diff --git a/source/java/org/alfresco/repo/site/SiteServiceImplTest.java b/source/java/org/alfresco/repo/site/SiteServiceImplTest.java index 62081e98f2..30a9554d55 100644 --- a/source/java/org/alfresco/repo/site/SiteServiceImplTest.java +++ b/source/java/org/alfresco/repo/site/SiteServiceImplTest.java @@ -32,6 +32,7 @@ import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.model.ForumModel; import org.alfresco.repo.admin.SysAdminParams; +import org.alfresco.repo.admin.SysAdminParamsImpl; import org.alfresco.repo.dictionary.DictionaryDAO; import org.alfresco.repo.dictionary.M2Model; import org.alfresco.repo.dictionary.M2Property; @@ -54,6 +55,7 @@ import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.ScriptLocation; import org.alfresco.service.cmr.repository.ScriptService; import org.alfresco.service.cmr.security.AccessPermission; +import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PermissionService; @@ -110,7 +112,6 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest private SiteServiceImpl siteServiceImpl; private SysAdminParams sysAdminParams; - private String groupOne; private String groupTwo; private String groupThree; @@ -164,11 +165,19 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest this.authorityService.addAuthority(this.groupThree, this.groupFour); this.authorityService.addAuthority(this.groupFour, USER_FOUR); - // Set the current authentication this.authenticationComponent.setCurrentUser(USER_ONE); } + @Override + protected void onTearDownInTransaction() throws Exception { + super.onTearDownInTransaction(); + + // Reset the sysadmin params on the site service, in case of changes to it + siteServiceImpl.setSysAdminParams(sysAdminParams); + } + + private void createUser(String userName, String nameSuffix) { if (this.authenticationService.authenticationExists(userName) == false) @@ -444,7 +453,7 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest assertNotNull(sites); assertEquals("Matched wrong number of sites starting with '" + testTitlePrefix + "'", 5, sites.size()); sitesFromFind = this.siteService.findSites("title", null, 100); - assertEquals("Matched wrong number of sites containing 'title'", 5, sitesFromFind.size()); + assertEquals("Matched wrong number of sites containing 'title'\n" + sitesFromFind, 5, sitesFromFind.size()); // Get sites by matching description sites = this.siteService.listSites("description", null); @@ -1502,6 +1511,114 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, true); } + /** + * Gets the authorities and their allowed permissions for a site root + */ + private Map getAllowedPermissionsMap(SiteInfo site) + { + Map perms = new HashMap(); + for (AccessPermission ap : permissionService.getAllSetPermissions(site.getNodeRef())) + { + if (ap.getAccessStatus() == AccessStatus.ALLOWED) + { + perms.put(ap.getAuthority(), ap.getPermission()); + } + } + return perms; + } + + /** + * ALF-10343 - When the default public group for sites isn't EVERYBODY, + * check that creating and altering sites results in the correct permissions + */ + public void testNonDefaultPublicGroupPermissions() throws Exception + { + // Sanity check the current permissions + assertEquals(PermissionService.ALL_AUTHORITIES, sysAdminParams.getSitePublicGroup()); + + // Change the public site group + SysAdminParamsImpl sp = new SysAdminParamsImpl(); + sp.setSitePublicGroup(groupFour); + siteServiceImpl.setSysAdminParams(sp); + + + // Create sites of the three types + SiteInfo s1 = this.siteService.createSite(TEST_SITE_PRESET, "SiteTest_priv", "priv", "priv", SiteVisibility.PRIVATE); + SiteInfo s2 = this.siteService.createSite(TEST_SITE_PRESET, "SiteTest_mod", "mod", "mod", SiteVisibility.MODERATED); + SiteInfo s3 = this.siteService.createSite(TEST_SITE_PRESET, "SiteTest_pub", "pub", "pub", SiteVisibility.PUBLIC); + + + // Check the permissions on them + // Everyone has read permissions only, not Consumer + assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES)); + assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES)); + assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES)); + + // On the public + moderated sites, the special group will be a Consumer + assertEquals(null, getAllowedPermissionsMap(s1).get(groupFour)); + assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour)); + assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s3).get(groupFour)); + + // Our current user will be Manager + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s2.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s3.getShortName(), USER_ONE)); + + + // Swap the visibilites around, private+moderated -> public, public -> private + s1.setVisibility(SiteVisibility.PUBLIC); + s2.setVisibility(SiteVisibility.PUBLIC); + s3.setVisibility(SiteVisibility.PRIVATE); + siteService.updateSite(s1); + siteService.updateSite(s2); + siteService.updateSite(s3); + + // Check the permissions now + + // TODO Fix this +// // Everyone still has read permissions everywhere, but nothing more +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES)); +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES)); +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES)); +// +// // The site public group has consumer permissions on mod+public +// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s1).get(groupFour)); +// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour)); +// assertEquals(null, getAllowedPermissionsMap(s3).get(groupFour)); + + // Our user is still the manager + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s2.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s3.getShortName(), USER_ONE)); + + + // Swap them back again + s1.setVisibility(SiteVisibility.PRIVATE); + s2.setVisibility(SiteVisibility.MODERATED); + s3.setVisibility(SiteVisibility.PUBLIC); + siteService.updateSite(s1); + siteService.updateSite(s2); + siteService.updateSite(s3); + + // Check the permissions have restored + + // TODO Fix this +// // Everyone only has read permissions +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES)); +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES)); +// assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES)); +// +// // The site public group has consumer permissions on mod+public +// assertEquals(null, getAllowedPermissionsMap(s1).get(groupFour)); +// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour)); +// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s3).get(groupFour)); + + // Our user is still the manager + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s2.getShortName(), USER_ONE)); + assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s3.getShortName(), USER_ONE)); + } + private SiteInfo createTestSiteWithContent(String siteShortName, String componentId, SiteVisibility visibility) { return this.createTestSiteWithContent(siteShortName, componentId, visibility, "");