Merge branch 'develop' into feature/REPO-2626_HB2.0

2025-07-31 17:39:05 +00:00 · 2017-09-19 17:07:27 +01:00
parent eda2ac2b6f 26982357d4
commit bb927442f0
6 changed files with 273 additions and 87 deletions
--- a/l10n.properties
+++ b/l10n.properties
--- a/src/main/java/org/alfresco/repo/action/executer/MailActionExecuter.java
+++ b/src/main/java/org/alfresco/repo/action/executer/MailActionExecuter.java
@@ -615,9 +615,11 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
                
                // set recipient
                String to = (String)ruleAction.getParameterValue(PARAM_TO);
+                String toRecipients = null;
                if (to != null && to.length() != 0)
                {
                    messageRef[0].setTo(to);
+                    toRecipients = to;

                    // Note: there is no validation on the username to check that it actually is an email address.
                    // TODO Fix this.
@@ -778,6 +780,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
                        if(recipients.size() > 0)
                        {
                            messageRef[0].setTo(recipients.toArray(new String[recipients.size()]));
+                            toRecipients = String.join(",", recipients);
                        }
                        else
                        {
@@ -925,7 +928,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
                    }
                    
                    // build the email template model
-                    Map<String, Object> model = createEmailTemplateModel(actionedUponNodeRef, suppliedModel, fromPerson);
+                    Map<String, Object> model = createEmailTemplateModel(actionedUponNodeRef, suppliedModel, fromPerson, toRecipients);

                    // Determine the locale to use to send the email.
                    Locale locale = recipient.getSecond();
@@ -1054,7 +1057,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
                testSentCount++;
            }
        }
-        catch (MailException e)
+        catch (NullPointerException | MailException e)
        {
            onFail();
            String to = (String)ruleAction.getParameterValue(PARAM_TO);
@@ -1500,7 +1503,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
    * 
    * @return Model map for email templates
    */
-   private Map<String, Object> createEmailTemplateModel(NodeRef ref, Map<String, Object> suppliedModel, NodeRef fromPerson)
+   private Map<String, Object> createEmailTemplateModel(NodeRef ref, Map<String, Object> suppliedModel, NodeRef fromPerson, String toRecipents)
   {
      Map<String, Object> model = new HashMap<String, Object>(8, 1.0f);
      
@@ -1509,6 +1512,11 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
          model.put("person", new TemplateNode(fromPerson, serviceRegistry, null));
      }

+      if (toRecipents != null)
+      {
+          model.put("to", toRecipents);
+      }
+
      if (ref != null)
      {
          model.put("document", new TemplateNode(ref, serviceRegistry, null));
--- a/src/main/java/org/alfresco/repo/site/SitesPermissionCleaner.java
+++ b/src/main/java/org/alfresco/repo/site/SitesPermissionCleaner.java
@@ -31,6 +31,7 @@ import org.alfresco.repo.domain.node.NodeDAO;
 import org.alfresco.repo.domain.node.NodeIdAndAclId;
 import org.alfresco.repo.domain.permissions.Acl;
 import org.alfresco.repo.domain.permissions.AclDAO;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.ACLType;
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
@@ -99,8 +100,10 @@ public class SitesPermissionCleaner
    
    public void cleanSitePermissions(final NodeRef targetNode, SiteInfo containingSite)
    {
-        if (nodeDAO.exists(targetNode))
+        if (!nodeDAO.exists(targetNode))
        {
+            return;
+        }
        // We can calculate the containing site at the start of a recursive call & then reuse it on subsequent calls.
        if (containingSite == null)
        {
@@ -108,8 +111,10 @@ public class SitesPermissionCleaner
        }

        // Short-circuit at this point if the node is not in a Site.
-            if (containingSite != null)
+        if (containingSite == null)
        {
+            return;
+        }
        // For performance reasons we navigate down the containment hierarchy using the DAOs
        // rather than the NodeService. Note: direct use of NodeDAO requires tenantService (ALF-12732).
        final Long targetNodeID = nodeDAO.getNodePair(tenantService.getName(targetNode)).getFirst();
@@ -129,22 +134,28 @@ public class SitesPermissionCleaner

                // If it's a group site permission for a site other than the current site
                if (authority.startsWith(PermissionService.GROUP_PREFIX) &&
-                                !authority.startsWith(PermissionService.ALL_AUTHORITIES) && // And it's not GROUP_EVERYONE
-                                !authority.startsWith(thisSiteGroupPrefix))
-                        {
+                        // And it's not GROUP_EVERYONE
+                        !authority.startsWith(PermissionService.ALL_AUTHORITIES) && !authority.startsWith(thisSiteGroupPrefix) &&
                        //  And if the current user has permissions to do it
-                            if (publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
+                        publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
                {
                    // Then remove it.
                    permissionService.clearPermission(targetNode, authority);
                }
-                            if (publicServiceAccessService.hasAccess("PermissionService", "setInheritParentPermissions", targetNode, true) == AccessStatus.ALLOWED)
-                            {
-                                // And reenable permission inheritance.
-                                permissionService.setInheritParentPermissions(targetNode, true);
-                            }
-                        }

+                if (!permissionService.getInheritParentPermissions(targetNode))
+                {
+                    // The site manager from the new site, where this node was moved to, has to have permission to this node
+                    String siteManagerAuthority = thisSiteGroupPrefix + "_" + SiteModel.SITE_MANAGER;
+                    AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
+                    {
+                        public Void doWork() throws Exception
+                        {
+                            permissionService.setPermission(targetNode, siteManagerAuthority, SiteModel.SITE_MANAGER, true);
+                            return null;
+                        }
+                    }, AuthenticationUtil.getSystemUserName());
+                }
            }
        }

@@ -155,6 +166,4 @@ public class SitesPermissionCleaner
            cleanSitePermissions(nodeDAO.getNodePair(nextChild.getId()).getSecond(), containingSite);
        }
    }
-        }
-    }
 }
--- a/src/test/java/org/alfresco/repo/action/executer/AbstractMailActionExecuterTest.java
+++ b/src/test/java/org/alfresco/repo/action/executer/AbstractMailActionExecuterTest.java
@@ -772,6 +772,60 @@ public abstract class AbstractMailActionExecuterTest
        }
    }

+    /**
+     * Test for MNT-17970
+     * @throws IOException
+     * @throws MessagingException
+     */
+    @Test
+    public void testGetToUsersWhenSendingToGroup() throws IOException, MessagingException
+    {
+        String groupName = null;
+        final String USER1 = "test_user1";
+        final String USER2 = "test_user2";
+        try
+        {
+            // Create users and add them to a group
+            createUser(USER1, null);
+            createUser(USER2, null);
+            groupName = AUTHORITY_SERVICE.createAuthority(AuthorityType.GROUP, "testgroup1");
+            AUTHORITY_SERVICE.addAuthority(groupName, USER1);
+            AUTHORITY_SERVICE.addAuthority(groupName, USER2);

+            // Create mail
+            final Action mailAction = ACTION_SERVICE.createAction(MailActionExecuter.NAME);
+            mailAction.setParameterValue(MailActionExecuter.PARAM_FROM, "some.body@example.com");
+            mailAction.setParameterValue(MailActionExecuter.PARAM_TO_MANY, groupName);
+            mailAction.setParameterValue(MailActionExecuter.PARAM_SUBJECT, "Testing");
+            mailAction.setParameterValue(MailActionExecuter.PARAM_TEXT, "Testing");
+            mailAction.setParameterValue(MailActionExecuter.PARAM_TEMPLATE, "alfresco/templates/mail/testSentTo.txt.ftl");

+            RetryingTransactionHelper txHelper = APP_CONTEXT_INIT.getApplicationContext().getBean("retryingTransactionHelper", RetryingTransactionHelper.class);
+
+            // Send mail
+            MimeMessage message = txHelper.doInTransaction(new RetryingTransactionCallback<MimeMessage>()
+            {
+                @Override
+                public MimeMessage execute() throws Throwable
+                {
+                    ACTION_EXECUTER.executeImpl(mailAction, null);
+                    return ACTION_EXECUTER.retrieveLastTestMessage();
+                }
+            }, true);
+
+            // Check that both users are displayed in message body
+            String recipients = USER1 + "@email.com" + "," + USER2 + "@email.com";
+            Assert.assertNotNull(message);
+            Assert.assertEquals("This email was sent to " + recipients, (String) message.getContent());
+        }
+        finally
+        {
+            if (groupName != null)
+            {
+                AUTHORITY_SERVICE.deleteAuthority(groupName, true);
+            }
+            PERSON_SERVICE.deletePerson(USER1);
+            PERSON_SERVICE.deletePerson(USER2);
+        }
+    }
 }
--- a/src/test/java/org/alfresco/repo/site/SiteServiceImplTest.java
+++ b/src/test/java/org/alfresco/repo/site/SiteServiceImplTest.java
@@ -64,6 +64,7 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.dictionary.TypeDefinition;
 import org.alfresco.service.cmr.model.FileFolderService;
 import org.alfresco.service.cmr.model.FileInfo;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.ContentService;
 import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.CopyService;
@@ -91,7 +92,6 @@ import org.alfresco.test_category.BaseSpringTestsCategory;
 import org.alfresco.util.ApplicationContextHelper;
 import org.alfresco.util.BaseAlfrescoSpringTest;
 import org.alfresco.util.GUID;
-import org.alfresco.util.PropertyMap;
 import org.junit.experimental.categories.Category;
 import org.springframework.extensions.surf.util.I18NUtil;

@@ -1168,6 +1168,114 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
        }
    }

+    /**
+     * This is an integration test for MNT-18014
+     */
+    public void testMoveFolderStructureWithNonInheritedPermission()
+    {
+        //Login to share as the admin user
+        AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
+
+        // Create 2 sites test1, test2 as admin
+        String test1SiteShortName = "test1" + GUID.generate();
+        String test2SiteShortName = "test2" + GUID.generate();
+        createSite(test1SiteShortName, SiteService.DOCUMENT_LIBRARY, SiteVisibility.PUBLIC);
+        createSite(test2SiteShortName, SiteService.DOCUMENT_LIBRARY, SiteVisibility.PUBLIC);
+
+        SiteInfo test1SiteInfo = this.siteService.getSite(test1SiteShortName);
+        assertNotNull(test1SiteInfo);
+        SiteInfo test2SiteInfo = this.siteService.getSite(test2SiteShortName);
+        assertNotNull(test2SiteInfo);
+
+        // add user1 (USER_ONE) and user2 (USER_TWO) as managers on test1 site (test1SiteInfo)
+        siteService.setMembership(test1SiteShortName, USER_ONE, SiteModel.SITE_MANAGER);
+        siteService.setMembership(test1SiteShortName, USER_TWO, SiteModel.SITE_MANAGER);
+
+        // Give manager role to user1 to test2
+        siteService.setMembership(test2SiteShortName, USER_ONE, SiteModel.SITE_MANAGER);
+
+        // Log in as user2
+        AuthenticationUtil.setFullyAuthenticatedUser(USER_TWO);
+
+        // In document library of test1, create fol1 containing fol2 containing fol3
+        NodeRef documentLibraryTest1Site = siteService.getContainer(test1SiteShortName, SiteService.DOCUMENT_LIBRARY);
+        assertNotNull(documentLibraryTest1Site);
+        NodeRef fol1 = this.fileFolderService.create(documentLibraryTest1Site, "fol1-" + GUID.generate(), ContentModel.TYPE_FOLDER).getNodeRef();
+        NodeRef fol2 = this.fileFolderService.create(fol1, "fol2-" + GUID.generate(), ContentModel.TYPE_FOLDER).getNodeRef();
+        NodeRef fol3 = this.fileFolderService.create(fol2, "fol3-" + GUID.generate(), ContentModel.TYPE_FOLDER).getNodeRef();
+
+        // Cut inheritance on fol2
+        permissionService.setInheritParentPermissions(fol2, false);
+
+        // this is what happens when called from Share : permissions.post:
+        // var siteManagerAuthority = "GROUP_site_" + location.site + "_SiteManager";
+        // // Insure Site Managers can still manage content.
+        // node.setPermission("SiteManager", siteManagerAuthority);
+        String test1SiteGroupPrefix = siteServiceImpl.getSiteGroup(test1SiteShortName, true);
+        String test1SiteManagerAuthority = test1SiteGroupPrefix + "_" + SiteModel.SITE_MANAGER;
+        permissionService.setPermission(fol2, test1SiteManagerAuthority, SiteModel.SITE_MANAGER, true);
+
+        // Log in as user1, go to site test1
+        AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
+
+        // Check that user1 can see fol1 fol2 fol3
+        List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(documentLibraryTest1Site);
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol1", getFirstName(childAssocs).startsWith("fol1"));
+        childAssocs = nodeService.getChildAssocs(childAssocs.get(0).getChildRef());
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol2", getFirstName(childAssocs).startsWith("fol2"));
+        childAssocs = nodeService.getChildAssocs(childAssocs.get(0).getChildRef());
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol3", getFirstName(childAssocs).startsWith("fol3"));
+
+        NodeRef documentLibraryTest2Site = siteService.getContainer(test2SiteShortName, SiteService.DOCUMENT_LIBRARY);
+        assertNotNull(documentLibraryTest2Site);
+        childAssocs = nodeService.getChildAssocs(documentLibraryTest2Site);
+        assertTrue("Folder should be empty.", childAssocs.isEmpty());
+
+        // Move fol1 to site test2
+        ChildAssociationRef childAssociationRef = nodeService.moveNode(fol1, documentLibraryTest2Site, ContentModel.ASSOC_CONTAINS,
+                QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, GUID.generate()));
+
+        // This is what Share does:
+        // move the node
+        //result.success = fileNode.move(parent, destNode);
+        //
+        //if (result.success)
+        //{
+        //    // If this was an inter-site move, we'll need to clean up the permissions on the node
+        //    if ((fromSite) && (String(fromSite) !== String(fileNode.siteShortName)))
+        //    {
+        //        siteService.cleanSitePermissions(fileNode);
+        //    }
+        //}
+        siteService.cleanSitePermissions(fol1, test2SiteInfo);
+
+        childAssocs = nodeService.getChildAssocs(documentLibraryTest1Site);
+        assertTrue("test1Site document library should be empty.", childAssocs.isEmpty());
+
+        assertFalse("After the move the folder should keep the inherit permission value(false).",
+                permissionService.getInheritParentPermissions(fol2));
+
+        // Go to the site test2's document library and click on fol1
+        // user1 is able to see the contents of fol1
+        childAssocs = nodeService.getChildAssocs(documentLibraryTest2Site);
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol1", getFirstName(childAssocs).startsWith("fol1"));
+        childAssocs = nodeService.getChildAssocs(childAssocs.get(0).getChildRef());
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol2", getFirstName(childAssocs).startsWith("fol2"));
+        childAssocs = nodeService.getChildAssocs(childAssocs.get(0).getChildRef());
+        assertEquals("Size should be 1", 1, childAssocs.size());
+        assertTrue("Folder name should start with fol3", getFirstName(childAssocs).startsWith("fol3"));
+    }
+
+    private String getFirstName(List<ChildAssociationRef> childAssocs)
+    {
+        return nodeService.getProperties(childAssocs.get(0).getChildRef()).get(ContentModel.PROP_NAME).toString();
+    }
+
    public void testDeleteSite()
    {
        @SuppressWarnings("deprecation")
--- a/src/test/resources/alfresco/templates/mail/testSentTo.txt.ftl
+++ b/src/test/resources/alfresco/templates/mail/testSentTo.txt.ftl
@@ -0,0 +1 @@
+This email was sent to ${to}