diff --git a/config/alfresco/authority-services-context.xml b/config/alfresco/authority-services-context.xml index 9167b2eabe..b19628a01d 100644 --- a/config/alfresco/authority-services-context.xml +++ b/config/alfresco/authority-services-context.xml @@ -62,6 +62,9 @@ + + + diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java index ebe4ac0960..5c6c1842a6 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java @@ -37,6 +37,7 @@ import java.util.regex.Pattern; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.repo.cache.SimpleCache; +import org.alfresco.repo.tenant.TenantService; import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; @@ -67,7 +68,9 @@ public class AuthorityDAOImpl implements AuthorityDAO private DictionaryService dictionaryService; private PersonService personService; - + + private TenantService tenantService; + private SimpleCache> authorityLookupCache; public AuthorityDAOImpl() @@ -107,7 +110,12 @@ public class AuthorityDAOImpl implements AuthorityDAO { this.personService = personService; } - + + public void setTenantService(TenantService tenantService) + { + this.tenantService = tenantService; + } + public boolean authorityExists(String name) { NodeRef ref = getAuthorityOrNull(name); @@ -246,7 +254,7 @@ public class AuthorityDAOImpl implements AuthorityDAO throw new UnknownAuthorityException("An authority was not found for " + name); } - CacheKey key = new CacheKey(type, name, false, !immediate); + CacheKey key = new CacheKey(type, name, tenantService.getCurrentUserDomain(), false, !immediate); HashSet authorities = authorityLookupCache.get(key); if (authorities == null) @@ -277,7 +285,7 @@ public class AuthorityDAOImpl implements AuthorityDAO public Set getContainingAuthorities(AuthorityType type, String name, boolean immediate) { - CacheKey key = new CacheKey(type, name, true, !immediate); + CacheKey key = new CacheKey(type, name, tenantService.getCurrentUserDomain(), true, !immediate); HashSet authorities = authorityLookupCache.get(key); if (authorities == null) @@ -610,23 +618,23 @@ public class AuthorityDAOImpl implements AuthorityDAO private static class CacheKey implements Serializable { - /** - * - */ - private static final long serialVersionUID = -4784784204722074066L; + private static final long serialVersionUID = -3787608436067567755L; AuthorityType type; String name; + String tenantDomain; + boolean parents; boolean recursive; - CacheKey(AuthorityType type, String name, boolean parents, boolean recursive) + CacheKey(AuthorityType type, String name, String tenantDomain, boolean parents, boolean recursive) { this.type = type; this.name = name; + this.tenantDomain = (tenantDomain == null ? TenantService.DEFAULT_DOMAIN : tenantDomain); this.parents = parents; this.recursive = recursive; } @@ -637,6 +645,7 @@ public class AuthorityDAOImpl implements AuthorityDAO final int prime = 31; int result = 1; result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + ((tenantDomain == null) ? 0 : tenantDomain.hashCode()); result = prime * result + (parents ? 1231 : 1237); result = prime * result + (recursive ? 1231 : 1237); result = prime * result + ((type == null) ? 0 : type.hashCode()); @@ -660,6 +669,8 @@ public class AuthorityDAOImpl implements AuthorityDAO } else if (!name.equals(other.name)) return false; + else if (!tenantDomain.equals(other.tenantDomain)) + return false; if (parents != other.parents) return false; if (recursive != other.recursive) diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java index 077227def4..3c40e7e6d2 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java +++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java @@ -410,30 +410,80 @@ public class MultiTDemoTest extends TestCase { logger.info("Create demo groups"); + assertTrue(tenants.size() > 0); + + final int rootGrpsOrigCnt = AuthenticationUtil.runAs(new RunAsWork() + { + public Integer doWork() throws Exception + { + return authorityService.getAllRootAuthorities(AuthorityType.GROUP).size(); + } + }, tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenants.get(0))); + + // create groups and add users for (final String tenantDomain : tenants) { - String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); + final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); AuthenticationUtil.runAs(new RunAsWork() + { + public Object doWork() throws Exception + { + createGroup("GrpA", null); + createGroup("SubGrpA", "GrpA"); + + createGroup("GrpB", null); + + createGroup("GrpC", null); + + if (tenantDomain.equals(TEST_TENANT_DOMAIN2)) { - public Object doWork() throws Exception - { - createGroup("GrpA-"+tenantDomain, null); - createGroup("SubGrpA-"+tenantDomain, "GrpA-"+tenantDomain); - - createGroup("GrpB-"+tenantDomain, null); - createGroup("SubGrpB-"+tenantDomain, "GrpB-"+tenantDomain); - - if (tenantDomain.equals(TEST_TENANT_DOMAIN2)) - { - createGroup("GrpC-"+tenantDomain, null); - createGroup("SubGrpC-"+tenantDomain, "GrpC-"+tenantDomain); - } - - return null; - } - }, tenantAdminName); + createGroup("SubGrpC", "GrpC"); + } + + createGroup("GrpD", null); + addToGroup("GrpD", tenantAdminName); + + return null; + } + }, tenantAdminName); + } + + // check groups/users + for (final String tenantDomain : tenants) + { + final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); + AuthenticationUtil.runAs(new RunAsWork() + { + public Object doWork() throws Exception + { + Set rootGrps = authorityService.getAllRootAuthorities(AuthorityType.GROUP); + assertEquals(rootGrpsOrigCnt+4, rootGrps.size()); + + Set auths = authorityService.getContainedAuthorities(null, "GROUP_GrpA", true); + assertEquals(1, auths.size()); + + auths = authorityService.getContainedAuthorities(null, "GROUP_GrpB", true); + assertEquals(0, auths.size()); + + auths = authorityService.getContainedAuthorities(null, "GROUP_GrpC", true); + if (tenantDomain.equals(TEST_TENANT_DOMAIN2)) + { + assertEquals(1, auths.size()); + } + else + { + assertEquals(0, auths.size()); + } + + auths = authorityService.getContainedAuthorities(null, "GROUP_GrpD", true); + assertEquals(1, auths.size()); + assertTrue(auths.toArray()[0].equals(tenantAdminName)); + + return null; + } + }, tenantAdminName); } } @@ -885,9 +935,8 @@ public class MultiTDemoTest extends TestCase if (parentGroupName != null) { - this.authorityService.addAuthority(parentGroupName, groupName); + addToGroup(parentShortName, groupName); } - } else { @@ -895,6 +944,11 @@ public class MultiTDemoTest extends TestCase } } + private void addToGroup(String parentGroupShortName, String authorityName) + { + String parentGroupName = this.authorityService.getName(AuthorityType.GROUP, parentGroupShortName); + authorityService.addAuthority(parentGroupName, authorityName); + } private NodeRef createUser(String baseUserName, String tenantDomain, String password) {