inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged BRANCHES/V2.3 to HEAD:

Browse Source 
96823: RM-1903 (Can't manage permissions without "Manage Access Controls" capability)
   96840: Changed Japanese date format to it's original value in the properties file.
   96904: RM-1929: Exclude a file that shouldn't be translated from the RM l10n bundles
   96905: RM-1644 (Possible to create "report" records and copy records without Create Record capability)
   96974: RM-1800 (Transfers are not displayed for non-rm-admin users)
   96975: RM-1644 (Possible to create "report" records and copy records without Create Record capability)
   96976: Fixed failing transfer related tests after the recent changes

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@97020 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2015-02-13 12:35:54 +00:00
parent 2243ac43ec eef05aea17
commit bf909beb6d
19 changed files with 879 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
l10n.properties Normal file
View File

@@ -0,0 +1,4 @@
# Localisation config overrides for Records Management module
MESSAGE_SEARCH_PATH="rm-server/config rm-share/config"
EXCLUDED_FILES="$EXCLUDED_FILES rm-method-security.properties"
EXTENSION_PREFIX=-RM

1
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml
View File

@@ -210,6 +210,7 @@
<property name="conditions"> <property name="conditions">
<map> <map>
<entry key="capabilityCondition.isTransferAccession" value="false"/> <entry key="capabilityCondition.isTransferAccession" value="false"/>
<entry key="capabilityCondition.filling" value="true"/>
</map> </map>
</property> </property>
</bean> </bean>

4
rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
View File

@@ -85,8 +85,8 @@ capability.CreateModifyDestroyRoles.title=Create Modify Destroy Roles
capability.CreateModifyDestroyUsersAndGroups.title=Create Modify Destroy Users and Groups capability.CreateModifyDestroyUsersAndGroups.title=Create Modify Destroy Users and Groups
capability.PasswordControl.title=Password Control capability.PasswordControl.title=Password Control
capability.DisplayRightsReport.title=Display Rights Report capability.DisplayRightsReport.title=Display Rights Report
capability.ManageAccessControls.title=Manage Access Controls capability.ManageAccessControls.title=Group and User Role Assignment
capability.ManageAccessRights.title=Manage Access Rights capability.ManageAccessRights.title=Manage Permissions
# Configuration # Configuration
capability.group.config.title=Configuration capability.group.config.title=Configuration

2
rm-server/config/alfresco/module/org_alfresco_module_rm/messages/template_ja.properties
View File

@@ -1,6 +1,6 @@
# File Report Template # File Report Template
file.report.acession.report=\u53d7\u8afe\u30ec\u30dd\u30fc\u30c8 file.report.acession.report=\u53d7\u8afe\u30ec\u30dd\u30fc\u30c8
file.report.date.format=EEE MMM dd HH:mm:ss zzz yyyy file.report.date.format=EEE\u5e74MMM\u6708dd\u65e5\u3001HH:mm:ss zzz yyyy
file.report.declared.by=\u5ba3\u8a00\u8005 file.report.declared.by=\u5ba3\u8a00\u8005
file.report.declared.on=\u30aa\u30f3 file.report.declared.on=\u30aa\u30f3
file.report.destroyed=\u7834\u68c4\u6e08\u307f file.report.destroyed=\u7834\u68c4\u6e08\u307f

2
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -426,6 +426,8 @@
<value>UNFILED_RECORD_FOLDER</value> <value>UNFILED_RECORD_FOLDER</value>
<value>HOLD_CONTAINER</value> <value>HOLD_CONTAINER</value>
<value>HOLD</value> <value>HOLD</value>
<value>TRANSFER</value>
<value>TRANSFER_CONTAINER</value>
</set> </set>
</property> </property>
<property name="capability" value ="ManageAccessRights"/> <property name="capability" value ="ManageAccessRights"/>

10
rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
View File

@@ -174,12 +174,12 @@ rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getPermiss
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=RM.Read.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=RM.Read.0
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=RM_ALLOW
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.hasPermission=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.hasPermission=RM_ALLOW
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM.Capability.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM.Capability.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM.Capability.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY
## Site service ## Site service

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/TransferCompleteAction.java
View File

@@ -36,6 +36,9 @@ public class TransferCompleteAction extends RMActionExecuterAbstractBase
/** I18N */ /** I18N */
private static final String MSG_NODE_NOT_TRANSFER = "rm.action.node-not-transfer"; private static final String MSG_NODE_NOT_TRANSFER = "rm.action.node-not-transfer";
/** Action name */
public static final String NAME = "transferComplete";
/** Transfer service */ /** Transfer service */
private TransferService transferService; private TransferService transferService;

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -80,10 +80,6 @@ public class CreateCapability extends DeclarativeCapability
*/ */
public int evaluate(NodeRef destination, NodeRef linkee, QName assocType) public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
{ {
//if the user doesn't have Create Record capability deny access
if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
return AccessDecisionVoter.ACCESS_DENIED;
if (linkee != null) if (linkee != null)
{ {
int state = checkRead(linkee, true); int state = checkRead(linkee, true);
@@ -98,7 +94,7 @@ public class CreateCapability extends DeclarativeCapability
{ {
if (linkee == null) if (linkee == null)
{ {
if (recordService.isRecord(destination) && if (recordService.isRecord(destination) &&
!recordService.isDeclared(destination) && !recordService.isDeclared(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{ {
@@ -124,14 +120,14 @@ public class CreateCapability extends DeclarativeCapability
conditions.put("capabilityCondition.frozen", Boolean.FALSE); conditions.put("capabilityCondition.frozen", Boolean.FALSE);
conditions.put("capabilityCondition.closed", Boolean.FALSE); conditions.put("capabilityCondition.closed", Boolean.FALSE);
conditions.put("capabilityCondition.cutoff", Boolean.FALSE); conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
// if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
!recordFolderService.isRecordFolder(destination) ) !recordFolderService.isRecordFolder(destination) )
{ {
return AccessDecisionVoter.ACCESS_GRANTED; return AccessDecisionVoter.ACCESS_GRANTED;
} }
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
recordFolderService.isRecordFolder(destination) && recordFolderService.isRecordFolder(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)

46
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java
View File

@@ -1,46 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.policy;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.aopalliance.intercept.MethodInvocation;
/**
*
* @author Roy Wetherall
* @since 2.1
*/
public class CapabilityPolicy extends AbstractBasePolicy
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.policy.Policy#evaluate(org.aopalliance.intercept.MethodInvocation, java.lang.Class[], org.alfresco.module.org_alfresco_module_rm.capability.policy.ConfigAttributeDefinition)
*/
@Override
@SuppressWarnings("rawtypes")
public int evaluate(
MethodInvocation invocation,
Class[] params,
ConfigAttributeDefinition cad)
{
NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
return getCapabilityService().getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).evaluate(testNodeRef);
}
}

21
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/evaluator/TransferEvaluator.java
View File

@@ -22,9 +22,13 @@ import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.jscript.app.BaseEvaluator; import org.alfresco.module.org_alfresco_module_rm.jscript.app.BaseEvaluator;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.namespace.RegexQNamePattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/** /**
* Evaluates whether the node in question is transferring is either a transfer or accession. * Evaluates whether the node in question is transferring is either a transfer or accession.
@@ -33,6 +37,9 @@ import org.alfresco.service.namespace.RegexQNamePattern;
*/ */
public class TransferEvaluator extends BaseEvaluator public class TransferEvaluator extends BaseEvaluator
{ {
/** Logger */
private static Log logger = LogFactory.getLog(TransferEvaluator.class);
/** indicates whether we are looking for accessions or transfers */ /** indicates whether we are looking for accessions or transfers */
private boolean transferAccessionIndicator = false; private boolean transferAccessionIndicator = false;
@@ -55,8 +62,18 @@ public class TransferEvaluator extends BaseEvaluator
NodeRef transfer = getTransferNodeRef(nodeRef); NodeRef transfer = getTransferNodeRef(nodeRef);
if (transfer != null) if (transfer != null)
{ {
boolean actual = ((Boolean)nodeService.getProperty(transfer, RecordsManagementModel.PROP_TRANSFER_ACCESSION_INDICATOR)).booleanValue(); try
result = (actual == transferAccessionIndicator); {
boolean actual = ((Boolean)nodeService.getProperty(transfer, RecordsManagementModel.PROP_TRANSFER_ACCESSION_INDICATOR)).booleanValue();
result = (actual == transferAccessionIndicator);
}
catch (AccessDeniedException ade)
{
logger.info("The user '"
+ AuthenticationUtil.getFullyAuthenticatedUser()
+ "' does not have permissions on the node '"
+ transfer + "'.");
}
} }
return result; return result;

32
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -308,13 +308,31 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
public void onCreateTransfer(final ChildAssociationRef childAssocRef) public void onCreateTransfer(final ChildAssociationRef childAssocRef)
{ {
mandatory("childAssocRef", childAssocRef); mandatory("childAssocRef", childAssocRef);
NodeRef childRef = childAssocRef.getChildRef();
final NodeRef childRef = childAssocRef.getChildRef();
setupPermissions(childAssocRef.getParentRef(), childRef); setupPermissions(childAssocRef.getParentRef(), childRef);
// Give read permissions for all RM roles for the transfer folders (see RM-1800).
// This behaviour will be changed once the add manage permission option is added in the UI for the transfers containers. final String user = AuthenticationUtil.getFullyAuthenticatedUser();
NodeRef filePlan = getFilePlanService().getFilePlan(childRef);
String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan); final boolean hasUserPermission = authenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
getPermissionService().setPermission(childRef, allRoles, READ_RECORDS, true); {
public Boolean doWork()
{
return getPermissionService().hasPermission(childRef, RMPermissionModel.FILING) == AccessStatus.ALLOWED;
}
}, user);
if (!hasUserPermission)
{
authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
getPermissionService().setPermission(childRef, user, RMPermissionModel.FILING, true);
return null;
}
});
}
} }
/** /**
@@ -545,7 +563,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
private boolean canPerformPermissionAction(NodeRef nodeRef) private boolean canPerformPermissionAction(NodeRef nodeRef)
{ {
return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef); return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef) || isTransfer(nodeRef);
} }
/** /**

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/IntegrationTestSuite.java
View File

@@ -53,7 +53,8 @@ import org.junit.runners.Suite.SuiteClasses;
JobTestSuite.class, JobTestSuite.class,
HoldTestSuite.class, HoldTestSuite.class,
VersionTestSuite.class, VersionTestSuite.class,
RelationshipTestSuite.class RelationshipTestSuite.class/*,
TransferTestSuite.class*/
}) })
public class IntegrationTestSuite public class IntegrationTestSuite
{ {

8
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
View File

@@ -293,7 +293,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords"); Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords); assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null; return null;
@@ -319,8 +319,8 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords"); Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords); assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.READ_RECORDS)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null; return null;
@@ -346,7 +346,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords"); Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords); assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer)); assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null; return null;

116
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
View File

@@ -28,29 +28,28 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID; import org.alfresco.util.GUID;
/** /**
* Create record tests. * Create record tests.
* *
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.2 * @since 2.2
*/ */
public class CreateRecordTest extends BaseRMTestCase public class CreateRecordTest extends BaseRMTestCase
{ {
public void testCreateRecordCapabilityOnly() throws Exception public void testCreateRecordCapabilityOnly() throws Exception
{ {
doBehaviourDrivenTest(new BehaviourDrivenTest() doBehaviourDrivenTest(new BehaviourDrivenTest()
{ {
/** test data */ /** test data */
String roleName = GUID.generate(); String roleName = GUID.generate();
String user = GUID.generate(); String user = GUID.generate();
NodeRef recordFolder; NodeRef recordFolder;
NodeRef record; NodeRef record;
public void given() public void given()
{ {
// create role // create role
@@ -58,42 +57,42 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords")); capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords")); capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role // create user and assign to role
createPerson(user, true); createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user); filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure // create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate()); NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate()); recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
} }
public void when() public void when()
{ {
// give read and file permissions to user // give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING); filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
AuthenticationUtil.runAs(new RunAsWork<Void>() AuthenticationUtil.runAs(new RunAsWork<Void>()
{ {
public Void doWork() throws Exception public Void doWork() throws Exception
{ {
record = recordService.createRecordFromContent(recordFolder, GUID.generate(), TYPE_CONTENT, null, null); record = recordService.createRecordFromContent(recordFolder, GUID.generate(), TYPE_CONTENT, null, null);
return null; return null;
} }
}, user); }, user);
} }
public void then() public void then()
{ {
// check the details of the record // check the details of the record
assertTrue(recordService.isRecord(record)); assertTrue(recordService.isRecord(record));
} }
}); });
} }
/** /**
* @see * @see
*/ */
public void testCreateRecordCapabilityOnlyFromFileFolderService() throws Exception public void testCreateRecordCapabilityOnlyFromFileFolderService() throws Exception
{ {
@@ -101,10 +100,10 @@ public class CreateRecordTest extends BaseRMTestCase
{ {
/** test data */ /** test data */
String roleName = GUID.generate(); String roleName = GUID.generate();
String user = GUID.generate(); String user = GUID.generate();
NodeRef recordFolder; NodeRef recordFolder;
NodeRef record; NodeRef record;
public void given() public void given()
{ {
// create role // create role
@@ -112,45 +111,45 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords")); capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords")); capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role // create user and assign to role
createPerson(user, true); createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user); filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure // create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate()); NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate()); recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
} }
public void when() public void when()
{ {
// give read and file permissions to user // give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING); filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
AuthenticationUtil.runAs(new RunAsWork<Void>() AuthenticationUtil.runAs(new RunAsWork<Void>()
{ {
public Void doWork() throws Exception public Void doWork() throws Exception
{ {
record = fileFolderService.create(recordFolder, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef(); record = fileFolderService.create(recordFolder, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
ContentWriter writer = contentService.getWriter(record, ContentModel.TYPE_CONTENT, true); ContentWriter writer = contentService.getWriter(record, ContentModel.TYPE_CONTENT, true);
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
writer.setEncoding("UTF-8"); writer.setEncoding("UTF-8");
writer.putContent("Lucy Wetherall"); writer.putContent("Lucy Wetherall");
return null; return null;
} }
}, user); }, user);
} }
public void then() public void then()
{ {
// check the details of the record // check the details of the record
assertTrue(recordService.isRecord(record)); assertTrue(recordService.isRecord(record));
} }
}); });
} }
/** /**
* unit test for RM1649 fix * unit test for RM1649 fix
* test if a user with create record permissions and without file record permission is able to create a record within unfiled record container * test if a user with create record permissions and without file record permission is able to create a record within unfiled record container
@@ -163,7 +162,7 @@ public class CreateRecordTest extends BaseRMTestCase
String roleName = GUID.generate(); String roleName = GUID.generate();
String user = GUID.generate(); String user = GUID.generate();
NodeRef record; NodeRef record;
public void given() public void given()
{ {
// create a role with view and create capabilities // create a role with view and create capabilities
@@ -171,16 +170,16 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords")); capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords")); capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role // create user and assign to role
createPerson(user, true); createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user); filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
//give read and file permission to user on unfiled records container //give read and file permission to user on unfiled records container
filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING); filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING);
} }
public void when() public void when()
{ {
AuthenticationUtil.runAs(new RunAsWork<Void>() AuthenticationUtil.runAs(new RunAsWork<Void>()
@@ -188,12 +187,12 @@ public class CreateRecordTest extends BaseRMTestCase
public Void doWork() throws Exception public Void doWork() throws Exception
{ {
record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null); record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null);
return null; return null;
} }
}, user); }, user);
} }
public void then() public void then()
{ {
// check the details of the record // check the details of the record
@@ -202,49 +201,4 @@ public class CreateRecordTest extends BaseRMTestCase
} }
}); });
} }
public void testCreateRecordWithoutCreateRecordCapability() throws Exception
{
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
{
/** test data */
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef recordFolder;
public void given()
{
// create role
Set<Capability> capabilities = new HashSet<Capability>(2);
capabilities.add(capabilityService.getCapability("ViewRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
public void when()
{
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user,
RMPermissionModel.FILING);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
recordService.createRecordFromContent(recordFolder, GUID.generate(),
TYPE_CONTENT, null, null);
return null;
}
}, user);
}
});
}
} }

157
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/CreateTransferFolderAsNonAdminUser.java Normal file
View File

@@ -0,0 +1,157 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
import static org.alfresco.util.GUID.generate;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Test case which shows that the user who creates the transfer gets filing permissions granted.
*
* @author Tuna Aksoy
* @since 2.3
*/
public class CreateTransferFolderAsNonAdminUser extends BaseRMTestCase
{
// Test user
private String testUser = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Create test user
testUser = generate();
createPerson(testUser);
// Join the RM site
siteService.setMembership(siteId, testUser, SITE_CONSUMER);
// Add the test user to RM Records Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser);
}
public void testCreateTransferFolderAsNonAdminUser()
{
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser)
{
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given()
{
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when()
{
// FIXME: If the transfer step is executed here the test fails?!?
//transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then()
{
// Check transfer folder
assertNotNull(transferFolder);
// User should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if the user has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
}
});
}
}

192
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/FilingPermissionsOnTransferFolder.java Normal file
View File

@@ -0,0 +1,192 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
import static org.alfresco.util.GUID.generate;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Test case which shows that the user who did not create a transfer folder will
* be able to see and action on it if he gets filing permission on the transfer folder.
*
* @author Tuna Aksoy
* @since 2.3
*/
public class FilingPermissionsOnTransferFolder extends BaseRMTestCase
{
// Test users
private String testUser1 = null;
private String testUser2 = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Create test users
testUser1 = generate();
createPerson(testUser1);
testUser2 = generate();
createPerson(testUser2);
// Join the RM site
siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
// Add the test users to RM Records Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
}
public void testFilingPermissionsOnTransferFolder()
{
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
{
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given()
{
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser1, FILING);
filePlanPermissionService.setPermission(category, testUser2, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when()
{
// FIXME: If the transfer step is executed here the test fails.
//transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
// Give testUser2 filing permissions on transfer folder
filePlanPermissionService.setPermission(transferFolder, testUser2, FILING);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser1 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser1 has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser2 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser2 has read permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, READ_RECORDS));
// Check if testUser2 has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
// FIXME: Should be able to execute the action. Failing intermittently.
// Execute transfer complete action as testUser2 who has filing permissions on the transfer folder
rmActionService.executeRecordsManagementAction(transferFolder, TransferCompleteAction.NAME);
return null;
}
}, testUser2);
}
});
}
}

181
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/NoPermissionsOnTransferFolder.java Normal file
View File

@@ -0,0 +1,181 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
import static org.alfresco.service.cmr.security.AccessStatus.DENIED;
import static org.alfresco.util.GUID.generate;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Test case which shows that the user who did not create a transfer folder will not be able to see it.
*
* @author Tuna Aksoy
* @since 2.3
*/
public class NoPermissionsOnTransferFolder extends BaseRMTestCase
{
// Test users
private String testUser1 = null;
private String testUser2 = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Create test users
testUser1 = generate();
createPerson(testUser1);
testUser2 = generate();
createPerson(testUser2);
// Join the RM site
siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
// Add the test users to RM Records Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
}
public void testNoPermissionsOnTransferFolder()
{
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
{
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given()
{
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser1, FILING);
filePlanPermissionService.setPermission(category, testUser2, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when()
{
// FIXME: If the transfer step is executed here the test fails.
//transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser1 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser1 has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser2 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser2 has read permissions on the transfer folder
assertEquals(DENIED, permissionService.hasPermission(transferFolder, READ_RECORDS));
return null;
}
}, testUser2);
}
});
}
}

201
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/ReadPermissionsOnTransferFolder.java Normal file
View File

@@ -0,0 +1,201 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
import static org.alfresco.service.cmr.security.AccessStatus.DENIED;
import static org.alfresco.util.GUID.generate;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Test case which shows that the user who did not create a transfer folder will
* be able to see the transfer folder if he gets read permissions, but will not
* be able to action on it.
*
* @author Tuna Aksoy
* @since 2.3
*/
public class ReadPermissionsOnTransferFolder extends BaseRMTestCase
{
// Test users
private String testUser1 = null;
private String testUser2 = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Create test users
testUser1 = generate();
createPerson(testUser1);
testUser2 = generate();
createPerson(testUser2);
// Join the RM site
siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
// Add the users to RM Records Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
}
public void testReadPermissionsOnTransferFolder()
{
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
{
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given()
{
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser1, FILING);
filePlanPermissionService.setPermission(category, testUser2, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when()
{
// FIXME: If the transfer step is executed here the test fails.
//transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
// Give testUser2 read permissions on transfer folder
filePlanPermissionService.setPermission(transferFolder, testUser2, READ_RECORDS);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser1 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser1 has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
runAs(new RunAsWork<Void>()
{
public Void doWork()
{
// Check transfer folder
assertNotNull(transferFolder);
// testUser2 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser2 has read permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, READ_RECORDS));
// Check if testUser2 filing permissions on the transfer folder
assertEquals(DENIED, permissionService.hasPermission(transferFolder, FILING));
// Try to execute transfer complete action as testUser2 who has no filing permissions on the transfer folder
try
{
rmActionService.executeRecordsManagementAction(transferFolder, TransferCompleteAction.NAME);
}
catch (AccessDeniedException ade)
{
// Expected
}
return null;
}
}, testUser2);
}
});
}
}

42
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/TransferTestSuite.java Normal file
View File

@@ -0,0 +1,42 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
import org.junit.runner.RunWith;
import org.junit.runners.Suite;
import org.junit.runners.Suite.SuiteClasses;
/**
* Transfer test suite
*
* @author Tuna Aksoy
* @since 2.3
*/
@RunWith(Suite.class)
@SuiteClasses(
{
CreateTransferFolderAsNonAdminUser.class,
FilingPermissionsOnTransferFolder.class,
NoPermissionsOnTransferFolder.class,
ReadPermissionsOnTransferFolder.class
})
public class TransferTestSuite
{
}