mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Added permission checking to the various ChannelService.getChannel() methods. Only users who have 'Add Children' access to a channel node may see that channel.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@29432 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
N Smith
@@ -31,10 +31,19 @@ import java.util.Set;
|
||||
import javax.annotation.Resource;
|
||||
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.person.TestPersonManager;
|
||||
import org.alfresco.service.ServiceRegistry;
|
||||
import org.alfresco.service.cmr.publishing.channels.Channel;
|
||||
import org.alfresco.service.cmr.publishing.channels.ChannelType;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.GUID;
|
||||
import org.alfresco.util.collections.CollectionUtils;
|
||||
import org.alfresco.util.collections.Filter;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
@@ -44,32 +53,17 @@ import org.junit.Test;
|
||||
*/
|
||||
public class ChannelServiceImplIntegratedTest extends AbstractPublishingIntegrationTest
|
||||
{
|
||||
private static final String channelName = "Test Channel - Name";
|
||||
private static final String channelName = GUID.generate();
|
||||
private static final String channelTypeName = "MockedChannelType";
|
||||
private static boolean channelTypeRegistered = false;
|
||||
|
||||
@Resource(name="channelService")
|
||||
private ChannelServiceImpl channelService;
|
||||
|
||||
private PermissionService permissionService;
|
||||
private TestPersonManager personManager;
|
||||
|
||||
private ChannelType mockedChannelType = mock(ChannelType.class);
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void onSetUp() throws Exception
|
||||
{
|
||||
super.onSetUp();
|
||||
channelService = (ChannelServiceImpl) getApplicationContext().getBean("channelService");
|
||||
when(mockedChannelType.getId()).thenReturn(channelTypeName);
|
||||
when(mockedChannelType.getChannelNodeType()).thenReturn(PublishingModel.TYPE_DELIVERY_CHANNEL);
|
||||
|
||||
if (!channelTypeRegistered)
|
||||
{
|
||||
channelService.register(mockedChannelType);
|
||||
channelTypeRegistered = true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCreateChannel() throws Exception
|
||||
{
|
||||
@@ -143,6 +137,51 @@ public class ChannelServiceImplIntegratedTest extends AbstractPublishingIntegrat
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetChannelsPermissions() throws Exception
|
||||
{
|
||||
// Create Channel as Admin user.
|
||||
Channel channel = createChannel();
|
||||
NodeRef channelNode = new NodeRef(channel.getId());
|
||||
|
||||
// Create User1 and set as FullyAuthenticatedUser.
|
||||
String user1 = GUID.generate();
|
||||
personManager.createPerson(user1);
|
||||
personManager.setUser(user1);
|
||||
|
||||
// User1 should not have access to Channel.
|
||||
Channel channelById = channelService.getChannelById(channel.getId());
|
||||
assertNull("User1 should not have access to the channel!", channelById);
|
||||
List<Channel> channels = channelService.getChannels();
|
||||
assertFalse("Result of getChannels() should not contain the channel!", checkContainsChannel(channel.getId(), channels));
|
||||
|
||||
// Set authentication to Admin
|
||||
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
|
||||
//Add Read permissions to User1.
|
||||
permissionService.setPermission(channelNode, user1, PermissionService.READ, true);
|
||||
// Set authentication to User1
|
||||
personManager.setUser(user1);
|
||||
|
||||
// Read permissions should not allow access to the Channel.
|
||||
channelById = channelService.getChannelById(channel.getId());
|
||||
assertNull("User1 should not have access to the channel!", channelById);
|
||||
channels = channelService.getChannels();
|
||||
assertFalse("Result of getChannels() should not contain the channel!", checkContainsChannel(channel.getId(), channels));
|
||||
|
||||
// Set authentication to Admin
|
||||
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
|
||||
//Add ADD_CHILD permissions to User1.
|
||||
permissionService.setPermission(channelNode, user1, PermissionService.ADD_CHILDREN, true);
|
||||
// Set authentication to User1
|
||||
personManager.setUser(user1);
|
||||
|
||||
// Add Child permissions should allow access to the Channel.
|
||||
channelById = channelService.getChannelById(channel.getId());
|
||||
assertNotNull("User1 should have access to the channel!", channelById);
|
||||
channels = channelService.getChannels();
|
||||
assertTrue("Result of getChannels() should contain the channel!", checkContainsChannel(channel.getId(), channels));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetChannel() throws Exception
|
||||
{
|
||||
@@ -166,11 +205,66 @@ public class ChannelServiceImplIntegratedTest extends AbstractPublishingIntegrat
|
||||
assertEquals(createdChannel.getNodeRef(), channel.getNodeRef());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return
|
||||
*/
|
||||
private boolean checkContainsChannel(final String id, List<Channel> channels)
|
||||
{
|
||||
Filter<Channel> acceptor = new Filter<Channel>()
|
||||
{
|
||||
public Boolean apply(Channel value)
|
||||
{
|
||||
return id.equals(value.getId());
|
||||
}
|
||||
};
|
||||
Channel result = CollectionUtils.findFirst(channels, acceptor);
|
||||
return result != null;
|
||||
}
|
||||
|
||||
private Channel createChannel()
|
||||
{
|
||||
return channelService.createChannel(channelTypeName, channelName, null);
|
||||
}
|
||||
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void onSetUp() throws Exception
|
||||
{
|
||||
super.onSetUp();
|
||||
this.channelService = (ChannelServiceImpl) getApplicationContext().getBean("channelService");
|
||||
this.permissionService = (PermissionService) getApplicationContext().getBean(ServiceRegistry.PERMISSIONS_SERVICE.getLocalName());
|
||||
MutableAuthenticationService authenticationService= (MutableAuthenticationService) getApplicationContext().getBean(ServiceRegistry.AUTHENTICATION_SERVICE.getLocalName());
|
||||
PersonService personService= (PersonService) getApplicationContext().getBean(ServiceRegistry.PERSON_SERVICE.getLocalName());
|
||||
|
||||
this.personManager = new TestPersonManager(authenticationService, personService, nodeService);
|
||||
|
||||
when(mockedChannelType.getId()).thenReturn(channelTypeName);
|
||||
when(mockedChannelType.getChannelNodeType()).thenReturn(PublishingModel.TYPE_DELIVERY_CHANNEL);
|
||||
|
||||
if (!channelTypeRegistered)
|
||||
{
|
||||
channelService.register(mockedChannelType);
|
||||
channelTypeRegistered = true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public void onTearDown() throws Exception
|
||||
{
|
||||
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
|
||||
try
|
||||
{
|
||||
Channel channel = channelService.getChannelByName(channelName);
|
||||
if (channel != null)
|
||||
{
|
||||
channelService.deleteChannel(channel);
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
super.onTearDown();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user