From a35aee7b1e16be81dbaea739c909ae7d58bba2dc Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Sat, 31 Jan 2015 11:39:15 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud) 91788: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud) 91682: Merged 5.0.0 (5.0.0.1) to 5.0.N (5.0.1) 91617: MNT-12879: Cannot preview or download document with explicit permissions Disabled activity generation for file downloads from a private site if the user is not a member of the site. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94831 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../web/scripts/SlingshotContentGet.java | 21 +- .../repo/web/scripts/WebScriptTestSuite.java | 2 + .../web/scripts/SlingshotContentGetTest.java | 181 ++++++++++++++++++ 3 files changed, 199 insertions(+), 5 deletions(-) create mode 100644 source/test-java/org/alfresco/slingshot/web/scripts/SlingshotContentGetTest.java diff --git a/source/java/org/alfresco/slingshot/web/scripts/SlingshotContentGet.java b/source/java/org/alfresco/slingshot/web/scripts/SlingshotContentGet.java index 1f1c80874a..104c9d723b 100644 --- a/source/java/org/alfresco/slingshot/web/scripts/SlingshotContentGet.java +++ b/source/java/org/alfresco/slingshot/web/scripts/SlingshotContentGet.java @@ -24,6 +24,7 @@ import java.util.Map; import org.alfresco.model.ContentModel; import org.alfresco.repo.Client; import org.alfresco.repo.Client.ClientType; +import org.alfresco.repo.security.permissions.AccessDeniedException; import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.web.scripts.content.ContentGet; @@ -84,7 +85,15 @@ public class SlingshotContentGet extends ContentGet if (storeType != null && storeId != null && nodeId != null) { final NodeRef nodeRef = new NodeRef(storeType, storeId, nodeId); - final SiteInfo site = this.siteService.getSite(nodeRef); + SiteInfo site = null; + try + { + site = this.siteService.getSite(nodeRef); + } + catch (AccessDeniedException ade) + { + // We don't have access to the site, don't post any permissions + } if (site != null) { // found a valid parent Site - gather the details to post an Activity @@ -94,13 +103,15 @@ public class SlingshotContentGet extends ContentGet filename = (String)this.nodeService.getProperty(nodeRef, ContentModel.PROP_NAME); } final String strFilename = filename; - transactionHelper.doInTransaction(new RetryingTransactionCallback() { + final String siteName = site.getShortName(); + transactionHelper.doInTransaction(new RetryingTransactionCallback() + { @Override public Void execute() throws Throwable { // post an activity - mirror the mechanism as if from the Share application - poster.postFileFolderActivity(ActivityPoster.DOWNLOADED, null, null, - site.getShortName(), null, nodeRef, strFilename, "documentlibrary", Client.asType(ClientType.webclient), null); + poster.postFileFolderActivity(ActivityPoster.DOWNLOADED, null, null, + siteName, null, nodeRef, strFilename, "documentlibrary", Client.asType(ClientType.webclient), null); return null; } }, false, true); @@ -109,4 +120,4 @@ public class SlingshotContentGet extends ContentGet } super.execute(req, res); } -} \ No newline at end of file +} diff --git a/source/test-java/org/alfresco/repo/web/scripts/WebScriptTestSuite.java b/source/test-java/org/alfresco/repo/web/scripts/WebScriptTestSuite.java index 6121c1f28f..0892e95d81 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/WebScriptTestSuite.java +++ b/source/test-java/org/alfresco/repo/web/scripts/WebScriptTestSuite.java @@ -53,6 +53,7 @@ import org.alfresco.repo.web.scripts.workflow.ActivitiWorkflowRestApiTest; import org.alfresco.repo.web.scripts.workflow.JBPMWorkflowRestApiTest; import org.alfresco.repo.web.scripts.workflow.WorkflowModelBuilderTest; import org.alfresco.slingshot.documentlibrary.FolderTemplateTest; +import org.alfresco.slingshot.web.scripts.SlingshotContentGetTest; /** * Web Scripts test suite @@ -102,6 +103,7 @@ public class WebScriptTestSuite extends TestSuite suite.addTestSuite( CommentsApiTest.class ); suite.addTestSuite( FolderTemplateTest.class ); suite.addTestSuite( DeclarativeSpreadsheetWebScriptTest.class ); + suite.addTestSuite( SlingshotContentGetTest.class); // This uses a slightly different context // As such, we can't run it in the same suite as the others, diff --git a/source/test-java/org/alfresco/slingshot/web/scripts/SlingshotContentGetTest.java b/source/test-java/org/alfresco/slingshot/web/scripts/SlingshotContentGetTest.java new file mode 100644 index 0000000000..89268a26e8 --- /dev/null +++ b/source/test-java/org/alfresco/slingshot/web/scripts/SlingshotContentGetTest.java @@ -0,0 +1,181 @@ +/* + * Copyright (C) 2005-2014 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.slingshot.web.scripts; + +import org.alfresco.model.ContentModel; +import org.alfresco.repo.content.MimetypeMap; +import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.web.scripts.BaseWebScriptTest; +import org.alfresco.service.cmr.repository.ContentData; +import org.alfresco.service.cmr.repository.ContentService; +import org.alfresco.service.cmr.repository.ContentWriter; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; +import org.alfresco.service.cmr.security.PermissionService; +import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.cmr.site.SiteService; +import org.alfresco.service.cmr.site.SiteVisibility; +import org.alfresco.util.GUID; +import org.alfresco.util.PropertyMap; +import org.json.JSONObject; +import org.springframework.extensions.webscripts.TestWebScriptServer; +import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest; + +import java.util.ArrayList; +import java.util.List; + +/** + * Test for SlingshotContentGet web script + * @author alex.mukha + * @since 5.0.0 + */ +public class SlingshotContentGetTest extends BaseWebScriptTest +{ + private MutableAuthenticationService authenticationService; + private AuthenticationComponent authenticationComponent; + private PersonService personService; + private SiteService siteService; + private NodeService nodeService; + private ContentService contentService; + private PermissionService permissionService; + + private static final String USER_ONE = "SlingshotContentGetTestOne"; + private static final String URL_SITES = "/api/sites"; + private static final String URL_CONTENT_DOWNLOAD = "/slingshot/node/content/workspace/SpacesStore/"; + private List createdSites = new ArrayList(1); + + @Override + protected void setUp() throws Exception + { + super.setUp(); + + this.authenticationService = (MutableAuthenticationService)getServer().getApplicationContext().getBean("AuthenticationService"); + this.authenticationComponent = (AuthenticationComponent)getServer().getApplicationContext().getBean("authenticationComponent"); + this.personService = (PersonService)getServer().getApplicationContext().getBean("PersonService"); + this.siteService = (SiteService)getServer().getApplicationContext().getBean("SiteService"); + this.nodeService = (NodeService)getServer().getApplicationContext().getBean("NodeService"); + this.permissionService = (PermissionService)getServer().getApplicationContext().getBean("PermissionService"); + this.contentService = (ContentService)getServer().getApplicationContext().getBean("ContentService"); + AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser(); + createUser(USER_ONE); + } + + private void createUser(String userName) + { + if (!this.authenticationService.authenticationExists(userName)) + { + this.authenticationService.createAuthentication(userName, "PWD".toCharArray()); + + PropertyMap ppOne = new PropertyMap(5); + ppOne.put(ContentModel.PROP_USERNAME, userName); + ppOne.put(ContentModel.PROP_FIRSTNAME, "firstName"); + ppOne.put(ContentModel.PROP_LASTNAME, "lastName"); + ppOne.put(ContentModel.PROP_EMAIL, "email@email.com"); + ppOne.put(ContentModel.PROP_JOBTITLE, "jobTitle"); + + this.personService.createPerson(ppOne); + } + } + private void deleteUser(String username) + { + this.personService.deletePerson(username); + if(this.authenticationService.authenticationExists(username)) + { + this.authenticationService.deleteAuthentication(username); + } + } + + + private JSONObject createSite(String sitePreset, String shortName, String title, String description, SiteVisibility visibility, int expectedStatus) + throws Exception + { + JSONObject site = new JSONObject(); + site.put("sitePreset", sitePreset); + site.put("shortName", shortName); + site.put("title", title); + site.put("description", description); + site.put("visibility", visibility.toString()); + TestWebScriptServer.Response response = sendRequest(new TestWebScriptServer.PostRequest(URL_SITES, site.toString(), "application/json"), expectedStatus); + this.createdSites.add(shortName); + return new JSONObject(response.getContentAsString()); + } + + @Override + protected void tearDown() throws Exception + { + super.tearDown(); + AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser(); + // Clear the user + deleteUser(USER_ONE); + // Tidy-up any site's create during the execution of the test + for (String shortName : this.createdSites) + { + sendRequest(new TestWebScriptServer.DeleteRequest(URL_SITES + "/" + shortName), 0); + } + // Clear the list + this.createdSites.clear(); + this.authenticationComponent.clearCurrentSecurityContext(); + } + + public void testDownloadBySiteMemberFromPrivateSite() throws Exception + { + String shortName = GUID.generate(); + // Create a new site + createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PRIVATE, 200); + + // Ensure we have th document library + NodeRef docLib = siteService.createContainer(shortName, SiteService.DOCUMENT_LIBRARY, ContentModel.TYPE_FOLDER, null); + + NodeRef doc = nodeService.createNode(docLib, ContentModel.ASSOC_CONTAINS, ContentModel.ASSOC_CONTAINS, ContentModel.TYPE_CONTENT).getChildRef(); + nodeService.setProperty(doc, ContentModel.PROP_CONTENT, new ContentData(null, MimetypeMap.MIMETYPE_TEXT_PLAIN, 0L, null)); + nodeService.setProperty(doc, ContentModel.PROP_TITLE, "title"); + ContentWriter writer = contentService.getWriter(doc, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent("test"); + + String uri = URL_CONTENT_DOWNLOAD + doc.getId() + "?a=true"; + sendRequest(new GetRequest(uri), 200); + } + + public void testDownloadByNonSiteMemberFromPrivateSite() throws Exception + { + String shortName = GUID.generate(); + // Create a new site + createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PRIVATE, 200); + + NodeRef docLib = siteService.createContainer(shortName, SiteService.DOCUMENT_LIBRARY, ContentModel.TYPE_FOLDER, null); + NodeRef doc = nodeService.createNode(docLib, ContentModel.ASSOC_CONTAINS, ContentModel.ASSOC_CONTAINS, ContentModel.TYPE_CONTENT).getChildRef(); + nodeService.setProperty(doc, ContentModel.PROP_CONTENT, new ContentData(null, MimetypeMap.MIMETYPE_TEXT_PLAIN, 0L, null)); + nodeService.setProperty(doc, ContentModel.PROP_TITLE, "title"); + ContentWriter writer = contentService.getWriter(doc, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent("test"); + + permissionService.setPermission(doc, USER_ONE, PermissionService.CONSUMER, true); + + AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE); + + String uri = URL_CONTENT_DOWNLOAD + doc.getId() + "?a=true"; + sendRequest(new GetRequest(uri), 200); + } +}