diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index 7c34f0d599..c2f2b51e44 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -229,16 +229,19 @@
+
+
+
diff --git a/source/java/org/alfresco/repo/web/scripts/activities/SiteActivitySystemTest.java b/source/java/org/alfresco/repo/web/scripts/activities/SiteActivitySystemTest.java
index 67b1b226aa..d940bb8a65 100644
--- a/source/java/org/alfresco/repo/web/scripts/activities/SiteActivitySystemTest.java
+++ b/source/java/org/alfresco/repo/web/scripts/activities/SiteActivitySystemTest.java
@@ -77,26 +77,32 @@ public class SiteActivitySystemTest extends TestCase
private static final String URL_USER_FEED = "/feed/user";
private static final String URL_USER_FEED_CTRL = "/feed/user/control";
- // Users & Passwords
+ // Test users & passwords
private static final String ADMIN_USER = "admin";
private static final String ADMIN_PW = "admin";
private static String user1 = null;
private static String user2 = null;
private static String user3 = null;
+ private static String user4 = null;
private static final String USER_PW = "password";
- // Test siteId
- private static String shortName = null;
+ // Test sites
+ private static String site1 = null;
+ private static String site2 = null;
+ private static String site3 = null;
- // Site Service appToolId
+ // AppToolId for site membership activities
private static String appToolId = "siteService"; // refer to SiteService
private static boolean setup = false;
+ private static boolean sitesCreated = false;
+ private static boolean membersAddedUpdated = false;
+ private static boolean membersRemoved = false;
+ private static boolean controlsCreated = false;
-
public SiteActivitySystemTest()
{
}
@@ -110,16 +116,21 @@ public class SiteActivitySystemTest extends TestCase
{
String testid = ""+System.currentTimeMillis();
- shortName = "testSite_" + testid;
- user1 = "testSite_user1_" + testid;
- user2 = "testSite_user2_" + testid;
- user3 = "testSite_user3_" + testid;
+ site1 = "test_site1_" + testid;
+ site2 = "test_site2_" + testid;
+ site3 = "test_site3_" + testid;
+
+ user1 = "test_user1_" + testid;
+ user2 = "test_user2_" + testid;
+ user3 = "test_user3_" + testid;
+ user4 = "test_user4_" + testid;
// pre-create users
createUser(user1, USER_PW);
createUser(user2, USER_PW);
createUser(user3, USER_PW);
+ createUser(user4, USER_PW);
setup = true;
}
@@ -132,60 +143,123 @@ public class SiteActivitySystemTest extends TestCase
super.tearDown();
}
- public void testCreateSite() throws Exception
+ public void testCreateSites() throws Exception
+ {
+ if (! sitesCreated)
+ {
+ String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
+
+ // create public site
+ createSite(site1, true, ticket);
+
+ // create private sites
+ createSite(site2, false, ticket);
+ createSite(site3, false, ticket);
+
+ sitesCreated = true;
+ }
+ }
+
+ protected void createSite(String siteId, boolean isPublic, String ticket) throws Exception
{
- String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
-
JSONObject site = new JSONObject();
site.put("sitePreset", "myPreset");
- site.put("shortName", shortName);
+ site.put("shortName", siteId);
site.put("title", "myTitle");
site.put("description", "myDescription");
- site.put("isPublic", true);
+ site.put("isPublic", isPublic);
String url = WEBSCRIPT_ENDPOINT + URL_SITES;
String response = callPostWebScript(url, ticket, site.toString());
if (logger.isDebugEnabled())
{
- logger.debug("testCreateSite");
- logger.debug("--------------");
+ logger.debug("createSite: " + siteId);
+ logger.debug("----------");
logger.debug(url);
logger.debug(response);
}
}
- public void testGetSite() throws Exception
+ public void testGetSites() throws Exception
{
- // relies on testCreateSite
+ testCreateSites();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
- String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + shortName;
+ getSite(site1, ticket);
+ getSite(site2, ticket);
+ getSite(site3, ticket);
+ }
+
+ protected void getSite(String siteId, String ticket) throws Exception
+ {
+ String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + siteId;
String response = callGetWebScript(url, ticket);
if (logger.isDebugEnabled())
{
- logger.debug("testGetSite");
- logger.debug("-----------");
+ logger.debug("getSite:" + siteId);
+ logger.debug("-------");
logger.debug(url);
logger.debug(response);
}
}
- public void testGetSiteFeed1() throws Exception
+ public void testGetSiteFeedsBefore() throws Exception
{
- // relies on testCreateSite
+ testCreateSites();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
- String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_SITE_FEED + "/" + shortName + "?format=json";
+ getSiteFeed(site1, ticket, 0);
+ getSiteFeed(site2, ticket, 0); // site 2 is private, but accessible to admins
+ getSiteFeed(site3, ticket, 0); // site 3 is private, but accessible to admins
+
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user4, USER_PW);
+
+ getSiteFeed(site1, ticket, 0); // site 1 is public, hence site feed is accessible to any user of the system
+
+ try
+ {
+ getSiteFeed(site2, ticket, 0); // site 2 is private, hence only accessible to members or admins
+
+ fail("Site feed for private site should not be accessible to non-admin / non-member");
+ }
+ catch (IOException ioe)
+ {
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
+ }
+
+ try
+ {
+ getSiteFeed(site3, ticket, 0); // site 3 is private, hence only accessible to members or admins
+
+ fail("Site feed for private site should not be accessible to non-admin / non-member");
+ }
+ catch (IOException ioe)
+ {
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
+ }
+ }
+
+ protected void getSiteFeed(String siteId, String ticket, int expectedCount) throws Exception
+ {
+ String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_SITE_FEED + "/" + siteId + "?format=json";
String jsonArrayResult = callGetWebScript(url, ticket);
if (jsonArrayResult != null)
{
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("getSiteFeed:" + siteId);
+ logger.debug("-----------");
+ logger.debug(url);
+ logger.debug(jsonArrayResult);
+ }
+
JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length());
+ assertEquals(expectedCount, ja.length());
}
else
{
@@ -193,45 +267,52 @@ public class SiteActivitySystemTest extends TestCase
}
}
- public void testGetUserFeeds1_asAdmin() throws Exception
+ public void testGetUserFeedsBefore() throws Exception
{
- // relies on testCreateSite
+ testCreateSites();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
- String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user1 + "?format=json";
+ getUserFeed(user1, ticket, true, 0);
+ getUserFeed(user2, ticket, true, 0);
+ getUserFeed(user3, ticket, true, 0);
+ getUserFeed(user4, ticket, true, 0);
+
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user1, USER_PW);
+
+ getUserFeed(user1, ticket, false, 0);
+
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user2, USER_PW);
+
+ try
+ {
+ getUserFeed(user1, ticket, true, 0);
+
+ fail("User feed should only be accessible to user or an admin");
+ }
+ catch (IOException ioe)
+ {
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
+ }
+ }
+
+ protected void getUserFeed(String userId, String ticket, boolean isAdmin, int expectedCount) throws Exception
+ {
+ String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + (isAdmin ? "/" + userId : "") + "?format=json";
String jsonArrayResult = callGetWebScript(url, ticket);
if (jsonArrayResult != null)
{
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("getUserFeed:" + userId + (isAdmin ? "(as admin)" : ""));
+ logger.debug("-----------");
+ logger.debug(url);
+ logger.debug(jsonArrayResult);
+ }
+
JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length());
- }
- else
- {
- fail("Error getting user feed");
- }
-
- url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user2 + "?format=json";
- jsonArrayResult = callGetWebScript(url, ticket);
-
- if (jsonArrayResult != null)
- {
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length());
- }
- else
- {
- fail("Error getting user feed");
- }
-
- url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user3 + "?format=json";
- jsonArrayResult = callGetWebScript(url, ticket);
-
- if (jsonArrayResult != null)
- {
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length());
+ assertEquals(expectedCount, ja.length());
}
else
{
@@ -241,145 +322,194 @@ public class SiteActivitySystemTest extends TestCase
public void testUserFeedControls() throws Exception
{
- String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user1, USER_PW);
- addFeedControl(user1, shortName, null, ticket);
-
- ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user2, USER_PW);
- addFeedControl(user2, null, appToolId, ticket);
-
- //ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user2, USER_PW);
- //addFeedControl(user3, shortName, appToolId, ticket);
-
- // TODO add more here, once we have more appToolIds
+ if (! controlsCreated)
+ {
+ // user 1 opts out of all activities for site 1
+ String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user1, USER_PW);
+ addFeedControl(user1, site1, null, ticket);
+
+ // user 2 opts out of site membership activities (across all sites)
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user2, USER_PW);
+ addFeedControl(user2, null, appToolId, ticket);
+
+ // user 3 opts out of site membership activities for site 1 only
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user3, USER_PW);
+ addFeedControl(user3, site1, appToolId, ticket);
+
+ // TODO add more here, once we have more appToolIds
+
+ controlsCreated = true;
+ }
}
- public void testMemberships() throws Exception
+ public void testAddAndUpdateMembershipsWithPause() throws Exception
{
- // relies on testCreateSite
+ if (! membersAddedUpdated)
+ {
+ testCreateSites();
+
+ String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
+
+ addAndUpdateMemberships(site1, ticket, true); // public site, include all users
+ addAndUpdateMemberships(site2, ticket, true); // private site, include all users
+ addAndUpdateMemberships(site3, ticket, false); // private site, do not include user 4
+
+ // add pause - otherwise, activity service will not generate feed entries (since they will have already left the site)
+ Thread.sleep(90000); // 1 min
+
+ membersAddedUpdated = true;
+ }
+ }
+
+ public void testGetSiteFeedsAfterAddAndUpdateMemberships() throws Exception
+ {
+ testCreateSites();
+ testAddAndUpdateMembershipsWithPause();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
-
+
+ getSiteFeed(site1, ticket, 8); // 8 = 4 users, each with 1 join, 1 role change
+ getSiteFeed(site2, ticket, 8); // 8 = 4 users, each with 1 join, 1 role change
+ getSiteFeed(site3, ticket, 6); // 6 = 3 users, each with 1 join, 1 role change (not user 4)
+
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user4, USER_PW);
+
+ getSiteFeed(site1, ticket, 8);
+ getSiteFeed(site2, ticket, 8); // site 2 is private, user 4 is a member
+
+ try
+ {
+ getSiteFeed(site3, ticket, 0); // site 3 is private, user 4 is not a member
+
+ fail("Site feed for private site should not be accessible to non-admin / non-member");
+ }
+ catch (IOException ioe)
+ {
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
+ }
+ }
+ public void testRemoveMembershipsWithPause() throws Exception
+ {
+ if (! membersRemoved)
+ {
+ testCreateSites();
+ testAddAndUpdateMembershipsWithPause();
+
+ String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
+
+ removeMemberships(site1, ticket, true);
+ removeMemberships(site2, ticket, true);
+ removeMemberships(site3, ticket, false);
+
+ // add pause
+ Thread.sleep(60000); // 1 min
+
+ membersRemoved = true;
+ }
+ }
+
+ protected void addAndUpdateMemberships(String siteId, String ticket, boolean includeUser4) throws Exception
+ {
// add member -> join site
- addMembership(user1, ticket, SiteModel.SITE_CONSUMER);
- addMembership(user2, ticket, SiteModel.SITE_MANAGER);
- addMembership(user3, ticket, SiteModel.SITE_COLLABORATOR);
+ addMembership(siteId, user1, ticket, SiteModel.SITE_CONSUMER);
+ addMembership(siteId, user2, ticket, SiteModel.SITE_MANAGER);
+ addMembership(siteId, user3, ticket, SiteModel.SITE_COLLABORATOR);
+
+ if (includeUser4) { addMembership(siteId, user4, ticket, SiteModel.SITE_CONSUMER); }
// update member -> change role
- updateMembership(user1, ticket, SiteModel.SITE_MANAGER);
- updateMembership(user2, ticket, SiteModel.SITE_COLLABORATOR);
- updateMembership(user3, ticket, SiteModel.SITE_CONSUMER);
-
- // add pause - otherwise, activity service will not generate feed entries (since they will have already left the site)
- Thread.sleep(90000); // 1 min
+ updateMembership(siteId, user1, ticket, SiteModel.SITE_MANAGER);
+ updateMembership(siteId, user2, ticket, SiteModel.SITE_COLLABORATOR);
+ updateMembership(siteId, user3, ticket, SiteModel.SITE_CONSUMER);
+ if (includeUser4) { updateMembership(siteId, user4, ticket, SiteModel.SITE_COLLABORATOR); }
+ }
+
+ protected void removeMemberships(String siteId, String ticket, boolean includeUser4) throws Exception
+ {
// remove member -> leave site
- removeMembership(user1, ticket);
- removeMembership(user2, ticket);
- removeMembership(user3, ticket);
+ removeMembership(siteId, user1, ticket);
+ removeMembership(siteId, user2, ticket);
+ removeMembership(siteId, user3, ticket);
- // add pause
- Thread.sleep(60000); // 1 min
+ if (includeUser4) { removeMembership(siteId, user4, ticket); }
}
- public void testGetSiteFeed2() throws Exception
+ public void testGetSiteFeedsAfterRemoveMemberships() throws Exception
{
- // relies on testCreateSite, testMemberships
+ testCreateSites();
+ testAddAndUpdateMembershipsWithPause();
+ testRemoveMembershipsWithPause();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
- String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_SITE_FEED + "/" + shortName + "?format=json";
- String jsonArrayResult = callGetWebScript(url, ticket);
-
- if (logger.isDebugEnabled())
+ getSiteFeed(site1, ticket, 12); // 12 = 4 users, each with 1 join, 1 role change, 1 leave
+ getSiteFeed(site2, ticket, 12); // 12 = 4 users, each with 1 join, 1 role change, 1 leave
+ getSiteFeed(site3, ticket, 9); // 9 = 3 users, each with 1 join, 1 role change, 1 leave (not user 4)
+
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user4, USER_PW);
+
+ getSiteFeed(site1, ticket, 12);
+
+ try
{
- logger.debug("testGetSiteFeed2");
- logger.debug("----------------");
- logger.debug(url);
- logger.debug(jsonArrayResult);
+ getSiteFeed(site2, ticket, 0); // site 2 is private, user 4 is no longer a member
+
+ fail("Site feed for private site should not be accessible to non-admin / non-member");
+ }
+ catch (IOException ioe)
+ {
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
}
- if (jsonArrayResult != null)
+ try
{
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(9, ja.length());
+ getSiteFeed(site3, ticket, 0); // site 3 is private, user 4 was never a member
+
+ fail("Site feed for private site should not be accessible to non-admin / non-member");
}
- else
+ catch (IOException ioe)
{
- fail("Error getting site feed");
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
}
}
- public void testGetUserFeeds2_asAdmin() throws Exception
+ public void testGetUserFeedsAfter() throws Exception
{
- // relies on testCreateSite, testMemberships
+ testCreateSites();
+ testAddAndUpdateMembershipsWithPause();
+ testRemoveMembershipsWithPause();
+ testUserFeedControls();
String ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, ADMIN_USER, ADMIN_PW);
- String url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user1 + "?format=json";
- String jsonArrayResult = callGetWebScript(url, ticket);
+ // 2 sites, with 4 users, each with 1 join and 1 role change = 8x2
+ // 1 site, with 3 users, each with 1 join and 1 role change = 6x1
- if (logger.isDebugEnabled())
- {
- logger.debug("testGetUserFeeds2_asAdmin: user1");
- logger.debug("--------------------------");
- logger.debug(url);
- logger.debug(jsonArrayResult);
- }
+ getUserFeed(user1, ticket, true, 14); // 8 = due to feed control - exclude site 1
+ getUserFeed(user2, ticket, true, 0); // 0 = due to feed control - exclude site membership activities (across all sites)
+ getUserFeed(user3, ticket, true, 14); // 8 = due to feed control - exclude site membership activities for site 1
+ getUserFeed(user4, ticket, true, 16); // 16 = no feed control
- if (jsonArrayResult != null)
- {
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length()); // 0 due to feed control
- }
- else
- {
- fail("Error getting user feed");
- }
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user1, USER_PW);
- url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user2 + "?format=json";
- jsonArrayResult = callGetWebScript(url, ticket);
+ getUserFeed(user1, ticket, false, 14);
- if (logger.isDebugEnabled())
- {
- logger.debug("testGetUserFeeds2_asAdmin: user2");
- logger.debug("--------------------------");
- logger.debug(url);
- logger.debug(jsonArrayResult);
- }
+ ticket = callLoginWebScript(WEBSCRIPT_ENDPOINT, user2, USER_PW);
- if (jsonArrayResult != null)
+ try
{
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(0, ja.length()); // 0 due to feed control
+ getUserFeed(user1, ticket, true, 14);
+
+ fail("User feed should only be accessible to user or an admin");
}
- else
+ catch (IOException ioe)
{
- fail("Error getting user feed");
- }
-
- url = WEBSCRIPT_ENDPOINT + URL_ACTIVITIES + URL_USER_FEED + "/" + user3 + "?format=json";
- jsonArrayResult = callGetWebScript(url, ticket);
-
- if (logger.isDebugEnabled())
- {
- logger.debug("testGetUserFeeds2_asAdmin: user3");
- logger.debug("--------------------------");
- logger.debug(url);
- logger.debug(jsonArrayResult);
- }
-
- if (jsonArrayResult != null)
- {
- JSONArray ja = new JSONArray(jsonArrayResult);
- assertEquals(6, ja.length());
- }
- else
- {
- fail("Error getting user feed");
+ assertTrue(ioe.getMessage().contains("HTTP response code: 401"));
}
}
- private void addMembership(String userName, String ticket, String role) throws Exception
+ private void addMembership(String siteId, String userName, String ticket, String role) throws Exception
{
// Build the JSON membership object
JSONObject membership = new JSONObject();
@@ -388,19 +518,19 @@ public class SiteActivitySystemTest extends TestCase
person.put("userName", userName);
membership.put("person", person);
- String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + shortName + URL_MEMBERSHIPS;
+ String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + siteId + URL_MEMBERSHIPS;
String response = callPostWebScript(url, ticket, membership.toString());
if (logger.isDebugEnabled())
{
- logger.debug("addMembership: " + userName);
+ logger.debug("addMembership: " + siteId + " - " + userName);
logger.debug("--------------");
logger.debug(url);
logger.debug(response);
}
}
- private void updateMembership(String userName, String ticket, String role) throws Exception
+ private void updateMembership(String siteId, String userName, String ticket, String role) throws Exception
{
// Build the JSON membership object
JSONObject membership = new JSONObject();
@@ -409,26 +539,26 @@ public class SiteActivitySystemTest extends TestCase
person.put("userName", userName);
membership.put("person", person);
- String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + shortName + URL_MEMBERSHIPS + "/" + userName;
+ String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + siteId + URL_MEMBERSHIPS + "/" + userName;
String response = callPutWebScript(url, ticket, membership.toString());
if (logger.isDebugEnabled())
{
- logger.debug("updateMembership: " + userName);
+ logger.debug("updateMembership: " + siteId + " - " + userName);
logger.debug("-----------------");
logger.debug(url);
logger.debug(response);
}
}
- private void removeMembership(String userName, String ticket) throws Exception
+ private void removeMembership(String siteId, String userName, String ticket) throws Exception
{
- String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + shortName + URL_MEMBERSHIPS + "/" + userName;
+ String url = WEBSCRIPT_ENDPOINT + URL_SITES + "/" + siteId + URL_MEMBERSHIPS + "/" + userName;
String response = callDeleteWebScript(url, ticket);
if (logger.isDebugEnabled())
{
- logger.debug("removeMembership: " + userName);
+ logger.debug("removeMembership: " + siteId + " - " + userName);
logger.debug("-----------------");
logger.debug(url);
logger.debug(response);
diff --git a/source/java/org/alfresco/repo/web/scripts/activities/feed/SiteFeedRetrieverWebScript.java b/source/java/org/alfresco/repo/web/scripts/activities/feed/SiteFeedRetrieverWebScript.java
index 3c48df3c7e..8800a03792 100644
--- a/source/java/org/alfresco/repo/web/scripts/activities/feed/SiteFeedRetrieverWebScript.java
+++ b/source/java/org/alfresco/repo/web/scripts/activities/feed/SiteFeedRetrieverWebScript.java
@@ -30,11 +30,16 @@ import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.site.SiteInfo;
+import org.alfresco.repo.site.SiteService;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.util.JSONtoFmModel;
import org.alfresco.web.scripts.DeclarativeWebScript;
import org.alfresco.web.scripts.Status;
import org.alfresco.web.scripts.WebScriptRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
/**
@@ -42,12 +47,21 @@ import org.json.JSONException;
*/
public class SiteFeedRetrieverWebScript extends DeclarativeWebScript
{
- private ActivityService activityService;
+ private static final Log logger = LogFactory.getLog(SiteFeedRetrieverWebScript.class);
+
+ private ActivityService activityService;
+ private SiteService siteService;
- public void setActivityService(ActivityService activityService)
- {
- this.activityService = activityService;
- }
+ public void setActivityService(ActivityService activityService)
+ {
+ this.activityService = activityService;
+ }
+
+ public void setSiteService(SiteService siteService)
+ {
+ this.siteService = siteService;
+ }
+
/* (non-Javadoc)
* @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
@@ -83,9 +97,16 @@ public class SiteFeedRetrieverWebScript extends DeclarativeWebScript
format = "atomentry";
}
- // TODO - check if site is public or private
- // if private and user is not a member or not an admin then throw 401 (unauthorised)
-
+ // if site is null then either does not exist or is private (and current user is not admin or a member) - hence return 401 (unauthorised)
+ SiteInfo siteInfo = siteService.getSite(siteId);
+ if (siteInfo == null)
+ {
+ String currentUser = AuthenticationUtil.getCurrentUserName();
+ status.setCode(Status.STATUS_UNAUTHORIZED);
+ logger.warn("Unable to get site feed entries for '" + siteId + "' (site does not exist or is private) - currently logged in as '" + currentUser +"'");
+ return null;
+ }
+
Map model = new HashMap();
List feedEntries = activityService.getSiteFeedEntries(siteId, format);
diff --git a/source/java/org/alfresco/repo/web/scripts/activities/feed/UserFeedRetrieverWebScript.java b/source/java/org/alfresco/repo/web/scripts/activities/feed/UserFeedRetrieverWebScript.java
index e993804e91..b1fee38dfb 100644
--- a/source/java/org/alfresco/repo/web/scripts/activities/feed/UserFeedRetrieverWebScript.java
+++ b/source/java/org/alfresco/repo/web/scripts/activities/feed/UserFeedRetrieverWebScript.java
@@ -30,12 +30,16 @@ import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.activities.ActivityService;
+import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.util.JSONtoFmModel;
import org.alfresco.web.scripts.DeclarativeWebScript;
import org.alfresco.web.scripts.Status;
import org.alfresco.web.scripts.WebScriptRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
/**
@@ -43,12 +47,21 @@ import org.json.JSONException;
*/
public class UserFeedRetrieverWebScript extends DeclarativeWebScript
{
- private ActivityService activityService;
+ private static final Log logger = LogFactory.getLog(UserFeedRetrieverWebScript.class);
+
+ private ActivityService activityService;
+ private AuthorityService authorityService;
+
+ public void setActivityService(ActivityService activityService)
+ {
+ this.activityService = activityService;
+ }
- public void setActivityService(ActivityService activityService)
- {
- this.activityService = activityService;
- }
+ public void setAuthorityService(AuthorityService authorityService)
+ {
+ this.authorityService = authorityService;
+ }
+
/* (non-Javadoc)
* @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
@@ -84,6 +97,17 @@ public class UserFeedRetrieverWebScript extends DeclarativeWebScript
{
feedUserId = AuthenticationUtil.getCurrentUserName();
}
+
+ String currentUser = AuthenticationUtil.getCurrentUserName();
+ if (! ((currentUser == null) ||
+ (currentUser.equals(AuthenticationUtil.getSystemUserName())) ||
+ (authorityService.isAdminAuthority(currentUser)) ||
+ (currentUser.equals(feedUserId))))
+ {
+ status.setCode(Status.STATUS_UNAUTHORIZED);
+ logger.warn("Unable to get user feed entries for '" + feedUserId + "' - currently logged in as '" + currentUser +"'");
+ return null;
+ }
// map feed collection format to feed entry format (if not the same), eg.
// atomfeed -> atomentry