From c1270defd13d791d659e15553844d42cf7046912 Mon Sep 17 00:00:00 2001 From: Andrei Rebegea Date: Wed, 14 Jun 2017 17:02:29 +0000 Subject: [PATCH] Merged 5.2.N (5.2.2) to HEAD (5.2) 135255 arebegea: MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack - delete the script/org/alfresco/repository/invite/invite.get - use the alternatives: script/org/alfresco/repository/site/invitation/invitation.post and script/org/alfresco/repository/site/invitation/invitation.delete - updating the tests - updating the controller for the invitation.delete to a java controller - fix test fallout (SiteServiceTest testInviteDisabledUser - expected error status code) - improve security by allowing only invitationIDs that belong the the site passed as parameter to be canceled - be consistent and return 404 when an invitationID can not be found git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137384 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../repository/invitation/invitation.lib.ftl | 3 +- .../repository/invite/invite.get.desc.xml | 10 - .../repository/invite/invite.get.json.ftl | 26 -- .../site/invitation/invitation.delete.js | 33 -- .../site/invitation/invitation.post.json.ftl | 2 +- .../site/invitation/invitation.post.json.js | 240 ++++++----- .../web-scripts-application-context.xml | 22 +- .../scripts/invitation/InvitationDelete.java | 159 +++++++ .../repo/web/scripts/invite/Invite.java | 324 -------------- .../invitation/InvitationWebScriptTest.java | 167 ++++--- .../web/scripts/invite/InviteServiceTest.java | 407 ++++++++++-------- .../web/scripts/site/SiteServiceTest.java | 52 +-- 12 files changed, 665 insertions(+), 780 deletions(-) delete mode 100644 config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.desc.xml delete mode 100644 config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.json.ftl delete mode 100644 config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.delete.js create mode 100644 source/java/org/alfresco/repo/web/scripts/invitation/InvitationDelete.java delete mode 100644 source/java/org/alfresco/repo/web/scripts/invite/Invite.java diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/invitation/invitation.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/invitation/invitation.lib.ftl index 3c28a3306a..39545d78ff 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/invitation/invitation.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/invitation/invitation.lib.ftl @@ -1,5 +1,5 @@ <#-- renders an invitation object which can be either a MODERATED or NOMINATED invitation--> -<#macro invitationJSON invitation avatars={"" : ""} > +<#macro invitationJSON invitation avatars={"" : ""} outputTicket=false > <#escape x as jsonUtils.encodeJSONString(x)> { "inviteId": "${invitation.inviteId}", @@ -19,6 +19,7 @@ <#-- Nominated invitation properties --> <#if invitation.acceptURL??>"acceptURL": "${invitation.acceptURL}", <#if invitation.rejectURL??>"rejectURL": "${invitation.rejectURL}", + <#if outputTicket && invitation.inviteTicket??>"inviteTicket": "${invitation.inviteTicket}", <#if invitation.sentInviteDateAsISO8601??> "sentInviteDate" : { diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.desc.xml deleted file mode 100644 index 8a4b54ef33..0000000000 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.desc.xml +++ /dev/null @@ -1,10 +0,0 @@ - - Process invite - Processes Inviter actions ('start' or 'cancel' invite) - /api/invite/start?inviteeFirstName={inviteeFirstName}&inviteeLastName={inviteeLastName}&inviteeEmail={inviteeEmailAddress}&inviteeUserName={inviteeUserName?}&siteShortName={siteShortName}&inviteeSiteRole={inviteeSiteRole}&serverPath={serverPath}&acceptUrl={acceptUrl}&rejectUrl={rejectUrl} - /api/invite/cancel?inviteId={inviteId}&siteShortName={siteShortName} - - user - required - deprecated - diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.json.ftl deleted file mode 100644 index 8513485bc6..0000000000 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.json.ftl +++ /dev/null @@ -1,26 +0,0 @@ -<#escape x as jsonUtils.encodeJSONString(x)> -{ - "action" : "${action}", - <#if inviteId??> - "inviteId" : "${inviteId}", - - <#if inviteTicket??> - "inviteTicket" : "${inviteTicket}", - - <#if inviteeUserName??> - "inviteeUserName" : "${inviteeUserName}", - - <#if inviteeFirstName??> - "inviteeFirstName" : "${inviteeFirstName}", - - <#if inviteeLastName??> - "inviteeLastName" : "${inviteeLastName}", - - <#if inviteeEmail??> - "inviteeEmail" : "${inviteeEmail}", - - <#if siteShortName??> - "siteShortName" : "${siteShortName}" - -} - \ No newline at end of file diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.delete.js b/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.delete.js deleted file mode 100644 index 6669d37356..0000000000 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.delete.js +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Cancel invitation for a web site - */ -function main() -{ - // Get the url values - var urlElements = url.extension.split("/"); - var shortName = urlElements[0]; - var inviteId = urlElements[2]; - - // Get the site - var site = siteService.getSite(shortName); - if (site == null) - { - // Site cannot be found - status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist."); - return; - } - - // Need to cancel an invitation here - var invitation = site.getInvitation(inviteId); - if (invitation == null) - { - // Site cannot be found - status.setCode(status.STATUS_NOT_FOUND, "The invitation :" + inviteId + " for web site :" + shortName + ", does not exist."); - return; - } - - // Cancel the invitation - invitation.cancel(); -} - -main(); \ No newline at end of file diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.ftl index d1c0afcfe3..0abf2e916f 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.ftl @@ -1,5 +1,5 @@ <#-- Create / Post / Invitation --> <#import "../../invitation/invitation.lib.ftl" as invitationLib/> { - "data":<@invitationLib.invitationJSON invitation=invitation /> + "data":<@invitationLib.invitationJSON invitation=invitation outputTicket=true/> } \ No newline at end of file diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.js b/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.js index cced016e96..53f164aae2 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.js +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.js @@ -3,131 +3,135 @@ */ function main() { - var invitation = null; + var invitation = null; // Get the web site site - var shortName = url.extension.split("/")[0]; - var site = siteService.getSite(shortName); - if (site == null) - { - // Site cannot be found - status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist."); - return; - } + var shortName = url.extension.split("/")[0]; + var site = siteService.getSite(shortName); + if (site == null) + { + // Site cannot be found + status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist."); + return; + } - if (!json.has("invitationType")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has not been set."); - return; - } + if (!json.has("invitationType")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has not been set."); + return; + } // Get the role - var invitationType = json.get("invitationType"); - if (invitationType == null || invitationType.length == 0) - { - status.setCode(status.STATUS_BAD_REQUEST, "The invitationType is null or empty."); - return; - } + var invitationType = json.get("invitationType"); + if (invitationType == null || invitationType.length == 0) + { + status.setCode(status.STATUS_BAD_REQUEST, "The invitationType is null or empty."); + return; + } - if (!invitationType.match("[MODERATED]|[NOMINATED]")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has does not have a correct value."); - return; - } + if (!invitationType.match("[MODERATED]|[NOMINATED]")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has does not have a correct value."); + return; + } + + try + { + if (invitationType == "MODERATED") + { + // Check mandatory parameters and values + if (isNotDefinedOrEmpty(json, "inviteeRoleName")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set."); + return; + } + if (isNotDefinedOrEmpty(json, "inviteeUserName")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeUserName has not been set."); + return; + } + var inviteeComments = json.get("inviteeComments"); + if (inviteeComments == null) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeComments has not been set."); + return; + } + + var inviteeRoleName = json.get("inviteeRoleName"); + var inviteeUserName = json.get("inviteeUserName"); + var inviteeComments = json.get("inviteeComments"); + + invitation = site.inviteModerated(inviteeComments, inviteeUserName, inviteeRoleName); + } + + if (invitationType == "NOMINATED") + { + // Check mandatory parameters and values + if (isNotDefinedOrEmpty(json, "inviteeRoleName")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set."); + return; + } + var inviteeRoleName = json.get("inviteeRoleName"); + var acceptUrl = json.get("acceptURL"); + var rejectUrl = json.get("rejectURL"); + + // Get the optional properties + if (json.has("inviteeUserName") && json.get("inviteeUserName") && json.get("inviteeUserName").trim() != "") + { + invitation = site.inviteNominated(json.get("inviteeUserName"), inviteeRoleName, acceptUrl, rejectUrl); + } else + { + // Get mandatory properties + if (isNotDefinedOrEmpty(json, "inviteeFirstName")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeFirstName has not been set."); + return; + } + if (isNotDefinedOrEmpty(json, "inviteeLastName")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeLastName has not been set."); + return; + } + if (isNotDefinedOrEmpty(json, "inviteeEmail")) + { + status.setCode(status.STATUS_BAD_REQUEST, "The inviteeEmail has not been set."); + return; + } + + var inviteeFirstName = json.get("inviteeFirstName"); + var inviteeLastName = json.get("inviteeLastName"); + var inviteeEmail = json.get("inviteeEmail"); + invitation = site.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeRoleName, acceptUrl, + rejectUrl); + } + } - if (invitationType == "MODERATED") - { - // Check mandatory parameters - if (!json.has("inviteeRoleName")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set."); - return; - } - - if (!json.has("inviteeUserName")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeUserName has not been set."); - return; - } - - // Get the role - var inviteeRoleName = json.get("inviteeRoleName"); - if (inviteeRoleName == null || inviteeRoleName == "") - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set."); - return; - } - - var inviteeComments = json.get("inviteeComments"); - if (inviteeComments == null) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeComments has not been set."); - return; - } - - var inviteeUserName = json.get("inviteeUserName"); - if (inviteeUserName == null || inviteeUserName == "") - { - status.setCode(status.STATUS_BAD_REQUEST, "The userName has not been set."); - return; - } - - invitation = site.inviteModerated(inviteeComments, inviteeUserName, inviteeRoleName); - } - - if (invitationType == "NOMINATED") - { - // Get mandatory properties - if (!json.has("inviteeRoleName")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set."); - return; - } - var inviteeRoleName = json.get("inviteeRoleName"); - if (inviteeRoleName == null || inviteeRoleName == "") - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName is null or empty."); - return; - } - var acceptUrl = json.get("acceptURL"); - var rejectUrl = json.get("rejectURL"); - - // Get the optional properties - if (json.has("inviteeUserName") && json.get("inviteeUserName") != "") - { - invitation = site.inviteNominated(json.get("inviteeUserName"), inviteeRoleName, acceptUrl, rejectUrl); - } - else - { - // Get mandatory properties - if (!json.has("inviteeFirstName")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeFirstName has not been set."); - return; - } - if (!json.has("inviteeLastName")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeLastName has not been set."); - return; - } - if (!json.has("inviteeEmail")) - { - status.setCode(status.STATUS_BAD_REQUEST, "The inviteeEmail has not been set."); - return; - } - - var inviteeFirstName = json.get("inviteeFirstName") ; - var inviteeLastName = json.get("inviteeLastName") ; - var inviteeEmail = json.get("inviteeEmail") ; - invitation = site.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeRoleName, acceptUrl, rejectUrl); - } - } - - // Pass the model to the results template - model.site = site; - model.invitation = invitation; - - status.code = status.STATUS_CREATED; + // Pass the model to the results template + model.site = site; + model.invitation = invitation; + + status.code = status.STATUS_CREATED; + } catch (e) + { + if (e.message && e.message.indexOf("org.alfresco.service.cmr.invitation.InvitationExceptionUserError") == 0) + { + e.code = status.STATUS_CONFLICT; + } else if (e.message && e.message.indexOf("org.alfresco.service.cmr.invitation.InvitationExceptionForbidden") == 0) + { + e.code = status.STATUS_FORBIDDEN; + } else + { + e.code = 500; + e.message = e.message + "Unexpected error occurred during starting invitation"; + } + throw e; + } +} + +function isNotDefinedOrEmpty(json, key) +{ + return (!json.has(key) || (json.get(key) == null || json.get(key).trim().length() == 0)) } main(); \ No newline at end of file diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml index 6ceb622c23..292b95d170 100644 --- a/config/alfresco/web-scripts-application-context.xml +++ b/config/alfresco/web-scripts-application-context.xml @@ -485,17 +485,6 @@ - - - - - - - - - @@ -536,6 +525,17 @@ + + + + + + + + + diff --git a/source/java/org/alfresco/repo/web/scripts/invitation/InvitationDelete.java b/source/java/org/alfresco/repo/web/scripts/invitation/InvitationDelete.java new file mode 100644 index 0000000000..e196c9f05e --- /dev/null +++ b/source/java/org/alfresco/repo/web/scripts/invitation/InvitationDelete.java @@ -0,0 +1,159 @@ +/* + * #%L + * Alfresco Remote API + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ +package org.alfresco.repo.web.scripts.invitation; + +import java.util.HashMap; +import java.util.Map; + +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.security.permissions.AccessDeniedException; +import org.alfresco.repo.site.SiteModel; +import org.alfresco.service.cmr.invitation.Invitation; +import org.alfresco.service.cmr.invitation.InvitationExceptionForbidden; +import org.alfresco.service.cmr.invitation.InvitationService; +import org.alfresco.service.cmr.site.SiteInfo; +import org.alfresco.service.cmr.site.SiteService; +import org.springframework.extensions.webscripts.Cache; +import org.springframework.extensions.webscripts.DeclarativeWebScript; +import org.springframework.extensions.webscripts.Status; +import org.springframework.extensions.webscripts.WebScriptException; +import org.springframework.extensions.webscripts.WebScriptRequest; + +/** + * Cancel invitation for a web site; This is the controller for the + * org/alfresco/repository/site/invitation/invitation.delete.desc.xml webscript + */ +public class InvitationDelete extends DeclarativeWebScript +{ + // services + private InvitationService invitationService; + private SiteService siteService; + + public void setInvitationService(InvitationService invitationService) + { + this.invitationService = invitationService; + } + + public void setSiteService(SiteService siteService) + { + this.siteService = siteService; + } + + @Override + protected Map executeImpl(WebScriptRequest req, Status status, Cache cache) + { + + Map model = new HashMap(); + + Map templateVars = req.getServiceMatch().getTemplateVars(); + final String siteShortName = templateVars.get("shortname"); + final String invitationId = templateVars.get("invitationId"); + validateParameters(siteShortName, invitationId); + + try + { + // MNT-9905 Pending Invites created by one site manager aren't visible to other site managers + String currentUser = AuthenticationUtil.getRunAsUser(); + + if (siteShortName != null && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser))) + { + + RunAsWork runAsSystem = new RunAsWork() + { + @Override + public Void doWork() throws Exception + { + checkAndCancelTheInvitation(invitationId, siteShortName); + return null; + } + }; + + AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName()); + } + else + { + checkAndCancelTheInvitation(invitationId, siteShortName); + } + } + catch (InvitationExceptionForbidden fe) + { + throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow", fe); + } + catch (AccessDeniedException ade) + { + throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow", ade); + } + + return model; + } + + private void validateParameters(String siteShortName, String invitationId) + { + if ((invitationId == null) || (invitationId.length() == 0)) + { + throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid invitation id provided"); + } + + SiteInfo site = siteService.getSite(siteShortName); + if (site == null) + { + throw new WebScriptException(Status.STATUS_NOT_FOUND, "Invalid site id provided"); + } + } + + protected void checkAndCancelTheInvitation(final String invId, String siteShortName) + { + Invitation invitation = null; + try + { + invitation = invitationService.getInvitation(invId); + } + catch (org.alfresco.service.cmr.invitation.InvitationExceptionNotFound ienf) + { + throwInvitationNotFoundException(invId, siteShortName); + } + if (invitation == null) + { + throwInvitationNotFoundException(invId, siteShortName); + } + + // check that this invitation really belongs to the specified siteShortName + if (invitation != null && invitation.getResourceName() != null && !siteShortName.equals(invitation.getResourceName())) + { + throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow"); + } + + invitationService.cancel(invId); + } + + protected void throwInvitationNotFoundException(final String invId, String siteShortName) + { + throw new WebScriptException(Status.STATUS_NOT_FOUND, + "The invitation :" + invId + " for web site :" + siteShortName + ", does not exist."); + } + +} diff --git a/source/java/org/alfresco/repo/web/scripts/invite/Invite.java b/source/java/org/alfresco/repo/web/scripts/invite/Invite.java deleted file mode 100644 index fafa956408..0000000000 --- a/source/java/org/alfresco/repo/web/scripts/invite/Invite.java +++ /dev/null @@ -1,324 +0,0 @@ -/* - * #%L - * Alfresco Remote API - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ -package org.alfresco.repo.web.scripts.invite; - -import java.util.HashMap; -import java.util.Map; - -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.security.permissions.AccessDeniedException; -import org.alfresco.repo.site.SiteModel; -import org.alfresco.service.cmr.invitation.Invitation; -import org.alfresco.service.cmr.invitation.InvitationExceptionForbidden; -import org.alfresco.service.cmr.invitation.InvitationExceptionUserError; -import org.alfresco.service.cmr.invitation.InvitationService; -import org.alfresco.service.cmr.invitation.NominatedInvitation; -import org.alfresco.service.cmr.site.SiteService; -import org.springframework.extensions.webscripts.Cache; -import org.springframework.extensions.webscripts.DeclarativeWebScript; -import org.springframework.extensions.webscripts.Status; -import org.springframework.extensions.webscripts.WebScriptException; -import org.springframework.extensions.webscripts.WebScriptRequest; - -/** - * Web Script invoked by a Site Manager (Inviter) to either send - * (action='start') an invitation to a another person (Invitee) to join a Site - * as a Site Collaborator, or to cancel (action='cancel') a pending invitation - * that has already been sent out - * - * @author glen dot johnson at alfresco dot com - */ -public class Invite extends DeclarativeWebScript -{ - private static final String ACTION_START = "start"; - private static final String ACTION_CANCEL = "cancel"; - - private static final String MODEL_PROP_KEY_ACTION = "action"; - private static final String MODEL_PROP_KEY_INVITE_ID = "inviteId"; - private static final String MODEL_PROP_KEY_INVITE_TICKET = "inviteTicket"; - private static final String MODEL_PROP_KEY_INVITEE_USER_NAME = "inviteeUserName"; - private static final String MODEL_PROP_KEY_INVITEE_FIRSTNAME = "inviteeFirstName"; - private static final String MODEL_PROP_KEY_INVITEE_LASTNAME = "inviteeLastName"; - private static final String MODEL_PROP_KEY_INVITEE_EMAIL = "inviteeEmail"; - private static final String MODEL_PROP_KEY_SITE_SHORT_NAME = "siteShortName"; - private static final String MODEL_PROP_KEY_INVITEE_USERNAME = "inviteeUserName"; - - // URL request parameter names - private static final String PARAM_INVITEE_FIRSTNAME = "inviteeFirstName"; - private static final String PARAM_INVITEE_LASTNAME = "inviteeLastName"; - private static final String PARAM_INVITEE_EMAIL = "inviteeEmail"; - private static final String PARAM_SITE_SHORT_NAME = "siteShortName"; - private static final String PARAM_INVITE_ID = "inviteId"; - private static final String PARAM_INVITEE_SITE_ROLE = "inviteeSiteRole"; - private static final String PARAM_SERVER_PATH = "serverPath"; - private static final String PARAM_ACCEPT_URL = "acceptUrl"; - private static final String PARAM_REJECT_URL = "rejectUrl"; - - // services - private InvitationService invitationService; - private SiteService siteService; - - public void setInvitationService(InvitationService invitationService) - { - this.invitationService = invitationService; - } - - public void setSiteService(SiteService siteService) - { - this.siteService = siteService; - } - - /* - * (non-Javadoc) - * - * @see - * org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco - * .web.scripts.WebScriptRequest, - * org.alfresco.web.scripts.WebScriptResponse) - */ - @Override - protected Map executeImpl(WebScriptRequest req, Status status, Cache cache) - { - // initialise model to pass on for template to render - Map model = new HashMap(); - - // extract action string from URL - String servicePath = req.getServicePath(); - String action = null; - int actionStartIndex = servicePath.lastIndexOf("/") + 1; - if (actionStartIndex <= servicePath.length() - 1) - { - action = servicePath.substring(actionStartIndex, servicePath - .length()); - } - - // check that the action has been provided on the URL - // and that URL parameters have been provided - if ((action == null) || (action.length() == 0)) - { - // handle action not provided on URL - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "Action has not been provided in URL"); - } - - // handle no parameters given on URL - if ((req.getParameterNames() == null) || (req.getParameterNames().length == 0)) - { - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "No parameters have been provided on URL"); - } - - // handle action 'start' - if (action.equals(ACTION_START)) - { - // check for 'inviteeFirstName' parameter not provided - String inviteeFirstName = req.getParameter(PARAM_INVITEE_FIRSTNAME); - if ((inviteeFirstName == null) || (inviteeFirstName.trim().length() == 0)) - { - // handle inviteeFirstName URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'inviteeFirstName' parameter " - + "has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'inviteeLastName' parameter not provided - String inviteeLastName = req.getParameter(PARAM_INVITEE_LASTNAME); - if ((inviteeLastName == null) || (inviteeLastName.trim().length() == 0)) - { - // handle inviteeLastName URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'inviteeLastName' parameter " - + "has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'inviteeEmail' parameter not provided - String inviteeEmail = req.getParameter(PARAM_INVITEE_EMAIL); - if ((inviteeEmail == null) || (inviteeEmail.trim().length() == 0)) - { - // handle inviteeEmail URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'inviteeEmail' parameter " - + "has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'siteShortName' parameter not provided - String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME); - if ((siteShortName == null) || (siteShortName.trim().length() == 0)) - { - // handle siteShortName URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'siteShortName' parameter " - + "has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'inviteeSiteRole' parameter not provided - String inviteeSiteRole = req.getParameter(PARAM_INVITEE_SITE_ROLE); - if ((inviteeSiteRole == null) || (inviteeSiteRole.trim().length() == 0)) - { - // handle inviteeSiteRole URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'inviteeSiteRole' parameter has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'serverPath' parameter not provided - String serverPath = req.getParameter(PARAM_SERVER_PATH); - if ((serverPath == null) || (serverPath.trim().length() == 0)) - { - // handle serverPath URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'serverPath' parameter has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'acceptUrl' parameter not provided - String acceptUrl = req.getParameter(PARAM_ACCEPT_URL); - if ((acceptUrl == null) || (acceptUrl.trim().length() == 0)) - { - // handle acceptUrl URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'acceptUrl' parameter has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for 'rejectUrl' parameter not provided - String rejectUrl = req.getParameter(PARAM_REJECT_URL); - if ((rejectUrl == null) || (rejectUrl.trim().length() == 0)) - { - // handle rejectUrl URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'rejectUrl' parameter has not been provided in URL for action '" - + ACTION_START + "'"); - } - - // check for the invitee user name (if present) - String inviteeUserName = req.getParameter(MODEL_PROP_KEY_INVITEE_USERNAME); - - NominatedInvitation newInvite = null; - try - { - if (inviteeUserName != null) - { - newInvite = invitationService.inviteNominated(inviteeUserName, Invitation.ResourceType.WEB_SITE, siteShortName, inviteeSiteRole, acceptUrl, rejectUrl); - } - else - { - newInvite = invitationService.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, Invitation.ResourceType.WEB_SITE, siteShortName, inviteeSiteRole, acceptUrl, rejectUrl); - } - // add model properties for template to render - model.put(MODEL_PROP_KEY_ACTION, ACTION_START); - model.put(MODEL_PROP_KEY_INVITE_ID, newInvite.getInviteId()); - model.put(MODEL_PROP_KEY_INVITE_TICKET, newInvite.getTicket()); - model.put(MODEL_PROP_KEY_INVITEE_USER_NAME, newInvite.getInviteeUserName()); - model.put(MODEL_PROP_KEY_INVITEE_FIRSTNAME, inviteeFirstName); - model.put(MODEL_PROP_KEY_INVITEE_LASTNAME, inviteeLastName); - model.put(MODEL_PROP_KEY_INVITEE_EMAIL, inviteeEmail); - model.put(MODEL_PROP_KEY_SITE_SHORT_NAME, siteShortName); - } - catch (InvitationExceptionUserError ie) - { - throw new WebScriptException(Status.STATUS_CONFLICT, ie.getMessage()); - } - catch (InvitationExceptionForbidden fe) - { - throw new WebScriptException(Status.STATUS_FORBIDDEN, fe.toString()); - } - - // process action 'start' with provided parameters - //startInvite(model, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName, siteShortName, inviteeSiteRole, serverPath, acceptUrl, rejectUrl); - } - // else handle if provided 'action' is 'cancel' - else if (action.equals(ACTION_CANCEL)) - { - // check for 'inviteId' parameter not provided - String inviteId = req.getParameter(PARAM_INVITE_ID); - if ((inviteId == null) || (inviteId.length() == 0)) - { - // handle inviteId URL parameter not provided - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "'inviteId' parameter has " - + "not been provided in URL for action '" - + ACTION_CANCEL + "'"); - } - - // process action 'cancel' with provided parameters - try - { - //MNT-9905 Pending Invites created by one site manager aren't visible to other site managers - String currentUser = AuthenticationUtil.getRunAsUser(); - String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME); - - if (siteShortName != null && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser))) - { - final String invId = inviteId; - - RunAsWork runAsSystem = new RunAsWork() - { - @Override - public Void doWork() throws Exception - { - invitationService.cancel(invId); - return null; - } - }; - - AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName()); - } - else - { - invitationService.cancel(inviteId); - } - - // add model properties for template to render - model.put(MODEL_PROP_KEY_ACTION, ACTION_CANCEL); - model.put(MODEL_PROP_KEY_INVITE_ID, inviteId); - } - catch(InvitationExceptionForbidden fe) - { - throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow" , fe); - } - catch(AccessDeniedException ade) - { - throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow" , ade); - } - } - // handle action not recognised - else - { - throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Action, '" - + action + "', " - + "provided in URL has not been recognised."); - } - - return model; - } - -} diff --git a/source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java b/source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java index 252a85d02c..99c855db67 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java @@ -25,37 +25,39 @@ */ package org.alfresco.repo.web.scripts.invitation; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.alfresco.model.ContentModel; -import org.alfresco.repo.invitation.InvitationServiceImpl; -import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation; -import org.alfresco.repo.security.authentication.AuthenticationComponent; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.site.SiteModel; -import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; -import org.alfresco.repo.web.scripts.BaseWebScriptTest; -import org.alfresco.repo.web.scripts.invite.InviteServiceTest; -import org.alfresco.service.cmr.repository.ChildAssociationRef; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.security.MutableAuthenticationService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.cmr.site.SiteVisibility; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.alfresco.service.transaction.TransactionService; -import org.alfresco.util.GUID; -import org.alfresco.util.PropertyMap; -import org.json.JSONArray; -import org.json.JSONException; -import org.json.JSONObject; -import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest; -import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest; -import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.alfresco.model.ContentModel; +import org.alfresco.repo.invitation.InvitationServiceImpl; +import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation; +import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.site.SiteModel; +import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; +import org.alfresco.repo.web.scripts.BaseWebScriptTest; +import org.alfresco.repo.web.scripts.invite.InviteServiceTest; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; +import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.cmr.site.SiteVisibility; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.alfresco.service.transaction.TransactionService; +import org.alfresco.util.GUID; +import org.alfresco.util.PropertyMap; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; +import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest; +import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest; +import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest; import org.springframework.extensions.webscripts.TestWebScriptServer.Response; /** @@ -498,25 +500,25 @@ public class InvitationWebScriptTest extends BaseWebScriptTest // Reset back to default this.invitationServiceImpl.setNominatedInvitationWorkflowId( WorkflowModelNominatedInvitation.WORKFLOW_DEFINITION_NAME_ACTIVITI_ADD_DIRECT); - } - - private void checkJSONInvitations(JSONArray data) throws JSONException - { - for (int i = 0; i < data.length(); i++) - { - JSONObject invitation = data.getJSONObject(i); - String userId = invitation.getString("inviteeUserName"); - - // Check invitee info for Nominated invitation. - Map expectedProps = userProperties.get(userId); - JSONObject invitee = invitation.getJSONObject("invitee"); - assertNotNull(invitee); - assertEquals("User name is wrong for user: " + i, userId, invitee.getString("userName")); - assertEquals("Avatar URI is wrong for user: " + i, expectedProps.get("avatar"), invitee.getString("avatar")); - assertEquals("First name is wrong!", expectedProps.get("firstName"), invitee.getString("firstName")); - assertEquals("Last name is wrong!", expectedProps.get("lastName"), invitee.getString("lastName")); - } - } + } + + private void checkJSONInvitations(JSONArray data) throws JSONException + { + for (int i = 0; i < data.length(); i++) + { + JSONObject invitation = data.getJSONObject(i); + String userId = invitation.getString("inviteeUserName"); + + // Check invitee info for Nominated invitation. + Map expectedProps = userProperties.get(userId); + JSONObject invitee = invitation.getJSONObject("invitee"); + assertNotNull(invitee); + assertEquals("User name is wrong for user: " + i, userId, invitee.getString("userName")); + assertEquals("Avatar URI is wrong for user: " + i, expectedProps.get("avatar"), invitee.getString("avatar")); + assertEquals("First name is wrong!", expectedProps.get("firstName"), invitee.getString("firstName")); + assertEquals("Last name is wrong!", expectedProps.get("lastName"), invitee.getString("lastName")); + } + } public static String makeAvatar(final NodeService nodeService, final NodeRef person) { @@ -563,7 +565,70 @@ public class InvitationWebScriptTest extends BaseWebScriptTest createdInvitations.add(new Tracker(inviteId, siteName)); return inviteId; - } + } + + public void testDeleteInvitation() throws Exception + { + String nominatedId = null; + String shortNameSiteA = GUID.generate(); + + // Create a site where the action will take place + createSite("myPreset", shortNameSiteA, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200); + + // create an invitation for an external user + { + String inviteeFirstName = "Buffy" + GUID.generate(); + String inviteeLastName = "Summers"; + String inviteeEmail = "inviteeVA3Rtu@alfrescotesting.com"; + // set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation + String inviteeUserName = null; + String serverPath = "http://localhost:8081/share/"; + String acceptURL = "page/accept-invite"; + String rejectURL = "page/reject-invite"; + + // Create an external nominated invitation on SiteA + nominatedId = createNominatedInvitation(shortNameSiteA, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName, + SiteModel.SITE_COLLABORATOR, serverPath, acceptURL, rejectURL); + } + // search for all invitations to site A: one nominated should be found for user Buffy... Summers + { + JSONArray data = queryCurrentInvitationList(shortNameSiteA); + assertEquals("Wrong number of invitations!", 1, data.length()); + JSONObject nominatedInv = getInvitation(nominatedId, data); + assertNotNull("Nominated invitation to Site A not present!", nominatedInv); + } + + // now delete it + deleteInvitation(nominatedId, shortNameSiteA, 200); + + // list the pending invitations and check that it is empty + { + JSONArray data = queryCurrentInvitationList(shortNameSiteA); + assertEquals("Wrong number of invitations!", 0, data.length()); + JSONObject nominatedInv = getInvitation(nominatedId, data); + assertNull("Nominated invitation to Site A present!", nominatedInv); + } + // deleting the invitation was successful + } + + private JSONArray queryCurrentInvitationList(String shortNameSiteA) throws IOException, JSONException, UnsupportedEncodingException + { + String allSiteAUrl = URL_SITES + "/" + shortNameSiteA + "/invitations"; + Response response = sendRequest(new GetRequest(allSiteAUrl), 200); + JSONObject top = new JSONObject(response.getContentAsString()); + return top.getJSONArray("data"); + } + + void deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception + { + assertNotNull(invitationID); + assertNotNull(siteShortName); + assertFalse(invitationID.isEmpty()); + assertFalse(siteShortName.isEmpty()); + + Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus); + assertNotNull(new JSONObject(response.getContentAsString())); + } private String createModeratedInvitation(String siteName, String inviteeComments, String inviteeUserName, String inviteeRoleName) throws Exception diff --git a/source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java b/source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java index 5ae34bedff..2768038207 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java @@ -25,57 +25,51 @@ */ package org.alfresco.repo.web.scripts.invite; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; - -import org.alfresco.model.ContentModel; -import org.alfresco.repo.action.executer.MailActionExecuter; -import org.alfresco.repo.content.MimetypeMap; -import org.alfresco.repo.invitation.InvitationServiceImpl; -import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation; -import org.alfresco.repo.invitation.script.ScriptInvitationService; -import org.alfresco.repo.invitation.site.InviteInfo; -import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory; -import org.alfresco.repo.node.archive.NodeArchiveService; -import org.alfresco.repo.security.authentication.AuthenticationComponent; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.security.authentication.MutableAuthenticationDao; -import org.alfresco.repo.site.SiteModel; -import org.alfresco.repo.transaction.RetryingTransactionHelper; -import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; -import org.alfresco.repo.web.scripts.BaseWebScriptTest; -import org.alfresco.repo.workflow.activiti.ActivitiConstants; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.MutableAuthenticationService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.cmr.site.SiteInfo; -import org.alfresco.service.cmr.site.SiteService; -import org.alfresco.service.cmr.site.SiteVisibility; -import org.alfresco.service.cmr.workflow.WorkflowDefinition; -import org.alfresco.service.cmr.workflow.WorkflowInstance; -import org.alfresco.service.cmr.workflow.WorkflowService; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.transaction.TransactionService; -import org.alfresco.util.GUID; -import org.alfresco.util.PropertyMap; -import org.apache.commons.lang.RandomStringUtils; -import org.json.JSONArray; -import org.json.JSONObject; -import org.junit.Test; -import org.springframework.context.ApplicationContext; -import org.springframework.core.io.ClassPathResource; -import org.springframework.extensions.surf.util.URLEncoder; -import org.springframework.extensions.webscripts.Status; -import org.springframework.extensions.webscripts.TestWebScriptServer; -import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest; -import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest; -import org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.alfresco.model.ContentModel; +import org.alfresco.repo.action.executer.MailActionExecuter; +import org.alfresco.repo.invitation.InvitationServiceImpl; +import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation; +import org.alfresco.repo.invitation.script.ScriptInvitationService; +import org.alfresco.repo.invitation.site.InviteInfo; +import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory; +import org.alfresco.repo.node.archive.NodeArchiveService; +import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.security.authentication.MutableAuthenticationDao; +import org.alfresco.repo.site.SiteModel; +import org.alfresco.repo.transaction.RetryingTransactionHelper; +import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; +import org.alfresco.repo.web.scripts.BaseWebScriptTest; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; +import org.alfresco.service.cmr.security.MutableAuthenticationService; +import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.cmr.site.SiteInfo; +import org.alfresco.service.cmr.site.SiteService; +import org.alfresco.service.cmr.site.SiteVisibility; +import org.alfresco.service.cmr.workflow.WorkflowDefinition; +import org.alfresco.service.cmr.workflow.WorkflowInstance; +import org.alfresco.service.cmr.workflow.WorkflowService; +import org.alfresco.service.transaction.TransactionService; +import org.alfresco.util.GUID; +import org.alfresco.util.PropertyMap; +import org.apache.commons.lang.RandomStringUtils; +import org.json.JSONArray; +import org.json.JSONObject; +import org.junit.Test; +import org.springframework.context.ApplicationContext; +import org.springframework.extensions.webscripts.Status; +import org.springframework.extensions.webscripts.TestWebScriptServer; +import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest; +import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest; +import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest; +import org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest; import org.springframework.extensions.webscripts.TestWebScriptServer.Response; /** @@ -86,7 +80,6 @@ import org.springframework.extensions.webscripts.TestWebScriptServer.Response; public class InviteServiceTest extends BaseWebScriptTest { // member variables for service instances - private AuthorityService authorityService; private MutableAuthenticationService authenticationService; private AuthenticationComponent authenticationComponent; private PersonService personService; @@ -94,7 +87,6 @@ public class InviteServiceTest extends BaseWebScriptTest private NodeService nodeService; private WorkflowService workflowService; private MutableAuthenticationDao mutableAuthenticationDao; - private NamespaceService namespaceService; private TransactionService transactionService; private NodeArchiveService nodeArchiveService; private InvitationServiceImpl invitationServiceImpl; @@ -120,10 +112,9 @@ public class InviteServiceTest extends BaseWebScriptTest private static final String SITE_SHORT_NAME_INVITE_3 = "SiteThreeInviteTest"; private static final String URL_INVITE = "/api/invite"; - private static final String URL_INVITES = "/api/invites"; + private static final String URL_INVITES = "/api/invites"; - private static final String INVITE_ACTION_START = "start"; - private static final String INVITE_ACTION_CANCEL = "cancel"; + private static final String URL_SITES = "/api/sites"; @Override protected void setUp() throws Exception @@ -137,7 +128,6 @@ public class InviteServiceTest extends BaseWebScriptTest AuthenticationUtil.clearCurrentSecurityContext(); // get references to services - this.authorityService = (AuthorityService) getServer().getApplicationContext().getBean("AuthorityService"); this.authenticationService = (MutableAuthenticationService) getServer().getApplicationContext() .getBean("AuthenticationService"); this.authenticationComponent = (AuthenticationComponent) getServer().getApplicationContext() @@ -148,15 +138,12 @@ public class InviteServiceTest extends BaseWebScriptTest this.workflowService = (WorkflowService) getServer().getApplicationContext().getBean("WorkflowService"); this.mutableAuthenticationDao = (MutableAuthenticationDao) getServer().getApplicationContext() .getBean("authenticationDao"); - this.namespaceService = (NamespaceService) getServer().getApplicationContext().getBean("NamespaceService"); this.transactionService = (TransactionService) getServer().getApplicationContext() .getBean("TransactionService"); this.nodeArchiveService = (NodeArchiveService)getServer().getApplicationContext().getBean("nodeArchiveService"); this.invitationServiceImpl = (InvitationServiceImpl) getServer().getApplicationContext().getBean("invitationService"); ScriptInvitationService scriptInvitationService = (ScriptInvitationService) getServer().getApplicationContext().getBean("invitationServiceScript"); scriptInvitationService.setSiteService(this.siteService); - Invite invite = (Invite) getServer().getApplicationContext().getBean("webscript.org.alfresco.repository.invite.invite.get"); - invite.setSiteService(this.siteService); configureMailExecutorForTestMode(this.getServer()); @@ -333,9 +320,17 @@ public class InviteServiceTest extends BaseWebScriptTest for (NodeRef person : people) { String userName = DefaultTypeConverter.INSTANCE.convert(String.class, - InviteServiceTest.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME)); - // delete person - deletePersonByUserName(userName); + InviteServiceTest.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME)); + try + { + // delete person + deletePersonByUserName(userName); + } + catch (Exception exp) + { + //sometimes, when running single tests, not all users are initialized properly + exp.printStackTrace(); + } } } @@ -424,23 +419,17 @@ public class InviteServiceTest extends BaseWebScriptTest throws Exception { this.inviteeEmailAddrs.add(inviteeEmail); - - // Inviter sends invitation to Invitee to join a Site - String startInviteUrl = URL_INVITE + "/" + INVITE_ACTION_START - + "?inviteeFirstName=" + inviteeFirstName + "&inviteeLastName=" - + inviteeLastName + "&inviteeEmail=" - + URLEncoder.encode(inviteeEmail) + "&siteShortName=" - + siteShortName + "&inviteeSiteRole=" + inviteeSiteRole - + "&serverPath=" + "http://localhost:8081/share/" - + "&acceptUrl=" + "page/accept-invite" - + "&rejectUrl=" + "page/reject-invite"; - - Response response = sendRequest(new GetRequest(startInviteUrl), expectedStatus); - - JSONObject result = new JSONObject(response.getContentAsString()); - + + String serverPath = "http://localhost:8081/share/"; + String acceptURL = "page/accept-invite"; + String rejectURL = "page/reject-invite"; + // set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation + String inviteeUserName = null; + JSONObject result = createNominatedInvitation(siteShortName, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName, + inviteeSiteRole, serverPath, acceptURL, rejectURL, expectedStatus); + return result; - } + } private JSONObject startInvite(String inviteeFirstName, String inviteeLastName, String inviteeSiteRole, String siteShortName, int expectedStatus) @@ -452,20 +441,64 @@ public class InviteServiceTest extends BaseWebScriptTest return startInvite(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeSiteRole, siteShortName, expectedStatus); } - - private JSONObject cancelInvite(String inviteId, String siteShortName, int expectedStatus) throws Exception - { - String cancelInviteUrl = URL_INVITE + "/" + INVITE_ACTION_CANCEL + "?inviteId=" + inviteId; - if (siteShortName != null && !siteShortName.isEmpty()) - { - cancelInviteUrl = cancelInviteUrl + "&siteShortName=" + siteShortName; - } - Response response = sendRequest(new GetRequest(cancelInviteUrl), expectedStatus); - ; - JSONObject result = new JSONObject(response.getContentAsString()); - - return result; - } + + private JSONObject cancelInvite(String inviteId, String siteShortName, int expectedStatus) throws Exception + { + return deleteInvitation(inviteId, siteShortName, expectedStatus); + } + + /** + * Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest + */ + JSONObject deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception + { + assertNotNull(invitationID); + assertNotNull(siteShortName); + assertFalse(invitationID.isEmpty()); + assertFalse(siteShortName.isEmpty()); + + Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus); + JSONObject jsonResponse = new JSONObject(response.getContentAsString()); + assertNotNull(jsonResponse); + return jsonResponse; + } + + /** + * Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest + */ + private JSONObject createNominatedInvitation(String siteName, String inviteeFirstName, String inviteeLastName, String inviteeEmail, + String inviteeUserName, String inviteeRoleName, String serverPath, String acceptURL, String rejectURL, int expectedStatus) + throws Exception + { + /* + * Create a new nominated invitation + */ + JSONObject newInvitation = new JSONObject(); + + newInvitation.put("invitationType", "NOMINATED"); + newInvitation.put("inviteeRoleName", inviteeRoleName); + if (inviteeUserName != null) + { + // nominate an existing user + newInvitation.put("inviteeUserName", inviteeUserName); + } + else + { + // nominate someone else + newInvitation.put("inviteeFirstName", inviteeFirstName); + newInvitation.put("inviteeLastName", inviteeLastName); + newInvitation.put("inviteeEmail", inviteeEmail); + } + newInvitation.put("serverPath", serverPath); + newInvitation.put("acceptURL", acceptURL); + newInvitation.put("rejectURL", rejectURL); + + Response response = sendRequest(new PostRequest(URL_SITES + "/" + siteName + "/invitations", newInvitation.toString(), "application/json"), + expectedStatus); + JSONObject result = new JSONObject(response.getContentAsString()); + + return result; + } private JSONObject rejectInvite(String inviteId, String inviteTicket, int expectedStatus) throws Exception { @@ -569,15 +602,15 @@ public class InviteServiceTest extends BaseWebScriptTest public void testStartInvite() throws Exception { JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); - - assertEquals(INVITE_ACTION_START, result.get("action")); - assertEquals(INVITEE_FIRSTNAME, result.get("inviteeFirstName")); - assertEquals(INVITEE_LASTNAME, result.get("inviteeLastName")); - assertEquals(this.inviteeEmailAddrs - .get(this.inviteeEmailAddrs.size() - 1), result - .get("inviteeEmail")); - assertEquals(SITE_SHORT_NAME_INVITE_1, result.get("siteShortName")); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); + JSONObject data = result.getJSONObject("data"); + JSONObject inviteeData = data.getJSONObject("invitee"); + + assertEquals(INVITEE_FIRSTNAME, inviteeData.get("firstName")); + assertEquals(INVITEE_LASTNAME, inviteeData.get("lastName")); + assertEquals(this.inviteeEmailAddrs.get(this.inviteeEmailAddrs.size() - 1), + inviteeData.get("email")); + assertEquals(SITE_SHORT_NAME_INVITE_1, data.get("resourceName")); } public void testStartInviteWhenInviteeIsAlreadyMemberOfSite() @@ -625,25 +658,13 @@ public class InviteServiceTest extends BaseWebScriptTest // Should go through startInvite(INVITEE_FIRSTNAME, "Belzebub", inviteeEmailAddr, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); // Should go through startInvite("Lucifer", INVITEE_LASTNAME, inviteeEmailAddr, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); } -// public void testStartInviteWhenAlreadyInProgress() -// throws Exception -// { -// JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, -// SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); -// -// String inviteeEmail = (String) result.get("inviteeEmail"); -// -// startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, -// SITE_SHORT_NAME_INVITE_1, Status.STATUS_CONFLICT); -// } -// public void testStartInviteForSameInviteeButTwoDifferentSites() throws Exception { @@ -660,34 +681,57 @@ public class InviteServiceTest extends BaseWebScriptTest } }, AuthenticationUtil.getSystemUserName()); - - JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); - - startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK); + + JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, + Status.STATUS_CREATED); + + startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED); } public void testCancelInvite() throws Exception { // inviter starts invite workflow JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); // get hold of invite ID of started invite - String inviteId = result.getString("inviteId"); + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); // Inviter cancels pending invitation - cancelInvite(inviteId, null, Status.STATUS_OK); - } + cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + } + + public void testCancelInviteWithDifferentSiteIDInRequest() throws Exception + { + // inviter starts invite workflow + JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); + + // get hold of invite ID of started invite + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); + + // Inviter cancels pending invitation but uses the wrong siteID in the request + cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_2, Status.STATUS_FORBIDDEN); + } + + public void testCancelInviteWithInvalidInviteID() throws Exception + { + // Inviter cancels pending invitation but user a wrong/invalid invidationID + cancelInvite("activiti$1019999", SITE_SHORT_NAME_INVITE_1, Status.STATUS_NOT_FOUND); + } public void testAcceptInvite() throws Exception { // inviter starts invite (sends out invitation) JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); - // get hold of invite ID and invite ticket of started invite - String inviteId = result.getString("inviteId"); - String inviteTicket = result.getString("inviteTicket"); + // get hold of invite ID and invite ticket of started invite + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); + String inviteTicket = data.getString("inviteTicket"); // Invitee accepts invitation to a Site from Inviter String acceptInviteUrl = URL_INVITE + "/" + inviteId + "/" + inviteTicket + "/accept"; @@ -718,11 +762,12 @@ public class InviteServiceTest extends BaseWebScriptTest { // inviter starts invite (sends out invitation) JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); - // get hold of invite ID of started invite - String inviteId = result.getString("inviteId"); - String inviteTicket = result.getString("inviteTicket"); + // get hold of invite ID of started invite + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); + String inviteTicket = data.getString("inviteTicket"); rejectInvite(inviteId, inviteTicket, Status.STATUS_OK); @@ -753,11 +798,12 @@ public class InviteServiceTest extends BaseWebScriptTest { // inviter starts invite (sends out invitation) JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE, - SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); - - String inviteId = result.getString("inviteId"); - String inviteTicket = result.getString("inviteTicket"); - String inviteeUserName = result.getString("inviteeUserName"); + SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); + + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); + String inviteTicket = data.getString("inviteTicket"); + String inviteeUserName = data.getString("inviteeUserName"); // get inviteInfo about invitation result = getInviteInfo(inviteId, inviteTicket, inviteeUserName); // get status of current invitation @@ -791,12 +837,12 @@ public class InviteServiceTest extends BaseWebScriptTest public void testGetInvitesByInviteId() throws Exception { // inviter starts invite workflow - JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + JSONObject result = startInvite(INVITEE_FIRSTNAME, + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); // get hold of workflow ID of started invite workflow instance - - String inviteId = startInviteResult.getString("inviteId"); + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); assertEquals(true, ((inviteId != null) && (inviteId.length() != 0))); @@ -815,7 +861,7 @@ public class InviteServiceTest extends BaseWebScriptTest { // inviter starts invite workflow startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); // get pending invites matching inviter user name used in invite started // above @@ -831,18 +877,17 @@ public class InviteServiceTest extends BaseWebScriptTest public void testGetInvitesByInviteeUserName() throws Exception { // inviter starts invite workflow - JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + JSONObject result = startInvite(INVITEE_FIRSTNAME, + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); - // get hold of invitee user name property of started invite workflow - // instance - String inviteeUserName = startInviteResult.getString("inviteeUserName"); + // get hold of invitee user name property of started invite workflow instance + JSONObject data = result.getJSONObject("data"); + String inviteeUserName = data.getString("inviteeUserName"); assertEquals(true, ((inviteeUserName != null) && (inviteeUserName .length() != 0))); - // get pending invites matching invitee user name from invite started - // above + // get pending invites matching invitee user name from invite started above JSONObject getInvitesResult = getInvitesByInviteeUserName( inviteeUserName, Status.STATUS_OK); @@ -856,18 +901,16 @@ public class InviteServiceTest extends BaseWebScriptTest public void testGetInvitesBySiteShortName() throws Exception { // inviter starts invite workflow - JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + JSONObject result = startInvite(INVITEE_FIRSTNAME, + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); - // get hold of site short name property of started invite workflow - // instance - String siteShortName = startInviteResult.getString("siteShortName"); + // get hold of site short name property of started invite workflow instance + JSONObject data = result.getJSONObject("data"); + String siteShortName = data.getString("resourceName"); - assertEquals(true, - ((siteShortName != null) && (siteShortName.length() != 0))); + assertEquals(true, ((siteShortName != null) && (siteShortName.length() != 0))); - // get pending invites matching site short name from invite started - // above + // get pending invites matching site short name from invite started above JSONObject getInvitesResult = getInvitesBySiteShortName(siteShortName, Status.STATUS_OK); @@ -890,27 +933,30 @@ public class InviteServiceTest extends BaseWebScriptTest { // inviter (who is Site Manager of the given site) starts invite workflow JSONObject result = startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_OK); + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_CREATED); // get hold of invite ID of started invite - String inviteId = result.getString("inviteId"); + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); // when inviter 2 (who is not Site Manager of the given site) tries to cancel invite // http status FORBIDDEN must be returned AuthenticationUtil.setFullyAuthenticatedUser(USER_INVITER_2); - cancelInvite(inviteId, null, Status.STATUS_FORBIDDEN); + //TODO cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN); + cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN); } public void testInviteeResourcesDeletedUponRejectWhenNoInvitePending() throws Exception { // inviter starts invite workflow JSONObject result = startInvite(INVITEE_FIRSTNAME, - INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); - // get hold of properties of started invite - String inviteId = result.getString("inviteId"); - String inviteTicket = result.getString("inviteTicket"); - final String inviteeUserName = result.getString("inviteeUserName"); + // get hold of properties of started invite + JSONObject data = result.getJSONObject("data"); + String inviteId = data.getString("inviteId"); + String inviteTicket = data.getString("inviteTicket"); + final String inviteeUserName = data.getString("inviteeUserName"); rejectInvite(inviteId, inviteTicket, Status.STATUS_OK); @@ -950,17 +996,19 @@ public class InviteServiceTest extends BaseWebScriptTest return null; } }, AuthenticationUtil.getSystemUserName()); + + // inviter invites invitee to site 1 + JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, + Status.STATUS_CREATED); - // inviter invites invitee to site 1 - JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); - - // get hold of properties of started invite - String invite1Id = result.getString("inviteId"); - String invite1Ticket = result.getString("inviteTicket"); - final String inviteeUserName = result.getString("inviteeUserName"); + // get hold of properties of started invite + JSONObject data = result.getJSONObject("data"); + String invite1Id = data.getString("inviteId"); + String invite1Ticket = data.getString("inviteTicket"); + final String inviteeUserName = data.getString("inviteeUserName"); // inviter invites invitee to site 2 - startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK); + startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED); rejectInvite(invite1Id, invite1Ticket, Status.STATUS_OK); @@ -1024,7 +1072,7 @@ public class InviteServiceTest extends BaseWebScriptTest // Try and add an existing person to the site with no email address // Should return bad request since the email address has not been provided - startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, 400); + startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_BAD_REQUEST); } public void testMNT9905() throws Exception @@ -1057,12 +1105,12 @@ public class InviteServiceTest extends BaseWebScriptTest { String manag = manager; - startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); siteService.setMembership(SITE_SHORT_NAME_INVITE_1, manag, SiteModel.SITE_MANAGER); } InviteServiceTest.this.authenticationComponent.setCurrentUser(managerUsersArr[0]); - JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); + JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED); siteService.setMembership(SITE_SHORT_NAME_INVITE_1, collaborator, SiteModel.SITE_COLLABORATOR); // get pending invites matching inviter user name used in invite started @@ -1098,8 +1146,9 @@ public class InviteServiceTest extends BaseWebScriptTest // 'InviterUser') assertEquals(4, siteUsers.size()); - // cancel invite different manager - String inviteId = (String) collInv.get("inviteId"); + // cancel invite different manager + JSONObject data = collInv.getJSONObject("data"); + String inviteId = (String) data.get("inviteId"); cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK); } finally diff --git a/source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java b/source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java index 5e5098db48..6d4858f3ff 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java @@ -1,28 +1,28 @@ -/* - * #%L - * Alfresco Remote API - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ +/* + * #%L + * Alfresco Remote API + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ package org.alfresco.repo.web.scripts.site; import java.io.Serializable; @@ -960,7 +960,7 @@ public class SiteServiceTest extends AbstractSiteServiceTest String rejectURL = "page/reject-invite"; authenticationService.setAuthenticationEnabled(username, false); - createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 500); + createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 409); fail("The user " + username + " is disabled and cannot be invited"); } catch (JSONException e)