RM-452: RM seurity context will break core Alfresco if Alfresco's public services change

* unit test to show this working * added package for issue specific unit tests * fix to file plan service so that isFilePlanComponent works for non file plan artifacts git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54460 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-08-26 09:45:17 +00:00
parent cc18dc8a75
commit c060e948c0
8 changed files with 225 additions and 3 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java
@@ -178,8 +178,8 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
    public boolean isFilePlanComponent(NodeRef nodeRef)
    {
        boolean result = false;
-        if (nodeService.exists(nodeRef) == true &&
-            nodeService.hasAspect(nodeRef, ASPECT_FILE_PLAN_COMPONENT) == true)
+        if (getInternalNodeService().exists(nodeRef) == true &&
+            getInternalNodeService().hasAspect(nodeRef, ASPECT_FILE_PLAN_COMPONENT) == true)
        {
            result = true;
        }
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/AllTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/AllTestSuite.java
@@ -35,7 +35,8 @@ import org.junit.runners.Suite.SuiteClasses;
    ActionTestSuite.class,
    CapabilitiesTestSuite.class,
    ServicesTestSuite.class,
-    WebScriptTestSuite.class
+    WebScriptTestSuite.class,
+    IssueTestSuite.class
 })
 public class AllTestSuite
 {
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/IssueTestSuite.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test;
+
+import org.alfresco.module.org_alfresco_module_rm.test.issue.RM452Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+import org.junit.runners.Suite.SuiteClasses;
+
+/**
+ * Issue test suite
+ *
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+@RunWith(Suite.class)
+@SuiteClasses(
+{
+    RM452Test.class
+})
+public class IssueTestSuite
+{
+}
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM452Test.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM452Test.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.issue;
+
+import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.module.org_alfresco_module_rm.test.util.TestService;
+
+
+/**
+ * System test for RM-452
+ * 
+ * See alfresco.extension.rm-method-security.properties
+ * 
+ * @author Roy Wetherall
+ */
+public class RM452Test extends BaseRMTestCase 
+{
+    private TestService testService;
+    
+    @Override
+    protected void initServices()
+    {
+        super.initServices();
+        
+        testService = (TestService)applicationContext.getBean("TestService");
+    }
+    
+    @Override
+    protected boolean isCollaborationSiteTest()
+    {
+        return true;
+    }
+    
+    @Override
+    protected boolean isRecordTest()
+    {
+        return true;
+    }
+   
+    public void testRM452() throws Exception
+    {
+        doTestInTransaction(new Test<Void>()
+        {
+            @Override
+            public Void run()
+            {
+                assertNotNull(folder);
+                assertNotNull(recordOne);
+                assertFalse(filePlanService.isFilePlanComponent(folder));
+                assertTrue(filePlanService.isFilePlanComponent(recordOne));
+                
+                // call methodOne with non-RM artifact .. expect success
+                testService.testMethodOne(folder);
+                        
+                // call methodTwo with non-RM artifact .. expect success
+                testService.testMethodTwo(folder);
+                
+                // call methodOne with an RM artifact .. expect success
+                testService.testMethodOne(recordOne);                
+                
+                return null;
+            }
+        });
+        
+        doTestInTransaction(new FailureTest
+        (
+                "Shouldn't be able to call testMethodTwo on TestService, because override RM security for method is not configred.", 
+                AlfrescoRuntimeException.class
+        )
+        {
+            
+            @Override
+            public void run() throws Exception
+            {
+                // call methodTwo with an RM artifact .. expect failure
+                testService.testMethodTwo(recordOne);
+            }
+        });
+    }
+}
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/TestService.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/TestService.java
@@ -0,0 +1,11 @@
+package org.alfresco.module.org_alfresco_module_rm.test.util;
+
+import org.alfresco.service.cmr.repository.NodeRef;
+
+public interface TestService
+{
+    void testMethodOne(NodeRef nodeRef);
+    
+    void testMethodTwo(NodeRef nodeRef);
+
+}
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/TestServiceImpl.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/TestServiceImpl.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.util;
+
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public class TestServiceImpl implements TestService
+{
+    @Override
+    public void testMethodOne(NodeRef nodeRef)
+    {
+    }
+
+    @Override
+    public void testMethodTwo(NodeRef nodeRef)
+    {
+    }
+}
--- a/rm-server/test/resources/alfresco/extension/rm-method-security.properties
+++ b/rm-server/test/resources/alfresco/extension/rm-method-security.properties
@@ -0,0 +1,2 @@
+rm.methodsecurity.org.alfresco.module.org_alfresco_module_rm.test.util.TestService.testMethodOne=RM_ALLOW
+rm.methodsecurity.org.alfresco.module.org_alfresco_module_rm.test.util.TestService.*=RM_DENY
--- a/rm-server/test/resources/test-context.xml
+++ b/rm-server/test/resources/test-context.xml
@@ -181,4 +181,38 @@
      <property name="namespaceService" ref="NamespaceService"/>
   </bean>
   
+   <!--  Test service -->
+   
+   <bean id="testService" class="org.alfresco.module.org_alfresco_module_rm.test.util.TestServiceImpl"/>
+   
+   <bean id="TestService" class="org.springframework.aop.framework.ProxyFactoryBean">
+        <property name="proxyInterfaces">
+            <value>org.alfresco.module.org_alfresco_module_rm.test.util.TestService</value>
+        </property>
+        <property name="target">
+            <ref bean="testService"/>
+        </property>
+        <property name="interceptorNames">
+            <list>
+                <idref local="TestService_transaction"/>
+                <idref bean="exceptionTranslator"/>
+                <idref local="TestService_security"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="TestService_transaction" parent="baseTransaction" />
+
+    <bean id="TestService_security" parent="baseSecurity">
+        <property name="objectDefinitionSource">
+            <value>
+                <![CDATA[
+                org.alfresco.module.org_alfresco_module_rm.test.util.TestService.testMethodOne=ACL_NODE.0.sys:base.Read
+                org.alfresco.module.org_alfresco_module_rm.test.util.TestService.testMethodTwo=ACL_NODE.0.sys:base.Read
+                org.alfresco.module.org_alfresco_module_rm.test.util.TestService.*=ACL_DENY
+                ]]>
+            </value>
+        </property>
+    </bean>
+
 </beans>