Bugfix/APPS-766 classification children job not picking rm types (#272)

* Now handling System reading * Address changes requested in PR #272
2025-09-17 14:21:39 +00:00 · 2021-02-04 13:00:18 +00:00
parent 5cdade38a8
commit a84a68cb9a
6 changed files with 337 additions and 108 deletions
--- a/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngineTest.java
+++ b/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngineTest.java
@@ -48,7 +48,6 @@ import org.alfresco.repo.domain.node.Node;
 import org.alfresco.repo.domain.node.NodeVersionKey;
 import org.alfresco.repo.domain.node.StoreEntity;
 import org.alfresco.repo.search.impl.querymodel.QueryOptions;
-import org.alfresco.repo.search.impl.querymodel.impl.db.DBQueryEngine.NodePermissionAssessor;
 import org.alfresco.repo.security.permissions.impl.acegi.FilteringResultSet;
 import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.search.SearchParameters;
--- a/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessorLimitsTest.java
+++ b/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessorLimitsTest.java
@@ -35,14 +35,17 @@ import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;

+import org.alfresco.repo.cache.lookup.EntityLookupCache;
 import org.alfresco.repo.domain.node.Node;
 import org.alfresco.repo.domain.permissions.AclCrudDAO;
-import org.alfresco.repo.search.impl.querymodel.impl.db.DBQueryEngine.NodePermissionAssessor;
+import org.alfresco.repo.domain.permissions.Authority;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.junit.Before;
 import org.junit.Test;

-public class NodePermissionAssessorTest
+public class NodePermissionAssessorLimitsTest
 {
    private NodePermissionAssessor assessor;
    private Node node;
@@ -118,7 +121,10 @@ public class NodePermissionAssessorTest
        engine.setPermissionService(permissionService);
        engine.setAclCrudDAO(aclCrudDAO);
        
-        NodePermissionAssessor assessor = spy(engine.new NodePermissionAssessor());
+        NodeService nodeService = mock(NodeService.class);
+        Authority authority = mock(Authority.class);
+        EntityLookupCache<Long, Node, NodeRef> nodeCache = mock(EntityLookupCache.class);
+        NodePermissionAssessor assessor = spy(new NodePermissionAssessor(nodeService, permissionService, authority, nodeCache));
        doReturn(true).when(assessor).isReallyIncluded(any(Node.class));
        return assessor;
    }
--- a/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessorPermissionsTest.java
+++ b/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessorPermissionsTest.java
@@ -0,0 +1,101 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2021 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software. 
+ * If the software was purchased under a paid Alfresco license, the terms of 
+ * the paid license agreement will prevail.  Otherwise, the software is 
+ * provided under the following open source license terms:
+ * 
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.repo.search.impl.querymodel.impl.db;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import java.util.Set;
+
+import org.alfresco.repo.cache.lookup.EntityLookupCache;
+import org.alfresco.repo.domain.node.Node;
+import org.alfresco.repo.domain.permissions.Authority;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.junit.Before;
+import org.junit.Test;
+
+public class NodePermissionAssessorPermissionsTest
+{
+    private PermissionService permissionService;
+    
+    @Before
+    public void setup()
+    {
+        AuthenticationUtil.clearCurrentSecurityContext();
+        permissionService = mock(PermissionService.class);
+        DBStats.resetStopwatches();
+    }
+
+    @Test
+    public void shouldGrantPermissionWhenSystemIsReading()
+    {
+        // setup
+        AuthenticationUtil.setRunAsUserSystem();
+        
+        Node theNode = mock(Node.class);
+        NodePermissionAssessor assessor = createAssessor();
+        when(assessor.isOwnerReading(any(Node.class), any(Authority.class))).thenReturn(false);
+        when(permissionService.getReaders(anyLong())).thenReturn(Set.of());
+        
+        // call the assessor
+        boolean included = assessor.isIncluded(theNode);
+        
+        // the node is included
+        assertTrue(included);
+    }
+    
+    @Test
+    public void shouldDenyPermissionWhenNullUserIsReading()
+    {
+        // setup - AuthenticationUtil.getRunAsUser() will return null
+        Node theNode = mock(Node.class);
+        NodePermissionAssessor assessor = createAssessor();
+        when(assessor.isOwnerReading(any(Node.class), any(Authority.class))).thenReturn(false);
+        when(permissionService.getReaders(anyLong())).thenReturn(Set.of());
+        
+        // call the assessor
+        boolean included = assessor.isIncluded(theNode);
+        
+        // the node is included
+        assertFalse(included);
+    }
+    
+    private NodePermissionAssessor createAssessor()
+    {
+        NodeService nodeService = mock(NodeService.class);
+        Authority authority = mock(Authority.class);
+        EntityLookupCache<Long, Node, NodeRef> nodeCache = mock(EntityLookupCache.class);
+        return spy(new NodePermissionAssessor(nodeService, permissionService, authority, nodeCache));
+    }
+}