From a2400a047c39b72852f3ee91d541fc0950d0ee3e Mon Sep 17 00:00:00 2001 From: Tuna Aksoy Date: Wed, 11 Jun 2014 08:53:23 +0000 Subject: [PATCH] RM-1224 (Rmadmin user is not created if auth chain contains not only ALfrescoNTLM) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@73546 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../org_alfresco_module_rm/action-context.xml | 1 - .../alfresco-global.properties | 12 +- .../extended-repository-context.xml | 5 +- .../messages/rm-system.properties | 3 - .../patch/rm-patch-v21-context.xml | 17 +- .../rm-service-context.xml | 46 +---- .../RecordsManagementServiceRegistry.java | 7 - .../RecordsManagementServiceRegistryImpl.java | 10 -- .../action/dm/CreateRecordAction.java | 18 +- .../DispositionSelectionStrategy.java | 18 +- .../patch/v20/RMv2FilePlanNodeRefPatch.java | 2 +- .../patch/v21/RMv21RMAdminUserPatch.java | 160 ------------------ .../role/FilePlanRoleServiceImpl.java | 90 +--------- .../FilePlanAuthenticationService.java | 44 ----- .../FilePlanAuthenticationServiceImpl.java | 79 --------- .../repo/rule/ExtendedRuleServiceImpl.java | 53 +++--- .../test/action/FileToActionTest.java | 8 +- .../DeclarativeCapabilityTest.java | 10 +- .../test/integration/issue/RM1008Test.java | 16 +- .../test/integration/issue/RM804Test.java | 66 ++++---- .../CustomEMailMappingServiceImplTest.java | 2 +- .../service/ModelSecurityServiceImplTest.java | 122 ++++++------- .../test/service/RecordServiceImplTest.java | 14 +- ...RecordsManagementAuditServiceImplTest.java | 60 +++---- .../test/util/BaseRMTestCase.java | 84 ++++----- .../test/util/BaseRMWebScriptTestCase.java | 5 +- .../test/webscript/RoleRestApiTest.java | 6 +- 27 files changed, 225 insertions(+), 733 deletions(-) delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml index f9d640678c..46cc7a2483 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml @@ -14,7 +14,6 @@ - diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties index 4d2732cd98..60f0b0e0d6 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties @@ -25,17 +25,9 @@ cache.writersSharedCache.maxItems=10000 cache.writersSharedCache.cluster.type=fully-distributed # -# Global RM admin default bootstrap details +# Indicates whether RM rules will be run as Admin or not by default # -# Note: rmadmin is created with a randomly generated password. This can be changed by 'admin' if -# required. -# -bootstrap.rmadmin.name=rmadmin - -# -# Indicates whether RM rules will be run as RM Admin or not by default -# -rm.rule.runasrmadmin=true +rm.rule.runasadmin=true # # Auto-complete suggestion parameters diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml index 9a741ca3d0..25a396e069 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml @@ -219,10 +219,9 @@ - - - ${rm.rule.runasrmadmin} + + ${rm.rule.runasadmin} diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties index 65f3c6dd0e..649a76b2bd 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties @@ -1,6 +1,3 @@ -bootstrap.rmadmin.firstName=Records Management -bootstrap.rmadmin.lastName=System Administrator - rm.hold.name=Hold ## Defaut roles diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v21-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v21-context.xml index 65930dcf9a..d6abeca930 100755 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v21-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/patch/rm-patch-v21-context.xml @@ -52,21 +52,6 @@ - - - - - - - - - - - - - @@ -118,5 +103,5 @@ - + \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 9902ed0040..387c006d04 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -41,7 +41,6 @@ - @@ -496,10 +495,6 @@ - - - - @@ -1088,7 +1083,7 @@ - - - - - - - - - - - - org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java index 9ffc7237c3..6eabd7d7e8 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java @@ -31,7 +31,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService; @@ -163,12 +162,6 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry @NotAuditable FilePlanPermissionService getFilePlanPermissionService(); - /** - * @return file plan authentication service - * @since 2.1 - */ - FilePlanAuthenticationService getFilePlanAuthenticationService(); - /** * @return identifier service * @since 2.1 diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java index 612381d096..ba8ce301d9 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java @@ -30,7 +30,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService; @@ -171,15 +170,6 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE); } - /** - * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService() - */ - @Override - public FilePlanAuthenticationService getFilePlanAuthenticationService() - { - return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE); - } - /** * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getIdentifierService() */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java index 4a59c127b7..f8174a1059 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java @@ -26,8 +26,8 @@ import org.alfresco.module.org_alfresco_module_rm.action.AuditableActionExecuter import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.repo.action.ParameterDefinitionImpl; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; @@ -76,9 +76,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase /** Dictionary service */ private DictionaryService dictionaryService; - /** File plan authentication service */ - private FilePlanAuthenticationService filePlanAuthenticationService; - /** * @param recordService record service */ @@ -111,14 +108,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase this.dictionaryService = dictionaryService; } - /** - * @param filePlanAuthenticationService file plan authentication service - */ - public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) - { - this.filePlanAuthenticationService = filePlanAuthenticationService; - } - /** * @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef) */ @@ -181,14 +170,15 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase if (filePlan == null) { // TODO .. eventually make the file plan parameter required - filePlan = filePlanAuthenticationService.runAsRmAdmin(new RunAsWork() + + filePlan = AuthenticationUtil.runAs(new RunAsWork() { @Override public NodeRef doWork() { return filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID); } - }); + }, AuthenticationUtil.getAdminUserName()); // if the file plan is still null, raise an exception if (filePlan == null) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java index 93b3374f37..191468ee7c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java @@ -25,7 +25,7 @@ import java.util.SortedSet; import java.util.TreeSet; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.repository.NodeRef; import org.apache.commons.logging.Log; @@ -47,9 +47,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel /** Disposition service */ private DispositionService dispositionService; - /** File plan authentication service */ - private FilePlanAuthenticationService filePlanAuthenticationService; - /** * Set the disposition service * @@ -60,14 +57,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel this.dispositionService = dispositionService; } - /** - * @param filePlanAuthenticationService file plan authentication service - */ - public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) - { - this.filePlanAuthenticationService = filePlanAuthenticationService; - } - /** * Select the disposition schedule to use given there is more than one * @@ -130,14 +119,13 @@ public class DispositionSelectionStrategy implements RecordsManagementModel public int compare(final NodeRef f1, final NodeRef f2) { // Run as admin user - return filePlanAuthenticationService.runAsRmAdmin(new RunAsWork() + return AuthenticationUtil.runAs(new RunAsWork() { public Integer doWork() { return compareImpl(f1, f2); } - - }); + }, AuthenticationUtil.getAdminUserName()); } private int compareImpl(NodeRef f1, NodeRef f2) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java index 5a0adb629d..721620c5e2 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java @@ -132,7 +132,7 @@ public class RMv2FilePlanNodeRefPatch extends ModulePatchComponent nodeService.setProperty(filePlanComponentNodeRef, PROP_ROOT_NODEREF, filePlan); } - // only set the rmadmin permissions on record categories, record folders and records + // only set the admin permissions on record categories, record folders and records FilePlanComponentKind kind = filePlanService.getFilePlanComponentKind(filePlanComponentNodeRef); if (FilePlanComponentKind.RECORD_CATEGORY.equals(kind) || FilePlanComponentKind.RECORD_FOLDER.equals(kind) || diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java deleted file mode 100644 index f8441071ae..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (C) 2005-2014 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.patch.v21; - -import java.io.Serializable; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; -import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.MutableAuthenticationService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.QName; -import org.alfresco.util.GUID; -import org.springframework.beans.factory.BeanNameAware; -import org.springframework.extensions.surf.util.I18NUtil; - -/** - * RM v2.1: RM admin user patch - * - * @author Roy Wetherall - */ -@SuppressWarnings("deprecation") -public class RMv21RMAdminUserPatch extends RMv21PatchComponent implements BeanNameAware -{ - /** I18N */ - private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName"; - private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName"; - - /** generate rm admin password */ - private String password = GUID.generate(); - - /** mutable authenticaiton service */ - private MutableAuthenticationService authenticationService; - - /** person service */ - private PersonService personService; - - /** file plan service */ - private FilePlanService filePlanService; - - /** file plan role service */ - private FilePlanRoleService filePlanRoleService; - - /** file plan authentication service */ - private FilePlanAuthenticationService filePlanAuthenticationService; - - /** - * @param personService person service - */ - public void setPersonService(PersonService personService) - { - this.personService = personService; - } - - /** - * @param authenticationService mutable authentication service - */ - public void setAuthenticationService(MutableAuthenticationService authenticationService) - { - this.authenticationService = authenticationService; - } - - /** - * @param filePlanService file plan service - */ - public void setFilePlanService(FilePlanService filePlanService) - { - this.filePlanService = filePlanService; - } - - /** - * @param filePlanRoleService file plan role service - */ - public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService) - { - this.filePlanRoleService = filePlanRoleService; - } - - /** - * @param filePlanAuthenticationService file plan authentication service - */ - public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) - { - this.filePlanAuthenticationService = filePlanAuthenticationService; - } - - /** - * @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal() - */ - @Override - protected void executePatch() - { - String user = filePlanAuthenticationService.getRmAdminUserName(); - String firstName = I18NUtil.getMessage(MSG_FIRST_NAME); - String lastName = I18NUtil.getMessage(MSG_LAST_NAME); - - if (!authenticationService.authenticationExists(user)) - { - if (logger.isDebugEnabled()) - { - logger.debug(" ... creating RM Admin user"); - } - - authenticationService.createAuthentication(user, password.toCharArray()); - - if (!personService.personExists(user)) - { - if (logger.isDebugEnabled()) - { - logger.debug(" ... creating RM Admin person"); - } - - Map properties = new HashMap(); - properties.put(ContentModel.PROP_USERNAME, user); - properties.put(ContentModel.PROP_FIRSTNAME, firstName); - properties.put(ContentModel.PROP_LASTNAME, lastName); - personService.createPerson(properties); - } - else - { - if (logger.isInfoEnabled()) - { - logger.debug(" ... RM Admin person already exists"); - } - } - - if (logger.isDebugEnabled()) - { - logger.debug(" ... assigning RM Admin user to file plans"); - } - - Set filePlans = filePlanService.getFilePlans(); - for (NodeRef filePlan : filePlans) - { - filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user); - } - } - } -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java index db042d002f..43386b0210 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java @@ -22,18 +22,14 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.Serializable; import java.nio.charset.Charset; import java.util.ArrayList; import java.util.Arrays; -import java.util.HashMap; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; @@ -42,7 +38,6 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authority.RMAuthority; import org.alfresco.service.cmr.repository.NodeRef; @@ -51,15 +46,9 @@ import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; -import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.PermissionService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.QName; -import org.alfresco.util.GUID; import org.alfresco.util.ParameterCheck; import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; @@ -75,8 +64,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, RecordsManagementModel { /** I18N */ - private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName"; - private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName"; private static final String MSG_ALL_ROLES = "rm.role.all"; /** Location of bootstrap role JSON */ @@ -103,15 +90,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, /** Node service */ private NodeService nodeService; - /** File plan authentication service */ - private FilePlanAuthenticationService filePlanAuthenticationService; - - /** mutable authenticaiton service */ - private MutableAuthenticationService authenticationService; - - /** person service */ - private PersonService personService; - private BootstrapImporterModuleComponent bootstrapImporterModule; /** Records management role zone */ @@ -120,9 +98,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, /** Records Management Config Node */ private static final String CONFIG_NODEID = "rm_config_folder"; - /** Logger */ - private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class); - /** * @param capabilityService capability service */ @@ -163,30 +138,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, this.filePlanService = filePlanService; } - /** - * @param filePlanAuthenticationService file plan authentication service - */ - public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) - { - this.filePlanAuthenticationService = filePlanAuthenticationService; - } - - /** - * @param personService person service - */ - public void setPersonService(PersonService personService) - { - this.personService = personService; - } - - /** - * @param authenticationService mutable authentication service - */ - public void setAuthenticationService(MutableAuthenticationService authenticationService) - { - this.authenticationService = authenticationService; - } - /** * * @param bootstrapImporterModuleComponent @@ -391,13 +342,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, String user = AuthenticationUtil.getFullyAuthenticatedUser(); authorityService.addAuthority(role.getRoleGroupName(), user); - if (!filePlanAuthenticationService.getRmAdminUserName().equals(user)) + if (!AuthenticationUtil.getAdminUserName().equals(user)) { - // Create the RM Admin User if it does not already exist - createRMAdminUser(); - // add the dynamic admin authority - authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName()); + authorityService.addAuthority(role.getRoleGroupName(), AuthenticationUtil.getAdminUserName()); } } } @@ -670,7 +618,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, */ public boolean hasRMAdminRole(NodeRef rmRootNode, String user) { - boolean isRMAdmin = false; + boolean isAdmin = false; Set userRoles = this.getRolesByUser(rmRootNode, user); if (userRoles != null) @@ -679,13 +627,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { if (role.getName().equals("Administrator")) { - isRMAdmin = true; + isAdmin = true; break; } } } - return isRMAdmin; + return isAdmin; } /** @@ -921,32 +869,4 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan)); } - - /** - * Create the RMAdmin user if it does not already exist - */ - private void createRMAdminUser() - { - /** generate rm admin password */ - String password = GUID.generate(); - - String user = filePlanAuthenticationService.getRmAdminUserName(); - String firstName = I18NUtil.getMessage(MSG_FIRST_NAME); - String lastName = I18NUtil.getMessage(MSG_LAST_NAME); - - if (!authenticationService.authenticationExists(user)) - { - if (logger.isDebugEnabled()) - { - logger.debug(" ... creating RM Admin user"); - } - - authenticationService.createAuthentication(user, password.toCharArray()); - Map properties = new HashMap(); - properties.put(ContentModel.PROP_USERNAME, user); - properties.put(ContentModel.PROP_FIRSTNAME, firstName); - properties.put(ContentModel.PROP_LASTNAME, lastName); - personService.createPerson(properties); - } - } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java deleted file mode 100644 index 2ae21b3594..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (C) 2005-2014 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.security; - -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; - -/** - * File plan authentication service. - * - * @author Roy Wetherall - * @since 2.1 - */ -public interface FilePlanAuthenticationService -{ - /** - * @return rm admin user name - */ - String getRmAdminUserName(); - - /** - * Run provided work as the global rm admin user. - * - * @param return type - * @param runAsWork work to execute as the rm admin user - * @return R result of work execution - */ - R runAsRmAdmin(RunAsWork runAsWork); -} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java deleted file mode 100644 index dc1123e923..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 2005-2014 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.security; - -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.tenant.TenantService; - -/** - * @author Roy Wetherall - * @since 2.1 - */ -public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService -{ - /** Default rm admin user values */ - public static final String DEFAULT_RM_ADMIN_USER = "rmadmin"; - - /** RM admin user name */ - private String rmAdminUserName = DEFAULT_RM_ADMIN_USER; - - /** tennant service */ - private TenantService tenantService; - - /** - * The Tenant Service - * - * @param tenantService - */ - public void setTenantService(TenantService tenantService) - { - this.tenantService = tenantService; - } - - /** - * @param rmAdminUserName rm admin user name - */ - public void setRmAdminUserName(String rmAdminUserName) - { - this.rmAdminUserName = rmAdminUserName; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName() - */ - @Override - public String getRmAdminUserName() - { - // Build the tenant domain string - String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : ""; - - // if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name - return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) - */ - @Override - public R runAsRmAdmin(RunAsWork runAsWork) - { - return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName()); - } -} diff --git a/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java b/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java index efec98beeb..20ee4b2868 100644 --- a/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java @@ -25,7 +25,6 @@ import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.repository.NodeRef; @@ -41,8 +40,8 @@ import org.alfresco.service.namespace.QName; */ public class ExtendedRuleServiceImpl extends RuleServiceImpl { - /** indicates whether the rules should be run as rmadmin or not */ - private boolean runAsRmAdmin = true; + /** indicates whether the rules should be run as admin or not */ + private boolean runAsAdmin = true; /** ignore types */ private Set ignoredTypes = new HashSet(); @@ -50,31 +49,12 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl /** file plan service */ private FilePlanService filePlanService; - /** file plan authentication service */ - private FilePlanAuthenticationService filePlanAuthenticationService; - /** node service */ protected NodeService nodeService; /** Record service */ protected RecordService recordService; - /** - * @param runAsRmAdmin true if run rules as rmadmin, false otherwise - */ - public void setRunAsRmAdmin(boolean runAsRmAdmin) - { - this.runAsRmAdmin = runAsRmAdmin; - } - - /** - * @param filePlanAuthenticationService file plan authentication service - */ - public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) - { - this.filePlanAuthenticationService = filePlanAuthenticationService; - } - /** * @param nodeService node service */ @@ -99,6 +79,14 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl this.recordService = recordService; } + /** + * @param runAsAdmin true if run rules as admin, false otherwise + */ + public void setRunAsAdmin(boolean runAsAdmin) + { + this.runAsAdmin = runAsAdmin; + } + /** * Init method */ @@ -181,18 +169,17 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl // ignore and if (!isIgnoredType(typeQName)) { - if (runAsRmAdmin) + if (runAsAdmin) { - // run as rmadmin - filePlanAuthenticationService.runAsRmAdmin(new RunAsWork() - { - @Override - public Void doWork() - { - ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules); - return null; - } - }); + AuthenticationUtil.runAs(new RunAsWork() + { + @Override + public Void doWork() + { + ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules); + return null; + } + }, AuthenticationUtil.getAdminUserName()); } else { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/action/FileToActionTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/action/FileToActionTest.java index 1efcd6f3f8..472aae4de1 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/action/FileToActionTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/action/FileToActionTest.java @@ -95,7 +95,7 @@ public class FileToActionTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } private void initRecord() @@ -147,7 +147,7 @@ public class FileToActionTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } public void testFileToPath2() @@ -175,7 +175,7 @@ public class FileToActionTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } public void testCreate() throws Exception @@ -237,7 +237,7 @@ public class FileToActionTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } public void failureTests() throws Exception diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java index 6467c31b84..a73d5b8b46 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java @@ -60,7 +60,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase private NodeRef moveToFolder; private NodeRef moveToCategory; - + private NodeRef hold; @Override @@ -109,9 +109,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase utils.declareRecord(declaredRecord); utils.declareRecord(frozenRecord); utils.declareRecord(frozenRecord2); - + hold = holdService.createHold(filePlan, GUID.generate(), "reason", "description"); - + holdService.addToHold(hold, frozenRecord); holdService.addToHold(hold, frozenRecordFolder); holdService.addToHold(hold, frozenRecord2); @@ -349,7 +349,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase } return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -445,7 +445,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase } return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java index ccdd38c3cc..4c611c7477 100755 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java @@ -92,7 +92,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -130,7 +130,7 @@ public class RM1008Test extends BaseRMTestCase holdService.addToHold(hold, rmFolder); return hold; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -145,7 +145,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -171,7 +171,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -197,7 +197,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -282,7 +282,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -308,7 +308,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -334,7 +334,7 @@ public class RM1008Test extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java index 64f54640f0..99e012d2a1 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java @@ -26,30 +26,30 @@ import org.alfresco.service.cmr.site.SiteRole; /** * Unit test for RM-804 .. site managers are able to delete file plans - * + * * @author Roy Wetherall * @since 2.1 */ -public class RM804Test extends BaseRMTestCase -{ +public class RM804Test extends BaseRMTestCase +{ @Override protected void initServices() { super.initServices(); } - + @Override protected boolean isCollaborationSiteTest() { return true; } - + @Override protected boolean isUserTest() { return true; } - + public void testUsersHaveDeletePermissionsOnFilePlan() throws Exception { // as rmuser @@ -59,32 +59,32 @@ public class RM804Test extends BaseRMTestCase public Void run() { assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete")); - + return null; } - }, "rmadmin"); - + }, ADMIN_USER); + doTestInTransaction(new Test() { @Override public Void run() { assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete")); - + return null; } - }, "admin"); - + }, ADMIN_USER); + doTestInTransaction(new Test() { @Override public Void run() { assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete")); - + return null; } - }, rmAdminName); + }, ADMIN_USER); doTestInTransaction(new Test() { @@ -92,23 +92,23 @@ public class RM804Test extends BaseRMTestCase public Void run() { assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete")); - + return null; } }, rmUserName); - + doTestInTransaction(new Test() { @Override public Void run() { assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete")); - + return null; } }, userName); } - + public void testTryAndDeleteSiteAsSiteManagerOnly() { doTestInTransaction(new Test() @@ -117,25 +117,25 @@ public class RM804Test extends BaseRMTestCase public Void run() { siteService.setMembership(siteId, userName, SiteRole.SiteManager.toString()); - + return null; } }, "admin"); - + doTestInTransaction(new FailureTest ( "Should not be able to delete site as a site manager only.", AlfrescoRuntimeException.class ) - { + { @Override public void run() throws Exception { siteService.deleteSite(siteId); - + } }, userName); - + // give the user a RM role (but not sufficient to delete the file plan node ref) doTestInTransaction(new Test() { @@ -143,47 +143,47 @@ public class RM804Test extends BaseRMTestCase public Void run() { filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_USER, userName); - + return null; } }, "admin"); - + doTestInTransaction(new FailureTest ( "Should not be able to delete site as a site manager with an RM role that doesn't have the capability.", AlfrescoRuntimeException.class ) - { + { @Override public void run() throws Exception { siteService.deleteSite(siteId); - + } }, userName); - + doTestInTransaction(new Test() { @Override public Void run() { filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_ADMINISTRATOR, userName); - + return null; } }, "admin"); - + doTestInTransaction(new Test() { @Override public Void run() { siteService.deleteSite(siteId); - + return null; } }, userName); - + } - + } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/CustomEMailMappingServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/CustomEMailMappingServiceImplTest.java index 4ea0e97ff2..fd1362a539 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/CustomEMailMappingServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/CustomEMailMappingServiceImplTest.java @@ -117,7 +117,7 @@ public class CustomEMailMappingServiceImplTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } private CustomMapping getCustomMapping(String from, String to) diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java index 0272846faf..1bd3fb6d15 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java @@ -29,7 +29,7 @@ import org.alfresco.service.namespace.QName; /** * Model security service test. - * + * * @author Roy Wetherall * @since 2.1 */ @@ -37,16 +37,16 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase { private static final QName CUSTOM_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customAspect"); private static final QName CUSTOM_PROTECTED_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedAspect"); - + private static final QName CUSTOM_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProperty"); private static final QName CUSTOM_PROTECTED_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedProperty"); - - + + /** Model security service */ - private ModelSecurityService modelSecurityService; - + private ModelSecurityService modelSecurityService; + private boolean enabled; - + /** * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest() */ @@ -55,23 +55,23 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase { return true; } - + @Override protected boolean isFillingForAllUsers() { return true; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices() */ @Override protected void initServices() { - super.initServices(); + super.initServices(); modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService"); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestDataImpl() */ @@ -79,11 +79,11 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase protected void setupTestDataImpl() { super.setupTestDataImpl(); - + enabled = modelSecurityService.isEnabled(); modelSecurityService.setEnabled(true); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#tearDownImpl() */ @@ -93,77 +93,77 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase super.tearDownImpl(); modelSecurityService.setEnabled(enabled); } - + /** * test - getProtectedAspects(), isProtectedAspect(), getProtectedAspect() */ public void testProtectedAspects() throws Exception { doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { Set protectedAspects = modelSecurityService.getProtectedAspects(); - + assertNotNull(protectedAspects); assertFalse(protectedAspects.isEmpty()); assertTrue(protectedAspects.contains(CUSTOM_PROTECTED_ASPECT)); assertFalse(protectedAspects.contains(CUSTOM_ASPECT)); - + assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT)); assertFalse(modelSecurityService.isProtectedAspect(CUSTOM_ASPECT)); - + ProtectedAspect protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_ASPECT); assertNull(protectedAspect); protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_PROTECTED_ASPECT); assertNotNull(protectedAspect); assertNotNull(protectedAspect.getQName()); - assertNotNull(protectedAspect.getCapabilities()); + assertNotNull(protectedAspect.getCapabilities()); } - }); - + }); + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT)); - assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); + assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); } }, powerUserName); - + doTestInTransaction(new FailureTest ( - "Normal rm user should not have the permissions to add the protected aspect.", + "Normal rm user should not have the permissions to add the protected aspect.", ModelAccessDeniedException.class ) { @Override public void run() throws Exception { - // try and add the aspect + // try and add the aspect nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null); - } + } }, powerUserName); - + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { assertTrue(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); - + // try and add the aspect nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null); assertTrue(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); } - }, rmAdminName); - + }, ADMIN_USER); + // check protected aspect via removeAspect doTestInTransaction(new FailureTest ( - "Normal rm user should not have the permissions to remove the custom aspect.", + "Normal rm user should not have the permissions to remove the custom aspect.", ModelAccessDeniedException.class ) { @@ -171,20 +171,20 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase public void run() throws Exception { nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT); - } + } }, powerUserName); - + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT); assertFalse(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); } - }, rmAdminName); + }, ADMIN_USER); } - + /** * test - getProtectedProperties(), isProtectedProperty(), getProtectedProperty() */ @@ -195,55 +195,55 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase public void runImpl() { Set protectedProperties = modelSecurityService.getProtectedProperties(); - + assertNotNull(protectedProperties); assertFalse(protectedProperties.isEmpty()); assertTrue(protectedProperties.contains(CUSTOM_PROTECTED_PROPERTY)); - assertFalse(protectedProperties.contains(CUSTOM_PROPERTY)); - + assertFalse(protectedProperties.contains(CUSTOM_PROPERTY)); + assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY)); assertFalse(modelSecurityService.isProtectedProperty(CUSTOM_PROPERTY)); - + ProtectedProperty protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROPERTY); assertNull(protectedProperty); protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROTECTED_PROPERTY); assertNotNull(protectedProperty); assertNotNull(protectedProperty.getQName()); - assertNotNull(protectedProperty.getCapabilities()); + assertNotNull(protectedProperty.getCapabilities()); } - }); - + }); + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); } - }, rmAdminName); - + }, ADMIN_USER); + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { - assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); } - }, powerUserName); - + }, powerUserName); + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY)); - assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); } }, powerUserName); - + doTestInTransaction(new FailureTest ( - "Should not have the permissions to edit protected property.", + "Should not have the permissions to edit protected property.", ModelAccessDeniedException.class ) { @@ -251,19 +251,19 @@ public class ModelSecurityServiceImplTest extends BaseRMTestCase public void run() throws Exception { nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello"); - } + } }, powerUserName); - + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); - + nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello"); assertEquals("hello", nodeService.getProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); } - }, rmAdminName); + }, ADMIN_USER); } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java index 566577e2d0..7e303c1d78 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java @@ -501,7 +501,7 @@ public class RecordServiceImplTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } public void testFileNewContent() throws Exception @@ -643,7 +643,7 @@ public class RecordServiceImplTest extends BaseRMTestCase } }); - // test rmadmin + // test admin doTestInTransaction(new VoidTest() { @Override @@ -738,11 +738,11 @@ public class RecordServiceImplTest extends BaseRMTestCase } }); - // test rmadmin - canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmAdminName); - canEditProperty(recordOne, RecordsManagementModel.PROP_LOCATION, rmAdminName); - cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, rmAdminName); - canEditProperty(recordDeclaredOne, RecordsManagementModel.PROP_LOCATION, rmAdminName); + // test admin + canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, ADMIN_USER); + canEditProperty(recordOne, RecordsManagementModel.PROP_LOCATION, ADMIN_USER); + cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, ADMIN_USER); + canEditProperty(recordDeclaredOne, RecordsManagementModel.PROP_LOCATION, ADMIN_USER); // test normal user cantEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmUserName); diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementAuditServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementAuditServiceImplTest.java index b5afcbeddb..63d4a67fbd 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementAuditServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementAuditServiceImplTest.java @@ -138,7 +138,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); } /** @@ -147,13 +147,13 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase public void testGetAuditTrail() { // show the audit is empty - getAuditTrail(1, rmAdminName); + getAuditTrail(1, ADMIN_USER); // make a change - final String updatedProperty = updateTitle(filePlan, rmAdminName); + final String updatedProperty = updateTitle(filePlan, ADMIN_USER); // show the audit has been updated - List entries = getAuditTrail(3, rmAdminName); + List entries = getAuditTrail(3, ADMIN_USER); final RecordsManagementAuditEntry entry = entries.get(2); assertNotNull(entry); @@ -182,15 +182,15 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase return null; } - }, rmAdminName); + }, ADMIN_USER); // add some more title updates - updateTitle(rmContainer, rmAdminName); - updateTitle(rmFolder, rmAdminName); - updateTitle(record, rmAdminName); + updateTitle(rmContainer, ADMIN_USER); + updateTitle(rmFolder, ADMIN_USER); + updateTitle(record, ADMIN_USER); // show the audit has been updated - getAuditTrail(7, rmAdminName); + getAuditTrail(7, ADMIN_USER); // snap shot date Date snapShot = new Date(); @@ -198,7 +198,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase // show the audit results can be limited RecordsManagementAuditQueryParameters params = new RecordsManagementAuditQueryParameters(); params.setMaxEntries(2); - getAuditTrail(params, 2, rmAdminName); + getAuditTrail(params, 2, ADMIN_USER); // test filter by user updateTitle(rmContainer, recordsManagerName); @@ -207,39 +207,39 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase params = new RecordsManagementAuditQueryParameters(); params.setUser(recordsManagerName); - getAuditTrail(params, 3, rmAdminName); + getAuditTrail(params, 3, ADMIN_USER); // test filter by date params = new RecordsManagementAuditQueryParameters(); params.setDateFrom(snapShot); - getAuditTrail(params, 13, rmAdminName); + getAuditTrail(params, 13, ADMIN_USER); params = new RecordsManagementAuditQueryParameters(); params.setDateTo(snapShot); - getAuditTrail(params, 14, rmAdminName); + getAuditTrail(params, 14, ADMIN_USER); params.setDateFrom(testStartTime); - getAuditTrail(params, 15, rmAdminName); + getAuditTrail(params, 15, ADMIN_USER); // test filter by object - updateTitle(record, rmAdminName); - updateTitle(record, rmAdminName); - updateTitle(record, rmAdminName); + updateTitle(record, ADMIN_USER); + updateTitle(record, ADMIN_USER); + updateTitle(record, ADMIN_USER); params = new RecordsManagementAuditQueryParameters(); params.setNodeRef(record); - getAuditTrail(params, 5, rmAdminName); + getAuditTrail(params, 5, ADMIN_USER); // test filter by event params = new RecordsManagementAuditQueryParameters(); // params.setEvent("cutoff"); - // getAuditTrail(params, 0, rmAdminName); + // getAuditTrail(params, 0, ADMIN_USER); params.setEvent("Update RM Object"); - getAuditTrail(params, 10, rmAdminName); + getAuditTrail(params, 10, ADMIN_USER); // test filter by property // params = new RecordsManagementAuditQueryParameters(); //params.setProperty(PROP_ADDRESSEES); - //getAuditTrail(params, 0, rmAdminName); + //getAuditTrail(params, 0, ADMIN_USER); // params.setProperty(PROP_TITLE); - // getAuditTrail(params, 10, rmAdminName); + // getAuditTrail(params, 10, ADMIN_USER); } /** @@ -260,16 +260,16 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase Thread.sleep(5000); - List result1 = getAuditTrail(rmAdminName); + List result1 = getAuditTrail(ADMIN_USER); assertNotNull(result1); // Update the fileplan - updateTitle(filePlan, rmAdminName); + updateTitle(filePlan, ADMIN_USER); Thread.sleep(5000); // There should be no new audit entries - List result2 = getAuditTrail(rmAdminName); + List result2 = getAuditTrail(ADMIN_USER); assertNotNull(result2); assertEquals( "Audit results should not have changed after auditing was disabled", @@ -277,11 +277,11 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase // repeat with a start rmAuditService.startAuditLog(filePlan); - updateTitle(filePlan, rmAdminName); + updateTitle(filePlan, ADMIN_USER); Thread.sleep(5000); - List result3 = getAuditTrail(rmAdminName); + List result3 = getAuditTrail(ADMIN_USER); assertNotNull(result3); assertTrue( "Expected more results after enabling audit", @@ -294,7 +294,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase rmAuditService.clearAuditLog(filePlan); // There should be no entries - List result4 = getAuditTrail(rmAdminName); + List result4 = getAuditTrail(ADMIN_USER); assertNotNull(result4); assertEquals( "Audit entries should have been cleared", @@ -342,7 +342,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase AuthenticationUtil.popAuthentication(); } rmAuditService.stopAuditLog(filePlan); - List result1 = getAuditTrail(rmAdminName); + List result1 = getAuditTrail(ADMIN_USER); // Check that the username is reflected correctly in the results assertFalse("No audit results were generated for the failed login.", result1.isEmpty()); boolean found = false; @@ -386,7 +386,7 @@ public class RecordsManagementAuditServiceImplTest extends BaseRMTestCase AuthenticationUtil.popAuthentication(); } rmAuditService.stopAuditLog(filePlan); - List result2 = getAuditTrail(rmAdminName); + List result2 = getAuditTrail(ADMIN_USER); found = false; for (RecordsManagementAuditEntry entry : result2) { diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java index a2f3492adc..06394620ae 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java @@ -45,7 +45,6 @@ import org.alfresco.module.org_alfresco_module_rm.report.ReportService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService; import org.alfresco.repo.policy.BehaviourFilter; @@ -104,12 +103,12 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase protected QName ASPECT_CUSTOM_ASPECT = QName.createQName(URI, "customAspect"); protected QName ASPECT_RECORD_META_DATA = QName.createQName(URI, "recordMetaData"); + /** admin user */ + protected static final String ADMIN_USER = "admin"; + /** Common test utils */ protected CommonRMTestUtils utils; - /** RM Admin user name */ - protected String rmAdminUserName; - /** Services */ protected NodeService nodeService; protected ContentService contentService; @@ -143,7 +142,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase protected FreezeService freezeService; protected RecordService recordService; protected FilePlanService filePlanService; - protected FilePlanAuthenticationService filePlanAuthenticationService; protected RecordFolderService recordFolderService; protected ExtendedSecurityService extendedSecurityService; protected ReportService reportService; @@ -224,7 +222,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase protected String powerUserName; protected String securityOfficerName; protected String recordsManagerName; - protected String rmAdminName; /** test people */ protected NodeRef userPerson; @@ -232,7 +229,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase protected NodeRef powerUserPerson; protected NodeRef securityOfficerPerson; protected NodeRef recordsManagerPerson; - protected NodeRef rmAdminPerson; /** test records */ protected NodeRef recordOne; @@ -320,20 +316,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase // Initialise the service beans initServices(); - // grab the rmadmin user name - retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - // As system user - AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); - rmAdminUserName = filePlanAuthenticationService.getRmAdminUserName(); - - return null; - } - }); - // Setup test data setupTestData(); @@ -394,7 +376,6 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase freezeService = (FreezeService) applicationContext.getBean("FreezeService"); recordService = (RecordService) applicationContext.getBean("RecordService"); filePlanService = (FilePlanService) applicationContext.getBean("FilePlanService"); - filePlanAuthenticationService = (FilePlanAuthenticationService) applicationContext.getBean("FilePlanAuthenticationService"); recordFolderService = (RecordFolderService) applicationContext.getBean("RecordFolderService"); extendedSecurityService = (ExtendedSecurityService) applicationContext.getBean("ExtendedSecurityService"); reportService = (ReportService) applicationContext.getBean("ReportService"); @@ -542,8 +523,8 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase containerProps).getChildRef(); assertNotNull("Could not create base folder", folder); - permissionService.setPermission(folder, "rmadmin", PermissionService.WRITE, true); - permissionService.setPermission(folder, "rmadmin", PermissionService.ADD_CHILDREN, true); + permissionService.setPermission(folder, ADMIN_USER, PermissionService.WRITE, true); + permissionService.setPermission(folder, ADMIN_USER, PermissionService.ADD_CHILDREN, true); if (isRMSiteTest()) { @@ -622,18 +603,13 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase recordsManagerPerson = createPerson(recordsManagerName); filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, recordsManagerName); - rmAdminName = GUID.generate(); - rmAdminPerson = createPerson(rmAdminName); - filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, rmAdminName); - testUsers = new String[] { userName, rmUserName, powerUserName, securityOfficerName, - recordsManagerName, - rmAdminName + recordsManagerName }; if (isFillingForAllUsers()) @@ -769,7 +745,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase } /** - * Override to ensure the tests are run as the 'rmadmin' user by default. + * Override to ensure the tests are run as the 'admin' user by default. */ @Override @@ -812,70 +788,70 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase // empty implementation } } - + /** * Execute behaviour driven test. - * + * * @param test */ protected void doBehaviourDrivenTest(BehaviourDrivenTest test) { test.run(); } - + /** * Behaviour driven test. - * + * * @author Roy Wetherall * @since 2.2 */ protected abstract class BehaviourDrivenTest { protected Class expectedException; - + public BehaviourDrivenTest() { } - + public BehaviourDrivenTest(Class expectedException) { this.expectedException = expectedException; } - + public void given() { /** empty implementation */ } - + public void when() { /** empty implementation */ } - + public void then() { /** empty implementation */ } - + public void after() { /** empty implementation */ } - + public void run() { try { doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { - given(); + given(); } }); - + if (expectedException == null) { doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { when(); } }); - + doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { @@ -886,26 +862,26 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase else { doTestInTransaction(new FailureTest(expectedException) - { + { @Override public void run() throws Exception { when(); } - }); + }); } } finally - { + { doTestInTransaction(new VoidTest() - { + { @Override public void runImpl() throws Exception { - after(); + after(); } }); } - } + } } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java index fdfa9ca05c..53fed575c1 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java @@ -122,6 +122,9 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest protected NodeRef recordFolder2; protected String collabSiteId; + /** admin user name */ + protected static final String ADMIN_USER = "admin"; + /** * Indicates whether the test collaboration site should be created * or not. @@ -248,7 +251,7 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest // As system user AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); - filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, "rmadmin"); + filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, ADMIN_USER); return null; } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java index a14798e6fd..c3e3f17768 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java @@ -69,9 +69,9 @@ public class RoleRestApiTest extends BaseRMWebScriptTestCase // Create a couple or roles by hand filePlanRoleService.createRole(filePlan, role1, "My Test Role", getListOfCapabilities(5)); filePlanRoleService.createRole(filePlan, role2, "My Test Role Too", getListOfCapabilities(5)); - + //The user can either enter a plain text label or a key to look up in a property file. - filePlanRoleService.createRole(filePlan, role3, "bootstrap.rmadmin.lastName", getListOfCapabilities(5)); + filePlanRoleService.createRole(filePlan, role3, "System Administrator", getListOfCapabilities(5)); // create test group String groupName = GUID.generate(); @@ -102,7 +102,7 @@ public class RoleRestApiTest extends BaseRMWebScriptTestCase assertEquals(role2, roleObj.get("name")); assertEquals("My Test Role Too", roleObj.get("displayLabel")); checkCapabilities(roleObj, 5); - + //Custom role with a user entered message key roleObj = roles.getJSONObject(role3); assertNotNull(roleObj);