inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.2) to HEAD (5.2)

Browse Source 
135255 arebegea: MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack
      - delete the script/org/alfresco/repository/invite/invite.get
      - use the alternatives: script/org/alfresco/repository/site/invitation/invitation.post and script/org/alfresco/repository/site/invitation/invitation.delete
      - updating the tests
      - updating the controller for the invitation.delete to a java controller
      - fix test fallout (SiteServiceTest testInviteDisabledUser - expected error status code)
      - improve security by allowing only invitationIDs that belong the the site passed as parameter to be canceled
      - be consistent and return 404 when an invitationID can not be found


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137384 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrei Rebegea
2017-06-14 17:02:29 +00:00
parent 99e41785ad
commit c1270defd1
12 changed files with 665 additions and 780 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/templates/webscripts/org/alfresco/repository/invitation/invitation.lib.ftl
View File

@@ -1,5 +1,5 @@
<#-- renders an invitation object which can be either a MODERATED or NOMINATED invitation-->
<#macro invitationJSON invitation avatars={"" : ""} >
<#macro invitationJSON invitation avatars={"" : ""} outputTicket=false >
<#escape x as jsonUtils.encodeJSONString(x)>
{
"inviteId": "${invitation.inviteId}",
@@ -19,6 +19,7 @@
<#-- Nominated invitation properties -->
<#if invitation.acceptURL??>"acceptURL": "${invitation.acceptURL}",</#if>
<#if invitation.rejectURL??>"rejectURL": "${invitation.rejectURL}",</#if>
<#if outputTicket && invitation.inviteTicket??>"inviteTicket": "${invitation.inviteTicket}",</#if>
<#if invitation.sentInviteDateAsISO8601??>
"sentInviteDate" :
{

10
config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.desc.xml
View File

@@ -1,10 +0,0 @@
<webscript>
<shortname>Process invite</shortname>
<description>Processes Inviter actions ('start' or 'cancel' invite)</description>
<url>/api/invite/start?inviteeFirstName={inviteeFirstName}&amp;inviteeLastName={inviteeLastName}&amp;inviteeEmail={inviteeEmailAddress}&amp;inviteeUserName={inviteeUserName?}&amp;siteShortName={siteShortName}&amp;inviteeSiteRole={inviteeSiteRole}&amp;serverPath={serverPath}&amp;acceptUrl={acceptUrl}&amp;rejectUrl={rejectUrl}</url>
<url>/api/invite/cancel?inviteId={inviteId}&amp;siteShortName={siteShortName}</url>
<format default="json"/>
<authentication>user</authentication>
<transaction>required</transaction>
<lifecycle>deprecated</lifecycle>
</webscript>

26
config/alfresco/templates/webscripts/org/alfresco/repository/invite/invite.get.json.ftl
View File

@@ -1,26 +0,0 @@
<#escape x as jsonUtils.encodeJSONString(x)>
{
"action" : "${action}",
<#if inviteId??>
"inviteId" : "${inviteId}",
</#if>
<#if inviteTicket??>
"inviteTicket" : "${inviteTicket}",
</#if>
<#if inviteeUserName??>
"inviteeUserName" : "${inviteeUserName}",
</#if>
<#if inviteeFirstName??>
"inviteeFirstName" : "${inviteeFirstName}",
</#if>
<#if inviteeLastName??>
"inviteeLastName" : "${inviteeLastName}",
</#if>
<#if inviteeEmail??>
"inviteeEmail" : "${inviteeEmail}",
</#if>
<#if siteShortName??>
"siteShortName" : "${siteShortName}"
</#if>
}
</#escape>

33
config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.delete.js
View File

@@ -1,33 +0,0 @@
/**
* Cancel invitation for a web site
*/
function main()
{
// Get the url values
var urlElements = url.extension.split("/");
var shortName = urlElements[0];
var inviteId = urlElements[2];
// Get the site
var site = siteService.getSite(shortName);
if (site == null)
{
// Site cannot be found
status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist.");
return;
}
// Need to cancel an invitation here
var invitation = site.getInvitation(inviteId);
if (invitation == null)
{
// Site cannot be found
status.setCode(status.STATUS_NOT_FOUND, "The invitation :" + inviteId + " for web site :" + shortName + ", does not exist.");
return;
}
// Cancel the invitation
invitation.cancel();
}
main();

2
config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.ftl
View File

@@ -1,5 +1,5 @@
<#-- Create / Post / Invitation -->
<#import "../../invitation/invitation.lib.ftl" as invitationLib/>
{
"data":<@invitationLib.invitationJSON invitation=invitation />
"data":<@invitationLib.invitationJSON invitation=invitation outputTicket=true/>
}

224
config/alfresco/templates/webscripts/org/alfresco/repository/site/invitation/invitation.post.json.js
View File

@@ -3,131 +3,135 @@
*/
function main()
{
var invitation = null;
var invitation = null;
// Get the web site site
var shortName = url.extension.split("/")[0];
var site = siteService.getSite(shortName);
if (site == null)
{
// Site cannot be found
status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist.");
return;
}
var shortName = url.extension.split("/")[0];
var site = siteService.getSite(shortName);
if (site == null)
{
// Site cannot be found
status.setCode(status.STATUS_NOT_FOUND, "The site " + shortName + " does not exist.");
return;
}
if (!json.has("invitationType"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has not been set.");
return;
}
if (!json.has("invitationType"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has not been set.");
return;
}
// Get the role
var invitationType = json.get("invitationType");
if (invitationType == null || invitationType.length == 0)
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType is null or empty.");
return;
}
var invitationType = json.get("invitationType");
if (invitationType == null || invitationType.length == 0)
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType is null or empty.");
return;
}
if (!invitationType.match("[MODERATED]|[NOMINATED]"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has does not have a correct value.");
return;
}
if (!invitationType.match("[MODERATED]|[NOMINATED]"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The invitationType has does not have a correct value.");
return;
}
if (invitationType == "MODERATED")
{
// Check mandatory parameters
if (!json.has("inviteeRoleName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set.");
return;
}
try
{
if (invitationType == "MODERATED")
{
// Check mandatory parameters and values
if (isNotDefinedOrEmpty(json, "inviteeRoleName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set.");
return;
}
if (isNotDefinedOrEmpty(json, "inviteeUserName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeUserName has not been set.");
return;
}
var inviteeComments = json.get("inviteeComments");
if (inviteeComments == null)
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeComments has not been set.");
return;
}
if (!json.has("inviteeUserName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeUserName has not been set.");
return;
}
var inviteeRoleName = json.get("inviteeRoleName");
var inviteeUserName = json.get("inviteeUserName");
var inviteeComments = json.get("inviteeComments");
// Get the role
var inviteeRoleName = json.get("inviteeRoleName");
if (inviteeRoleName == null || inviteeRoleName == "")
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set.");
return;
}
invitation = site.inviteModerated(inviteeComments, inviteeUserName, inviteeRoleName);
}
var inviteeComments = json.get("inviteeComments");
if (inviteeComments == null)
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeComments has not been set.");
return;
}
if (invitationType == "NOMINATED")
{
// Check mandatory parameters and values
if (isNotDefinedOrEmpty(json, "inviteeRoleName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set.");
return;
}
var inviteeRoleName = json.get("inviteeRoleName");
var acceptUrl = json.get("acceptURL");
var rejectUrl = json.get("rejectURL");
var inviteeUserName = json.get("inviteeUserName");
if (inviteeUserName == null || inviteeUserName == "")
{
status.setCode(status.STATUS_BAD_REQUEST, "The userName has not been set.");
return;
}
// Get the optional properties
if (json.has("inviteeUserName") && json.get("inviteeUserName") && json.get("inviteeUserName").trim() != "")
{
invitation = site.inviteNominated(json.get("inviteeUserName"), inviteeRoleName, acceptUrl, rejectUrl);
} else
{
// Get mandatory properties
if (isNotDefinedOrEmpty(json, "inviteeFirstName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeFirstName has not been set.");
return;
}
if (isNotDefinedOrEmpty(json, "inviteeLastName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeLastName has not been set.");
return;
}
if (isNotDefinedOrEmpty(json, "inviteeEmail"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeEmail has not been set.");
return;
}
invitation = site.inviteModerated(inviteeComments, inviteeUserName, inviteeRoleName);
}
var inviteeFirstName = json.get("inviteeFirstName");
var inviteeLastName = json.get("inviteeLastName");
var inviteeEmail = json.get("inviteeEmail");
invitation = site.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeRoleName, acceptUrl,
rejectUrl);
}
}
if (invitationType == "NOMINATED")
{
// Get mandatory properties
if (!json.has("inviteeRoleName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName has not been set.");
return;
}
var inviteeRoleName = json.get("inviteeRoleName");
if (inviteeRoleName == null || inviteeRoleName == "")
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeRoleName is null or empty.");
return;
}
var acceptUrl = json.get("acceptURL");
var rejectUrl = json.get("rejectURL");
// Pass the model to the results template
model.site = site;
model.invitation = invitation;
// Get the optional properties
if (json.has("inviteeUserName") && json.get("inviteeUserName") != "")
{
invitation = site.inviteNominated(json.get("inviteeUserName"), inviteeRoleName, acceptUrl, rejectUrl);
}
else
{
// Get mandatory properties
if (!json.has("inviteeFirstName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeFirstName has not been set.");
return;
}
if (!json.has("inviteeLastName"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeLastName has not been set.");
return;
}
if (!json.has("inviteeEmail"))
{
status.setCode(status.STATUS_BAD_REQUEST, "The inviteeEmail has not been set.");
return;
}
status.code = status.STATUS_CREATED;
} catch (e)
{
if (e.message && e.message.indexOf("org.alfresco.service.cmr.invitation.InvitationExceptionUserError") == 0)
{
e.code = status.STATUS_CONFLICT;
} else if (e.message && e.message.indexOf("org.alfresco.service.cmr.invitation.InvitationExceptionForbidden") == 0)
{
e.code = status.STATUS_FORBIDDEN;
} else
{
e.code = 500;
e.message = e.message + "Unexpected error occurred during starting invitation";
}
throw e;
}
}
var inviteeFirstName = json.get("inviteeFirstName") ;
var inviteeLastName = json.get("inviteeLastName") ;
var inviteeEmail = json.get("inviteeEmail") ;
invitation = site.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeRoleName, acceptUrl, rejectUrl);
}
}
// Pass the model to the results template
model.site = site;
model.invitation = invitation;
status.code = status.STATUS_CREATED;
function isNotDefinedOrEmpty(json, key)
{
return (!json.has(key) || (json.get(key) == null || json.get(key).trim().length() == 0))
}
main();

22
config/alfresco/web-scripts-application-context.xml
View File

@@ -485,17 +485,6 @@
<!-- Invite Service REST API -->
<!-- -->
<!-- -->
<!-- Invite Web Script - Invoked by a Site Manager (Inviter) to either invite another person (Invitee) to -->
<!-- join a Site as a Site Collaborator, or to cancel a pending invitation that has already been sent out -->
<!-- -->
<bean id="webscript.org.alfresco.repository.invite.invite.get"
class="org.alfresco.repo.web.scripts.invite.Invite"
parent="webscript">
<property name="invitationService" ref="InvitationService"/>
<property name="siteService" ref="SiteService"/>
</bean>
<!-- -->
<!-- Invite Accept/Reject Web Script - accepts or rejects a pending invite -->
<!-- -->
@@ -536,6 +525,17 @@
<property name="tenantService" ref="tenantService"/>
</bean>
<!-- -->
<!-- Controller for the org.alfresco.repository.site.invitation.invitation.delete webscript -->
<!-- Used to cancel invitations -->
<!-- -->
<bean id="webscript.org.alfresco.repository.site.invitation.invitation.delete"
class="org.alfresco.repo.web.scripts.invitation.InvitationDelete"
parent="webscript">
<property name="invitationService" ref="InvitationService"/>
<property name="siteService" ref="SiteService"/>
</bean>
<!-- -->
<!-- Site Service REST API -->
<!-- -->

159
source/java/org/alfresco/repo/web/scripts/invitation/InvitationDelete.java Normal file
View File

@@ -0,0 +1,159 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.invitation;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.service.cmr.invitation.Invitation;
import org.alfresco.service.cmr.invitation.InvitationExceptionForbidden;
import org.alfresco.service.cmr.invitation.InvitationService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* Cancel invitation for a web site; This is the controller for the
* org/alfresco/repository/site/invitation/invitation.delete.desc.xml webscript
*/
public class InvitationDelete extends DeclarativeWebScript
{
// services
private InvitationService invitationService;
private SiteService siteService;
public void setInvitationService(InvitationService invitationService)
{
this.invitationService = invitationService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
Map<String, Object> model = new HashMap<String, Object>();
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
final String siteShortName = templateVars.get("shortname");
final String invitationId = templateVars.get("invitationId");
validateParameters(siteShortName, invitationId);
try
{
// MNT-9905 Pending Invites created by one site manager aren't visible to other site managers
String currentUser = AuthenticationUtil.getRunAsUser();
if (siteShortName != null && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser)))
{
RunAsWork<Void> runAsSystem = new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
checkAndCancelTheInvitation(invitationId, siteShortName);
return null;
}
};
AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName());
}
else
{
checkAndCancelTheInvitation(invitationId, siteShortName);
}
}
catch (InvitationExceptionForbidden fe)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow", fe);
}
catch (AccessDeniedException ade)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow", ade);
}
return model;
}
private void validateParameters(String siteShortName, String invitationId)
{
if ((invitationId == null) || (invitationId.length() == 0))
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid invitation id provided");
}
SiteInfo site = siteService.getSite(siteShortName);
if (site == null)
{
throw new WebScriptException(Status.STATUS_NOT_FOUND, "Invalid site id provided");
}
}
protected void checkAndCancelTheInvitation(final String invId, String siteShortName)
{
Invitation invitation = null;
try
{
invitation = invitationService.getInvitation(invId);
}
catch (org.alfresco.service.cmr.invitation.InvitationExceptionNotFound ienf)
{
throwInvitationNotFoundException(invId, siteShortName);
}
if (invitation == null)
{
throwInvitationNotFoundException(invId, siteShortName);
}
// check that this invitation really belongs to the specified siteShortName
if (invitation != null && invitation.getResourceName() != null && !siteShortName.equals(invitation.getResourceName()))
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow");
}
invitationService.cancel(invId);
}
protected void throwInvitationNotFoundException(final String invId, String siteShortName)
{
throw new WebScriptException(Status.STATUS_NOT_FOUND,
"The invitation :" + invId + " for web site :" + siteShortName + ", does not exist.");
}
}

324
source/java/org/alfresco/repo/web/scripts/invite/Invite.java
View File

@@ -1,324 +0,0 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.invite;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.service.cmr.invitation.Invitation;
import org.alfresco.service.cmr.invitation.InvitationExceptionForbidden;
import org.alfresco.service.cmr.invitation.InvitationExceptionUserError;
import org.alfresco.service.cmr.invitation.InvitationService;
import org.alfresco.service.cmr.invitation.NominatedInvitation;
import org.alfresco.service.cmr.site.SiteService;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* Web Script invoked by a Site Manager (Inviter) to either send
* (action='start') an invitation to a another person (Invitee) to join a Site
* as a Site Collaborator, or to cancel (action='cancel') a pending invitation
* that has already been sent out
*
* @author glen dot johnson at alfresco dot com
*/
public class Invite extends DeclarativeWebScript
{
private static final String ACTION_START = "start";
private static final String ACTION_CANCEL = "cancel";
private static final String MODEL_PROP_KEY_ACTION = "action";
private static final String MODEL_PROP_KEY_INVITE_ID = "inviteId";
private static final String MODEL_PROP_KEY_INVITE_TICKET = "inviteTicket";
private static final String MODEL_PROP_KEY_INVITEE_USER_NAME = "inviteeUserName";
private static final String MODEL_PROP_KEY_INVITEE_FIRSTNAME = "inviteeFirstName";
private static final String MODEL_PROP_KEY_INVITEE_LASTNAME = "inviteeLastName";
private static final String MODEL_PROP_KEY_INVITEE_EMAIL = "inviteeEmail";
private static final String MODEL_PROP_KEY_SITE_SHORT_NAME = "siteShortName";
private static final String MODEL_PROP_KEY_INVITEE_USERNAME = "inviteeUserName";
// URL request parameter names
private static final String PARAM_INVITEE_FIRSTNAME = "inviteeFirstName";
private static final String PARAM_INVITEE_LASTNAME = "inviteeLastName";
private static final String PARAM_INVITEE_EMAIL = "inviteeEmail";
private static final String PARAM_SITE_SHORT_NAME = "siteShortName";
private static final String PARAM_INVITE_ID = "inviteId";
private static final String PARAM_INVITEE_SITE_ROLE = "inviteeSiteRole";
private static final String PARAM_SERVER_PATH = "serverPath";
private static final String PARAM_ACCEPT_URL = "acceptUrl";
private static final String PARAM_REJECT_URL = "rejectUrl";
// services
private InvitationService invitationService;
private SiteService siteService;
public void setInvitationService(InvitationService invitationService)
{
this.invitationService = invitationService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
/*
* (non-Javadoc)
*
* @see
* org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco
* .web.scripts.WebScriptRequest,
* org.alfresco.web.scripts.WebScriptResponse)
*/
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
// initialise model to pass on for template to render
Map<String, Object> model = new HashMap<String, Object>();
// extract action string from URL
String servicePath = req.getServicePath();
String action = null;
int actionStartIndex = servicePath.lastIndexOf("/") + 1;
if (actionStartIndex <= servicePath.length() - 1)
{
action = servicePath.substring(actionStartIndex, servicePath
.length());
}
// check that the action has been provided on the URL
// and that URL parameters have been provided
if ((action == null) || (action.length() == 0))
{
// handle action not provided on URL
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"Action has not been provided in URL");
}
// handle no parameters given on URL
if ((req.getParameterNames() == null) || (req.getParameterNames().length == 0))
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"No parameters have been provided on URL");
}
// handle action 'start'
if (action.equals(ACTION_START))
{
// check for 'inviteeFirstName' parameter not provided
String inviteeFirstName = req.getParameter(PARAM_INVITEE_FIRSTNAME);
if ((inviteeFirstName == null) || (inviteeFirstName.trim().length() == 0))
{
// handle inviteeFirstName URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'inviteeFirstName' parameter "
+ "has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'inviteeLastName' parameter not provided
String inviteeLastName = req.getParameter(PARAM_INVITEE_LASTNAME);
if ((inviteeLastName == null) || (inviteeLastName.trim().length() == 0))
{
// handle inviteeLastName URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'inviteeLastName' parameter "
+ "has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'inviteeEmail' parameter not provided
String inviteeEmail = req.getParameter(PARAM_INVITEE_EMAIL);
if ((inviteeEmail == null) || (inviteeEmail.trim().length() == 0))
{
// handle inviteeEmail URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'inviteeEmail' parameter "
+ "has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'siteShortName' parameter not provided
String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME);
if ((siteShortName == null) || (siteShortName.trim().length() == 0))
{
// handle siteShortName URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'siteShortName' parameter "
+ "has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'inviteeSiteRole' parameter not provided
String inviteeSiteRole = req.getParameter(PARAM_INVITEE_SITE_ROLE);
if ((inviteeSiteRole == null) || (inviteeSiteRole.trim().length() == 0))
{
// handle inviteeSiteRole URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'inviteeSiteRole' parameter has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'serverPath' parameter not provided
String serverPath = req.getParameter(PARAM_SERVER_PATH);
if ((serverPath == null) || (serverPath.trim().length() == 0))
{
// handle serverPath URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'serverPath' parameter has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'acceptUrl' parameter not provided
String acceptUrl = req.getParameter(PARAM_ACCEPT_URL);
if ((acceptUrl == null) || (acceptUrl.trim().length() == 0))
{
// handle acceptUrl URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'acceptUrl' parameter has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for 'rejectUrl' parameter not provided
String rejectUrl = req.getParameter(PARAM_REJECT_URL);
if ((rejectUrl == null) || (rejectUrl.trim().length() == 0))
{
// handle rejectUrl URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'rejectUrl' parameter has not been provided in URL for action '"
+ ACTION_START + "'");
}
// check for the invitee user name (if present)
String inviteeUserName = req.getParameter(MODEL_PROP_KEY_INVITEE_USERNAME);
NominatedInvitation newInvite = null;
try
{
if (inviteeUserName != null)
{
newInvite = invitationService.inviteNominated(inviteeUserName, Invitation.ResourceType.WEB_SITE, siteShortName, inviteeSiteRole, acceptUrl, rejectUrl);
}
else
{
newInvite = invitationService.inviteNominated(inviteeFirstName, inviteeLastName, inviteeEmail, Invitation.ResourceType.WEB_SITE, siteShortName, inviteeSiteRole, acceptUrl, rejectUrl);
}
// add model properties for template to render
model.put(MODEL_PROP_KEY_ACTION, ACTION_START);
model.put(MODEL_PROP_KEY_INVITE_ID, newInvite.getInviteId());
model.put(MODEL_PROP_KEY_INVITE_TICKET, newInvite.getTicket());
model.put(MODEL_PROP_KEY_INVITEE_USER_NAME, newInvite.getInviteeUserName());
model.put(MODEL_PROP_KEY_INVITEE_FIRSTNAME, inviteeFirstName);
model.put(MODEL_PROP_KEY_INVITEE_LASTNAME, inviteeLastName);
model.put(MODEL_PROP_KEY_INVITEE_EMAIL, inviteeEmail);
model.put(MODEL_PROP_KEY_SITE_SHORT_NAME, siteShortName);
}
catch (InvitationExceptionUserError ie)
{
throw new WebScriptException(Status.STATUS_CONFLICT, ie.getMessage());
}
catch (InvitationExceptionForbidden fe)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, fe.toString());
}
// process action 'start' with provided parameters
//startInvite(model, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName, siteShortName, inviteeSiteRole, serverPath, acceptUrl, rejectUrl);
}
// else handle if provided 'action' is 'cancel'
else if (action.equals(ACTION_CANCEL))
{
// check for 'inviteId' parameter not provided
String inviteId = req.getParameter(PARAM_INVITE_ID);
if ((inviteId == null) || (inviteId.length() == 0))
{
// handle inviteId URL parameter not provided
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"'inviteId' parameter has "
+ "not been provided in URL for action '"
+ ACTION_CANCEL + "'");
}
// process action 'cancel' with provided parameters
try
{
//MNT-9905 Pending Invites created by one site manager aren't visible to other site managers
String currentUser = AuthenticationUtil.getRunAsUser();
String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME);
if (siteShortName != null && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser)))
{
final String invId = inviteId;
RunAsWork<Void> runAsSystem = new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
invitationService.cancel(invId);
return null;
}
};
AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName());
}
else
{
invitationService.cancel(inviteId);
}
// add model properties for template to render
model.put(MODEL_PROP_KEY_ACTION, ACTION_CANCEL);
model.put(MODEL_PROP_KEY_INVITE_ID, inviteId);
}
catch(InvitationExceptionForbidden fe)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow" , fe);
}
catch(AccessDeniedException ade)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Unable to cancel workflow" , ade);
}
}
// handle action not recognised
else
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Action, '"
+ action + "', "
+ "provided in URL has not been recognised.");
}
return model;
}
}

65
source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java
View File

@@ -25,6 +25,8 @@
*/
package org.alfresco.repo.web.scripts.invitation;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -565,6 +567,69 @@ public class InvitationWebScriptTest extends BaseWebScriptTest
return inviteId;
}
public void testDeleteInvitation() throws Exception
{
String nominatedId = null;
String shortNameSiteA = GUID.generate();
// Create a site where the action will take place
createSite("myPreset", shortNameSiteA, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
// create an invitation for an external user
{
String inviteeFirstName = "Buffy" + GUID.generate();
String inviteeLastName = "Summers";
String inviteeEmail = "inviteeVA3Rtu@alfrescotesting.com";
// set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation
String inviteeUserName = null;
String serverPath = "http://localhost:8081/share/";
String acceptURL = "page/accept-invite";
String rejectURL = "page/reject-invite";
// Create an external nominated invitation on SiteA
nominatedId = createNominatedInvitation(shortNameSiteA, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName,
SiteModel.SITE_COLLABORATOR, serverPath, acceptURL, rejectURL);
}
// search for all invitations to site A: one nominated should be found for user Buffy... Summers
{
JSONArray data = queryCurrentInvitationList(shortNameSiteA);
assertEquals("Wrong number of invitations!", 1, data.length());
JSONObject nominatedInv = getInvitation(nominatedId, data);
assertNotNull("Nominated invitation to Site A not present!", nominatedInv);
}
// now delete it
deleteInvitation(nominatedId, shortNameSiteA, 200);
// list the pending invitations and check that it is empty
{
JSONArray data = queryCurrentInvitationList(shortNameSiteA);
assertEquals("Wrong number of invitations!", 0, data.length());
JSONObject nominatedInv = getInvitation(nominatedId, data);
assertNull("Nominated invitation to Site A present!", nominatedInv);
}
// deleting the invitation was successful
}
private JSONArray queryCurrentInvitationList(String shortNameSiteA) throws IOException, JSONException, UnsupportedEncodingException
{
String allSiteAUrl = URL_SITES + "/" + shortNameSiteA + "/invitations";
Response response = sendRequest(new GetRequest(allSiteAUrl), 200);
JSONObject top = new JSONObject(response.getContentAsString());
return top.getJSONArray("data");
}
void deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception
{
assertNotNull(invitationID);
assertNotNull(siteShortName);
assertFalse(invitationID.isEmpty());
assertFalse(siteShortName.isEmpty());
Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus);
assertNotNull(new JSONObject(response.getContentAsString()));
}
private String createModeratedInvitation(String siteName, String inviteeComments, String inviteeUserName,
String inviteeRoleName) throws Exception
{

267
source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java
View File

@@ -25,14 +25,12 @@
*/
package org.alfresco.repo.web.scripts.invite;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.action.executer.MailActionExecuter;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.invitation.InvitationServiceImpl;
import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation;
import org.alfresco.repo.invitation.script.ScriptInvitationService;
@@ -47,11 +45,9 @@ import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.repo.workflow.activiti.ActivitiConstants;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
@@ -60,7 +56,6 @@ import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
import org.alfresco.service.cmr.workflow.WorkflowInstance;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
@@ -69,10 +64,9 @@ import org.json.JSONArray;
import org.json.JSONObject;
import org.junit.Test;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.ClassPathResource;
import org.springframework.extensions.surf.util.URLEncoder;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.TestWebScriptServer;
import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest;
@@ -86,7 +80,6 @@ import org.springframework.extensions.webscripts.TestWebScriptServer.Response;
public class InviteServiceTest extends BaseWebScriptTest
{
// member variables for service instances
private AuthorityService authorityService;
private MutableAuthenticationService authenticationService;
private AuthenticationComponent authenticationComponent;
private PersonService personService;
@@ -94,7 +87,6 @@ public class InviteServiceTest extends BaseWebScriptTest
private NodeService nodeService;
private WorkflowService workflowService;
private MutableAuthenticationDao mutableAuthenticationDao;
private NamespaceService namespaceService;
private TransactionService transactionService;
private NodeArchiveService nodeArchiveService;
private InvitationServiceImpl invitationServiceImpl;
@@ -122,8 +114,7 @@ public class InviteServiceTest extends BaseWebScriptTest
private static final String URL_INVITE = "/api/invite";
private static final String URL_INVITES = "/api/invites";
private static final String INVITE_ACTION_START = "start";
private static final String INVITE_ACTION_CANCEL = "cancel";
private static final String URL_SITES = "/api/sites";
@Override
protected void setUp() throws Exception
@@ -137,7 +128,6 @@ public class InviteServiceTest extends BaseWebScriptTest
AuthenticationUtil.clearCurrentSecurityContext();
// get references to services
this.authorityService = (AuthorityService) getServer().getApplicationContext().getBean("AuthorityService");
this.authenticationService = (MutableAuthenticationService) getServer().getApplicationContext()
.getBean("AuthenticationService");
this.authenticationComponent = (AuthenticationComponent) getServer().getApplicationContext()
@@ -148,15 +138,12 @@ public class InviteServiceTest extends BaseWebScriptTest
this.workflowService = (WorkflowService) getServer().getApplicationContext().getBean("WorkflowService");
this.mutableAuthenticationDao = (MutableAuthenticationDao) getServer().getApplicationContext()
.getBean("authenticationDao");
this.namespaceService = (NamespaceService) getServer().getApplicationContext().getBean("NamespaceService");
this.transactionService = (TransactionService) getServer().getApplicationContext()
.getBean("TransactionService");
this.nodeArchiveService = (NodeArchiveService)getServer().getApplicationContext().getBean("nodeArchiveService");
this.invitationServiceImpl = (InvitationServiceImpl) getServer().getApplicationContext().getBean("invitationService");
ScriptInvitationService scriptInvitationService = (ScriptInvitationService) getServer().getApplicationContext().getBean("invitationServiceScript");
scriptInvitationService.setSiteService(this.siteService);
Invite invite = (Invite) getServer().getApplicationContext().getBean("webscript.org.alfresco.repository.invite.invite.get");
invite.setSiteService(this.siteService);
configureMailExecutorForTestMode(this.getServer());
@@ -334,8 +321,16 @@ public class InviteServiceTest extends BaseWebScriptTest
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class,
InviteServiceTest.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME));
// delete person
deletePersonByUserName(userName);
try
{
// delete person
deletePersonByUserName(userName);
}
catch (Exception exp)
{
//sometimes, when running single tests, not all users are initialized properly
exp.printStackTrace();
}
}
}
@@ -425,19 +420,13 @@ public class InviteServiceTest extends BaseWebScriptTest
{
this.inviteeEmailAddrs.add(inviteeEmail);
// Inviter sends invitation to Invitee to join a Site
String startInviteUrl = URL_INVITE + "/" + INVITE_ACTION_START
+ "?inviteeFirstName=" + inviteeFirstName + "&inviteeLastName="
+ inviteeLastName + "&inviteeEmail="
+ URLEncoder.encode(inviteeEmail) + "&siteShortName="
+ siteShortName + "&inviteeSiteRole=" + inviteeSiteRole
+ "&serverPath=" + "http://localhost:8081/share/"
+ "&acceptUrl=" + "page/accept-invite"
+ "&rejectUrl=" + "page/reject-invite";
Response response = sendRequest(new GetRequest(startInviteUrl), expectedStatus);
JSONObject result = new JSONObject(response.getContentAsString());
String serverPath = "http://localhost:8081/share/";
String acceptURL = "page/accept-invite";
String rejectURL = "page/reject-invite";
// set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation
String inviteeUserName = null;
JSONObject result = createNominatedInvitation(siteShortName, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName,
inviteeSiteRole, serverPath, acceptURL, rejectURL, expectedStatus);
return result;
}
@@ -455,13 +444,57 @@ public class InviteServiceTest extends BaseWebScriptTest
private JSONObject cancelInvite(String inviteId, String siteShortName, int expectedStatus) throws Exception
{
String cancelInviteUrl = URL_INVITE + "/" + INVITE_ACTION_CANCEL + "?inviteId=" + inviteId;
if (siteShortName != null && !siteShortName.isEmpty())
return deleteInvitation(inviteId, siteShortName, expectedStatus);
}
/**
* Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest
*/
JSONObject deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception
{
assertNotNull(invitationID);
assertNotNull(siteShortName);
assertFalse(invitationID.isEmpty());
assertFalse(siteShortName.isEmpty());
Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus);
JSONObject jsonResponse = new JSONObject(response.getContentAsString());
assertNotNull(jsonResponse);
return jsonResponse;
}
/**
* Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest
*/
private JSONObject createNominatedInvitation(String siteName, String inviteeFirstName, String inviteeLastName, String inviteeEmail,
String inviteeUserName, String inviteeRoleName, String serverPath, String acceptURL, String rejectURL, int expectedStatus)
throws Exception
{
/*
* Create a new nominated invitation
*/
JSONObject newInvitation = new JSONObject();
newInvitation.put("invitationType", "NOMINATED");
newInvitation.put("inviteeRoleName", inviteeRoleName);
if (inviteeUserName != null)
{
cancelInviteUrl = cancelInviteUrl + "&siteShortName=" + siteShortName;
// nominate an existing user
newInvitation.put("inviteeUserName", inviteeUserName);
}
Response response = sendRequest(new GetRequest(cancelInviteUrl), expectedStatus);
;
else
{
// nominate someone else
newInvitation.put("inviteeFirstName", inviteeFirstName);
newInvitation.put("inviteeLastName", inviteeLastName);
newInvitation.put("inviteeEmail", inviteeEmail);
}
newInvitation.put("serverPath", serverPath);
newInvitation.put("acceptURL", acceptURL);
newInvitation.put("rejectURL", rejectURL);
Response response = sendRequest(new PostRequest(URL_SITES + "/" + siteName + "/invitations", newInvitation.toString(), "application/json"),
expectedStatus);
JSONObject result = new JSONObject(response.getContentAsString());
return result;
@@ -569,15 +602,15 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testStartInvite() throws Exception
{
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
JSONObject data = result.getJSONObject("data");
JSONObject inviteeData = data.getJSONObject("invitee");
assertEquals(INVITE_ACTION_START, result.get("action"));
assertEquals(INVITEE_FIRSTNAME, result.get("inviteeFirstName"));
assertEquals(INVITEE_LASTNAME, result.get("inviteeLastName"));
assertEquals(this.inviteeEmailAddrs
.get(this.inviteeEmailAddrs.size() - 1), result
.get("inviteeEmail"));
assertEquals(SITE_SHORT_NAME_INVITE_1, result.get("siteShortName"));
assertEquals(INVITEE_FIRSTNAME, inviteeData.get("firstName"));
assertEquals(INVITEE_LASTNAME, inviteeData.get("lastName"));
assertEquals(this.inviteeEmailAddrs.get(this.inviteeEmailAddrs.size() - 1),
inviteeData.get("email"));
assertEquals(SITE_SHORT_NAME_INVITE_1, data.get("resourceName"));
}
public void testStartInviteWhenInviteeIsAlreadyMemberOfSite()
@@ -625,25 +658,13 @@ public class InviteServiceTest extends BaseWebScriptTest
// Should go through
startInvite(INVITEE_FIRSTNAME, "Belzebub", inviteeEmailAddr, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// Should go through
startInvite("Lucifer", INVITEE_LASTNAME, inviteeEmailAddr, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
}
// public void testStartInviteWhenAlreadyInProgress()
// throws Exception
// {
// JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
// SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
//
// String inviteeEmail = (String) result.get("inviteeEmail");
//
// startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE,
// SITE_SHORT_NAME_INVITE_1, Status.STATUS_CONFLICT);
// }
//
public void testStartInviteForSameInviteeButTwoDifferentSites()
throws Exception
{
@@ -661,33 +682,56 @@ public class InviteServiceTest extends BaseWebScriptTest
}, AuthenticationUtil.getSystemUserName());
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1,
Status.STATUS_CREATED);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED);
}
public void testCancelInvite() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// Inviter cancels pending invitation
cancelInvite(inviteId, null, Status.STATUS_OK);
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
}
public void testCancelInviteWithDifferentSiteIDInRequest() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// Inviter cancels pending invitation but uses the wrong siteID in the request
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_2, Status.STATUS_FORBIDDEN);
}
public void testCancelInviteWithInvalidInviteID() throws Exception
{
// Inviter cancels pending invitation but user a wrong/invalid invidationID
cancelInvite("activiti$1019999", SITE_SHORT_NAME_INVITE_1, Status.STATUS_NOT_FOUND);
}
public void testAcceptInvite() throws Exception
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID and invite ticket of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
// Invitee accepts invitation to a Site from Inviter
String acceptInviteUrl = URL_INVITE + "/" + inviteId + "/" + inviteTicket + "/accept";
@@ -718,11 +762,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
rejectInvite(inviteId, inviteTicket, Status.STATUS_OK);
@@ -753,11 +798,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
String inviteeUserName = result.getString("inviteeUserName");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
String inviteeUserName = data.getString("inviteeUserName");
// get inviteInfo about invitation
result = getInviteInfo(inviteId, inviteTicket, inviteeUserName);
// get status of current invitation
@@ -791,12 +837,12 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesByInviteId() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of workflow ID of started invite workflow instance
String inviteId = startInviteResult.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
assertEquals(true, ((inviteId != null) && (inviteId.length() != 0)));
@@ -815,7 +861,7 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite workflow
startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get pending invites matching inviter user name used in invite started
// above
@@ -831,18 +877,17 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesByInviteeUserName() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invitee user name property of started invite workflow
// instance
String inviteeUserName = startInviteResult.getString("inviteeUserName");
// get hold of invitee user name property of started invite workflow instance
JSONObject data = result.getJSONObject("data");
String inviteeUserName = data.getString("inviteeUserName");
assertEquals(true, ((inviteeUserName != null) && (inviteeUserName
.length() != 0)));
// get pending invites matching invitee user name from invite started
// above
// get pending invites matching invitee user name from invite started above
JSONObject getInvitesResult = getInvitesByInviteeUserName(
inviteeUserName, Status.STATUS_OK);
@@ -856,18 +901,16 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesBySiteShortName() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of site short name property of started invite workflow
// instance
String siteShortName = startInviteResult.getString("siteShortName");
// get hold of site short name property of started invite workflow instance
JSONObject data = result.getJSONObject("data");
String siteShortName = data.getString("resourceName");
assertEquals(true,
((siteShortName != null) && (siteShortName.length() != 0)));
assertEquals(true, ((siteShortName != null) && (siteShortName.length() != 0)));
// get pending invites matching site short name from invite started
// above
// get pending invites matching site short name from invite started above
JSONObject getInvitesResult = getInvitesBySiteShortName(siteShortName,
Status.STATUS_OK);
@@ -890,27 +933,30 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter (who is Site Manager of the given site) starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// when inviter 2 (who is not Site Manager of the given site) tries to cancel invite
// http status FORBIDDEN must be returned
AuthenticationUtil.setFullyAuthenticatedUser(USER_INVITER_2);
cancelInvite(inviteId, null, Status.STATUS_FORBIDDEN);
//TODO cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
}
public void testInviteeResourcesDeletedUponRejectWhenNoInvitePending() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of properties of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
final String inviteeUserName = result.getString("inviteeUserName");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
final String inviteeUserName = data.getString("inviteeUserName");
rejectInvite(inviteId, inviteTicket, Status.STATUS_OK);
@@ -952,15 +998,17 @@ public class InviteServiceTest extends BaseWebScriptTest
}, AuthenticationUtil.getSystemUserName());
// inviter invites invitee to site 1
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1,
Status.STATUS_CREATED);
// get hold of properties of started invite
String invite1Id = result.getString("inviteId");
String invite1Ticket = result.getString("inviteTicket");
final String inviteeUserName = result.getString("inviteeUserName");
JSONObject data = result.getJSONObject("data");
String invite1Id = data.getString("inviteId");
String invite1Ticket = data.getString("inviteTicket");
final String inviteeUserName = data.getString("inviteeUserName");
// inviter invites invitee to site 2
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED);
rejectInvite(invite1Id, invite1Ticket, Status.STATUS_OK);
@@ -1024,7 +1072,7 @@ public class InviteServiceTest extends BaseWebScriptTest
// Try and add an existing person to the site with no email address
// Should return bad request since the email address has not been provided
startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, 400);
startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_BAD_REQUEST);
}
public void testMNT9905() throws Exception
@@ -1057,12 +1105,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
String manag = manager;
startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
siteService.setMembership(SITE_SHORT_NAME_INVITE_1, manag, SiteModel.SITE_MANAGER);
}
InviteServiceTest.this.authenticationComponent.setCurrentUser(managerUsersArr[0]);
JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
siteService.setMembership(SITE_SHORT_NAME_INVITE_1, collaborator, SiteModel.SITE_COLLABORATOR);
// get pending invites matching inviter user name used in invite started
@@ -1099,7 +1147,8 @@ public class InviteServiceTest extends BaseWebScriptTest
assertEquals(4, siteUsers.size());
// cancel invite different manager
String inviteId = (String) collInv.get("inviteId");
JSONObject data = collInv.getJSONObject("data");
String inviteId = (String) data.get("inviteId");
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
}
finally

2
source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java
View File

@@ -960,7 +960,7 @@ public class SiteServiceTest extends AbstractSiteServiceTest
String rejectURL = "page/reject-invite";
authenticationService.setAuthenticationEnabled(username, false);
createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 500);
createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 409);
fail("The user " + username + " is disabled and cannot be invited");
}
catch (JSONException e)