From a4b129feab24f685e3783e9cc1593e489025a43f Mon Sep 17 00:00:00 2001 From: Will Abson Date: Wed, 3 Sep 2014 15:22:04 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud) 80106: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud) 79276: Merged DEV to V4.2-BUG-FIX (4.2.4) 77363: MNT-11964 : Users other than admin are unable to start discussion/link/blog. Added additional permission check for site container, required in case if there are no items created yet. 79160: MNT-11964 : Users other than admin are unable to start discussion/link/blog. Added tests to simulate the issue. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@82709 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco/repository/blogs/blog.lib.ftl | 2 +- .../forum/forum-posts.get.json.ftl | 2 +- .../alfresco/repository/links/links.lib.ftl | 2 +- .../web/scripts/blogs/BlogServiceTest.java | 61 ++++++++++++++++-- .../discussion/DiscussionRestApiTest.java | 61 ++++++++++++++++-- .../web/scripts/links/LinksRestApiTest.java | 64 +++++++++++++++++-- 6 files changed, 174 insertions(+), 18 deletions(-) diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blog.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blog.lib.ftl index bba8f4f08d..f5e782617c 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blog.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blog.lib.ftl @@ -16,7 +16,7 @@ "password": "${item.properties["blg:password"]!''}", "permissions": { - <#if item.getParent()?? > + <#if item.getParent()?? && item.getTypeShort() != "st:site" > "create": ${(item.getParent()).hasPermission("CreateChildren")?string}, "edit": ${(item.getParent()).hasPermission("Write")?string}, "delete": ${(item.getParent()).hasPermission("Delete")?string} diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.json.ftl index c4090039da..6ba3e8ae02 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.json.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.json.ftl @@ -3,7 +3,7 @@ { "forumPermissions": { - <#if forum.getParent()?? > + <#if forum.getParent()?? && forum.getTypeShort() != "st:site" > "create": ${(forum.getParent()).hasPermission("CreateChildren")?string}, "edit": ${(forum.getParent()).hasPermission("Write")?string}, "delete": ${(forum.getParent()).hasPermission("Delete")?string} diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/links/links.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/links/links.lib.ftl index bf2e1fb02f..8682422587 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/links/links.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/links/links.lib.ftl @@ -57,7 +57,7 @@ { "linkPermissions": { - <#if links.getParent()?? > + <#if links.getParent()?? && links.getTypeShort() != "st:site" > "create": "${(links.getParent()).hasPermission("CreateChildren")?string}" <#else> "create": "${links.hasPermission("CreateChildren")?string}" diff --git a/source/test-java/org/alfresco/repo/web/scripts/blogs/BlogServiceTest.java b/source/test-java/org/alfresco/repo/web/scripts/blogs/BlogServiceTest.java index 0301701be4..6cd6f4915c 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/blogs/BlogServiceTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/blogs/BlogServiceTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2014 Alfresco Software Limited. * * This file is part of Alfresco * @@ -35,6 +35,7 @@ import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.site.SiteInfo; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.cmr.site.SiteVisibility; +import org.alfresco.util.GUID; import org.alfresco.util.PropertyMap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -107,8 +108,8 @@ public class BlogServiceTest extends BaseWebScriptTest } // Create users - createUser(USER_ONE, SiteModel.SITE_COLLABORATOR); - createUser(USER_TWO, SiteModel.SITE_COLLABORATOR); + createUser(USER_ONE, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_BLOG); + createUser(USER_TWO, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_BLOG); // Blank our lists used to track things the test creates posts = new ArrayList(5); @@ -149,7 +150,7 @@ public class BlogServiceTest extends BaseWebScriptTest } } - private void createUser(String userName, String role) + private void createUser(String userName, String role, String siteMembership) { // if user with given user name doesn't already exist then create user if (this.authenticationService.authenticationExists(userName) == false) @@ -171,7 +172,7 @@ public class BlogServiceTest extends BaseWebScriptTest } // add the user as a member with the given role - this.siteService.setMembership(SITE_SHORT_NAME_BLOG, userName, role); + this.siteService.setMembership(siteMembership, userName, role); } @@ -875,4 +876,54 @@ public class BlogServiceTest extends BaseWebScriptTest assertEquals(0, item.getJSONArray("tags").length()); } + /** + * Test for MNT-11964 + * @throws Exception + */ + public void testBlogPermission() throws Exception + { + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + + String siteName = SITE_SHORT_NAME_BLOG + GUID.generate(); + this.siteService.createSite("BlogSitePreset", siteName, "BlogSiteTitle", "BlogSiteDescription", SiteVisibility.PUBLIC); + + String userName = USER_ONE + GUID.generate(); + createUser(userName, SiteModel.SITE_COLLABORATOR, siteName); + + // Check permissions for admin + checkBlogPermissions(siteName); + + // Check permissions for user + this.authenticationComponent.setCurrentUser(userName); + checkBlogPermissions(siteName); + + // Cleanup + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + this.siteService.deleteSite(siteName); + + // Create a new site as user + this.authenticationComponent.setCurrentUser(userName); + siteName = SITE_SHORT_NAME_BLOG + GUID.generate(); + this.siteService.createSite("BlogSitePreset", siteName, "BlogSiteTitle", "BlogSiteDescription", SiteVisibility.PUBLIC); + + // Check permissions for user + checkBlogPermissions(siteName); + + // Check permissions for admin + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + checkBlogPermissions(siteName); + + // Cleanup + this.siteService.deleteSite(siteName); + this.personService.deletePerson(userName); + } + + private void checkBlogPermissions(String siteName) throws Exception + { + String url = "/api/blog/site/" + siteName + "/" + COMPONENT_BLOG; + Response response = sendRequest(new GetRequest(url), 200); + JSONObject result = new JSONObject(response.getContentAsString()); + + assertTrue("The user sould have permission to create a new blog.", Boolean.parseBoolean(result.getJSONObject("item").getJSONObject("permissions").getString("create"))); + } } \ No newline at end of file diff --git a/source/test-java/org/alfresco/repo/web/scripts/discussion/DiscussionRestApiTest.java b/source/test-java/org/alfresco/repo/web/scripts/discussion/DiscussionRestApiTest.java index 5b71f3a99c..e259b9687b 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/discussion/DiscussionRestApiTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/discussion/DiscussionRestApiTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2014 Alfresco Software Limited. * * This file is part of Alfresco * @@ -48,6 +48,7 @@ import org.alfresco.service.cmr.site.SiteVisibility; import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.transaction.TransactionService; +import org.alfresco.util.GUID; import org.alfresco.util.PropertyMap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -147,8 +148,8 @@ public class DiscussionRestApiTest extends BaseWebScriptTest } // Create users - createUser(USER_ONE, SiteModel.SITE_COLLABORATOR); - createUser(USER_TWO, SiteModel.SITE_CONTRIBUTOR); + createUser(USER_ONE, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_DISCUSSION); + createUser(USER_TWO, SiteModel.SITE_CONTRIBUTOR, SITE_SHORT_NAME_DISCUSSION); // Do tests as inviter user this.authenticationComponent.setCurrentUser(USER_ONE); @@ -199,7 +200,7 @@ public class DiscussionRestApiTest extends BaseWebScriptTest } } - private void createUser(String userName, String role) + private void createUser(String userName, String role, String siteName) { // if user with given user name doesn't already exist then create user if (!this.authenticationService.authenticationExists(userName)) @@ -224,7 +225,7 @@ public class DiscussionRestApiTest extends BaseWebScriptTest } // add the user as a member with the given role - this.siteService.setMembership(SITE_SHORT_NAME_DISCUSSION, userName, role); + this.siteService.setMembership(siteName, userName, role); // Give the test user access to the test node // They need to be able to read it, and create children of it @@ -1245,4 +1246,54 @@ public class DiscussionRestApiTest extends BaseWebScriptTest } + /** + * Test for MNT-11964 + * @throws Exception + */ + public void testCreateForumPermission() throws Exception + { + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + + String siteName = SITE_SHORT_NAME_DISCUSSION + GUID.generate(); + this.siteService.createSite("ForumSitePreset", siteName, "SiteTitle", "SiteDescription", SiteVisibility.PUBLIC); + + String userName = USER_ONE + GUID.generate(); + createUser(userName, SiteModel.SITE_COLLABORATOR, siteName); + + // Check permissions for admin + checkForumPermissions(siteName); + + // Check permissions for user + this.authenticationComponent.setCurrentUser(userName); + checkForumPermissions(siteName); + + // Cleanup + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + this.siteService.deleteSite(siteName); + + // Create a new site as user + this.authenticationComponent.setCurrentUser(userName); + siteName = SITE_SHORT_NAME_DISCUSSION + GUID.generate(); + this.siteService.createSite("BlogSitePreset", siteName, "SiteTitle", "SiteDescription", SiteVisibility.PUBLIC); + + // Check permissions for user + checkForumPermissions(siteName); + + // Check permissions for admin + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + checkForumPermissions(siteName); + + // Cleanup + this.siteService.deleteSite(siteName); + this.personService.deletePerson(userName); + } + + private void checkForumPermissions(String siteName) throws Exception + { + String url = "/api/forum/site/" + siteName + "/" + COMPONENT_DISCUSSION + "/posts"; + Response response = sendRequest(new GetRequest(url), 200); + JSONObject result = new JSONObject(response.getContentAsString()); + + assertTrue("The user sould have permission to create a new discussion.", Boolean.parseBoolean(result.getJSONObject("forumPermissions").getString("create"))); + } } diff --git a/source/test-java/org/alfresco/repo/web/scripts/links/LinksRestApiTest.java b/source/test-java/org/alfresco/repo/web/scripts/links/LinksRestApiTest.java index 6fae97e4a5..a56b3966b3 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/links/LinksRestApiTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/links/LinksRestApiTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2014 Alfresco Software Limited. * * This file is part of Alfresco * @@ -39,6 +39,7 @@ import org.alfresco.service.cmr.site.SiteInfo; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.cmr.site.SiteVisibility; import org.alfresco.service.transaction.TransactionService; +import org.alfresco.util.GUID; import org.alfresco.util.ISO8601DateFormat; import org.alfresco.util.PropertyMap; import org.apache.commons.logging.Log; @@ -129,8 +130,8 @@ public class LinksRestApiTest extends BaseWebScriptTest } // Create users - createUser(USER_ONE, SiteModel.SITE_COLLABORATOR); - createUser(USER_TWO, SiteModel.SITE_COLLABORATOR); + createUser(USER_ONE, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_LINKS); + createUser(USER_TWO, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_LINKS); // Do tests as inviter user this.authenticationComponent.setCurrentUser(USER_ONE); @@ -166,7 +167,7 @@ public class LinksRestApiTest extends BaseWebScriptTest } } - private void createUser(String userName, String role) + private void createUser(String userName, String role, String siteName) { // if user with given user name doesn't already exist then create user if (this.authenticationService.authenticationExists(userName) == false) @@ -188,7 +189,7 @@ public class LinksRestApiTest extends BaseWebScriptTest } // add the user as a member with the given role - this.siteService.setMembership(SITE_SHORT_NAME_LINKS, userName, role); + this.siteService.setMembership(siteName, userName, role); } @@ -664,4 +665,57 @@ public class LinksRestApiTest extends BaseWebScriptTest sendRequest(new GetRequest(URL_LINKS_LIST), Status.STATUS_NOT_FOUND); } + + /** + * Test for MNT-11964 + * @throws Exception + */ + public void testCreateLinkPermission() throws Exception + { + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + + String siteName = SITE_SHORT_NAME_LINKS + GUID.generate(); + this.siteService.createSite("LinkSitePreset", siteName, "SiteTitle", "SiteDescription", SiteVisibility.PUBLIC); + + String userName = USER_ONE + GUID.generate(); + createUser(userName, SiteModel.SITE_COLLABORATOR, siteName); + + // Check permissions for admin + checkLinkPermissions(siteName); + + // Check permissions for user + this.authenticationComponent.setCurrentUser(userName); + checkLinkPermissions(siteName); + + // Cleanup + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + this.siteService.deleteSite(siteName); + + // Create a new site as user + this.authenticationComponent.setCurrentUser(userName); + siteName = SITE_SHORT_NAME_LINKS + GUID.generate(); + this.siteService.createSite("LinkSitePreset", siteName, "SiteTitle", "SiteDescription", SiteVisibility.PUBLIC); + + // Check permissions for user + checkLinkPermissions(siteName); + + // Check permissions for admin + this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); + checkLinkPermissions(siteName); + + // Cleanup + this.siteService.deleteSite(siteName); + this.personService.deletePerson(userName); + } + + private void checkLinkPermissions(String siteName) throws Exception + { + String url = "/api/links/site/" + siteName + "/links"; + url += "?filter=" + "all"; + url += "&startIndex=0&page=1&pageSize=4"; + Response response = sendRequest(new GetRequest(url), 200); + JSONObject result = new JSONObject(response.getContentAsString()); + + assertTrue("The user sould have permission to create a new link.", Boolean.parseBoolean(result.getJSONObject("metadata").getJSONObject("linkPermissions").getString("create"))); + } } \ No newline at end of file