diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
index 56219b525c..82ea78d057 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -209,7 +209,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl
for (PermissionPostProcessor postProcessor : postProcessors)
{
// post process permission
- result = postProcessor.process(result, nodeRef, perm, this.configuredReadPermissions, this.configuredReadPermissions);
+ result = postProcessor.process(result, nodeRef, perm, this.configuredReadPermissions, this.configuredFilePermissions);
}
return result;
diff --git a/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessorUnitTest.java b/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessorUnitTest.java
new file mode 100644
index 0000000000..3db8c28aee
--- /dev/null
+++ b/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessorUnitTest.java
@@ -0,0 +1,120 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail. Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ * #L%
+ */
+
+package org.alfresco.module.org_alfresco_module_rm.permission;
+
+import static java.util.Arrays.asList;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.when;
+
+import java.util.List;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.test.util.AlfMock;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+/**
+ * Extended permission service implementation unit test
+ *
+ * @author David Webster
+ * @since 2.4.1
+ */
+public class RecordsManagementPermissionPostProcessorUnitTest
+{
+
+ private @InjectMocks
+ RecordsManagementPermissionPostProcessor recordsManagementPermissionPostProcessor = new RecordsManagementPermissionPostProcessor();
+
+ private @Mock NodeService nodeService;
+ private @Mock PermissionService permissionService;
+
+ @Before
+ public void setup()
+ {
+ MockitoAnnotations.initMocks(this);
+ }
+
+ /**
+ * Given the configured permissions are set
+ * When hasPermission is called
+ * Then the correct result is returned
+ */
+ @Test
+ public void configurePermissionsAllowed()
+ {
+ AccessStatus accessStatus = AccessStatus.DENIED;
+ NodeRef nodeRef = new NodeRef("node://ref/");
+ String perm = AlfMock.generateText();
+ // permissions includes the perm created above
+ List configuredReadPermissions = asList("ReadProperties", "ReadChildren", perm);
+ List configuredFilePermissions = asList("WriteProperties", "AddChildren");
+
+ when(nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+ .thenReturn(true);
+ when(permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS))
+ .thenReturn(AccessStatus.ALLOWED);
+
+ AccessStatus result = recordsManagementPermissionPostProcessor.process(accessStatus, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
+
+ assertEquals(AccessStatus.ALLOWED, result);
+ }
+
+ /**
+ * Given the configured permissions are set
+ * When hasPermission is called
+ * Then the correct result is returned
+ */
+ @Test
+ public void configurePermissionsDenied()
+ {
+ AccessStatus accessStatus = AccessStatus.DENIED;
+ NodeRef nodeRef = new NodeRef("node://ref/");
+ String perm = AlfMock.generateText();
+ // permissions do not include perm created above
+ List configuredReadPermissions = asList("ReadProperties", "ReadChildren");
+ List configuredFilePermissions = asList("WriteProperties", "AddChildren");
+
+ when(nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+ .thenReturn(true);
+ when(permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS))
+ .thenReturn(AccessStatus.ALLOWED);
+
+ AccessStatus result = recordsManagementPermissionPostProcessor.process(accessStatus, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
+
+ assertEquals(AccessStatus.DENIED, result);
+ }
+}
diff --git a/rm-community/rm-community-repo/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java b/rm-community/rm-community-repo/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java
index 0caa350b12..63549b5948 100644
--- a/rm-community/rm-community-repo/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java
+++ b/rm-community/rm-community-repo/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java
@@ -34,6 +34,8 @@ import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import java.util.List;
+
import org.alfresco.module.org_alfresco_module_rm.test.util.AlfMock;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor;
@@ -121,15 +123,21 @@ public class ExtendedPermissionServiceImplUnitTest extends BaseUnitTest
{
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
+ List configuredReadPermissions = asList("ReadProperties", "ReadChildren");
+ List configuredFilePermissions = asList("WriteProperties", "AddChildren");
+
+ extendedPermissionServiceImpl.setConfiguredReadPermissions("ReadProperties,ReadChildren");
+ extendedPermissionServiceImpl.setConfiguredFilePermissions("WriteProperties,AddChildren");
+
when(mockedPermissionProcessorRegistry.getPermissionPostProcessors())
.thenReturn(asList(mockedPermissionPostProcessor));
- when(mockedPermissionPostProcessor.process(AccessStatus.UNDETERMINED, nodeRef, perm))
+ when(mockedPermissionPostProcessor.process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions))
.thenReturn(AccessStatus.ALLOWED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.ALLOWED, result);
- verify(mockedPermissionPostProcessor).process(AccessStatus.UNDETERMINED, nodeRef, perm);
+ verify(mockedPermissionPostProcessor).process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
}
}