Additional unit test to check extended security with cache is working as expected.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@76851 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties

@@ -35,3 +35,6 @@ bootstrap.rmadmin.name=rmadmin
 # Indicates whether RM rules will be run as RM Admin or not by default
 #
 rm.rule.runasrmadmin=true
+
+activities.feed.generator.cronExpression=0 30 3 * * ?
+activities.feed.generator.maxItemsPerCycle=1

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java

@@ -23,10 +23,16 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
 import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.site.SiteModel;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.site.SiteService;
+import org.alfresco.service.cmr.site.SiteVisibility;
 import org.alfresco.util.GUID;
 
 /**
@@ -248,4 +254,115 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
         assertNotNull(readers);
         assertEquals(testMap.size(), readers.size());
     }
+    
+    public void testDifferentUsersDifferentPermissions()
+    {
+    	final String userNone = createTestUser();
+    	final String userRead = createTestUser();
+    	final String userWrite = createTestUser();
+    	final String siteShortName = GUID.generate();
+    	
+    	doTestInTransaction(new Test<Void>()
+        {
+            public Void run() throws Exception
+            {            	
+            	siteService.createSite(null, siteShortName, "test", "test", SiteVisibility.PRIVATE);
+            	return null;            	
+            }
+        });
+    	
+    	final NodeRef documentLibrary = doTestInTransaction(new Test<NodeRef>()
+        {
+            public NodeRef run() throws Exception
+            {            	
+            	siteService.setMembership(siteShortName, userRead, SiteModel.SITE_CONSUMER);
+            	siteService.setMembership(siteShortName, userWrite, SiteModel.SITE_COLLABORATOR);
+            	return siteService.createContainer(siteShortName, SiteService.DOCUMENT_LIBRARY, null, null);            	
+            }
+        });
+    	
+    	final NodeRef record = doTestInTransaction(new Test<NodeRef>()
+        {
+            public NodeRef run() throws Exception
+            {            	
+            	NodeRef record = fileFolderService.create(documentLibrary, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
+            	recordService.createRecord(filePlan, record);
+            	return record;
+            }
+        });
+    	
+    	doTestInTransaction(new Test<Void>()
+        {
+            public Void run() throws Exception
+            {            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userNone);
+            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userRead);
+            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userWrite);    
+            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userNone);
+            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userRead);
+            	
+            	AuthenticationUtil.runAs(new RunAsWork<Void>()
+            	{
+					public Void doWork() throws Exception 
+					{
+						// check permissions
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
+		            	assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
+						return null;
+					}
+				}, userWrite);
+            	
+            	return null;
+            }
+        });
+    }
 }