inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-QA to HEAD (4.2) (including moving test classes into separate folders)

Browse Source 
51903 to 54309 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@54310 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Samuel Langlois
2013-08-20 17:17:31 +00:00
parent 0a36e2af67
commit ab4ca7177f
1576 changed files with 36419 additions and 8603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

232
source/test-java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java Normal file
View File

@@ -0,0 +1,232 @@
/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import javax.transaction.UserTransaction;
import junit.framework.TestCase;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.permissions.AclDAO;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.security.authority.AuthorityDAO;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.security.PublicServiceAccessService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext;
import org.springframework.orm.hibernate3.LocalSessionFactoryBean;
public class AbstractPermissionTest extends TestCase
{
private static ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext();
protected static final String ROLE_AUTHENTICATED = "ROLE_AUTHENTICATED";
protected NodeService nodeService;
protected DictionaryService dictionaryService;
protected PermissionServiceSPI permissionService;
protected MutableAuthenticationService authenticationService;
private MutableAuthenticationDao authenticationDAO;
protected LocalSessionFactoryBean sessionFactory;
protected NodeRef rootNodeRef;
protected NamespacePrefixResolver namespacePrefixResolver;
protected ServiceRegistry serviceRegistry;
protected NodeRef systemNodeRef;
protected AuthenticationComponent authenticationComponent;
protected ModelDAO permissionModelDAO;
protected PersonService personService;
protected AuthorityService authorityService;
protected AuthorityDAO authorityDAO;
protected NodeDAO nodeDAO;
protected AclDAO aclDaoComponent;
protected RetryingTransactionHelper retryingTransactionHelper;
private TransactionService transactionService;
private UserTransaction testTX;
protected PermissionServiceImpl permissionServiceImpl;
protected PublicServiceAccessService publicServiceAccessService;
public AbstractPermissionTest()
{
super();
// TODO Auto-generated constructor stub
}
public void setUp() throws Exception
{
if (AlfrescoTransactionSupport.getTransactionReadState() != TxnReadState.TXN_NONE)
{
throw new AlfrescoRuntimeException(
"A previous tests did not clean up transaction: " +
AlfrescoTransactionSupport.getTransactionId());
}
nodeService = (NodeService) applicationContext.getBean("nodeService");
dictionaryService = (DictionaryService) applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE
.getLocalName());
permissionService = (PermissionServiceSPI) applicationContext.getBean("permissionService");
permissionServiceImpl = (PermissionServiceImpl) applicationContext.getBean("permissionServiceImpl");
namespacePrefixResolver = (NamespacePrefixResolver) applicationContext
.getBean(ServiceRegistry.NAMESPACE_SERVICE.getLocalName());
authenticationService = (MutableAuthenticationService) applicationContext.getBean("authenticationService");
authenticationComponent = (AuthenticationComponent) applicationContext.getBean("authenticationComponent");
serviceRegistry = (ServiceRegistry) applicationContext.getBean(ServiceRegistry.SERVICE_REGISTRY);
permissionModelDAO = (ModelDAO) applicationContext.getBean("permissionsModelDAO");
personService = (PersonService) applicationContext.getBean("personService");
authorityService = (AuthorityService) applicationContext.getBean("authorityService");
authorityDAO = (AuthorityDAO) applicationContext.getBean("authorityDAO");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao");
nodeDAO = (NodeDAO) applicationContext.getBean("nodeDAO");
aclDaoComponent = (AclDAO) applicationContext.getBean("aclDAO");
publicServiceAccessService = (PublicServiceAccessService) applicationContext.getBean("publicServiceAccessService");
retryingTransactionHelper = (RetryingTransactionHelper) applicationContext.getBean("retryingTransactionHelper");
transactionService = (TransactionService) applicationContext.getBean("transactionComponent");
testTX = transactionService.getUserTransaction();
testTX.begin();
StoreRef storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.nanoTime());
rootNodeRef = nodeService.getRootNode(storeRef);
QName children = ContentModel.ASSOC_CHILDREN;
QName system = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "system");
QName container = ContentModel.TYPE_CONTAINER;
QName types = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "people");
systemNodeRef = nodeService.createNode(rootNodeRef, children, system, container).getChildRef();
NodeRef typesNodeRef = nodeService.createNode(systemNodeRef, children, types, container).getChildRef();
Map<QName, Serializable> props = createPersonProperties("andy");
nodeService.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props).getChildRef();
props = createPersonProperties("lemur");
nodeService.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props).getChildRef();
// create an authentication object e.g. the user
if(authenticationDAO.userExists("andy"))
{
authenticationService.deleteAuthentication("andy");
}
authenticationService.createAuthentication("andy", "andy".toCharArray());
if(authenticationDAO.userExists("lemur"))
{
authenticationService.deleteAuthentication("lemur");
}
authenticationService.createAuthentication("lemur", "lemur".toCharArray());
if(authenticationDAO.userExists(AuthenticationUtil.getAdminUserName()))
{
authenticationService.deleteAuthentication(AuthenticationUtil.getAdminUserName());
}
authenticationService.createAuthentication(AuthenticationUtil.getAdminUserName(), "admin".toCharArray());
authenticationComponent.clearCurrentSecurityContext();
assertTrue(permissionServiceImpl.getAnyDenyDenies());
}
@Override
protected void tearDown() throws Exception
{
try
{
testTX.rollback();
}
catch (Throwable e)
{
e.printStackTrace();
}
AuthenticationUtil.clearCurrentSecurityContext();
super.tearDown();
}
protected void runAs(String userName)
{
authenticationService.authenticate(userName, userName.toCharArray());
assertNotNull(authenticationService.getCurrentUserName());
// for(GrantedAuthority authority : woof.getAuthorities())
// {
// System.out.println("Auth = "+authority.getAuthority());
// }
}
private Map<QName, Serializable> createPersonProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
return properties;
}
protected PermissionReference getPermission(String permission)
{
return permissionModelDAO.getPermissionReference(null, permission);
}
}

682
source/test-java/org/alfresco/repo/security/permissions/impl/AbstractReadPermissionTest.java Normal file
View File

@@ -0,0 +1,682 @@
package org.alfresco.repo.security.permissions.impl;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import javax.transaction.UserTransaction;
import junit.framework.TestCase;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.permissions.AccessControlListDAO;
import org.alfresco.repo.domain.permissions.AclDAO;
import org.alfresco.repo.search.IndexerAndSearcher;
import org.alfresco.repo.search.impl.lucene.ADMLuceneIndexer;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.security.authority.AuthorityDAO;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.model.FileFolderService;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.wcm.util.WCMUtil;
import org.alfresco.wcm.webproject.WebProjectService;
import org.springframework.context.ApplicationContext;
import org.springframework.orm.hibernate3.LocalSessionFactoryBean;
public class AbstractReadPermissionTest extends TestCase
{
protected static ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext();
protected static final String ROLE_AUTHENTICATED = "ROLE_AUTHENTICATED";
protected NodeService nodeService;
protected DictionaryService dictionaryService;
protected PermissionServiceSPI permissionService;
protected MutableAuthenticationService authenticationService;
protected MutableAuthenticationDao authenticationDAO;
protected LocalSessionFactoryBean sessionFactory;
protected NodeRef rootNodeRef;
protected NamespacePrefixResolver namespacePrefixResolver;
protected ServiceRegistry serviceRegistry;
protected NodeRef systemNodeRef;
protected AuthenticationComponent authenticationComponent;
protected ModelDAO permissionModelDAO;
protected PersonService personService;
protected AuthorityService authorityService;
protected AuthorityDAO authorityDAO;
protected NodeDAO nodeDAO;
protected AclDAO aclDaoComponent;
protected ADMLuceneIndexer admLuceneIndexer;
protected RetryingTransactionHelper retryingTransactionHelper;
protected TransactionService transactionService;
protected AccessControlListDAO accessControlListDao;
protected FileFolderService fileFolderService;
protected OwnableService ownableService;
protected UserTransaction testTX;
protected AVMService fService;
protected IndexerAndSearcher fIndexerAndSearcher;
protected WebProjectService wpService;
protected boolean logToFile = false;
protected String[] webAuthorities = new String[] {"Web1", "Web2", "Web3", "Web4", "Web5"};
protected String[] authorities = new String[] {"Dynamic","1000","1001","Y","Z","X","10_1","avm","100","10","1","01","001","0001"};
protected String AVMStore = "main" + System.currentTimeMillis();
final int WEB_COUNT = 100;
protected final String TEST_RUN = ""+System.currentTimeMillis();
protected final String TEST_WEBPROJ_DNS = "testWP-"+TEST_RUN;
protected final String TEST_WEBPROJ_NAME = "testSandbox Web Project Display Name - "+TEST_RUN;
protected final String TEST_WEBPROJ_TITLE = "This is my title";
protected final String TEST_WEBPROJ_DESCRIPTION = "This is my description";
protected final String TEST_WEBPROJ_DEFAULT_WEBAPP = WCMUtil.DIR_ROOT;
protected final boolean TEST_WEBPROJ_USE_AS_TEMPLATE = true;
protected final boolean TEST_WEBPROJ_DONT_USE_AS_TEMPLATE = false;
protected class Counter
{
int i = 0;
void increment()
{
i++;
}
int count()
{
return i;
}
}
protected int COUNT = 10;
protected Counter c01 = new Counter();
protected Counter c001 = new Counter();
protected Counter c0001 = new Counter();
private Map<QName, Serializable> createPersonProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
return properties;
}
protected void createAuthentication(String name)
{
if(authenticationDAO.userExists(name))
{
authenticationService.deleteAuthentication(name);
}
authenticationService.createAuthentication(name, name.toCharArray());
if(personService.personExists(name))
{
personService.deletePerson(name);
}
personService.createPerson(createPersonProperties(name));
}
protected void createGroup(String name)
{
authorityService.createAuthority(AuthorityType.GROUP, name);
}
protected void runAs(String userName)
{
authenticationService.authenticate(userName, userName.toCharArray());
assertNotNull(authenticationService.getCurrentUserName());
// for(GrantedAuthority authority : woof.getAuthorities())
// {
// System.out.println("Auth = "+authority.getAuthority());
// }
}
protected NodeRef[] build1000Nodes(final String authority, final int returnNodes, final boolean inherit)
{
return build1000Nodes(authority, PermissionService.READ, returnNodes, inherit);
}
protected NodeRef[] buildOwnedNodes(final String authority, final int returnNodes)
{
runAs("admin");
final NodeRef[] nodes = new NodeRef[returnNodes];
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
int i = 0;
int k = returnNodes > 0 ? 1000/returnNodes : 0;
String namePrefix = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, namePrefix, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_1000 = fileFolderService.create(folder, namePrefix + "-1000-", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setInheritParentPermissions(folder_1000, false);
permissionService.setPermission(folder_1000, authority, PermissionService.READ, true);
for(int j = 0; j < 1000; j++)
{
NodeRef file = fileFolderService.create(folder_1000, namePrefix + "-1000-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
ownableService.setOwner(file, authority);
if(returnNodes > 0)
{
if(j % k == 0)
{
nodes[i++] = file;
}
}
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
return nodes;
}
protected void buildNodes(final String user, final String permission, final int n, final boolean inherit)
{
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
String namePrefix = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, namePrefix, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_n = fileFolderService.create(folder, namePrefix + "-n", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setInheritParentPermissions(folder_n, false);
permissionService.setPermission(folder_n, user, PermissionService.READ, true);
for(int j = 0; j < n; j++)
{
NodeRef file = fileFolderService.create(folder_n, namePrefix + "-n-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
if(!inherit)
{
permissionService.setInheritParentPermissions(file, false);
if(permission != null)
{
permissionService.setPermission(file, user, permission, true);
}
}
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
protected NodeRef[] build1000Nodes(final String authority, final String permission, final int returnNodes, final boolean inherit)
{
runAs("admin");
final NodeRef[] nodes = new NodeRef[returnNodes];
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
int i = 0;
int k = returnNodes > 0 ? 1000/returnNodes : 0;
String namePrefix = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, namePrefix, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_1000 = fileFolderService.create(folder, namePrefix + "-1000-", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setInheritParentPermissions(folder_1000, false);
permissionService.setPermission(folder_1000, authority, permission, true);
for(int j = 0; j < 1000; j++)
{
NodeRef file = fileFolderService.create(folder_1000, namePrefix + "-1000-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
if(!inherit)
{
permissionService.setInheritParentPermissions(file, false);
permissionService.setPermission(file, authority, permission, true);
}
if(returnNodes > 0)
{
if(j % k == 0)
{
nodes[i++] = file;
}
}
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
return nodes;
}
protected NodeRef[] build1000Nodes(final String authority, final String permission, final boolean inherit)
{
return build1000Nodes(authority, permission, 0, inherit);
}
protected void build1000NodesReadDenied(final String authority)
{
runAs("admin");
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
String name = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, name, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_1001 = fileFolderService.create(folder, name + "-1001", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_1001, authority, PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_1001, false);
for(int j = 0; j < 1000; j++)
{
NodeRef file = fileFolderService.create(folder_1001, name + "-1001-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
permissionService.setInheritParentPermissions(file, false);
permissionService.setPermission(file, authority, PermissionService.READ, false);
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
protected void buildNodes()
{
final Random random = new Random(42);
runAs("admin");
permissionService.setPermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
for(int ii = 0; ii < COUNT; ii++)
{
final String namePrefix = "name" + System.currentTimeMillis() + "-";
final int i = ii;
System.out.println("Loop " + i);
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
NodeRef folder = fileFolderService.create(rootNodeRef, namePrefix + i, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_1000 = fileFolderService.create(folder, namePrefix + "1000-"+i, ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_1000, "1000", PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_1000, false);
for(int j = 0; j < 1000; j++)
{
NodeRef file = fileFolderService.create(folder_1000, namePrefix + "1000-"+i+"-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
//permissionService.setInheritParentPermissions(file, false);
//permissionService.setPermission(file, "1000", PermissionService.READ, true);
}
NodeRef folder_100 = fileFolderService.create(folder, namePrefix + "100-"+i, ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_100, "100", PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_100, false);
for(int j = 0; j < 100; j++)
{
NodeRef file = fileFolderService.create(folder_100, namePrefix + "100-"+i+"-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
}
NodeRef folder_10 = fileFolderService.create(folder, namePrefix + "10-"+i, ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_10, "10", PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_10, false);
for(int j = 0; j < 10; j++)
{
NodeRef file = fileFolderService.create(folder_10, namePrefix + "10-"+i+"-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
}
NodeRef folder_10_1 = fileFolderService.create(folder, namePrefix + "10_1-"+i, ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_10_1, "GROUP_X", PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_10_1, false);
for(int j = 0; j < 10; j++)
{
NodeRef file = fileFolderService.create(folder_10_1, "namePrefix + 10_1-"+i+"-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
}
NodeRef folder_1 = fileFolderService.create(folder, namePrefix + "1"+i, ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_1, "1", PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_1, false);
NodeRef file = fileFolderService.create(folder_1, namePrefix + "1-1-1", ContentModel.TYPE_CONTENT).getNodeRef();
double rn = random.nextDouble();
if(rn < 0.1)
{
NodeRef rf = fileFolderService.create(folder, namePrefix + "0.1", ContentModel.TYPE_CONTENT).getNodeRef();
//permissionService.setPermission(rf, "01", PermissionService.READ, true);
//permissionService.setInheritParentPermissions(rf, false);
c01.increment();
}
if(rn < 0.01)
{
NodeRef rf = fileFolderService.create(folder, namePrefix + "0.01", ContentModel.TYPE_CONTENT).getNodeRef();
//permissionService.setPermission(rf, "001", PermissionService.READ, true);
//permissionService.setInheritParentPermissions(rf, false);
c001.increment();
}
if(rn < 0.001)
{
NodeRef rf = fileFolderService.create(folder, namePrefix + "0.001", ContentModel.TYPE_CONTENT).getNodeRef();
//permissionService.setPermission(rf, "0001", PermissionService.READ, true);
//permissionService.setInheritParentPermissions(rf, false);
c0001.increment();
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
}
protected void setupBasicTree(final String authority) throws Exception
{
runAs("admin");
final String[] dirs = new String[] {"a", "a/b", "a/b/c", "a/b/c/d", "e", "e/f", "e/f/g", "e/f/g/h", "x", "x/y"};
for(int j = 0; j < dirs.length; j++)
{
String path = dirs[j];
String dir;
String file;
int k = path.lastIndexOf('/');
if(k == -1)
{
dir = "";
file = path;
}
else
{
dir = path.substring(0, k);
file = path.substring(k+1);
}
fService.createDirectory(AVMStore + ":/" + dir, file);
}
// fService.createDirectory("main:/", "a");
// fService.createDirectory("main:/a", "b");
// fService.createDirectory("main:/a/b", "c");
// fService.createDirectory("main:/", "d");
// fService.createDirectory("main:/d", "e");
// fService.createDirectory("main:/d/e", "f");
// desc = avmService.lookup(-1, storeName + ":/base");
// nodeRef = AVMNodeConverter.ToNodeRef(-1, desc.getPath());
// permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true);
// permissionService.deletePermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS);
AVMNodeDescriptor nodeDesc = fService.lookup(-1, AVMStore + ":/");
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
//permissionService.setPermission(nodeRef, "1", PermissionService.READ, true);
// for(int ii = 0; ii < COUNT; ii++)
// {
// final int i = ii;
// final int j =
// if(ii % 100 == 0)
// {
// System.out.println("Loop " + i);
// }
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
for(int i = 0; i < WEB_COUNT; i++)
{
if(i % 100 == 0)
{
System.out.println("Loop " + i);
}
int j = i % webAuthorities.length;
String dir = AVMStore + ":/" + dirs[i % 10];
String file = "foo" + i;
String path = dir + "/" + file;
fService.createFile(dir, file).close();
ContentWriter writer = fService.getContentWriter(path, true);
writer.setEncoding("UTF-8");
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
//writer.putContent("I am " + path);
writer.putContent("I am main");
//String authority = webAuthorities[j];
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, path);
permissionService.setPermission(nodeRef, authority, PermissionService.READ, true);
permissionService.setInheritParentPermissions(nodeRef, false);
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
//}
// fService.createDirectory("main:/", "a");
// fService.createDirectory("main:/a", "b");
// fService.createDirectory("main:/a/b", "c");
// fService.createDirectory("main:/", "d");
// fService.createDirectory("main:/d", "e");
// fService.createDirectory("main:/d/e", "f");
//
// AVMNodeDescriptor nodeDesc = fService.lookup(-1, "main:/");
// NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
// permissionService.setPermission(nodeRef, "1", PermissionService.READ, true);
// fService.createFile("main:/a/b/c", "foo").close();
// ContentWriter writer = fService.getContentWriter("main:/a/b/c/foo", true);
// writer.setEncoding("UTF-8");
// writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
// writer.putContent("I am main:/a/b/c/foo");
// AVMNodeDescriptor nodeDesc = fService.lookup(-1, "main:/a/b/c/foo");
// NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
// permissionService.setPermission(nodeRef, "1", PermissionService.READ, true);
// fService.createFile("main:/a/b/c", "bar").close();
// writer = fService.getContentWriter("main:/a/b/c/bar", true);
// writer.setEncoding("UTF-8");
// writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
// writer.putContent("I am main:/a/b/c/bar");
// nodeDesc = fService.lookup(-1, "main:/a/b/c/foo");
// nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
// permissionService.setPermission(nodeRef, "1", PermissionService.READ, true);
fService.createSnapshot(AVMStore, null, null);
//testTX.commit();
}
protected void deleteAuthentication(String name)
{
if(authenticationDAO.userExists(name))
{
authenticationService.deleteAuthentication(name);
}
if(personService.personExists(name))
{
personService.deletePerson(name);
}
}
public void setUp() throws Exception
{
if (AlfrescoTransactionSupport.getTransactionReadState() != TxnReadState.TXN_NONE)
{
throw new AlfrescoRuntimeException(
"A previous tests did not clean up transaction: " +
AlfrescoTransactionSupport.getTransactionId());
}
nodeService = (NodeService) applicationContext.getBean("nodeService");
dictionaryService = (DictionaryService) applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE
.getLocalName());
permissionService = (PermissionServiceSPI) applicationContext.getBean("permissionService");
namespacePrefixResolver = (NamespacePrefixResolver) applicationContext
.getBean(ServiceRegistry.NAMESPACE_SERVICE.getLocalName());
authenticationService = (MutableAuthenticationService) applicationContext.getBean("authenticationService");
authenticationComponent = (AuthenticationComponent) applicationContext.getBean("authenticationComponent");
serviceRegistry = (ServiceRegistry) applicationContext.getBean(ServiceRegistry.SERVICE_REGISTRY);
permissionModelDAO = (ModelDAO) applicationContext.getBean("permissionsModelDAO");
personService = (PersonService) applicationContext.getBean("personService");
authorityService = (AuthorityService) applicationContext.getBean("authorityService");
authorityDAO = (AuthorityDAO) applicationContext.getBean("authorityDAO");
accessControlListDao = (AccessControlListDAO) applicationContext.getBean("admNodeACLDAO");
fileFolderService = (FileFolderService)applicationContext.getBean("fileFolderService");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao");
nodeDAO = (NodeDAO) applicationContext.getBean("nodeDAO");
aclDaoComponent = (AclDAO) applicationContext.getBean("aclDAO");
retryingTransactionHelper = (RetryingTransactionHelper) applicationContext.getBean("retryingTransactionHelper");
transactionService = (TransactionService) applicationContext.getBean("transactionComponent");
ownableService = (OwnableService) applicationContext.getBean("ownableService");
testTX = transactionService.getUserTransaction();
testTX.begin();
StoreRef storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.nanoTime());
rootNodeRef = nodeService.getRootNode(storeRef);
// QName children = ContentModel.ASSOC_CHILDREN;
// QName system = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "system");
// QName container = ContentModel.TYPE_CONTAINER;
// QName types = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "people");
// systemNodeRef = nodeService.createNode(rootNodeRef, children, system, container).getChildRef();
// NodeRef typesNodeRef = nodeService.createNode(systemNodeRef, children, types, container).getChildRef();
// Map<QName, Serializable> props = createPersonProperties("andy");
// nodeService.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props).getChildRef();
// props = createPersonProperties("lemur");
// nodeService.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props).getChildRef();
// create an authentication object e.g. the user
if(authenticationDAO.userExists("andy"))
{
authenticationService.deleteAuthentication("andy");
}
authenticationService.createAuthentication("andy", "andy".toCharArray());
if(authenticationDAO.userExists("lemur"))
{
authenticationService.deleteAuthentication("lemur");
}
authenticationService.createAuthentication("lemur", "lemur".toCharArray());
if(authenticationDAO.userExists(AuthenticationUtil.getAdminUserName()))
{
authenticationService.deleteAuthentication(AuthenticationUtil.getAdminUserName());
}
authenticationService.createAuthentication(AuthenticationUtil.getAdminUserName(), "admin".toCharArray());
fService = (AVMService)applicationContext.getBean("AVMService");
fIndexerAndSearcher = (IndexerAndSearcher)applicationContext.getBean("indexerAndSearcherFactory");
wpService = (WebProjectService)applicationContext.getBean("WebProjectService");
if (fService.getStore(AVMStore) != null)
{
fService.purgeStore(AVMStore);
}
fService.createStore(AVMStore);
for(String authority : authorities)
{
createAuthentication(authority);
}
for(String authority : webAuthorities)
{
createAuthentication(authority);
}
// TODO define permission group to include Read in permissionDefinitions
// assign user to new permission group - should be able to read any node?
createGroup("X");
authorityService.addAuthority(authorityService.getName(AuthorityType.GROUP, "X"), "10_1");
authenticationComponent.clearCurrentSecurityContext();
}
protected void tearDown() throws Exception
{
try
{
testTX.rollback();
}
catch (Throwable e)
{
e.printStackTrace();
}
AuthenticationUtil.clearCurrentSecurityContext();
super.tearDown();
}
}

1508
source/test-java/org/alfresco/repo/security/permissions/impl/AclDaoComponentTest.java Normal file
View File

File diff suppressed because it is too large Load Diff

3848
source/test-java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java Normal file
View File

File diff suppressed because it is too large Load Diff

457
source/test-java/org/alfresco/repo/security/permissions/impl/ReadPermissionTest.java Normal file
View File

@@ -0,0 +1,457 @@
package org.alfresco.repo.security.permissions.impl;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
// Unit tests for ALF-3952 "Search/Read Permissions Evaluation Performance"
public class ReadPermissionTest extends AbstractReadPermissionTest
{
// public void testDynamicAuthority() throws Exception
// {
// SearchParameters sp;
// ResultSet results;
//
// buildNodes("1001", null, 10, false);
//
// runAs("1001");
//
// sp = new SearchParameters();
// sp.addStore(rootNodeRef.getStoreRef());
// sp.setLanguage(SearchService.LANGUAGE_LUCENE);
// sp.setQuery("TYPE:\"cm:content\"");
// sp.setMaxItems(Integer.MAX_VALUE);
// sp.setMaxPermissionChecks(Integer.MAX_VALUE);
// sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
// results = serviceRegistry.getSearchService().query(sp);
// int length = results.length();
// results.close();
//
// assertEquals(10, length);
// }
public void testAdminCanRead()
{
runAs("Web1");
buildNodes("1001", "Read", 10, true);
SearchParameters sp;
ResultSet results;
runAs("admin");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(10, results.length());
results.close();
}
public void testAVM() throws Exception
{
try
{
runAs("admin");
setupBasicTree("Web1");
runAs("Web1");
StoreRef storeRef = AVMNodeConverter.ToStoreRef(AVMStore);
long start;
long end;
SearchParameters sp;
ResultSet results;
// Text index
sp = new SearchParameters();
sp.addStore(storeRef);
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
start = System.nanoTime();
results = serviceRegistry.getSearchService().query(sp);
assertEquals(WEB_COUNT, results.length());
results.close();
end = System.nanoTime();
System.out.println("AVM in "+((end-start)/1e9));
sp = new SearchParameters();
sp.addStore(storeRef);
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
// sp.setQuery("TEXT:\"I am\"");
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
start = System.nanoTime();
results = serviceRegistry.getSearchService().query(sp);
assertEquals(WEB_COUNT, results.length());
results.close();
end = System.nanoTime();
System.out.println("AVM in "+((end-start)/1e9));
}
catch (Exception e)
{
e.printStackTrace();
throw e;
}
}
public void testReadDeny()
{
SearchParameters sp;
ResultSet results;
build1000NodesReadDenied("1001");
runAs("1001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
int length = results.length();
results.close();
assertEquals(0, length);
}
public void testNoRead()
{
SearchParameters sp;
ResultSet results;
build1000Nodes("1001", PermissionService.WRITE, true);
runAs("1001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
int length = results.length();
results.close();
assertEquals(0, length);
}
protected void buildContainers(final String username, final String permission)
{
runAs("admin");
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
int i = 0;
String namePrefix = "simple" + System.currentTimeMillis();
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}01"),
ContentModel.TYPE_CONTAINER).getChildRef();
permissionService.setPermission(n1, username, permission, true);
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
public void testNodeOwner()
{
SearchParameters sp;
ResultSet results;
buildOwnedNodes("1001", 0);
runAs(AuthenticationUtil.getAdminUserName());
runAs("1001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("PATH:\"//*\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
int length = results.length();
results.close();
assertEquals(1001, length); // folder + children
}
public void testChangePermissions()
{
SearchParameters sp;
ResultSet results;
NodeRef[] nodes = build1000Nodes("1001", 4, false);
runAs("1001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
int length = results.length();
results.close();
assertEquals(1000, length);
for(int i = 0; i < 4; i++)
{
permissionService.deletePermission(nodes[i], "1001", PermissionService.READ);
}
//setPermission(nodes[0], "10", permission, allow)
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
length = results.length();
results.close();
assertEquals(1000-4, length);
}
public void testQueryReadPermission()
{
buildNodes();
SearchParameters sp;
ResultSet results;
runAs("1000");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(1000*COUNT, results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(1000*COUNT, results.length());
results.close();
runAs("100");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(100*COUNT, results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(100*COUNT, results.length());
results.close();
runAs("10");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(10*COUNT, results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(10*COUNT, results.length());
results.close();
// test user member of group with read permission can read
runAs("10_1");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(10*COUNT, results.length());
results.close();
runAs("1");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(COUNT, results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(COUNT, results.length());
results.close();
runAs("01");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c01.count(), results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c01.count(), results.length());
results.close();
runAs("001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c001.count(), results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c001.count(), results.length());
results.close();
runAs("0001");
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c0001.count(), results.length());
results.close();
sp = new SearchParameters();
sp.addStore(rootNodeRef.getStoreRef());
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"cm:content\"");
sp.setMaxItems(Integer.MAX_VALUE);
sp.setMaxPermissionChecks(Integer.MAX_VALUE);
sp.setMaxPermissionCheckTimeMillis(Integer.MAX_VALUE);
results = serviceRegistry.getSearchService().query(sp);
results.setBulkFetch(false);
assertEquals(c0001.count(), results.length());
results.close();
}
}

1044
source/test-java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationTest.java Normal file
View File

File diff suppressed because it is too large Load Diff

899
source/test-java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoterTest.java Normal file
View File

@@ -0,0 +1,899 @@
/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl.acegi;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.repo.security.permissions.impl.AbstractPermissionTest;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.aop.framework.ProxyFactory;
import org.springframework.aop.framework.adapter.AdvisorAdapterRegistry;
import org.springframework.aop.framework.adapter.GlobalAdvisorAdapterRegistry;
import org.springframework.aop.target.SingletonTargetSource;
public class ACLEntryVoterTest extends AbstractPermissionTest
{
public ACLEntryVoterTest()
{
super();
}
public void testBasicDenyNode() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] { rootNodeRef });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
try
{
method.invoke(proxy, new Object[] { systemNodeRef });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
// Check we are allowed access to deleted nodes ..
nodeService.deleteNode(systemNodeRef);
assertNull(method.invoke(proxy, new Object[] { systemNodeRef }));
}
public void testBasicDenyStore() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneStoreRef", new Class[] { StoreRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] { rootNodeRef.getStoreRef() });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
}
public void testAllowNullNode() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null });
}
public void testAllowNullStore() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneStoreRef", new Class[] { StoreRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null });
}
public void testAllowNullParentOnRealChildAssoc() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_PARENT.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) });
}
public void testAllowNullParent() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_PARENT.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null });
}
public void testAllowNullChild() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null });
}
public void testBasicDenyChildAssocNode() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
}
public void testBasicDenyParentAssocNode() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_PARENT.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
}
public void testBasicAllowNode() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { rootNodeRef });
}
public void testBasicAllow() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_ALLOW")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { rootNodeRef });
}
public void testBasicAllowStore() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneStoreRef", new Class[] { StoreRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { rootNodeRef.getStoreRef() });
}
public void testBasicAllowChildAssocNode() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) });
}
public void testBasicAllowParentAssocNode() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_PARENT.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
}
public void testDenyParentAssocNode() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_PARENT.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
}
public void testAllowChildAssocNode() throws Exception
{
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneChildAssociationRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
}
public void testMultiNodeMethodsArg0() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testManyNodeRef",
new Class[] { NodeRef.class, NodeRef.class, NodeRef.class, NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { rootNodeRef, null, null, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { rootNodeRef, null, null, null });
}
public void testMultiNodeMethodsArg1() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testManyNodeRef",
new Class[] { NodeRef.class, NodeRef.class, NodeRef.class, NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.1.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, rootNodeRef, null, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, rootNodeRef, null, null });
}
public void testMultiNodeMethodsArg2() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testManyNodeRef",
new Class[] { NodeRef.class, NodeRef.class, NodeRef.class, NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.2.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, null, rootNodeRef, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, rootNodeRef, null });
}
public void testMultiNodeMethodsArg3() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testManyNodeRef",
new Class[] { NodeRef.class, NodeRef.class, NodeRef.class, NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.3.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, null, null, rootNodeRef });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, null, rootNodeRef });
}
public void testMultiChildAssocRefMethodsArg0() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testManyChildAssociationRef",
new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class,
ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef), null, null, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef), null, null, null });
}
public void testMultiChildAssocRefMethodsArg1() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testManyChildAssociationRef",
new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class,
ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.1.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null });
}
public void testMultiChildAssocRefMethodsArg2() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testManyChildAssociationRef",
new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class,
ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.2.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, null, nodeService.getPrimaryParent(rootNodeRef), null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, nodeService.getPrimaryParent(rootNodeRef), null });
}
public void testMultiChildAssocRefMethodsArg3() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod(
"testManyChildAssociationRef",
new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class,
ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.3.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { null, null, null, nodeService.getPrimaryParent(rootNodeRef) });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { null, null, null, nodeService.getPrimaryParent(rootNodeRef) });
}
public void testMethodACL() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.andy", "ACL_METHOD.BANANA")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] {});
}
public void testMethodACL2() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.BANANA", "ACL_METHOD."
+ PermissionService.ALL_AUTHORITIES)));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] {});
}
public void testMethodACL3() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.andy", "ACL_METHOD."
+ PermissionService.ALL_AUTHORITIES)));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] {});
}
public void testMethodACL4() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testMethod", new Class[] {});
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_METHOD.woof", "ACL_METHOD.BOO")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
try
{
method.invoke(proxy, new Object[] {});
}
catch (InvocationTargetException e)
{
}
}
public static class ClassWithMethods
{
public void testMethod()
{
}
public void testOneStoreRef(StoreRef storeRef)
{
}
public void testOneNodeRef(NodeRef nodeRef)
{
}
public void testManyNodeRef(NodeRef nodeRef1, NodeRef nodeRef2, NodeRef nodeRef3, NodeRef nodeRef4)
{
}
public void testOneChildAssociationRef(ChildAssociationRef car)
{
}
public void testManyChildAssociationRef(ChildAssociationRef car1, ChildAssociationRef car2,
ChildAssociationRef car3, ChildAssociationRef car4)
{
}
}
public class Interceptor implements MethodInterceptor
{
ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
Interceptor(final String config1, final String config2)
{
cad.addConfigAttribute(new ConfigAttribute()
{
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
public String getAttribute()
{
return config1;
}
});
cad.addConfigAttribute(new ConfigAttribute()
{
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
public String getAttribute()
{
return config2;
}
});
}
Interceptor(final String config)
{
cad.addConfigAttribute(new ConfigAttribute()
{
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
public String getAttribute()
{
return config;
}
});
}
public Object invoke(MethodInvocation invocation) throws Throwable
{
ACLEntryVoter voter = new ACLEntryVoter();
voter.setNamespacePrefixResolver(namespacePrefixResolver);
voter.setPermissionService(permissionService);
voter.setNodeService(nodeService);
voter.setAuthenticationService(authenticationService);
voter.setAuthorityService(authorityService);
// TODO: add explicit abstain tests (for now, configure dummy "abstainFor" to test deleted nodes - see ALF-898)
Set<String> abstainFor = new HashSet<String>(1);
abstainFor.add("{http://www.alfresco.org/model/content/1.0}emailed");
voter.setAbstainFor(abstainFor);
voter.afterPropertiesSet();
if (!(voter.vote(null, invocation, cad) == AccessDecisionVoter.ACCESS_DENIED))
{
return invocation.proceed();
}
else
{
throw new ACLEntryVoterException("Access denied");
}
}
}
}

127
source/test-java/org/alfresco/repo/security/permissions/impl/acegi/FilteringResultSetTest.java Normal file
View File

@@ -0,0 +1,127 @@
/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl.acegi;
import java.util.ArrayList;
import java.util.ListIterator;
import junit.framework.TestCase;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.search.results.ChildAssocRefResultSet;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.namespace.QName;
public class FilteringResultSetTest extends TestCase
{
public FilteringResultSetTest()
{
super();
}
public FilteringResultSetTest(String arg0)
{
super(arg0);
}
public void test()
{
StoreRef storeRef = new StoreRef("protocol", "test");
NodeRef root = new NodeRef(storeRef, "n0");
NodeRef n1 = new NodeRef(storeRef, "n1");
NodeRef n2 = new NodeRef(storeRef, "n2");
NodeRef n3 = new NodeRef(storeRef, "n3");
NodeRef n4 = new NodeRef(storeRef, "n4");
NodeRef n5 = new NodeRef(storeRef, "n5");
ArrayList<ChildAssociationRef> cars = new ArrayList<ChildAssociationRef>();
ChildAssociationRef car0 = new ChildAssociationRef(null, null, null, root);
ChildAssociationRef car1 = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, root, QName.createQName("{test}n2"), n1);
ChildAssociationRef car2 = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, n1, QName.createQName("{test}n3"), n2);
ChildAssociationRef car3 = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, n2, QName.createQName("{test}n4"), n3);
ChildAssociationRef car4 = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, n3, QName.createQName("{test}n5"), n4);
ChildAssociationRef car5 = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, n4, QName.createQName("{test}n6"), n5);
cars.add(car0);
cars.add(car1);
cars.add(car2);
cars.add(car3);
cars.add(car4);
cars.add(car5);
ResultSet in = new ChildAssocRefResultSet(null, cars);
FilteringResultSet filtering = new FilteringResultSet(in);
assertEquals(0, filtering.length());
for(int i = 0; i < 6; i++)
{
filtering.setIncluded(i, true);
assertEquals(1, filtering.length());
assertEquals("n"+i, filtering.getNodeRef(0).getId());
assertEquals(1, filtering.getNodeRefs().size());
assertEquals(1, filtering.getChildAssocRefs().size());
assertEquals("n"+i, filtering.getNodeRefs().get(0).getId());
filtering.setIncluded(i, false);
assertEquals(0, filtering.length());
}
for(int i = 0; i < 6; i++)
{
filtering.setIncluded(i, true);
assertEquals(i+1, filtering.length());
assertEquals("n"+i, filtering.getNodeRef(i).getId());
}
int count = 0;
for(ResultSetRow row : filtering)
{
assertNotNull(row);
assertTrue(count < 6);
count++;
}
ResultSetRow last = null;
for(ListIterator<ResultSetRow> it = filtering.iterator(); it.hasNext(); /**/)
{
ResultSetRow row = it.next();
if(last != null)
{
assertTrue(it.hasPrevious());
ResultSetRow previous = it.previous();
assertEquals(last.getIndex(), previous.getIndex());
row = it.next();
}
else
{
assertFalse(it.hasPrevious());
}
last = row;
}
}
}

251
source/test-java/org/alfresco/repo/security/permissions/impl/model/PermissionModelTest.java Normal file
View File

@@ -0,0 +1,251 @@
/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl.model;
import java.util.Collections;
import java.util.Random;
import java.util.Set;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.AbstractPermissionTest;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.security.permissions.impl.RequiredPermission.On;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.namespace.QName;
public class PermissionModelTest extends AbstractPermissionTest
{
public PermissionModelTest()
{
super();
}
public void testWoof()
{
QName typeQname = nodeService.getType(rootNodeRef);
Set<QName> aspectQNames = nodeService.getAspects(rootNodeRef);
PermissionReference ref = permissionModelDAO.getPermissionReference(null, "CheckOut");
Set<PermissionReference> answer = permissionModelDAO.getRequiredPermissions(ref, typeQname, aspectQNames, On.NODE);
assertEquals(1, answer.size());
}
public void testIncludePermissionGroups()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Consumer"));
assertEquals(8, grantees.size());
}
public void testIncludePermissionGroups2()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Contributor"));
assertEquals(16, grantees.size());
}
public void testIncludePermissionGroups3()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Editor"));
assertEquals(19, grantees.size());
}
public void testIncludePermissionGroups4()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Collaborator"));
assertEquals(26, grantees.size());
}
public void testIncludePermissionGroups5()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Coordinator"));
// NB This has gone from 59 to 63, I believe, because of the for new WCM roles.
// 63-97 from AVM permission fix up
assertEquals(103, grantees.size());
}
public void testIncludePermissionGroups6()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "RecordAdministrator"));
assertEquals(19, grantees.size());
}
public void testGetGrantingPermissions()
{
Set<PermissionReference> granters = permissionModelDAO.getGrantingPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base",
namespacePrefixResolver), "ReadProperties"));
// NB This has gone from 10 to 14 because of the new WCM roles, I believe.
// 14-18 -> 4 site base roles added
assertEquals(18, granters.size());
granters = permissionModelDAO.getGrantingPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base", namespacePrefixResolver),
"_ReadProperties"));
// NB 11 to 15 as above.
// 5-19 site based roles added
assertEquals(19, granters.size());
}
public void testGlobalPermissions()
{
Set<? extends PermissionEntry> globalPermissions = permissionModelDAO.getGlobalPermissionEntries();
assertEquals(6, globalPermissions.size());
}
public void testRequiredPermissions()
{
Set<PermissionReference> required = permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base",
namespacePrefixResolver), "Read"), QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
assertEquals(3, required.size());
required = permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base", namespacePrefixResolver),
"ReadContent"), QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
assertEquals(1, required.size());
required = permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base", namespacePrefixResolver),
"_ReadContent"), QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
assertEquals(0, required.size());
required = permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("cm", "cmobject", namespacePrefixResolver),
"Coordinator"), QName.createQName("cm", "cmobject", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
assertEquals(18, required.size());
required = permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base", namespacePrefixResolver),
"FullControl"), QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
assertEquals(18, required.size());
}
public void testMultiThreadedAccess()
{
Thread runner = null;
for (int i = 0; i < 20; i++)
{
runner = new Nester("Concurrent-" + i, runner);
}
if (runner != null)
{
runner.start();
try
{
runner.join();
}
catch (InterruptedException e)
{
e.printStackTrace();
}
}
}
class Nester extends Thread
{
Thread waiter;
Nester(String name, Thread waiter)
{
super(name);
this.setDaemon(true);
this.waiter = waiter;
}
public void run()
{
authenticationComponent.setSystemUserAsCurrentUser();
if (waiter != null)
{
waiter.start();
}
try
{
System.out.println("Start " + this.getName());
RetryingTransactionCallback<Void> queryPermissionModel = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
Random random = new Random();
Set<PermissionReference> toTest = permissionModelDAO.getAllPermissions(QName.createQName("sys", "base", namespacePrefixResolver));
for (int i = 0; i < 10000; i++)
{
for (PermissionReference pr : toTest)
{
if (random.nextFloat() < 0.5f)
{
// permissionModelDAO.getGranteePermissions(pr);
// permissionModelDAO.getGrantingPermissions(pr);
permissionModelDAO.getRequiredPermissions(pr, QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(),
On.NODE);
}
}
}
return null;
}
};
retryingTransactionHelper.doInTransaction(queryPermissionModel);
System.out.println("End " + this.getName());
}
catch (Exception e)
{
System.out.println("End " + this.getName() + " with error " + e.getMessage());
e.printStackTrace();
}
finally
{
authenticationComponent.clearCurrentSecurityContext();
}
if (waiter != null)
{
try
{
waiter.join();
}
catch (InterruptedException e)
{
}
}
}
}
public void testNulls()
{
permissionModelDAO.getRequiredPermissions(null, QName.createQName("sys", "base", namespacePrefixResolver), Collections.<QName> emptySet(), On.NODE);
permissionModelDAO.getRequiredPermissions(SimplePermissionReference.getPermissionReference(QName.createQName("sys", "base",
namespacePrefixResolver), "Read"),null, Collections.<QName> emptySet(), On.NODE);
permissionModelDAO.getRequiredPermissions(null, null, Collections.<QName> emptySet(), On.NODE);
permissionModelDAO.getGranteePermissions(null);
permissionModelDAO.getGlobalPermissionEntries().contains(null);
}
}