diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java index 77e2f8cc6d..c0f21c0d41 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java @@ -121,13 +121,21 @@ public class CreateCapability extends DeclarativeCapability conditions.put("capabilityCondition.closed", Boolean.FALSE); conditions.put("capabilityCondition.cutoff", Boolean.FALSE); + + // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record + if (checkConditions(destination, conditions) && + !recordFolderService.isRecordFolder(destination) ) + { + return AccessDecisionVoter.ACCESS_GRANTED; + } + if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } - + conditions.put("capabilityCondition.closed", Boolean.TRUE); if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java index 8ebcbea4f8..ce413bdf2c 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java @@ -24,6 +24,7 @@ import java.util.Set; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; +import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.security.authentication.AuthenticationUtil; @@ -149,4 +150,57 @@ public class CreateRecordTest extends BaseRMTestCase } }); } + + /** + * unit test for RM1649 fix + * test if a user with create record permissions and without file record permission is able to create a record within unfiled record container + */ + public void testCreateRecordCapabilityInsideUnfiledRecordsContainer() throws Exception + { + doBehaviourDrivenTest(new BehaviourDrivenTest() + { + /** test data */ + String roleName = GUID.generate(); + String user = GUID.generate(); + NodeRef record; + + public void given() + { + // create a role with view and create capabilities + Set capabilities = new HashSet(2); + capabilities.add(capabilityService.getCapability("ViewRecords")); + capabilities.add(capabilityService.getCapability("CreateRecords")); + filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); + + + // create user and assign to role + createPerson(user, true); + filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user); + + //give read and file permission to user on unfiled records container + filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING); + } + + public void when() + { + + AuthenticationUtil.runAs(new RunAsWork() + { + public Void doWork() throws Exception + { + record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null); + + return null; + } + }, user); + } + + public void then() + { + // check the details of the record + assertTrue(recordService.isRecord(record)); + + } + }); + } }