inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Post merge fixes

Browse Source 
* build scripts updated so generated eclipse projects don't double up dependancies
  * demo code removed entirely
  * permission service override replaced with extended class based on updated core permission service implementation
  * unit test juggling 



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44009 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-11-26 23:40:35 +00:00
parent 97c5c54bb1
commit bcd6a044f7
9 changed files with 241 additions and 3682 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
build.gradle
View File

@@ -109,6 +109,10 @@ subprojects {
} }
} }
configurations {
alfrescoDeps
}
configurations.all { configurations.all {
exclude group: 'com.sun.jdmk', module: 'jmxtools' exclude group: 'com.sun.jdmk', module: 'jmxtools'
exclude group: 'com.sun.jmx', module: 'jmxri' exclude group: 'com.sun.jmx', module: 'jmxri'
@@ -143,7 +147,7 @@ subprojects {
/** --- Dependancy tasks --- */ /** --- Dependancy tasks --- */
task fetchWarFile(type:Copy) { task fetchWarFile(type:Copy) {
from configurations.testRuntime from configurations.alfrescoDeps
into '.' into '.'
include '*.war' include '*.war'
rename { String filename -> warFile } rename { String filename -> warFile }

6
rm-server/build.gradle
View File

@@ -12,12 +12,12 @@ dependencies {
testRuntime files(configDir) testRuntime files(configDir)
testRuntime files(testResourceDir) testRuntime files(testResourceDir)
testRuntime group: alfrescoGroupId, name: 'alfresco', version: alfrescoBaseVersion, type: 'war' alfrescoDeps group: alfrescoGroupId, name: 'alfresco', version: alfrescoBaseVersion, type: 'war'
testRuntime group: alfrescoGroupId, name: 'alfresco-solr', version: alfrescoBaseVersion, type: 'zip' alfrescoDeps group: alfrescoGroupId, name: 'alfresco-solr', version: alfrescoBaseVersion, type: 'zip'
} }
task fetchSOLR(type:Copy) { task fetchSOLR(type:Copy) {
from configurations.testRuntime from configurations.alfrescoDeps
into '.' into '.'
include '*.zip' include '*.zip'
rename { String filename -> solrFile } rename { String filename -> solrFile }

15
rm-server/config/alfresco/module/org_alfresco_module_rm/demo/demo-context.xml
View File

@@ -1,15 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!-- Bootstrap Records Management Models -->
<bean id="org_alfresco_module_rm_demoModelBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
<property name="models">
<list>
<value>alfresco/module/org_alfresco_module_rm/demo/demo-model.xml</value>
</list>
</property>
</bean>
</beans>

64
rm-server/config/alfresco/module/org_alfresco_module_rm/demo/demo-model.xml
View File

@@ -1,64 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<model name="demo:demoModel" xmlns="http://www.alfresco.org/model/dictionary/1.0">
<description>Demo Model</description>
<author>Roy Wetherall</author>
<version>1.0</version>
<!-- Imports are required to allow references to definitions in other models -->
<imports>
<!-- Import Alfresco Dictionary Definitions -->
<import uri="http://www.alfresco.org/model/dictionary/1.0" prefix="d"/>
<!-- Import Alfresco Content Domain Model Definitions -->
<import uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
<!-- Import Alfresco Content Domain Model Definitions -->
<import uri="http://www.alfresco.org/model/system/1.0" prefix="sys" />
<!-- Import Alfresco Records Management Model Definitions -->
<import uri="http://www.alfresco.org/model/recordsmanagement/1.0" prefix="rma" />
</imports>
<!-- Records Management Namespace -->
<namespaces>
<namespace uri="http://www.alfresco.org/model/demomodel/1.0" prefix="demo"/>
</namespaces>
<types>
<type name="demo:purchaseOrder">
<title>Purchase Order</title>
<parent>cm:content</parent>
<properties>
<property name="demo:orderId">
<title>Order Id</title>
<type>d:text</type>
</property>
<property name="demo:customerId">
<title>Customer Id</title>
<type>d:text</type>
</property>
<property name="demo:quantity">
<title>Order Quantity</title>
<type>d:int</type>
</property>
<property name="demo:deliveryDate">
<title>Delivery Date</title>
<type>d:date</type>
</property>
<property name="demo:confirmationSent">
<title>Sales Confirmation Sent</title>
<type>d:boolean</type>
</property>
</properties>
</type>
</types>
</model>

5
rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
View File

@@ -2,7 +2,7 @@
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans> <beans>
<bean id="permissionServiceImpl" class="org.alfresco.module.org_alfresco_module_rm.permission.PermissionServiceImpl" init-method="init"> <bean id="permissionServiceImpl" class="org.alfresco.repo.security.permissions.impl.RMPermissionServiceImpl" init-method="init">
<property name="nodeService"> <property name="nodeService">
<ref bean="mtAwareNodeService" /> <ref bean="mtAwareNodeService" />
</property> </property>
@@ -132,9 +132,6 @@
<!-- Import DOD 5015 --> <!-- Import DOD 5015 -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/dod5015/dod5015-context.xml"/> <import resource="classpath:alfresco/module/org_alfresco_module_rm/dod5015/dod5015-context.xml"/>
<!-- Import Demo Context -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/demo/demo-context.xml"/>
<!-- Import the RM identifier service's --> <!-- Import the RM identifier service's -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/rm-id-context.xml"/> <import resource="classpath:alfresco/module/org_alfresco_module_rm/rm-id-context.xml"/>

2776
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/permission/PermissionServiceImpl.java
View File

File diff suppressed because it is too large Load Diff

107
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java Normal file
View File

@@ -0,0 +1,107 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.service.cmr.security.PermissionService;
/**
* Extends the core permission service implementation allowing the consideration of the read records
* permission.
* <p>
* This is required for SOLR support.
*
* @author Roy Wetherall
*/
public class RMPermissionServiceImpl extends PermissionServiceImpl
{
/**
* Builds the set of authorities who can read the given ACL. No caching is done here.
*
* @return an <b>unmodifiable</b> set of authorities
*/
protected Set<String> buildReaders(Long aclId)
{
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null)
{
return Collections.emptySet();
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries())
{
assigned.add(ace.getAuthority());
}
for (String authority : assigned)
{
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
UnconditionalAclTest rmTest = new UnconditionalAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
if (test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId))
{
readers.add(authority);
}
}
return Collections.unmodifiableSet(readers);
}
/**
* @param aclId
* @return set of authorities with read permission on the ACL
*/
protected Set<String> buildReadersDenied(Long aclId)
{
HashSet<String> assigned = new HashSet<String>();
HashSet<String> denied = new HashSet<String>();
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null)
{
return denied;
}
for (AccessControlEntry ace : acl.getEntries())
{
assigned.add(ace.getAuthority());
}
for(String authority : assigned)
{
UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
UnconditionalDeniedAclTest rmTest = new UnconditionalDeniedAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
if(test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId))
{
denied.add(authority);
}
}
return denied;
}
}

151
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/NewRecordsManagementSecurityServiceImplTest.java
View File

@@ -1,151 +0,0 @@
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Records management security service test.
*
* @author Roy Wetherall
*/
public class NewRecordsManagementSecurityServiceImplTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef recordToo;
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
record = utils.createRecord(rmFolder, "record.txt");
recordToo = utils.createRecord(rmFolder, "recordToo.txt");
}
// TODO testGetProtectedAspects
// TODO getProtectedProperties
// TODO bootstrapDefaultRoles
// TODO getRoles
// TODO getRolesByUser
// TODO getRole
// TODO existsRole
// TODO hasRMAdminRole
// TODO createRole
// TODO updateRole
// TODO deleteRole
// TODO assignRoleToAuthority
// TODO setPermission
// TODO deletePermission
public void testExtendedReaders()
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
assertFalse(hasExtendedReadersAspect(filePlan));
assertFalse(hasExtendedReadersAspect(rmContainer));
assertFalse(hasExtendedReadersAspect(rmFolder));
assertFalse(hasExtendedReadersAspect(record));
assertNull(securityService.getExtendedReaders(record));
Set<String> extendedReaders = new HashSet<String>(2);
extendedReaders.add("monkey");
extendedReaders.add("elephant");
securityService.setExtendedReaders(record, extendedReaders);
Map<String, Integer> testMap = new HashMap<String, Integer>(2);
testMap.put("monkey", Integer.valueOf(1));
testMap.put("elephant", Integer.valueOf(1));
test(filePlan, testMap);
test(rmContainer, testMap);
test(rmFolder, testMap);
test(record, testMap);
Set<String> extendedReadersToo = new HashSet<String>(2);
extendedReadersToo.add("monkey");
extendedReadersToo.add("snake");
securityService.setExtendedReaders(recordToo, extendedReadersToo);
Map<String, Integer> testMapToo = new HashMap<String, Integer>(2);
testMapToo.put("monkey", Integer.valueOf(1));
testMapToo.put("snake", Integer.valueOf(1));
Map<String, Integer> testMapThree = new HashMap<String, Integer>(3);
testMapThree.put("monkey", Integer.valueOf(2));
testMapThree.put("elephant", Integer.valueOf(1));
testMapThree.put("snake", Integer.valueOf(1));
test(filePlan, testMapThree);
test(rmContainer, testMapThree);
test(rmFolder, testMapThree);
test(recordToo, testMapToo);
return null;
}
private boolean hasExtendedReadersAspect(NodeRef nodeRef)
{
return nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS);
}
private void test(NodeRef nodeRef, Map<String, Integer> testMap)
{
assertTrue(hasExtendedReadersAspect(nodeRef));
Map<String, Integer> readersMap = (Map<String,Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
assertNotNull(readersMap);
assertEquals(testMap.size(), readersMap.size());
for (Map.Entry<String, Integer> entry: testMap.entrySet())
{
assertTrue(readersMap.containsKey(entry.getKey()));
assertEquals(entry.getValue(), readersMap.get(entry.getKey()));
}
Set<String> readers = securityService.getExtendedReaders(nodeRef);
assertNotNull(readers);
assertEquals(testMap.size(), readers.size());
}
});
}
// TODO getExtendedReaders
// TODO setExtendedReaders
// TODO removeExtendedReaders
// TODO removeAllExtendedReaders
}

765
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java
View File

@@ -1,695 +1,152 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service; package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.BaseSpringTest;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
/** /**
* Security service implementation unit test * Records management security service test.
* *
* @author Roy Wetherall * @author Roy Wetherall
*/ */
public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
implements RecordsManagementModel
{ {
protected static StoreRef SPACES_STORE = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); private NodeRef record;
private NodeRef recordToo;
private NodeService nodeService;
private MutableAuthenticationService authenticationService;
private AuthorityService authorityService;
private PermissionService permissionService;
private PersonService personService;
private RecordsManagementSecurityService rmSecurityService;
private RecordsManagementActionService rmActionService;
private RetryingTransactionHelper transactionHelper;
private CapabilityService capabilityService;
@Override @Override
protected void onSetUpInTransaction() throws Exception protected boolean isUserTest()
{ {
super.onSetUpInTransaction(); return true;
// Get the service required in the tests
this.nodeService = (NodeService)this.applicationContext.getBean("NodeService");
this.authenticationService = (MutableAuthenticationService)this.applicationContext.getBean("AuthenticationService");
this.personService = (PersonService)this.applicationContext.getBean("PersonService");
this.authorityService = (AuthorityService)this.applicationContext.getBean("authorityService");
this.rmSecurityService = (RecordsManagementSecurityService)this.applicationContext.getBean("RecordsManagementSecurityService");
this.transactionHelper = (RetryingTransactionHelper)this.applicationContext.getBean("retryingTransactionHelper");
this.permissionService = (PermissionService)this.applicationContext.getBean("PermissionService");
this.rmActionService = (RecordsManagementActionService)this.applicationContext.getBean("RecordsManagementActionService");
this.capabilityService = (CapabilityService)this.applicationContext.getBean("CapabilityService");
// Set the current security context as admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
} }
public void testRoles() @Override
protected void setupTestDataImpl()
{ {
final NodeRef rmRootNode = createRMRootNodeRef(); super.setupTestDataImpl();
setComplete(); record = utils.createRecord(rmFolder, "record.txt");
endTransaction(); recordToo = utils.createRecord(rmFolder, "recordToo.txt");
transactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
Set<Role> roles = rmSecurityService.getRoles(rmRootNode);
assertNotNull(roles);
assertEquals(5, roles.size());
rmSecurityService.createRole(rmRootNode, "MyRole", "My Role", getListOfCapabilities(5));
roles = rmSecurityService.getRoles(rmRootNode);
assertNotNull(roles);
assertEquals(6, roles.size());
Role role = findRole(roles, "MyRole");
assertNotNull(role);
assertEquals("MyRole", role.getName());
assertEquals("My Role", role.getDisplayLabel());
assertNotNull(role.getCapabilities());
assertEquals(5, role.getCapabilities().size());
assertNotNull(role.getRoleGroupName());
// Add a user to the role
String userName = createAndAddUserToRole(role.getRoleGroupName());
// Check that we can retrieve the users roles
Set<Role> userRoles = rmSecurityService.getRolesByUser(rmRootNode, userName);
assertNotNull(userRoles);
assertEquals(1, userRoles.size());
Role userRole = userRoles.iterator().next();
assertEquals("MyRole", userRole.getName());
try
{
rmSecurityService.createRole(rmRootNode, "MyRole", "My Role", getListOfCapabilities(5));
fail("Duplicate role id's not allowed for the same rm root node");
}
catch (AlfrescoRuntimeException e)
{
// Expected
} }
rmSecurityService.createRole(rmRootNode, "MyRole2", "My Role", getListOfCapabilities(5));
roles = rmSecurityService.getRoles(rmRootNode); // TODO testGetProtectedAspects
assertNotNull(roles);
assertEquals(7, roles.size());
Set<Capability> list = getListOfCapabilities(3, 4); // TODO getProtectedProperties
assertEquals(3, list.size());
Role result = rmSecurityService.updateRole(rmRootNode, "MyRole", "SomethingDifferent", list); // TODO bootstrapDefaultRoles
assertNotNull(result); // TODO getRoles
assertEquals("MyRole", result.getName());
assertEquals("SomethingDifferent", result.getDisplayLabel());
assertNotNull(result.getCapabilities());
assertEquals(3, result.getCapabilities().size());
assertNotNull(result.getRoleGroupName());
roles = rmSecurityService.getRoles(rmRootNode); // TODO getRolesByUser
assertNotNull(roles);
assertEquals(7, roles.size());
Role role2 = findRole(roles, "MyRole"); // TODO getRole
assertNotNull(role2);
assertEquals("MyRole", role2.getName());
assertEquals("SomethingDifferent", role2.getDisplayLabel());
assertNotNull(role2.getCapabilities());
assertEquals(3, role2.getCapabilities().size());
assertNotNull(role2.getRoleGroupName());
rmSecurityService.deleteRole(rmRootNode, "MyRole2"); // TODO existsRole
roles = rmSecurityService.getRoles(rmRootNode); // TODO hasRMAdminRole
assertNotNull(roles);
assertEquals(6, roles.size()); // TODO createRole
// TODO updateRole
// TODO deleteRole
// TODO assignRoleToAuthority
// TODO setPermission
// TODO deletePermission
public void testExtendedReaders()
{
doTestInTransaction(new Test<Void>()
{
public Void run()
{
assertFalse(hasExtendedReadersAspect(filePlan));
assertFalse(hasExtendedReadersAspect(rmContainer));
assertFalse(hasExtendedReadersAspect(rmFolder));
assertFalse(hasExtendedReadersAspect(record));
assertNull(securityService.getExtendedReaders(record));
Set<String> extendedReaders = new HashSet<String>(2);
extendedReaders.add("monkey");
extendedReaders.add("elephant");
securityService.setExtendedReaders(record, extendedReaders);
Map<String, Integer> testMap = new HashMap<String, Integer>(2);
testMap.put("monkey", Integer.valueOf(1));
testMap.put("elephant", Integer.valueOf(1));
test(filePlan, testMap);
test(rmContainer, testMap);
test(rmFolder, testMap);
test(record, testMap);
Set<String> extendedReadersToo = new HashSet<String>(2);
extendedReadersToo.add("monkey");
extendedReadersToo.add("snake");
securityService.setExtendedReaders(recordToo, extendedReadersToo);
Map<String, Integer> testMapToo = new HashMap<String, Integer>(2);
testMapToo.put("monkey", Integer.valueOf(1));
testMapToo.put("snake", Integer.valueOf(1));
Map<String, Integer> testMapThree = new HashMap<String, Integer>(3);
testMapThree.put("monkey", Integer.valueOf(2));
testMapThree.put("elephant", Integer.valueOf(1));
testMapThree.put("snake", Integer.valueOf(1));
test(filePlan, testMapThree);
test(rmContainer, testMapThree);
test(rmFolder, testMapThree);
test(recordToo, testMapToo);
return null; return null;
} }
private boolean hasExtendedReadersAspect(NodeRef nodeRef)
{
return nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS);
}
@SuppressWarnings("unchecked")
private void test(NodeRef nodeRef, Map<String, Integer> testMap)
{
assertTrue(hasExtendedReadersAspect(nodeRef));
Map<String, Integer> readersMap = (Map<String,Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
assertNotNull(readersMap);
assertEquals(testMap.size(), readersMap.size());
for (Map.Entry<String, Integer> entry: testMap.entrySet())
{
assertTrue(readersMap.containsKey(entry.getKey()));
assertEquals(entry.getValue(), readersMap.get(entry.getKey()));
}
Set<String> readers = securityService.getExtendedReaders(nodeRef);
assertNotNull(readers);
assertEquals(testMap.size(), readers.size());
}
}); });
} }
private Role findRole(Set<Role> roles, String name) // TODO getExtendedReaders
{
Role result = null;
for (Role role : roles)
{
if (name.equals(role.getName()) == true)
{
result = role;
break;
}
}
return result; // TODO setExtendedReaders
}
private Set<Capability> getListOfCapabilities(int size) // TODO removeExtendedReaders
{
return getListOfCapabilities(size, 0);
}
private Set<Capability> getListOfCapabilities(int size, int offset) // TODO removeAllExtendedReaders
{
Set<Capability> result = new HashSet<Capability>(size);
Set<Capability> caps = capabilityService.getCapabilities(false);
int count = 0;
for (Capability cap : caps)
{
if (count < size+offset)
{
if (count >= offset)
{
result.add(cap);
}
}
else
{
break;
}
count ++;
}
return result;
}
private NodeRef createRMRootNodeRef()
{
NodeRef root = this.nodeService.getRootNode(SPACES_STORE);
NodeRef filePlan = this.nodeService.createNode(root, ContentModel.ASSOC_CHILDREN, ContentModel.ASSOC_CHILDREN, TYPE_FILE_PLAN).getChildRef();
return filePlan;
}
private NodeRef addFilePlanCompoent(NodeRef parent, QName type)
{
String id = GUID.generate();
String seriesName = "Series" + id;
Map<QName, Serializable> props = new HashMap<QName, Serializable>(2);
props.put(ContentModel.PROP_NAME, seriesName);
props.put(PROP_IDENTIFIER, id);
return nodeService.createNode(
parent,
ContentModel.ASSOC_CONTAINS,
QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, seriesName),
type,
props).getChildRef();
}
private String createAndAddUserToRole(String role)
{
// Create an athentication
String userName = GUID.generate();
authenticationService.createAuthentication(userName, "PWD".toCharArray());
// Create a person
PropertyMap ppOne = new PropertyMap(4);
ppOne.put(ContentModel.PROP_USERNAME, userName);
ppOne.put(ContentModel.PROP_FIRSTNAME, "firstName");
ppOne.put(ContentModel.PROP_LASTNAME, "lastName");
ppOne.put(ContentModel.PROP_EMAIL, "email@email.com");
ppOne.put(ContentModel.PROP_JOBTITLE, "jobTitle");
personService.createPerson(ppOne);
// Assign the new user to the role passed
authorityService.addAuthority(role, userName);
return userName;
}
private String createUser()
{
// Create an athentication
String userName = GUID.generate();
authenticationService.createAuthentication(userName, "PWD".toCharArray());
// Create a person
PropertyMap ppOne = new PropertyMap(4);
ppOne.put(ContentModel.PROP_USERNAME, userName);
ppOne.put(ContentModel.PROP_FIRSTNAME, "firstName");
ppOne.put(ContentModel.PROP_LASTNAME, "lastName");
ppOne.put(ContentModel.PROP_EMAIL, "email@email.com");
ppOne.put(ContentModel.PROP_JOBTITLE, "jobTitle");
personService.createPerson(ppOne);
return userName;
}
public void testExecutionAsRMAdmin()
{
final NodeRef filePlan = createRMRootNodeRef();
setComplete();
endTransaction();
transactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
System.out.println("Groups:");
Set<String> temp = authorityService.getAllRootAuthorities(AuthorityType.GROUP);
for (String g : temp)
{
System.out.println(" - " + g);
}
System.out.println("");
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS).equals(AccessStatus.ALLOWED));
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.FILE_RECORDS).equals(AccessStatus.ALLOWED));
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.FILING).equals(AccessStatus.ALLOWED));
Role adminRole = rmSecurityService.getRole(filePlan, "Administrator");
assertNotNull(adminRole);
String adminUser = createAndAddUserToRole(adminRole.getRoleGroupName());
AuthenticationUtil.setFullyAuthenticatedUser(adminUser);
try
{
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS).equals(AccessStatus.ALLOWED));
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.FILE_RECORDS).equals(AccessStatus.ALLOWED));
assertTrue(permissionService.hasPermission(filePlan, RMPermissionModel.FILING).equals(AccessStatus.ALLOWED));
// Read the properties of the filePlan
nodeService.getProperties(filePlan);
}
finally
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
}
return null;
}
});
}
public void testDefaultRolesBootstrap()
{
NodeRef rootNode = nodeService.getRootNode(SPACES_STORE);
final NodeRef filePlan = nodeService.createNode(rootNode, ContentModel.ASSOC_CHILDREN,
TYPE_FILE_PLAN,
TYPE_FILE_PLAN).getChildRef();
setComplete();
endTransaction();
transactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
Set<Role> roles = rmSecurityService.getRoles(filePlan);
assertNotNull(roles);
assertEquals(5, roles.size());
Role role = rmSecurityService.getRole(filePlan, "User");
assertNotNull(role);
assertEquals("User", role.getName());
assertNotNull(role.getDisplayLabel());
Set<String> caps = role.getCapabilities();
assertNotNull(caps);
System.out.println("\nUser capabilities: ");
for (String cap : caps)
{
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
role = rmSecurityService.getRole(filePlan, "PowerUser");
assertNotNull(role);
assertEquals("PowerUser", role.getName());
assertNotNull(role.getDisplayLabel());
caps = role.getCapabilities();
assertNotNull(caps);
System.out.println("\nPowerUser capabilities: ");
for (String cap : caps)
{
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
role = rmSecurityService.getRole(filePlan, "SecurityOfficer");
assertNotNull(role);
assertEquals("SecurityOfficer", role.getName());
assertNotNull(role.getDisplayLabel());
caps = role.getCapabilities();
assertNotNull(caps);
System.out.println("\nSecurityOfficer capabilities: ");
for (String cap : caps)
{
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
role = rmSecurityService.getRole(filePlan, "RecordsManager");
assertNotNull(role);
assertEquals("RecordsManager", role.getName());
assertNotNull(role.getDisplayLabel());
caps = role.getCapabilities();
assertNotNull(caps);
System.out.println("\nRecordsManager capabilities: ");
for (String cap : caps)
{
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
role = rmSecurityService.getRole(filePlan, "Administrator");
assertNotNull(role);
assertEquals("Administrator", role.getName());
assertNotNull(role.getDisplayLabel());
caps = role.getCapabilities();
assertNotNull(caps);
System.out.println("\nAdministrator capabilities: ");
for (String cap : caps)
{
assertNotNull("No capability called " + cap, capabilityService.getCapability(cap));
System.out.println(cap);
}
return null;
}
});
}
public void xtestCreateNewRMUserAccessToFilePlan()
{
final NodeRef rmRootNode = createRMRootNodeRef();
final NodeRef seriesOne = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef seriesTwo = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef seriesThree = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef catOne = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef catTwo = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef catThree = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef folderOne = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
final NodeRef folderTwo = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
final NodeRef folderThree = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
setComplete();
endTransaction();
final String user = transactionHelper.doInTransaction(new RetryingTransactionCallback<String>()
{
public String execute() throws Throwable
{
// Create a new role
Set<Capability> caps = new HashSet<Capability>(1);
caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();
// Check the role group and allRole group are set up correctly
Set<String> groups = authorityService.getContainingAuthorities(AuthorityType.GROUP, role.getRoleGroupName(), true);
assertNotNull(groups);
// expect allRole group and the capability group
assertEquals(1, groups.size());
List<String> tempList = new ArrayList<String>(groups);
assertTrue(tempList.get(0).startsWith("GROUP_AllRoles"));
// User shouldn't be able to see the file plan node
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Check the permissions of the group on the root node
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rmRootNode, RMPermissionModel.READ_RECORDS));
try
{
nodeService.getChildAssocs(rmRootNode);
fail("The user shouldn't be able to read the children");
}
catch (AlfrescoRuntimeException e)
{
// expected
}
return null;
}
}, user);
// Assign the new user to the role
rmSecurityService.assignRoleToAuthority(rmRootNode, role.getName(), user);
return user;
}
});
transactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
// Prove that all the series are there
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(rmRootNode);
assertNotNull(assocs);
assertEquals(3, assocs.size());
// User should be able to see the file plan node
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Check user has read on the root
// assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmRootNode, RMPermissionModel.READ_RECORDS));
// Check that the user can not see any of the series
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(rmRootNode);
assertNotNull(assocs);
assertEquals(0, assocs.size());
return null;
}
}, user);
// Add read permissions to one of the series
permissionService.setPermission(seriesOne, user, RMPermissionModel.READ_RECORDS, true);
// Show that user can now see that series
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Check that the user can not see any of the series
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(rmRootNode);
assertNotNull(assocs);
assertEquals(1, assocs.size());
return null;
}
}, user);
// Add the read permission and file permission to get to the folder
permissionService.setPermission(catOne, user, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(folderOne, user, RMPermissionModel.FILING, true);
// TODO check visibility of items as we add the permissions
// TODO check that records inherit the permissions ok
// Try and close the folder as the new user
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
try
{
rmActionService.executeRecordsManagementAction(folderOne, "closeRecordFolder");
fail("User does not have the capability for this");
}
catch (org.alfresco.repo.security.permissions.AccessDeniedException exception)
{
// expected
}
return null;
}
}, user);
// Add the capability to the role
Set<Capability> caps2 = new HashSet<Capability>(1);
caps2.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
caps2.add(capabilityService.getCapability(RMPermissionModel.CLOSE_FOLDERS));
rmSecurityService.updateRole(rmRootNode, "TestRole", "My Test Role", caps2);
Set<AccessPermission> aps = permissionService.getAllSetPermissions(rmRootNode);
System.out.println("\nPermissions on new series node: ");
for (AccessPermission ap : aps)
{
System.out.println(" - " + ap.getAuthority() + " has " + ap.getPermission());
}
// Try and close the folder as the new user
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmRootNode, RMPermissionModel.CLOSE_FOLDERS));
rmActionService.executeRecordsManagementAction(folderOne, "closeRecordFolder");
return null;
}
}, user);
return null;
}
});
}
public void testSetPermissions()
{
final NodeRef rmRootNode = createRMRootNodeRef();
final NodeRef seriesOne = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef seriesTwo = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef seriesThree = addFilePlanCompoent(rmRootNode, TYPE_RECORD_CATEGORY);
final NodeRef catOne = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef catTwo = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef catThree = addFilePlanCompoent(seriesOne, TYPE_RECORD_CATEGORY);
final NodeRef folderOne = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
final NodeRef folderTwo = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
final NodeRef folderThree = addFilePlanCompoent(catOne, TYPE_RECORD_FOLDER);
setComplete();
endTransaction();
transactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
// Create a new role
Set<Capability> caps = new HashSet<Capability>(1);
caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();
rmSecurityService.assignRoleToAuthority(rmRootNode, role.getName(), user);
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmRootNode, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rmRootNode, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesThree, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catThree, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folderThree, RMPermissionModel.FILING));
return null;
}
}, user);
rmSecurityService.setPermission(catOne, user, RMPermissionModel.FILING);
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmRootNode, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(seriesOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(catOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderTwo, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderThree, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rmRootNode, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(seriesThree, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(catOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(catThree, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderOne, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderTwo, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folderThree, RMPermissionModel.FILING));
return null;
}
}, user);
return null;
}
});
}
} }