inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACS-3364 Add permission handling to linkedToBy. (#1425)

Browse Source
This commit is contained in:
Tom Page
2022-09-21 15:18:30 +01:00
committed by GitHub
parent e0844d72e1
commit c4d432b136
5 changed files with 75 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java
View File

@@ -354,7 +354,7 @@ public class GetRuleSetsTests extends RestTest
RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel(); RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel();
ruleSetLink.setId(ruleFolder.getNodeRef()); ruleSetLink.setId(ruleFolder.getNodeRef());
coreAPIForUser().usingNode(publicFolder).createRuleLink(ruleSetLink); coreAPIForUser().usingNode(publicFolder).createRuleLink(ruleSetLink);
coreAPIForUser().usingNode(privateFolder).createRuleLink(ruleSetLink); coreAPIForAdmin().usingNode(privateFolder).createRuleLink(ruleSetLink);
STEP("Get the rule set and linkedToBy field"); STEP("Get the rule set and linkedToBy field");
RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder) RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)

13
remote-api/src/main/java/org/alfresco/rest/api/impl/rules/RuleSetLoader.java
View File

@@ -30,7 +30,6 @@ import static org.alfresco.rest.api.model.rules.InclusionType.LINKED;
import static org.alfresco.rest.api.model.rules.InclusionType.OWNED; import static org.alfresco.rest.api.model.rules.InclusionType.OWNED;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.rest.api.model.rules.RuleSet; import org.alfresco.rest.api.model.rules.RuleSet;
@@ -93,12 +92,7 @@ public class RuleSetLoader
} }
if (includes.contains(LINKED_TO_BY)) if (includes.contains(LINKED_TO_BY))
{ {
List<NodeRef> linkedToBy = nodeService.getParentAssocs(ruleSetNodeRef) ruleSet.setLinkedToBy(loadLinkedToBy(ruleSetNodeRef));
.stream()
.map(ChildAssociationRef::getParentRef)
.filter(folder -> !folder.equals(parentRef))
.collect(Collectors.toList());
ruleSet.setLinkedToBy(linkedToBy);
} }
if (includes.contains(IS_INHERITED)) if (includes.contains(IS_INHERITED))
{ {
@@ -113,6 +107,11 @@ public class RuleSetLoader
return ruleService.getFoldersInheritingRuleSet(ruleSetNodeRef, MAX_INHERITED_BY_SIZE); return ruleService.getFoldersInheritingRuleSet(ruleSetNodeRef, MAX_INHERITED_BY_SIZE);
} }
private List<NodeRef> loadLinkedToBy(NodeRef ruleSetNodeRef)
{
return ruleService.getFoldersLinkingToRuleSet(ruleSetNodeRef);
}
private boolean loadIsInherited(NodeRef ruleSetNodeRef) private boolean loadIsInherited(NodeRef ruleSetNodeRef)
{ {
return AuthenticationUtil.runAsSystem(() -> !ruleService.getFoldersInheritingRuleSet(ruleSetNodeRef, 1).isEmpty()); return AuthenticationUtil.runAsSystem(() -> !ruleService.getFoldersInheritingRuleSet(ruleSetNodeRef, 1).isEmpty());

14
repository/src/main/java/org/alfresco/repo/rule/RuleServiceImpl.java
View File

@@ -689,6 +689,20 @@ public class RuleServiceImpl
return inheritors; return inheritors;
} }
/** {@inheritDoc} */
@Override
@Experimental
public List<NodeRef> getFoldersLinkingToRuleSet(NodeRef ruleSet)
{
NodeRef parentRef = nodeService.getPrimaryParent(ruleSet).getParentRef();
return nodeService.getParentAssocs(ruleSet)
.stream()
.map(ChildAssociationRef::getParentRef)
.filter(folder -> !folder.equals(parentRef))
.filter(folder -> permissionService.hasReadPermission(folder) == ALLOWED)
.collect(Collectors.toList());
}
/** /**
* Gets the inherited rules for a given node reference * Gets the inherited rules for a given node reference
* *

14
repository/src/main/java/org/alfresco/service/cmr/rule/RuleService.java
View File

@@ -232,13 +232,23 @@ public interface RuleService
* *
* @param ruleSet The rule set node. * @param ruleSet The rule set node.
* @param maxFoldersToReturn A limit on the number of folders to return (since otherwise this could traverse a very large proportion of * @param maxFoldersToReturn A limit on the number of folders to return (since otherwise this could traverse a very large proportion of
* the repository. * the repository).
* @return The list of the specified * @return The list of the inheriting folders.
*/ */
@Auditable (parameters = { "ruleSet", "maxFoldersToReturn" }) @Auditable (parameters = { "ruleSet", "maxFoldersToReturn" })
@Experimental @Experimental
List<NodeRef> getFoldersInheritingRuleSet(NodeRef ruleSet, int maxFoldersToReturn); List<NodeRef> getFoldersInheritingRuleSet(NodeRef ruleSet, int maxFoldersToReturn);
/**
* Get a list of folders linking to the specified rule set.
*
* @param ruleSet The rule set node.
* @return The list linking folders.
*/
@Auditable (parameters = { "ruleSet" })
@Experimental
List<NodeRef> getFoldersLinkingToRuleSet(NodeRef ruleSet);
/** /**
* Get the rule given its node reference * Get the rule given its node reference
* *

42
repository/src/test/java/org/alfresco/repo/rule/RuleServiceImplUnitTest.java
View File

@@ -714,4 +714,46 @@ public class RuleServiceImplUnitTest
assertEquals("Unexpected list of inheriting folders.", List.of(child), actual); assertEquals("Unexpected list of inheriting folders.", List.of(child), actual);
} }
/** Check that a linked folder can be retrieved from a rule set node. */
@Test
public void testGetFoldersLinkingToRuleSet()
{
NodeRef ruleSetNode = new NodeRef("rule://set/");
NodeRef owningFolder = new NodeRef("owning://folder/");
ChildAssociationRef owningAssocMock = mock(ChildAssociationRef.class);
given(owningAssocMock.getParentRef()).willReturn(owningFolder);
given(nodeService.getPrimaryParent(ruleSetNode)).willReturn(owningAssocMock);
// Simulate a folder linking to the rule set.
NodeRef linkingFolder = new NodeRef("linking://folder/");
ChildAssociationRef linkingAssocMock = mock(ChildAssociationRef.class);
given(linkingAssocMock.getParentRef()).willReturn(linkingFolder);
given(nodeService.getParentAssocs(ruleSetNode)).willReturn(List.of(owningAssocMock, linkingAssocMock));
List<NodeRef> linkingFolders = ruleService.getFoldersLinkingToRuleSet(ruleSetNode);
assertEquals("Unexpected list of linking folders.", List.of(linkingFolder), linkingFolders);
}
/** Check that permissions affect which linked folders are returned to the user. */
@Test
public void testGetFoldersLinkingToRuleSet_respectsPermissions()
{
NodeRef ruleSetNode = new NodeRef("rule://set/");
NodeRef owningFolder = new NodeRef("owning://folder/");
ChildAssociationRef owningAssocMock = mock(ChildAssociationRef.class);
given(owningAssocMock.getParentRef()).willReturn(owningFolder);
given(nodeService.getPrimaryParent(ruleSetNode)).willReturn(owningAssocMock);
// Simulate a folder linking to the rule set.
NodeRef linkingFolder = new NodeRef("linking://folder/");
ChildAssociationRef linkingAssocMock = mock(ChildAssociationRef.class);
given(linkingAssocMock.getParentRef()).willReturn(linkingFolder);
given(nodeService.getParentAssocs(ruleSetNode)).willReturn(List.of(owningAssocMock, linkingAssocMock));
// The currect user does not have permission to view the folder.
given(permissionService.hasReadPermission(linkingFolder)).willReturn(DENIED);
List<NodeRef> linkingFolders = ruleService.getFoldersLinkingToRuleSet(ruleSetNode);
assertEquals("Unexpected list of linking folders.", emptyList(), linkingFolders);
}
} }