name="nodeService" ref="NodeService"/>
</bean>
</beans>

46
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -41,7 +41,6 @@
<bean id="org_alfresco_module_rm_dispositionSelectionStrategy"
class="org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSelectionStrategy" >
<property name="dispositionService" ref="dispositionService"/>
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService"/>
</bean>
<!-- Vital Record Service -->
@@ -496,10 +495,6 @@
<property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="filePlanService" ref="FilePlanService" />
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
<property name="authenticationService" ref="AuthenticationService" />
<property name="personService" ref="PersonService" />
<!-- init repo for when a tenant is created -->
<property name="bootstrapImporterModuleComponent" ref="org_alfresco_module_rm_bootstrapData"/>
@@ -1088,7 +1083,7 @@
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.record.RecordService.registerRecordMetadataAspect=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.registerRecordMetadataAspect=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.disablePropertyEditableCheck=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.enablePropertyEditableCheck=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.getRecordMetaDataAspects=RM_ALLOW
@@ -1112,45 +1107,6 @@
</property>
</bean>
<!-- File Plan Authentication Service -->
<bean id="filePlanAuthenticationService"
class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl">
<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
<property name="tenantService">
<ref bean="tenantService"/>
</property>
</bean>
<bean id="FilePlanAuthenticationService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService</value>
</property>
<property name="target">
<ref bean="filePlanAuthenticationService"/>
</property>
<property name="interceptorNames">
<list>
<idref local="FilePlanAuthenticationService_transaction"/>
<idref bean="exceptionTranslator"/>
<idref local="FilePlanAuthenticationService_security"/>
</list>
</property>
</bean>
<bean id="FilePlanAuthenticationService_transaction" parent="baseTransaction"/>
<bean id="FilePlanAuthenticationService_security" parent="baseSecurity">
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService.*=RM_ALLOW
]]>
</value>
</property>
</bean>
<!-- Custom EMail Mapping Service -->
<bean id="customEmailMappingService"
class="org.alfresco.module.org_alfresco_module_rm.email.CustomEmailMappingServiceImpl" >

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -31,7 +31,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService;
@@ -163,12 +162,6 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
@NotAuditable
FilePlanPermissionService getFilePlanPermissionService();
/**
* @return file plan authentication service
* @since 2.1
*/
FilePlanAuthenticationService getFilePlanAuthenticationService();
/**
* @return identifier service
* @since 2.1

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -30,7 +30,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService;
@@ -171,15 +170,6 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService()
*/
@Override
public FilePlanAuthenticationService getFilePlanAuthenticationService()
{
return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getIdentifierService()
*/

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java
View File

@@ -26,8 +26,8 @@ import org.alfresco.module.org_alfresco_module_rm.action.AuditableActionExecuter
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.action.ParameterDefinitionImpl;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
@@ -76,9 +76,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
/** Dictionary service */
private DictionaryService dictionaryService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* @param recordService record service
*/
@@ -111,14 +108,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
this.dictionaryService = dictionaryService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -181,14 +170,15 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
if (filePlan == null)
{
// TODO .. eventually make the file plan parameter required
filePlan = filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<NodeRef>()
filePlan = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
{
@Override
public NodeRef doWork()
{
return filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
}
});
}, AuthenticationUtil.getAdminUserName());
// if the file plan is still null, raise an exception
if (filePlan == null)

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java
View File

@@ -25,7 +25,7 @@ import java.util.SortedSet;
import java.util.TreeSet;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
import org.apache.commons.logging.Log;
@@ -47,9 +47,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
/** Disposition service */
private DispositionService dispositionService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* Set the disposition service
*
@@ -60,14 +57,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
this.dispositionService = dispositionService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* Select the disposition schedule to use given there is more than one
*
@@ -130,14 +119,13 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
public int compare(final NodeRef f1, final NodeRef f2)
{
// Run as admin user
return filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<Integer>()
return AuthenticationUtil.runAs(new RunAsWork<Integer>()
{
public Integer doWork()
{
return compareImpl(f1, f2);
}
});
}, AuthenticationUtil.getAdminUserName());
}
private int compareImpl(NodeRef f1, NodeRef f2)

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java
View File

@@ -132,7 +132,7 @@ public class RMv2FilePlanNodeRefPatch extends ModulePatchComponent
nodeService.setProperty(filePlanComponentNodeRef, PROP_ROOT_NODEREF, filePlan);
}
// only set the rmadmin permissions on record categories, record folders and records
// only set the admin permissions on record categories, record folders and records
FilePlanComponentKind kind = filePlanService.getFilePlanComponentKind(filePlanComponentNodeRef);
if (FilePlanComponentKind.RECORD_CATEGORY.equals(kind) ||
FilePlanComponentKind.RECORD_FOLDER.equals(kind) ||

160
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java
View File

@@ -1,160 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.patch.v21;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.extensions.surf.util.I18NUtil;
/**
* RM v2.1: RM admin user patch
*
* @author Roy Wetherall
*/
@SuppressWarnings("deprecation")
public class RMv21RMAdminUserPatch extends RMv21PatchComponent implements BeanNameAware
{
/** I18N */
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
/** generate rm admin password */
private String password = GUID.generate();
/** mutable authenticaiton service */
private MutableAuthenticationService authenticationService;
/** person service */
private PersonService personService;
/** file plan service */
private FilePlanService filePlanService;
/** file plan role service */
private FilePlanRoleService filePlanRoleService;
/** file plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* @param personService person service
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* @param authenticationService mutable authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
* @param filePlanService file plan service
*/
public void setFilePlanService(FilePlanService filePlanService)
{
this.filePlanService = filePlanService;
}
/**
* @param filePlanRoleService file plan role service
*/
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@Override
protected void executePatch()
{
String user = filePlanAuthenticationService.getRmAdminUserName();
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
if (!authenticationService.authenticationExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(user, password.toCharArray());
if (!personService.personExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin person");
}
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, user);
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
properties.put(ContentModel.PROP_LASTNAME, lastName);
personService.createPerson(properties);
}
else
{
if (logger.isInfoEnabled())
{
logger.debug(" ... RM Admin person already exists");
}
}
if (logger.isDebugEnabled())
{
logger.debug(" ... assigning RM Admin user to file plans");
}
Set<NodeRef> filePlans = filePlanService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
}
}
}
}

90
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -22,18 +22,14 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
@@ -42,7 +38,6 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.RMAuthority;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -51,15 +46,9 @@ import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
@@ -75,8 +64,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
RecordsManagementModel
{
/** I18N */
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
private static final String MSG_ALL_ROLES = "rm.role.all";
/** Location of bootstrap role JSON */
@@ -103,15 +90,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Node service */
private NodeService nodeService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** mutable authenticaiton service */
private MutableAuthenticationService authenticationService;
/** person service */
private PersonService personService;
private BootstrapImporterModuleComponent bootstrapImporterModule;
/** Records management role zone */
@@ -120,9 +98,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Records Management Config Node */
private static final String CONFIG_NODEID = "rm_config_folder";
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class);
/**
* @param capabilityService capability service
*/
@@ -163,30 +138,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
this.filePlanService = filePlanService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @param personService person service
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* @param authenticationService mutable authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
*
* @param bootstrapImporterModuleComponent
@@ -391,13 +342,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
if (!filePlanAuthenticationService.getRmAdminUserName().equals(user))
if (!AuthenticationUtil.getAdminUserName().equals(user))
{
// Create the RM Admin User if it does not already exist
createRMAdminUser();
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
authorityService.addAuthority(role.getRoleGroupName(), AuthenticationUtil.getAdminUserName());
}
}
}
@@ -670,7 +618,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
*/
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
boolean isRMAdmin = false;
boolean isAdmin = false;
Set<Role> userRoles = this.getRolesByUser(rmRootNode, user);
if (userRoles != null)
@@ -679,13 +627,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
if (role.getName().equals("Administrator"))
{
isRMAdmin = true;
isAdmin = true;
break;
}
}
}
return isRMAdmin;
return isAdmin;
}
/**
@@ -921,32 +869,4 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
}
/**
* Create the RMAdmin user if it does not already exist
*/
private void createRMAdminUser()
{
/** generate rm admin password */
String password = GUID.generate();
String user = filePlanAuthenticationService.getRmAdminUserName();
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
if (!authenticationService.authenticationExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(user, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, user);
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
properties.put(ContentModel.PROP_LASTNAME, lastName);
personService.createPerson(properties);
}
}
}

44
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
View File

@@ -1,44 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
/**
* File plan authentication service.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface FilePlanAuthenticationService
{
/**
* @return rm admin user name
*/
String getRmAdminUserName();
/**
* Run provided work as the global rm admin user.
*
* @param <R> return type
* @param runAsWork work to execute as the rm admin user
* @return R result of work execution
*/
<R> R runAsRmAdmin(RunAsWork<R> runAsWork);
}

79
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
View File

@@ -1,79 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantService;
/**
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService
{
/** Default rm admin user values */
public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
/** RM admin user name */
private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
/** tennant service */
private TenantService tenantService;
/**
* The Tenant Service
*
* @param tenantService
*/
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
/**
* @param rmAdminUserName rm admin user name
*/
public void setRmAdminUserName(String rmAdminUserName)
{
this.rmAdminUserName = rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName()
*/
@Override
public String getRmAdminUserName()
{
// Build the tenant domain string
String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : "";
// if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name
return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
*/
@Override
public <R> R runAsRmAdmin(RunAsWork<R> runAsWork)
{
return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName());
}
}

53
rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java
View File

@@ -25,7 +25,6 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -41,8 +40,8 @@ import org.alfresco.service.namespace.QName;
*/
public class ExtendedRuleServiceImpl extends RuleServiceImpl
{
/** indicates whether the rules should be run as rmadmin or not */
private boolean runAsRmAdmin = true;
/** indicates whether the rules should be run as admin or not */
private boolean runAsAdmin = true;
/** ignore types */
private Set<QName> ignoredTypes = new HashSet<QName>();
@@ -50,31 +49,12 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
/** file plan service */
private FilePlanService filePlanService;
/** file plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** node service */
protected NodeService nodeService;
/** Record service */
protected RecordService recordService;
/**
* @param runAsRmAdmin true if run rules as rmadmin, false otherwise
*/
public void setRunAsRmAdmin(boolean runAsRmAdmin)
{
this.runAsRmAdmin = runAsRmAdmin;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @param nodeService node service
*/
@@ -99,6 +79,14 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
this.recordService = recordService;
}
/**
* @param runAsAdmin true if run rules as admin, false otherwise
*/
public void setRunAsAdmin(boolean runAsAdmin)
{
this.runAsAdmin = runAsAdmin;
}
/**
* Init method
*/
@@ -181,18 +169,17 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
// ignore and
if (!isIgnoredType(typeQName))
{
if (runAsRmAdmin)
if (runAsAdmin)
{
// run as rmadmin
filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<Void>()
{
@Override
public Void doWork()
{
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
return null;
}
});
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
@Override
public Void doWork()
{
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
return null;
}
}, AuthenticationUtil.getAdminUserName());
}
else
{

8
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/action/FileToActionTest.java
View File

@@ -95,7 +95,7 @@ public class FileToActionTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
private void initRecord()
@@ -147,7 +147,7 @@ public class FileToActionTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
public void testFileToPath2()
@@ -175,7 +175,7 @@ public class FileToActionTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
public void testCreate() throws Exception
@@ -237,7 +237,7 @@ public class FileToActionTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
public void failureTests() throws Exception

10
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -60,7 +60,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
private NodeRef moveToFolder;
private NodeRef moveToCategory;
private NodeRef hold;
@Override
@@ -109,9 +109,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
utils.declareRecord(declaredRecord);
utils.declareRecord(frozenRecord);
utils.declareRecord(frozenRecord2);
hold = holdService.createHold(filePlan, GUID.generate(), "reason", "description");
holdService.addToHold(hold, frozenRecord);
holdService.addToHold(hold, frozenRecordFolder);
holdService.addToHold(hold, frozenRecord2);
@@ -349,7 +349,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
}
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -445,7 +445,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
}
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{

16
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
View File

@@ -92,7 +92,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -130,7 +130,7 @@ public class RM1008Test extends BaseRMTestCase
holdService.addToHold(hold, rmFolder);
return hold;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -145,7 +145,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -171,7 +171,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -197,7 +197,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -282,7 +282,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -308,7 +308,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -334,7 +334,7 @@ public class RM1008Test extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{

66
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java
View File

@@ -26,30 +26,30 @@ import org.alfresco.service.cmr.site.SiteRole;
/**
* Unit test for RM-804 .. site managers are able to delete file plans
*
*
* @author Roy Wetherall
* @since 2.1
*/
public class RM804Test extends BaseRMTestCase
{
public class RM804Test extends BaseRMTestCase
{
@Override
protected void initServices()
{
super.initServices();
}
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
@Override
protected boolean isUserTest()
{
return true;
}
public void testUsersHaveDeletePermissionsOnFilePlan() throws Exception
{
// as rmuser
@@ -59,32 +59,32 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, "rmadmin");
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, "admin");
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new Test<Void>()
{
@@ -92,23 +92,23 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, rmUserName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
return null;
}
}, userName);
}
public void testTryAndDeleteSiteAsSiteManagerOnly()
{
doTestInTransaction(new Test<Void>()
@@ -117,25 +117,25 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
siteService.setMembership(siteId, userName, SiteRole.SiteManager.toString());
return null;
}
}, "admin");
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager only.",
AlfrescoRuntimeException.class
)
{
{
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
}
}, userName);
// give the user a RM role (but not sufficient to delete the file plan node ref)
doTestInTransaction(new Test<Void>()
{
@@ -143,47 +143,47 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_USER, userName);
return null;
}
}, "admin");
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager with an RM role that doesn't have the capability.",
AlfrescoRuntimeException.class
)
{
{
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
}
}, userName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_ADMINISTRATOR, userName);
return null;
}
}, "admin");
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
siteService.deleteSite(siteId);
return null;
}
}, userName);
}
}

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/CustomEMailMappingServiceImplTest.java
View File

@@ -117,7 +117,7 @@ public class CustomEMailMappingServiceImplTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
private CustomMapping getCustomMapping(String from, String to)

122
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java
View File

@@ -29,7 +29,7 @@ import org.alfresco.service.namespace.QName;
/**
* Model security service test.
*
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -37,16 +37,16 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
{
private static final QName CUSTOM_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customAspect");
private static final QName CUSTOM_PROTECTED_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedAspect");
private static final QName CUSTOM_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProperty");
private static final QName CUSTOM_PROTECTED_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedProperty");
/** Model security service */
private ModelSecurityService modelSecurityService;
private ModelSecurityService modelSecurityService;
private boolean enabled;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@@ -55,23 +55,23 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
{
return true;
}
@Override
protected boolean isFillingForAllUsers()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices()
*/
@Override
protected void initServices()
{
super.initServices();
super.initServices();
modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestDataImpl()
*/
@@ -79,11 +79,11 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
enabled = modelSecurityService.isEnabled();
modelSecurityService.setEnabled(true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#tearDownImpl()
*/
@@ -93,77 +93,77 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
super.tearDownImpl();
modelSecurityService.setEnabled(enabled);
}
/**
* test - getProtectedAspects(), isProtectedAspect(), getProtectedAspect()
*/
public void testProtectedAspects() throws Exception
{
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
Set<QName> protectedAspects = modelSecurityService.getProtectedAspects();
assertNotNull(protectedAspects);
assertFalse(protectedAspects.isEmpty());
assertTrue(protectedAspects.contains(CUSTOM_PROTECTED_ASPECT));
assertFalse(protectedAspects.contains(CUSTOM_ASPECT));
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.isProtectedAspect(CUSTOM_ASPECT));
ProtectedAspect protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_ASPECT);
assertNull(protectedAspect);
protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_PROTECTED_ASPECT);
assertNotNull(protectedAspect);
assertNotNull(protectedAspect.getQName());
assertNotNull(protectedAspect.getCapabilities());
assertNotNull(protectedAspect.getCapabilities());
}
});
});
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to add the protected aspect.",
"Normal rm user should not have the permissions to add the protected aspect.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
// try and add the aspect
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
}
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
assertTrue(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
}, ADMIN_USER);
// check protected aspect via removeAspect
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to remove the custom aspect.",
"Normal rm user should not have the permissions to remove the custom aspect.",
ModelAccessDeniedException.class
)
{
@@ -171,20 +171,20 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
public void run() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
}
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
assertFalse(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
}, ADMIN_USER);
}
/**
* test - getProtectedProperties(), isProtectedProperty(), getProtectedProperty()
*/
@@ -195,55 +195,55 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
public void runImpl()
{
Set<QName> protectedProperties = modelSecurityService.getProtectedProperties();
assertNotNull(protectedProperties);
assertFalse(protectedProperties.isEmpty());
assertTrue(protectedProperties.contains(CUSTOM_PROTECTED_PROPERTY));
assertFalse(protectedProperties.contains(CUSTOM_PROPERTY));
assertFalse(protectedProperties.contains(CUSTOM_PROPERTY));
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.isProtectedProperty(CUSTOM_PROPERTY));
ProtectedProperty protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROPERTY);
assertNull(protectedProperty);
protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROTECTED_PROPERTY);
assertNotNull(protectedProperty);
assertNotNull(protectedProperty.getQName());
assertNotNull(protectedProperty.getCapabilities());
assertNotNull(protectedProperty.getCapabilities());
}
});
});
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
}, ADMIN_USER);
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
}, powerUserName);
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Should not have the permissions to edit protected property.",
"Should not have the permissions to edit protected property.",
ModelAccessDeniedException.class
)
{
@@ -251,19 +251,19 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase
public void run() throws Exception
{
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
}
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
assertEquals("hello", nodeService.getProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
}, ADMIN_USER);
}
}

14
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
View File

@@ -501,7 +501,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
public void testFileNewContent() throws Exception
@@ -643,7 +643,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
}
});
// test rmadmin
// test admin
doTestInTransaction(new VoidTest()
{
@Override
@@ -738,11 +738,11 @@ public class RecordServiceImplTest extends BaseRMTestCase
}
});
// test rmadmin
canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmAdminName);
canEditProperty(recordOne, RecordsManagementModel.PROP_LOCATION, rmAdminName);
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, rmAdminName);
canEditProperty(recordDeclaredOne, RecordsManagementModel.PROP_LOCATION, rmAdminName);
// test admin
canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, ADMIN_USER);
canEditProperty(recordOne, RecordsManagementModel.PROP_LOCATION, ADMIN_USER);
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, ADMIN_USER);
canEditProperty(recordDeclaredOne, RecordsManagementModel.PROP_LOCATION, ADMIN_USER);
// test normal user
cantEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmUserName);

60
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementAuditServiceImplTest.java
View File

@@ -138,7 +138,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
}
/**
@@ -147,13 +147,13 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
public void testGetAuditTrail()
{
// show the audit is empty
getAuditTrail(1, rmAdminName);
getAuditTrail(1, ADMIN_USER);
// make a change
final String updatedProperty = updateTitle(filePlan, rmAdminName);
final String updatedProperty = updateTitle(filePlan, ADMIN_USER);
// show the audit has been updated
List<RecordsManagementAuditEntry> entries = getAuditTrail(3, rmAdminName);
List<RecordsManagementAuditEntry> entries = getAuditTrail(3, ADMIN_USER);
final RecordsManagementAuditEntry entry = entries.get(2);
assertNotNull(entry);
@@ -182,15 +182,15 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
return null;
}
}, rmAdminName);
}, ADMIN_USER);
// add some more title updates
updateTitle(rmContainer, rmAdminName);
updateTitle(rmFolder, rmAdminName);
updateTitle(record, rmAdminName);
updateTitle(rmContainer, ADMIN_USER);
updateTitle(rmFolder, ADMIN_USER);
updateTitle(record, ADMIN_USER);
// show the audit has been updated
getAuditTrail(7, rmAdminName);
getAuditTrail(7, ADMIN_USER);
// snap shot date
Date snapShot = new Date();
@@ -198,7 +198,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
// show the audit results can be limited
RecordsManagementAuditQueryParameters params = new RecordsManagementAuditQueryParameters();
params.setMaxEntries(2);
getAuditTrail(params, 2, rmAdminName);
getAuditTrail(params, 2, ADMIN_USER);
// test filter by user
updateTitle(rmContainer, recordsManagerName);
@@ -207,39 +207,39 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
params = new RecordsManagementAuditQueryParameters();
params.setUser(recordsManagerName);
getAuditTrail(params, 3, rmAdminName);
getAuditTrail(params, 3, ADMIN_USER);
// test filter by date
params = new RecordsManagementAuditQueryParameters();
params.setDateFrom(snapShot);
getAuditTrail(params, 13, rmAdminName);
getAuditTrail(params, 13, ADMIN_USER);
params = new RecordsManagementAuditQueryParameters();
params.setDateTo(snapShot);
getAuditTrail(params, 14, rmAdminName);
getAuditTrail(params, 14, ADMIN_USER);
params.setDateFrom(testStartTime);
getAuditTrail(params, 15, rmAdminName);
getAuditTrail(params, 15, ADMIN_USER);
// test filter by object
updateTitle(record, rmAdminName);
updateTitle(record, rmAdminName);
updateTitle(record, rmAdminName);
updateTitle(record, ADMIN_USER);
updateTitle(record, ADMIN_USER);
updateTitle(record, ADMIN_USER);
params = new RecordsManagementAuditQueryParameters();
params.setNodeRef(record);
getAuditTrail(params, 5, rmAdminName);
getAuditTrail(params, 5, ADMIN_USER);
// test filter by event
params = new RecordsManagementAuditQueryParameters();
// params.setEvent("cutoff");
// getAuditTrail(params, 0, rmAdminName);
// getAuditTrail(params, 0, ADMIN_USER);
params.setEvent("Update RM Object");
getAuditTrail(params, 10, rmAdminName);
getAuditTrail(params, 10, ADMIN_USER);
// test filter by property
// params = new RecordsManagementAuditQueryParameters();
//params.setProperty(PROP_ADDRESSEES);
//getAuditTrail(params, 0, rmAdminName);
//getAuditTrail(params, 0, ADMIN_USER);
// params.setProperty(PROP_TITLE);
// getAuditTrail(params, 10, rmAdminName);
// getAuditTrail(params, 10, ADMIN_USER);
}
/**
@@ -260,16 +260,16 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
Thread.sleep(5000);
List<RecordsManagementAuditEntry> result1 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result1 = getAuditTrail(ADMIN_USER);
assertNotNull(result1);
// Update the fileplan
updateTitle(filePlan, rmAdminName);
updateTitle(filePlan, ADMIN_USER);
Thread.sleep(5000);
// There should be no new audit entries
List<RecordsManagementAuditEntry> result2 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result2 = getAuditTrail(ADMIN_USER);
assertNotNull(result2);
assertEquals(
"Audit results should not have changed after auditing was disabled",
@@ -277,11 +277,11 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
// repeat with a start
rmAuditService.startAuditLog(filePlan);
updateTitle(filePlan, rmAdminName);
updateTitle(filePlan, ADMIN_USER);
Thread.sleep(5000);
List<RecordsManagementAuditEntry> result3 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result3 = getAuditTrail(ADMIN_USER);
assertNotNull(result3);
assertTrue(
"Expected more results after enabling audit",
@@ -294,7 +294,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
rmAuditService.clearAuditLog(filePlan);
// There should be no entries
List<RecordsManagementAuditEntry> result4 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result4 = getAuditTrail(ADMIN_USER);
assertNotNull(result4);
assertEquals(
"Audit entries should have been cleared",
@@ -342,7 +342,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
AuthenticationUtil.popAuthentication();
}
rmAuditService.stopAuditLog(filePlan);
List<RecordsManagementAuditEntry> result1 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result1 = getAuditTrail(ADMIN_USER);
// Check that the username is reflected correctly in the results
assertFalse("No audit results were generated for the failed login.", result1.isEmpty());
boolean found = false;
@@ -386,7 +386,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase
AuthenticationUtil.popAuthentication();
}
rmAuditService.stopAuditLog(filePlan);
List<RecordsManagementAuditEntry> result2 = getAuditTrail(rmAdminName);
List<RecordsManagementAuditEntry> result2 = getAuditTrail(ADMIN_USER);
found = false;
for (RecordsManagementAuditEntry entry : result2)
{

84
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -45,7 +45,6 @@ import org.alfresco.module.org_alfresco_module_rm.report.ReportService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
import org.alfresco.repo.policy.BehaviourFilter;
@@ -104,12 +103,12 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected QName ASPECT_CUSTOM_ASPECT = QName.createQName(URI, "customAspect");
protected QName ASPECT_RECORD_META_DATA = QName.createQName(URI, "recordMetaData");
/** admin user */
protected static final String ADMIN_USER = "admin";
/** Common test utils */
protected CommonRMTestUtils utils;
/** RM Admin user name */
protected String rmAdminUserName;
/** Services */
protected NodeService nodeService;
protected ContentService contentService;
@@ -143,7 +142,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected FreezeService freezeService;
protected RecordService recordService;
protected FilePlanService filePlanService;
protected FilePlanAuthenticationService filePlanAuthenticationService;
protected RecordFolderService recordFolderService;
protected ExtendedSecurityService extendedSecurityService;
protected ReportService reportService;
@@ -224,7 +222,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected String powerUserName;
protected String securityOfficerName;
protected String recordsManagerName;
protected String rmAdminName;
/** test people */
protected NodeRef userPerson;
@@ -232,7 +229,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected NodeRef powerUserPerson;
protected NodeRef securityOfficerPerson;
protected NodeRef recordsManagerPerson;
protected NodeRef rmAdminPerson;
/** test records */
protected NodeRef recordOne;
@@ -320,20 +316,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
// Initialise the service beans
initServices();
// grab the rmadmin user name
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
rmAdminUserName = filePlanAuthenticationService.getRmAdminUserName();
return null;
}
});
// Setup test data
setupTestData();
@@ -394,7 +376,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
freezeService = (FreezeService) applicationContext.getBean("FreezeService");
recordService = (RecordService) applicationContext.getBean("RecordService");
filePlanService = (FilePlanService) applicationContext.getBean("FilePlanService");
filePlanAuthenticationService = (FilePlanAuthenticationService) applicationContext.getBean("FilePlanAuthenticationService");
recordFolderService = (RecordFolderService) applicationContext.getBean("RecordFolderService");
extendedSecurityService = (ExtendedSecurityService) applicationContext.getBean("ExtendedSecurityService");
reportService = (ReportService) applicationContext.getBean("ReportService");
@@ -542,8 +523,8 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
containerProps).getChildRef();
assertNotNull("Could not create base folder", folder);
permissionService.setPermission(folder, "rmadmin", PermissionService.WRITE, true);
permissionService.setPermission(folder, "rmadmin", PermissionService.ADD_CHILDREN, true);
permissionService.setPermission(folder, ADMIN_USER, PermissionService.WRITE, true);
permissionService.setPermission(folder, ADMIN_USER, PermissionService.ADD_CHILDREN, true);
if (isRMSiteTest())
{
@@ -622,18 +603,13 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
recordsManagerPerson = createPerson(recordsManagerName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, recordsManagerName);
rmAdminName = GUID.generate();
rmAdminPerson = createPerson(rmAdminName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, rmAdminName);
testUsers = new String[]
{
userName,
rmUserName,
powerUserName,
securityOfficerName,
recordsManagerName,
rmAdminName
recordsManagerName
};
if (isFillingForAllUsers())
@@ -769,7 +745,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
}
/**
* Override to ensure the tests are run as the 'rmadmin' user by default.
* Override to ensure the tests are run as the 'admin' user by default.
*/
@Override
@@ -812,70 +788,70 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
// empty implementation
}
}
/**
* Execute behaviour driven test.
*
*
* @param test
*/
protected void doBehaviourDrivenTest(BehaviourDrivenTest test)
{
test.run();
}
/**
* Behaviour driven test.
*
*
* @author Roy Wetherall
* @since 2.2
*/
protected abstract class BehaviourDrivenTest
{
protected Class<?> expectedException;
public BehaviourDrivenTest()
{
}
public BehaviourDrivenTest(Class<?> expectedException)
{
this.expectedException = expectedException;
}
public void given() { /** empty implementation */ }
public void when() { /** empty implementation */ }
public void then() { /** empty implementation */ }
public void after() { /** empty implementation */ }
public void run()
{
try
{
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
given();
given();
}
});
if (expectedException == null)
{
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
when();
}
});
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
@@ -886,26 +862,26 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
else
{
doTestInTransaction(new FailureTest(expectedException)
{
{
@Override
public void run() throws Exception
{
when();
}
});
});
}
}
finally
{
{
doTestInTransaction(new VoidTest()
{
{
@Override
public void runImpl() throws Exception
{
after();
after();
}
});
}
}
}
}
}

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java
View File

@@ -122,6 +122,9 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest
protected NodeRef recordFolder2;
protected String collabSiteId;
/** admin user name */
protected static final String ADMIN_USER = "admin";
/**
* Indicates whether the test collaboration site should be created
* or not.
@@ -248,7 +251,7 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest
// As system user
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, "rmadmin");
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, ADMIN_USER);
return null;
}

6
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java
View File

@@ -69,9 +69,9 @@ public class RoleRestApiTest extends BaseRMWebScriptTestCase
// Create a couple or roles by hand
filePlanRoleService.createRole(filePlan, role1, "My Test Role", getListOfCapabilities(5));
filePlanRoleService.createRole(filePlan, role2, "My Test Role Too", getListOfCapabilities(5));
//The user can either enter a plain text label or a key to look up in a property file.
filePlanRoleService.createRole(filePlan, role3, "bootstrap.rmadmin.lastName", getListOfCapabilities(5));
filePlanRoleService.createRole(filePlan, role3, "System Administrator", getListOfCapabilities(5));
// create test group
String groupName = GUID.generate();
@@ -102,7 +102,7 @@ public class RoleRestApiTest extends BaseRMWebScriptTestCase
assertEquals(role2, roleObj.get("name"));
assertEquals("My Test Role Too", roleObj.get("displayLabel"));
checkCapabilities(roleObj, 5);
//Custom role with a user entered message key
roleObj = roles.getJSONObject(role3);
assertNotNull(roleObj);