RM-1972: Methods with invalid policy are granted access

* invalid policy defintions now throw exception .. previously they just granted! * invalid capability definitions now throw exception .. previously they abstained with no message * reference to RM.Write removed and replaced with RM.Create or more appropriate permission check * adjustments to hold capabilities since they wheren't being exercised as we thought * ManageAccessRights no longer checks for frozen .. you should be able to manage the permissions of an object if it's frozen and you have the capability * Unit tests for new code and adjustments * Tweaks to existing integration tests where required git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@97786 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2015-02-23 23:02:09 +00:00
parent 8ed56c8d91
commit ca1f697f45
25 changed files with 965 additions and 63 deletions
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoterUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoterUnitTest.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.lang.reflect.Method;
+import java.util.Iterator;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.ConfigAttribute;
+
+import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.module.org_alfresco_module_rm.capability.policy.ConfigAttributeDefinition;
+import org.alfresco.module.org_alfresco_module_rm.capability.policy.Policy;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.aopalliance.intercept.MethodInvocation;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+
+/**
+ * RM entry voter unit test
+ * 
+ * @author Roy Wetherall
+ * @since 2.3
+ */
+public class RMEntryVoterUnitTest extends BaseUnitTest
+{
+    private static final String POLICY_NAME = "myPolicy";
+    
+    /** RM Entry */
+    private @InjectMocks RMEntryVoter entryVoter;
+    
+    /** Mocked policy */
+    private @Mock Policy mockedPolicy;
+    
+    /**
+     * Given that we have provided an invalid policy
+     * When I evaluate the voter
+     * Then an AlfrescoRuntimeException is thrown
+     */
+    @Test
+    public void invalidPolicy() throws Exception
+    {
+        // given I am providing an invalid policy for a method
+        Authentication mockedAuthentication = mock(Authentication.class);
+        MethodInvocation mockedMethodInvocation = createMethodInvoation("myTestMethod", NodeRef.class);
+        net.sf.acegisecurity.ConfigAttributeDefinition mockedConfigDef = createConfigDefinition("RM.invalid");
+
+        // I expect an Alfresco Runtime Exception
+        exception.expect(AlfrescoRuntimeException.class);
+        
+        // call vote
+        entryVoter.vote(mockedAuthentication, mockedMethodInvocation, mockedConfigDef);    
+    }
+    
+    /**
+     * Given that I have provided a valid policy
+     * When I evaluate the voter
+     * Then the corresponding policy will be evaluated
+     */
+    @Test
+    public void validPolicy() throws Exception
+    {
+        when(mockedPolicy.getName())
+            .thenReturn(POLICY_NAME);
+        entryVoter.registerPolicy(mockedPolicy);
+        
+        //  mock calling details
+        Authentication mockedAuthentication = mock(Authentication.class);
+        MethodInvocation mockedMethodInvocation = createMethodInvoation("myTestMethod", NodeRef.class);
+        net.sf.acegisecurity.ConfigAttributeDefinition mockedConfigDef = createConfigDefinition("RM." + POLICY_NAME);
+        
+        // call vote
+        entryVoter.vote(mockedAuthentication, mockedMethodInvocation, mockedConfigDef);
+        
+        // verify that the policy was executed
+        verify(mockedPolicy, times(1)).evaluate(eq(mockedMethodInvocation), any(Class[].class), any(ConfigAttributeDefinition.class));
+    }
+    
+    /**
+     * Helper method to create configuration object
+     */
+    @SuppressWarnings("rawtypes")
+    private net.sf.acegisecurity.ConfigAttributeDefinition createConfigDefinition(String value)
+    {
+        net.sf.acegisecurity.ConfigAttributeDefinition mockedConfig = mock(net.sf.acegisecurity.ConfigAttributeDefinition.class);
+        
+        ConfigAttribute mockedConfigAttr = mock(ConfigAttribute.class);        
+        when(mockedConfigAttr.getAttribute())
+            .thenReturn(value);
+        
+        Iterator mockedIter = mock(Iterator.class);
+        when(mockedIter.hasNext())
+            .thenReturn(true)
+            .thenReturn(false);
+        when(mockedIter.next())
+            .thenReturn(mockedConfigAttr);
+        
+        when(mockedConfig.getConfigAttributes())
+            .thenReturn(mockedIter);
+        
+        return mockedConfig;        
+    }
+    
+    /**
+     * Helper method to create method invocation mock
+     */
+    private MethodInvocation createMethodInvoation(String methodName, Class<?> ... parameterTypes)
+        throws Exception
+    {
+        // mock method invocation
+        MethodInvocation mockedMethodInvocation = mock(MethodInvocation.class);
+        
+        // get method object .. assumed to be a method on this object
+        Method method = RMEntryVoterUnitTest.class.getMethod(methodName, parameterTypes);
+        when(mockedMethodInvocation.getMethod())
+            .thenReturn(method);
+        
+        return mockedMethodInvocation;
+    }
+    
+    /** ========= Test methods ======== */
+    
+    public void myTestMethod(NodeRef nodeRef)
+    {
+        // does nothing
+    }
+    
+}
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/CapabilityDeclarativeConditionSuite.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/CapabilityDeclarativeConditionSuite.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
+
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+import org.junit.runners.Suite.SuiteClasses;
+
+/**
+ * capability.declarative.condition unit test suite
+ *
+ * @author Roy Wetherall
+ * @since 2.3
+ */
+@RunWith(Suite.class)
+@SuiteClasses(
+{
+    HoldCapabilityConditionUnitTest.class,
+    FillingOnHoldContainerCapabilityConditionUnitTest.class,
+    FrozenCapabilityConditionUnitTest.class
+})
+public class CapabilityDeclarativeConditionSuite
+{
+}
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingOnHoldContainerCapabilityConditionUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FillingOnHoldContainerCapabilityConditionUnitTest.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
+
+import static org.mockito.Mockito.*;
+import static org.junit.Assert.*;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+
+/**
+ * Filling on hold container capability condition unit test
+ * 
+ * @author Roy Wetherall
+ * @since 2.3
+ */
+public class FillingOnHoldContainerCapabilityConditionUnitTest extends BaseUnitTest
+{
+    /** evaluator */
+    private @InjectMocks FillingOnHoldContainerCapabilityCondition condition;
+    
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest#before()
+     */
+    @Before
+    @Override
+    public void before() throws Exception
+    {
+        super.before();
+    }
+    
+    /**
+     * Given hold container node
+     * And no filling permission
+     * When evaluate
+     * Then false
+     */
+    @Test
+    public void noFillingOnHoldContainer()
+    {
+        NodeRef holdContainer = generateNodeRef(TYPE_HOLD_CONTAINER);
+        when(mockedFilePlanService.isFilePlan(holdContainer))
+            .thenReturn(false);
+        when(mockedPermissionService.hasPermission(holdContainer, RMPermissionModel.FILE_RECORDS))
+            .thenReturn(AccessStatus.DENIED);
+        
+        assertFalse(condition.evaluateImpl(holdContainer));
+    }
+    
+    /**
+     * Given hold container node
+     * And filling permission
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void fillingOnHoldContainer()
+    {
+        NodeRef holdContainer = generateNodeRef(TYPE_HOLD_CONTAINER);
+        when(mockedFilePlanService.isFilePlan(holdContainer))
+            .thenReturn(false);
+        when(mockedPermissionService.hasPermission(holdContainer, RMPermissionModel.FILE_RECORDS))
+            .thenReturn(AccessStatus.ALLOWED);
+        
+        assertTrue(condition.evaluateImpl(holdContainer));
+    }
+    
+    /**
+     * Given file-plan node
+     * And no filling permission on hold container
+     * When evaluate
+     * Then false
+     */
+    @Test
+    public void filePlanNoFilling()
+    {
+        NodeRef holdContainer = generateNodeRef(TYPE_HOLD_CONTAINER);
+        when(mockedFilePlanService.getHoldContainer(filePlan))
+            .thenReturn(holdContainer);
+        when(mockedPermissionService.hasPermission(holdContainer, RMPermissionModel.FILE_RECORDS))
+            .thenReturn(AccessStatus.DENIED);
+        
+        assertFalse(condition.evaluateImpl(holdContainer));
+    }
+    
+    /**
+     * Given file-plan node
+     * And filling permission on hold container
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void filePlanFilling()
+    {
+        NodeRef holdContainer = generateNodeRef(TYPE_HOLD_CONTAINER);
+        when(mockedFilePlanService.getHoldContainer(filePlan))
+            .thenReturn(holdContainer);
+        when(mockedPermissionService.hasPermission(holdContainer, RMPermissionModel.FILE_RECORDS))
+            .thenReturn(AccessStatus.ALLOWED);
+        
+        assertTrue(condition.evaluateImpl(holdContainer));
+    }
+    
+    /**
+     * Given unexpected node type
+     * When evaluate
+     * Then false
+     */
+    @Test
+    public void unexpectedNode()
+    {
+        NodeRef unexpectedNode = generateNodeRef();
+        when(mockedFilePlanService.isFilePlan(unexpectedNode))
+            .thenReturn(false);
+        when(mockedPermissionService.hasPermission(unexpectedNode, RMPermissionModel.FILE_RECORDS))
+            .thenReturn(AccessStatus.ALLOWED);
+        
+        assertFalse(condition.evaluateImpl(unexpectedNode));
+    }    
+}
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FrozenCapabilityConditionUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/FrozenCapabilityConditionUnitTest.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+
+/**
+ * Frozen capability condition unit test
+ * 
+ * @author Roy Wetherall
+ * @since 2.3
+ */
+public class FrozenCapabilityConditionUnitTest extends BaseUnitTest
+{
+    /** evaluator */
+    private @InjectMocks FrozenCapabilityCondition condition;
+    
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest#before()
+     */
+    @Before
+    @Override
+    public void before() throws Exception
+    {
+        super.before();
+    }
+    
+    /**
+     * Given hold
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void evaluateHold()
+    {
+        // is a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(true);        
+        
+        // evaluate
+        assertTrue(condition.evaluate(nodeRef));
+        
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, never()).isFrozen(nodeRef);
+        verify(mockedFreezeService, never()).hasFrozenChildren(nodeRef);
+    }
+    
+    /**
+     * Given is frozen
+     * And no check children
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void frozenDontCheckChildren()
+    {
+        // is not a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(false);
+        
+        // dont check children
+        condition.setCheckChildren(false);
+        
+        // is frozen
+        when(mockedFreezeService.isFrozen(nodeRef))
+            .thenReturn(true);
+        
+        // evaluate
+        assertTrue(condition.evaluate(nodeRef));
+        
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, times(1)).isFrozen(nodeRef);
+        verify(mockedFreezeService, never()).hasFrozenChildren(nodeRef);
+    }
+    
+    /**
+     * Given is not frozen
+     * And no check children
+     * When evaluate
+     * Then false
+     */
+    @Test
+    public void notFrozenDontCheckChildren()
+    {
+        // is not a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(false);
+        
+        // dont check children
+        condition.setCheckChildren(false);
+        
+        // is not frozen
+        when(mockedFreezeService.isFrozen(nodeRef))
+            .thenReturn(false);
+        
+        // evaluate
+        assertFalse(condition.evaluate(nodeRef));
+        
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, times(1)).isFrozen(nodeRef);
+        verify(mockedFreezeService, never()).hasFrozenChildren(nodeRef);
+    }
+    
+    /**
+     * Given is frozen
+     * And check children
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void frozenCheckChildren()
+    {
+        // is not a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(false);
+        
+        // check children
+        condition.setCheckChildren(true);
+        
+        // is frozen
+        when(mockedFreezeService.isFrozen(nodeRef))
+            .thenReturn(true);
+        
+        // evaluate
+        assertTrue(condition.evaluate(nodeRef));
+        
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, times(1)).isFrozen(nodeRef);
+        verify(mockedFreezeService, never()).hasFrozenChildren(nodeRef);
+    }
+    
+    /**
+     * Given is not frozen
+     * And check children
+     * And children no frozen
+     * When evaluate
+     * Then false
+     */
+    @Test
+    public void notFrozenCheckChildrenNotFrozen()
+    {
+        // is not a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(false);
+        
+        // check children
+        condition.setCheckChildren(true);
+        
+        // is not frozen
+        when(mockedFreezeService.isFrozen(nodeRef))
+            .thenReturn(false);
+        
+        // children not frozen
+        when(mockedFreezeService.hasFrozenChildren(nodeRef))
+            .thenReturn(false);
+        
+        // evaluate
+        assertFalse(condition.evaluate(nodeRef));
+        
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, times(1)).isFrozen(nodeRef);
+        verify(mockedFreezeService, times(1)).hasFrozenChildren(nodeRef);
+    }
+    
+    /**
+     * Given is not frozen
+     * And check children
+     * And children frozen
+     * When evaluate
+     * Then true
+     */
+    @Test
+    public void notFrozenCheckChildrenFrozen()
+    {
+        // is not a hold
+        NodeRef nodeRef = generateNodeRef();
+        when(mockedHoldService.isHold(nodeRef))
+            .thenReturn(false);
+     
+        // check children
+        condition.setCheckChildren(true);
+     
+        // is not frozen
+        when(mockedFreezeService.isFrozen(nodeRef))
+            .thenReturn(false);
+     
+        // children frozen
+        when(mockedFreezeService.hasFrozenChildren(nodeRef))
+            .thenReturn(true);
+     
+        // evaluate
+        assertTrue(condition.evaluate(nodeRef));
+     
+        // verify
+        verify(mockedHoldService, times(1)).isHold(nodeRef);
+        verify(mockedFreezeService, times(1)).isFrozen(nodeRef);
+        verify(mockedFreezeService, times(1)).hasFrozenChildren(nodeRef);
+    }
+}
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/HoldCapabilityConditionUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/HoldCapabilityConditionUnitTest.java
@@ -57,10 +57,10 @@ public class HoldCapabilityConditionUnitTest extends BaseUnitTest
    private List<NodeRef> holds;
    
    /** mocked objects */
-    @Mock(name="kinds") Set<FilePlanComponentKind> mockedKinds;
+    private @Mock(name="kinds") Set<FilePlanComponentKind> mockedKinds;
    
    /** evaluator */
-    @Spy @InjectMocks HoldCapabilityCondition evaluator;
+    private @Spy @InjectMocks HoldCapabilityCondition evaluator;
    
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest#before()
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java
@@ -23,7 +23,8 @@ import org.alfresco.module.org_alfresco_module_rm.action.impl.FileReportActionUn
 import org.alfresco.module.org_alfresco_module_rm.action.impl.UnlinkFromActionUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponentUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.bootstrap.RecordContributorsGroupBootstrapComponentUnitTest;
-import org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.HoldCapabilityConditionUnitTest;
+import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoterUnitTest;
+import org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.CapabilityDeclarativeConditionSuite;
 import org.alfresco.module.org_alfresco_module_rm.forms.RecordsManagementTypeFormFilterUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.hold.HoldServiceImplUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.job.DispositionLifecycleJobExecuterUnitTest;
@@ -58,6 +59,7 @@ import org.junit.runners.Suite.SuiteClasses;
    DispositionLifecycleJobExecuterUnitTest.class,
    DictionaryBootstrapPostProcessorUnitTest.class,
    DateParameterProcessorUnitTest.class,
+    RMEntryVoterUnitTest.class,

    // services
    RecordServiceImplUnitTest.class,
@@ -74,9 +76,6 @@ import org.junit.runners.Suite.SuiteClasses;
    HoldPostUnitTest.class,
    HoldPutUnitTest.class,

-    // capability conditions
-    HoldCapabilityConditionUnitTest.class,
-
    // action implementations
    FileReportActionUnitTest.class,
    UnlinkFromActionUnitTest.class,
@@ -91,7 +90,10 @@ import org.junit.runners.Suite.SuiteClasses;
    
    // bootstrap
    BootstrapImporterModuleComponentUnitTest.class,
-    RecordContributorsGroupBootstrapComponentUnitTest.class
+    RecordContributorsGroupBootstrapComponentUnitTest.class,
+    
+    // suites by package
+    CapabilityDeclarativeConditionSuite.class
 })
 public class AllUnitTestSuite
 {
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseUnitTest.java
@@ -35,6 +35,7 @@ import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
 import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
+import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
 import org.alfresco.module.org_alfresco_module_rm.hold.HoldService;
 import org.alfresco.module.org_alfresco_module_rm.identifier.IdentifierService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
@@ -46,7 +47,9 @@ import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderServi
 import org.alfresco.module.org_alfresco_module_rm.report.ReportService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.util.AlfrescoTransactionSupport;
 import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
+import org.alfresco.module.org_alfresco_module_rm.util.TransactionalResourceHelper;
 import org.alfresco.module.org_alfresco_module_rm.version.RecordableVersionService;
 import org.alfresco.repo.policy.BehaviourFilter;
 import org.alfresco.repo.policy.PolicyComponent;
@@ -128,6 +131,9 @@ public class BaseUnitTest implements RecordsManagementModel, ContentModel
    @Mock(name="recordableVersionConfigService") protected RecordableVersionConfigService mockedRecordableVersionConfigService;
    @Mock(name="cmObjectType")                   protected CmObjectType                 mockedCmObjectType;
    @Mock(name="recordableVersionService")       protected RecordableVersionService     mockedRecordableVersionService;
+    @Mock(name="transactionalResourceHelper")    protected TransactionalResourceHelper  mockedTransactionalResourceHelper;
+    @Mock(name="alfrescoTransactionSupport")     protected AlfrescoTransactionSupport   mockedAlfrescoTransactionSupport;
+    @Mock(name="freezeService")                  protected FreezeService                mockedFreezeService;

    /** application context mock */
    @Mock(name="applicationContext")             protected ApplicationContext           mockedApplicationContext;