inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1649 : (Access denied to Declare Record to Unfiled Records for user with Create Records capability)

Browse Source 
- I handled the case when the destination folder is not a record folder and the user doesn't need File Record capability to create a record there
   - I wrote a unit test for it but the test is failing with access denied on calling hasAspect method 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@92359 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Ana Bozianu
2014-12-16 10:11:09 +00:00
parent 6cb0e1b253
commit b60a6fa4e9
2 changed files with 63 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -121,13 +121,21 @@ public class CreateCapability extends DeclarativeCapability
conditions.put("capabilityCondition.closed", Boolean.FALSE); conditions.put("capabilityCondition.closed", Boolean.FALSE);
conditions.put("capabilityCondition.cutoff", Boolean.FALSE); conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
// if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
if (checkConditions(destination, conditions) &&
!recordFolderService.isRecordFolder(destination) )
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
recordFolderService.isRecordFolder(destination) && recordFolderService.isRecordFolder(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{ {
return AccessDecisionVoter.ACCESS_GRANTED; return AccessDecisionVoter.ACCESS_GRANTED;
} }
conditions.put("capabilityCondition.closed", Boolean.TRUE); conditions.put("capabilityCondition.closed", Boolean.TRUE);
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
recordFolderService.isRecordFolder(destination) && recordFolderService.isRecordFolder(destination) &&

54
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
View File

@@ -24,6 +24,7 @@ import java.util.Set;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
@@ -149,4 +150,57 @@ public class CreateRecordTest extends BaseRMTestCase
} }
}); });
} }
/**
* unit test for RM1649 fix
* test if a user with create record permissions and without file record permission is able to create a record within unfiled record container
*/
public void testCreateRecordCapabilityInsideUnfiledRecordsContainer() throws Exception
{
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
/** test data */
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef record;
public void given()
{
// create a role with view and create capabilities
Set<Capability> capabilities = new HashSet<Capability>(2);
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
//give read and file permission to user on unfiled records container
filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING);
}
public void when()
{
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null);
return null;
}
}, user);
}
public void then()
{
// check the details of the record
assertTrue(recordService.isRecord(record));
}
});
}
} }