diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml index e7cf19c2dd..9892172cee 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml @@ -341,6 +341,7 @@ FILE_PLAN + RECORD RECORD_CATEGORY RECORD_FOLDER UNFILED_RECORD_CONTAINER @@ -758,7 +759,7 @@ - + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java index 80514a902f..89fed24298 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java @@ -57,12 +57,12 @@ import org.springframework.extensions.surf.util.I18NUtil; /** * File plan service implementation. - * + * * @author Roy Wetherall * @since 2.1 */ public class FilePlanServiceImpl extends ServiceBaseImpl - implements FilePlanService, + implements FilePlanService, RecordsManagementModel { /** I18N */ @@ -74,61 +74,61 @@ public class FilePlanServiceImpl extends ServiceBaseImpl private final static String MSG_CONTAINER_PARENT_TYPE= "rm.service.container-parent-type"; private final static String MSG_CONTAINER_TYPE = "rm.service.container-type"; private final static String MSG_CONTAINER_EXPECTED = "rm.service.container-expected"; - + /** File plan containers */ private static final String NAME_UNFILED_CONTAINER = "Unfiled Records"; private static final String NAME_HOLD_CONTAINER = "Holds"; private static final String NAME_TRANSFER_CONTAINER = "Transfers"; - + /** RM site file plan container */ private static final String FILE_PLAN_CONTAINER = "documentLibrary"; - + /** root container cache */ private SimpleCache, NodeRef> rootContainerCache; - + /** - * NOTE: for some reason spring couldn't cope with the circular references between these two + * NOTE: for some reason spring couldn't cope with the circular references between these two * beans so we need to grab this one manually. - * + * * @return file plan role service */ protected FilePlanRoleService getFilePlanRoleService() { - return (FilePlanRoleService)applicationContext.getBean("FilePlanRoleService"); + return (FilePlanRoleService)applicationContext.getBean("FilePlanRoleService"); } - + /** * @return permission service */ protected PermissionService getPermissionService() { - return (PermissionService)applicationContext.getBean("permissionService"); + return (PermissionService)applicationContext.getBean("permissionService"); } - + /** * @return node DAO */ protected NodeDAO getNodeDAO() { - return (NodeDAO)applicationContext.getBean("nodeDAO"); + return (NodeDAO)applicationContext.getBean("nodeDAO"); } - + /** * @return internal node service */ protected NodeService getInternalNodeService() { - return (NodeService)applicationContext.getBean("nodeService"); + return (NodeService)applicationContext.getBean("nodeService"); } - + /** * @return site service */ protected SiteService getSiteService() { - return (SiteService)applicationContext.getBean("SiteService"); + return (SiteService)applicationContext.getBean("SiteService"); } - + /** * @return record service */ @@ -136,7 +136,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return (RecordService)applicationContext.getBean("RecordService"); } - + /** * @return record folder service */ @@ -144,7 +144,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return (RecordFolderService)applicationContext.getBean("RecordFolderService"); } - + /** * @return freeze service */ @@ -152,7 +152,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return (FreezeService)applicationContext.getBean("FreezeService"); } - + /** * @return records management service */ @@ -160,7 +160,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return (RecordsManagementService)applicationContext.getBean("RecordsManagementService"); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans() */ @@ -169,15 +169,15 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getFilePlans(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE); } - + /** * @param rootContainerCache root container cache */ - public void setRootContainerCache(SimpleCache, NodeRef> rootContainerCache) + public void setRootContainerCache(SimpleCache, NodeRef> rootContainerCache) { this.rootContainerCache = rootContainerCache; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans(org.alfresco.service.cmr.repository.StoreRef) */ @@ -185,35 +185,35 @@ public class FilePlanServiceImpl extends ServiceBaseImpl public Set getFilePlans(final StoreRef storeRef) { ParameterCheck.mandatory("storeRef", storeRef); - + final Set results = new HashSet(); Set aspects = new HashSet(1); aspects.add(ASPECT_RECORDS_MANAGEMENT_ROOT); getNodeDAO().getNodesWithAspects(aspects, Long.MIN_VALUE, Long.MAX_VALUE, new NodeDAO.NodeRefQueryCallback() - { + { @Override public boolean handle(Pair nodePair) { NodeRef nodeRef = nodePair.getSecond(); if (storeRef.equals(nodeRef.getStoreRef()) == true) - { + { results.add(nodeRef); } - + return true; } }); return results; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlanBySiteId(java.lang.String) */ @Override public NodeRef getFilePlanBySiteId(String siteId) { - NodeRef filePlan = null; - + NodeRef filePlan = null; + SiteInfo siteInfo = getSiteService().getSite(siteId); if (siteInfo != null) { @@ -226,10 +226,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl } } } - + return filePlan; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#existsUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -237,8 +237,8 @@ public class FilePlanServiceImpl extends ServiceBaseImpl public boolean existsUnfiledContainer(NodeRef filePlan) { return (getUnfiledContainer(filePlan) != null); - } - + } + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -247,7 +247,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getFilePlanRootContainer(filePlan, NAME_UNFILED_CONTAINER); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getHoldContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -256,7 +256,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getFilePlanRootContainer(filePlan, NAME_HOLD_CONTAINER); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getTransferContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -265,10 +265,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getFilePlanRootContainer(filePlan, NAME_TRANSFER_CONTAINER); } - + /** * Get the file root container for the given type. - * + * * @param filePlan file plan * @param containerName container type * @return {@link NodeRef} file plan container @@ -283,7 +283,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl NodeRef result = null; Pair key = new Pair(filePlan, containerName); - + if (!rootContainerCache.contains(key)) { // try and get the unfiled record container @@ -302,18 +302,18 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { result = rootContainerCache.get(key); } - + return result; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) */ public NodeRef createUnfiledContainer(NodeRef filePlan) - { + { return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createHoldContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -322,7 +322,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createTransferContainer(org.alfresco.service.cmr.repository.NodeRef) */ @@ -331,9 +331,9 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER); } - + /** - * + * * @param filePlan * @param containerType * @param containerName @@ -347,9 +347,9 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { throw new AlfrescoRuntimeException("Unable to create file plan root container, because passed node is not a file plan."); } - + String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan); - + // create the properties map Map properties = new HashMap(1); properties.put(ContentModel.PROP_NAME, containerName); @@ -362,7 +362,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl containerType, properties).getChildRef(); - + // if (inheritPermissions == false) // { // set inheritance to false @@ -370,8 +370,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); - getPermissionService().setPermission(container, "Administrator", RMPermissionModel.FILING, true); - + // TODO set the admin users to have filing permissions on the unfiled container!!! // TODO we will need to be able to get a list of the admin roles from the service // } @@ -384,7 +383,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl return container; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map) */ @@ -393,21 +392,21 @@ public class FilePlanServiceImpl extends ServiceBaseImpl ParameterCheck.mandatory("parent", parent); ParameterCheck.mandatory("name", name); ParameterCheck.mandatory("type", type); - + // Check the parent is not already an RM component node // ie: you can't create a rm root in an existing rm hierarchy if (isFilePlanComponent(parent) == true) { throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_DUP_ROOT)); } - + // Check that the passed type is a sub-type of rma:filePlan if (TYPE_FILE_PLAN.equals(type) == false && dictionaryService.isSubClass(type, TYPE_FILE_PLAN) == false) { throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_ROOT_TYPE, type.toString())); } - + // Build map of properties Map rmRootProps = new HashMap(1); if (properties != null && properties.size() != 0) @@ -415,7 +414,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl rmRootProps.putAll(properties); } rmRootProps.put(ContentModel.PROP_NAME, name); - + // Create the root ChildAssociationRef assocRef = nodeService.createNode( parent, @@ -423,12 +422,12 @@ public class FilePlanServiceImpl extends ServiceBaseImpl QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, name), type, rmRootProps); - + // TODO do we need to create role and security groups or is this done automatically? - + return assocRef.getChildRef(); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map) */ @@ -436,7 +435,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createFilePlan(parent, name, TYPE_FILE_PLAN, properties); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @@ -444,7 +443,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createFilePlan(parent, name, TYPE_FILE_PLAN, null); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName) */ @@ -453,7 +452,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createFilePlan(parent, name, type, null); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getNodeRefPath(org.alfresco.service.cmr.repository.NodeRef) */ @@ -470,7 +469,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl } return nodeRefPath; } - + /** * Helper method to build a NodeRef path from the node to the RM root */ @@ -500,7 +499,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl getNodeRefPathRecursive(nodeRef, nodeRefPath); } } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map) */ @@ -509,7 +508,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl ParameterCheck.mandatory("parent", parent); ParameterCheck.mandatory("name", name); ParameterCheck.mandatory("type", type); - + // Check that the parent is a container QName parentType = nodeService.getType(parent); if (TYPE_RECORDS_MANAGEMENT_CONTAINER.equals(parentType) == false && @@ -517,14 +516,14 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_PARENT_TYPE, parentType.toString())); } - + // Check that the the provided type is a sub-type of rm:recordCategory if (TYPE_RECORD_CATEGORY.equals(type) == false && dictionaryService.isSubClass(type, TYPE_RECORD_CATEGORY) == false) { throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_TYPE, type.toString())); } - + // Set the properties for the record category Map props = new HashMap(1); if (properties != null && properties.size() != 0) @@ -532,7 +531,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl props.putAll(properties); } props.put(ContentModel.PROP_NAME, name); - + return nodeService.createNode( parent, ContentModel.ASSOC_CONTAINS, @@ -540,7 +539,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl type, props).getChildRef(); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @@ -548,7 +547,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map) */ @@ -556,7 +555,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY, properties); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName) */ @@ -564,7 +563,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return createRecordCategory(parent, name, type, null); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef) */ @@ -573,7 +572,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getAllContained(container, false); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef, boolean) */ @@ -582,25 +581,25 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getContained(container, null, deep); } - + /** * Get contained nodes of a particular type. If null return all. - * + * * @param container container node reference * @param typeFilter type filter, null if none * @return {@link List}<{@link NodeRef> list of contained node references */ private List getContained(NodeRef container, QName typeFilter, boolean deep) - { + { // Parameter check ParameterCheck.mandatory("container", container); - + // Check we have a container in our hands if (isRecordCategory(container) == false) { throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_EXPECTED)); } - + List result = new ArrayList(1); List assocs = this.nodeService.getChildAssocs(container, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); for (ChildAssociationRef assoc : assocs) @@ -613,7 +612,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { result.add(child); } - + // Inspect the containers and add children if deep if (deep == true && (TYPE_RECORD_CATEGORY.equals(childType) == true || @@ -622,10 +621,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl result.addAll(getContained(child, typeFilter, deep)); } } - + return result; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef) */ @@ -634,7 +633,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getContainedRecordCategories(container, false); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef, boolean) */ @@ -643,7 +642,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getContained(container, TYPE_RECORD_CATEGORY, deep); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef) */ @@ -652,7 +651,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { return getContainedRecordFolders(container, false); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef, boolean) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java index e821ab5e19..83deaeabcc 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java @@ -18,6 +18,8 @@ */ package org.alfresco.module.org_alfresco_module_rm.security; +import static org.apache.commons.lang.BooleanUtils.isTrue; + import java.util.HashSet; import java.util.List; import java.util.Set; @@ -48,7 +50,7 @@ import org.apache.commons.logging.LogFactory; /** * File plan permission service. - * + * * @author Roy Wetherall * @since 2.1 */ @@ -64,16 +66,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl /** Records management service */ protected RecordsManagementService recordsManagementService; - + /** File plan service */ protected FilePlanService filePlanService; - + /** Record service */ protected RecordService recordService; /** Logger */ protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); - + /** * Initialisation method */ @@ -88,23 +90,23 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl TYPE_RECORD_FOLDER, new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT)); policyComponent.bindClassBehaviour( - NodeServicePolicies.OnAddAspectPolicy.QNAME, - ASPECT_RECORD, + NodeServicePolicies.OnAddAspectPolicy.QNAME, + ASPECT_RECORD, new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT)); policyComponent.bindClassBehaviour( - NodeServicePolicies.OnMoveNodePolicy.QNAME, - ASPECT_RECORD, + NodeServicePolicies.OnMoveNodePolicy.QNAME, + ASPECT_RECORD, new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT)); policyComponent.bindClassBehaviour( - NodeServicePolicies.OnCreateNodePolicy.QNAME, - TYPE_HOLD, + NodeServicePolicies.OnCreateNodePolicy.QNAME, + TYPE_HOLD, new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); policyComponent.bindClassBehaviour( - NodeServicePolicies.OnCreateNodePolicy.QNAME, - TYPE_TRANSFER, + NodeServicePolicies.OnCreateNodePolicy.QNAME, + TYPE_TRANSFER, new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); } - + /** * @param permissionService permission service */ @@ -112,7 +114,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { this.permissionService = permissionService; } - + /** * @param nodeService node service */ @@ -120,7 +122,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { this.nodeService = nodeService; } - + /** * @param policyComponent policy component */ @@ -128,7 +130,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { this.policyComponent = policyComponent; } - + /** * @param recordsManagementService records management service */ @@ -136,7 +138,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { this.recordsManagementService = recordsManagementService; } - + /** * @param filePlanService file plan service */ @@ -144,7 +146,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { this.filePlanService = filePlanService; } - + /** * @param recordService record service */ @@ -156,48 +158,46 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl /** * @param childAssocRef */ - public void onCreateRMContainer(ChildAssociationRef childAssocRef) + public void onCreateRMContainer(final ChildAssociationRef childAssocRef) { - final NodeRef recordCategory = childAssocRef.getChildRef(); - setUpPermissions(recordCategory); - // Pull any permissions found on the parent (ie the record category) final NodeRef parentNodeRef = childAssocRef.getParentRef(); - if (parentNodeRef != null && nodeService.exists(parentNodeRef) == true) + if (parentNodeRef != null && nodeService.exists(parentNodeRef)) { AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { public Object doWork() { - boolean fillingOnly = false; - if (filePlanService.isFilePlan(parentNodeRef) == true) - { - fillingOnly = true; - } + NodeRef recordCategory = childAssocRef.getChildRef(); + boolean isParentNodeFilePlan = filePlanService.isFilePlan(parentNodeRef); + setUpPermissions(recordCategory, isParentNodeFilePlan); // since this is not a root category, inherit from parent - Set perms = permissionService.getAllSetPermissions(parentNodeRef); - for (AccessPermission perm : perms) + if (isParentNodeFilePlan) { - if (fillingOnly == false || - RMPermissionModel.FILING.equals(perm.getPermission()) == true) + Set perms = permissionService.getAllSetPermissions(parentNodeRef); + for (AccessPermission perm : perms) { - AccessStatus accessStatus = perm.getAccessStatus(); - boolean allow = false; - if (AccessStatus.ALLOWED.equals(accessStatus) == true) + if (RMPermissionModel.FILING.equals(perm.getPermission())) { - allow = true; + AccessStatus accessStatus = perm.getAccessStatus(); + boolean allow = false; + if (AccessStatus.ALLOWED.equals(accessStatus)) + { + allow = true; + } + permissionService.setPermission( + recordCategory, + perm.getAuthority(), + perm.getPermission(), + allow); } - permissionService.setPermission( - recordCategory, - perm.getAuthority(), - perm.getPermission(), - allow); } } return null; } + }, AuthenticationUtil.getSystemUserName()); } } @@ -208,13 +208,14 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl public void onCreateRecordFolder(ChildAssociationRef childAssocRef) { final NodeRef folderNodeRef = childAssocRef.getChildRef(); - + // initialise the permissions setUpPermissions(folderNodeRef); // Pull any permissions found on the parent (ie the record category) final NodeRef catNodeRef = childAssocRef.getParentRef(); - if (nodeService.exists(catNodeRef) == true) + if (!permissionService.getInheritParentPermissions(folderNodeRef) && + nodeService.exists(catNodeRef)) { AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { @@ -223,8 +224,8 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl Set perms = permissionService.getAllSetPermissions(catNodeRef); for (AccessPermission perm : perms) { - if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && - ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) + if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) && + !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority())) { AccessStatus accessStatus = perm.getAccessStatus(); boolean allow = false; @@ -245,12 +246,12 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl }, AuthenticationUtil.getSystemUserName()); } } - + /** * Sets ups records permission when aspect is added. - * + * * @see NodeServicePolicies.OnAddAspectPolicy#onAddAspect(NodeRef, QName) - * + * * @param record * @param aspectTypeQName */ @@ -262,18 +263,18 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true) { - NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef(); + NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef(); initialiseRecordPermissions(record, recordFolder); } return null; } - }, AuthenticationUtil.getSystemUserName()); + }, AuthenticationUtil.getSystemUserName()); } - + /** * Sets up permissions for transfer and hold objects - * + * * @param childAssocRef */ public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef) @@ -286,7 +287,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl if (nodeService.exists(nodeRef) == true) { setUpPermissions(nodeRef); - + NodeRef parent = childAssocRef.getParentRef(); Set perms = permissionService.getAllSetPermissions(parent); for (AccessPermission perm : perms) @@ -308,49 +309,51 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl } } } - + return null; } }); } - + /** * Initialise the record permissions for the given parent. - * + * * NOTE: method is public so it can be accessed via the associated patch bean. - * - * @param record record + * + * @param record record * @param parent records permission parent */ public void initialiseRecordPermissions(NodeRef record, NodeRef parent) { setUpPermissions(record); - - Set perms = permissionService.getAllSetPermissions(parent); - for (AccessPermission perm : perms) + + if (!permissionService.getInheritParentPermissions(record)) { - if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && - ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) + Set perms = permissionService.getAllSetPermissions(parent); + for (AccessPermission perm : perms) { - AccessStatus accessStatus = perm.getAccessStatus(); - boolean allow = false; - if (AccessStatus.ALLOWED.equals(accessStatus) == true) + if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) && + !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority())) { - allow = true; + AccessStatus accessStatus = perm.getAccessStatus(); + boolean allow = false; + if (AccessStatus.ALLOWED.equals(accessStatus) == true) + { + allow = true; + } + permissionService.setPermission( + record, + perm.getAuthority(), + perm.getPermission(), + allow); } - permissionService.setPermission( - record, - perm.getAuthority(), - perm.getPermission(), - allow); } } - } - + /** * onMoveRecord behaviour - * + * * @param sourceAssocRef source association reference * @param destinationAssocRef destination association reference */ @@ -364,7 +367,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true) { Set keepPerms = new HashSet(5); - + // record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent) Set origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef()); Set origionalRecordPerms= permissionService.getAllSetPermissions(record); @@ -374,7 +377,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) { if ((perm.getPermission().equals(RMPermissionModel.FILING) == true || - perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) && + perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) && origionalParentPerms.contains(perm) == false) { // then we can assume this is a permission we want to preserve @@ -382,20 +385,20 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl } } } - + // clear all existing permissions and start again permissionService.deletePermissions(record); - + // re-setup the records permissions initialiseRecordPermissions(record, destinationAssocRef.getParentRef()); - + // re-add keep'er permissions for (AccessPermission keeper : keepPerms) { setPermission(record, keeper.getAuthority(), keeper.getPermission()); } } - + return null; } }, AuthenticationUtil.getSystemUserName()); @@ -407,14 +410,19 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl */ public void setUpPermissions(final NodeRef nodeRef) { - if (nodeService.exists(nodeRef) == true) + setUpPermissions(nodeRef, null); + } + + private void setUpPermissions(final NodeRef nodeRef, final Boolean isParentNodeFilePlan) + { + if (nodeService.exists(nodeRef)) { AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { public Object doWork() { // break inheritance - permissionService.setInheritParentPermissions(nodeRef, false); + permissionService.setInheritParentPermissions(nodeRef, isInheritanceAllowed(nodeRef, isParentNodeFilePlan)); // set extended reader permissions permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); @@ -424,7 +432,12 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl } }, AuthenticationUtil.getSystemUserName()); } - } + } + + private boolean isInheritanceAllowed(NodeRef nodeRef, Boolean isParentNodeFilePlan) + { + return !(isFilePlan(nodeRef) || isHold(nodeRef) || isTransfer(nodeRef) || (isRecordCategory(nodeRef) && isTrue(isParentNodeFilePlan))); + } /** * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, boolean) @@ -439,20 +452,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { public Boolean doWork() throws Exception { - if (filePlanService.isFilePlan(nodeRef) == true) + if (filePlanService.isFilePlan(nodeRef) || + filePlanService.isFilePlanContainer(nodeRef) || + recordsManagementService.isRecordFolder(nodeRef) || + recordService.isRecord(nodeRef)) { - setPermissionDown(nodeRef, authority, permission); - } - else if (filePlanService.isFilePlanContainer(nodeRef) == true || - recordsManagementService.isRecordFolder(nodeRef) == true || - recordService.isRecord(nodeRef) == true) - { - setReadPermissionUp(nodeRef, authority); setPermissionDown(nodeRef, authority, permission); } else { - if (logger.isWarnEnabled() == true) + if (logger.isWarnEnabled()) { logger.warn("Setting permissions for this node is not supported. (nodeRef=" + nodeRef + ", authority=" + authority + ", permission=" + permission + ")"); } @@ -463,38 +472,6 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl }, AuthenticationUtil.getSystemUserName()); } - /** - * Helper method to set the read permission up the hierarchy - * - * @param nodeRef node reference - * @param authority authority - */ - private void setReadPermissionUp(NodeRef nodeRef, String authority) - { - NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); - if (parent != null && filePlanService.isFilePlanComponent(parent) == true) - { - setReadPermissionUpImpl(parent, authority); - } - } - - /** - * Helper method used to set the read permission up the hierarchy - * - * @param nodeRef node reference - * @param authority authority - */ - private void setReadPermissionUpImpl(NodeRef nodeRef, String authority) - { - setPermissionImpl(nodeRef, authority, RMPermissionModel.READ_RECORDS); - - NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); - if (parent != null && filePlanService.isFilePlanComponent(parent) == true) - { - setReadPermissionUpImpl(parent, authority); - } - } - /** * Helper method to set the permission down the hierarchy * @@ -504,27 +481,25 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl */ private void setPermissionDown(NodeRef nodeRef, String authority, String permission) { + // set permissions + setPermissionImpl(nodeRef, authority, permission); + // skip out node's that inherit (for example hold and transfer) - if (permissionService.getInheritParentPermissions(nodeRef) == false) + if (!permissionService.getInheritParentPermissions(nodeRef) && + (filePlanService.isFilePlanContainer(nodeRef) || + recordsManagementService.isRecordFolder(nodeRef))) { - // set permissions - setPermissionImpl(nodeRef, authority, permission); - - if (filePlanService.isFilePlanContainer(nodeRef) == true || - recordsManagementService.isRecordFolder(nodeRef) == true) - { - List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef assoc : assocs) + List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef assoc : assocs) + { + NodeRef child = assoc.getChildRef(); + if (filePlanService.isFilePlanContainer(child) || + recordsManagementService.isRecordFolder(child) || + recordService.isRecord(child) || + instanceOf(child, TYPE_HOLD) || + instanceOf(child, TYPE_TRANSFER)) { - NodeRef child = assoc.getChildRef(); - if (filePlanService.isFilePlanContainer(child) == true || - recordsManagementService.isRecordFolder(child) == true || - recordService.isRecord(child) == true || - instanceOf(child, TYPE_HOLD) == true || - instanceOf(child, TYPE_TRANSFER) == true) - { - setPermissionDown(child, authority, permission); - } + setPermissionDown(child, authority, permission); } } } @@ -557,27 +532,25 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl { public Boolean doWork() throws Exception { + // Delete permission on this node + permissionService.deletePermission(nodeRef, authority, permission); + // can't delete permissions if inherited (eg hold and transfer containers) - if (permissionService.getInheritParentPermissions(nodeRef) == false) + if (!permissionService.getInheritParentPermissions(nodeRef) && + (filePlanService.isFilePlanContainer(nodeRef) || + recordsManagementService.isRecordFolder(nodeRef))) { - // Delete permission on this node - permissionService.deletePermission(nodeRef, authority, permission); - - if (filePlanService.isFilePlanContainer(nodeRef) == true || - recordsManagementService.isRecordFolder(nodeRef) == true) + List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef assoc : assocs) { - List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef assoc : assocs) + NodeRef child = assoc.getChildRef(); + if (filePlanService.isFilePlanContainer(child) || + recordsManagementService.isRecordFolder(child) || + recordService.isRecord(child)|| + instanceOf(child, TYPE_HOLD) || + instanceOf(child, TYPE_TRANSFER)) { - NodeRef child = assoc.getChildRef(); - if (filePlanService.isFilePlanContainer(child) == true || - recordsManagementService.isRecordFolder(child) == true || - recordService.isRecord(child) == true|| - instanceOf(child, TYPE_HOLD) == true || - instanceOf(child, TYPE_TRANSFER) == true) - { - deletePermission(child, authority, permission); - } + deletePermission(child, authority, permission); } } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java index 72a8e4e268..3510702189 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java @@ -28,7 +28,7 @@ import org.springframework.extensions.webscripts.GUID; /** * File plan permission service unit test - * + * * @author Roy Wetherall * @since 2.1 */ @@ -42,16 +42,16 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase { return true; } - + /** * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest() */ @Override protected boolean isRecordTest() { - return true; + return true; } - + /** * Helper to create test user */ @@ -69,7 +69,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase } }, AuthenticationUtil.getSystemUserName()); } - + /** * Helper to set permission */ @@ -83,9 +83,9 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase filePlanPermissionService.setPermission(nodeRef, userName, permission); return null; } - }); + }); } - + /** * Helper to delete permission */ @@ -99,17 +99,17 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase filePlanPermissionService.deletePermission(nodeRef, userName, permission); return null; } - }); + }); } - + /** * test set/delete permissions on file plan */ public void testSetDeletePermissionFilePlan() throws Exception { String userName = createTestUser(); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -118,10 +118,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file - + setPermission(filePlan, userName, RMPermissionModel.FILING); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan file AccessStatus.ALLOWED, // category read @@ -130,10 +130,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file - + deletePermission(filePlan, userName, RMPermissionModel.FILING); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -142,12 +142,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file - + //what happens if we try and remove READ for a normal user on the file plan ??? deletePermission(filePlan, userName, RMPermissionModel.READ_RECORDS); - + // nothing .. user still has read on file plan .. only removing the user from all roles will remove read on file plan - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -157,15 +157,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file } - + /** * Test set/delete permission on record categorty */ public void testSetDeletePermissionRecordCategory() throws Exception { String userName = createTestUser(); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -174,10 +174,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file - + setPermission(rmContainer, userName, RMPermissionModel.FILING); - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.ALLOWED, // category read @@ -186,10 +186,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file - + deletePermission(rmContainer, userName, RMPermissionModel.FILING); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -199,15 +199,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file } - + /** * Test set/delete permission on record folder */ public void testSetDeletePermissionRecordFolder() throws Exception { String userName = createTestUser(); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -216,40 +216,40 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file - + setPermission(rmFolder, userName, RMPermissionModel.FILING); - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file - + deletePermission(rmFolder, userName, RMPermissionModel.FILING); - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file } - + /** * Test set/delete permission on record */ public void testSetDeletePermissionRecord() throws Exception { String userName = createTestUser(); - - assertPermissions(userName, + + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -258,48 +258,48 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file - + setPermission(recordOne, userName, RMPermissionModel.FILING); - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file - AccessStatus.ALLOWED, // record folder read + AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file - + deletePermission(recordOne, userName, RMPermissionModel.FILING); - assertPermissions(userName, + assertPermissions(userName, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file - AccessStatus.ALLOWED, // record folder read + AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record read AccessStatus.DENIED); // record file } - + public void testMoveRecord() throws Exception { String userOne = createTestUser(); String userTwo = createTestUser(); String userThree = createTestUser(); - + final NodeRef otherFolder = doTestInTransaction(new Test() { @Override public NodeRef run() { - return rmService.createRecordFolder(rmContainer, "otherFolder"); + return rmService.createRecordFolder(rmContainer, "otherFolder"); } }); - - assertPermissions(userOne, + + assertPermissions(userOne, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -318,7 +318,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userOne); - assertPermissions(userTwo, + assertPermissions(userTwo, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -337,7 +337,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userTwo); - assertPermissions(userThree, + assertPermissions(userThree, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // category read @@ -356,15 +356,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userThree); - + setPermission(rmFolder, userOne, RMPermissionModel.FILING); setPermission(otherFolder, userTwo, RMPermissionModel.FILING); setPermission(recordOne, userThree, RMPermissionModel.FILING); - - assertPermissions(userOne, + + assertPermissions(userOne, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder file @@ -380,10 +380,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userOne); - assertPermissions(userTwo, + assertPermissions(userTwo, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file @@ -399,12 +399,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userTwo); - assertPermissions(userThree, + assertPermissions(userThree, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file - AccessStatus.ALLOWED, // record folder read + AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file @@ -418,7 +418,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userThree); - + // move the record! doTestInTransaction(new Test() { @@ -429,11 +429,11 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }); - - assertPermissions(userOne, + + assertPermissions(userOne, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder file @@ -449,10 +449,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userOne); - assertPermissions(userTwo, + assertPermissions(userTwo, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file @@ -468,12 +468,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase return null; } }, userTwo); - assertPermissions(userThree, + assertPermissions(userThree, AccessStatus.ALLOWED, // fileplan read AccessStatus.DENIED, // fileplan file - AccessStatus.ALLOWED, // category read + AccessStatus.DENIED, // category read AccessStatus.DENIED, // category file - AccessStatus.ALLOWED, // record folder read + AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder file AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED); // record file @@ -482,43 +482,43 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase @Override public Void run() { - assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS)); + assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING)); return null; } }, userThree); - + } - - + + /** * Helper to assert permissions for passed user */ private void assertPermissions(final String userName, final AccessStatus ... accessStatus) { assertEquals(8, accessStatus.length); - + doTestInTransaction(new Test() { @Override public Void run() { - assertEquals("Everyone who has a role has read permissions on the file plan", + assertEquals("Everyone who has a role has read permissions on the file plan", accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING)); - + assertEquals(accessStatus[2], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[3], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING)); - + assertEquals(accessStatus[4], permissionService.hasPermission(rmFolder, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[5], permissionService.hasPermission(rmFolder, RMPermissionModel.FILING)); - + assertEquals(accessStatus[6], permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[7], permissionService.hasPermission(recordOne, RMPermissionModel.FILING)); - + return null; } }, userName); } - + }