Merged BRANCHES/V2.3 to HEAD:

94003: Merged DEV to /BRANCHES/v2.3 94045: Merged DEV/BUGFIXING/HEAD-2014_12_09 to BRANCHES/V2.3: 93659: RM-1636 : Disposition steps can be executed for folder with frozen record - add a reference of FreezeService to TransferService and perform the full check only when the user tries to complete the transfer/accession 94046: RM-1636 (Disposition steps can be executed for folder with frozen record) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@94068 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2015-01-26 17:47:42 +00:00
parent 8d8ec22831 6128508dd8
commit d0429930c9
5 changed files with 69 additions and 1 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -166,6 +166,7 @@
        <property name="recordService" ref="RecordService" />
        <property name="recordFolderService" ref="RecordFolderService" />
        <property name="nodeService" ref="nodeService"/>
+        <property name="freezeService" ref="FreezeService"/>
    </bean>

    <bean id="RmTransferService" class="org.springframework.aop.framework.ProxyFactoryBean">
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
@@ -65,6 +65,7 @@ public interface RMPermissionModel
    // Capability permissions
    String DECLARE_RECORDS = "DeclareRecords";
    String VIEW_RECORDS = "ViewRecords";
+    String CREATE_RECORDS = "CreateRecords";
    String CREATE_MODIFY_DESTROY_FOLDERS = "CreateModifyDestroyFolders";
    String EDIT_RECORD_METADATA = "EditRecordMetadata";
    String EDIT_NON_RECORD_METADATA = "EditNonRecordMetadata";
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
@@ -80,6 +80,10 @@ public class CreateCapability extends DeclarativeCapability
     */
    public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
    {
+        //if the user doesn't have Create Record capability deny access 
+        if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
+            return AccessDecisionVoter.ACCESS_DENIED;
+        
        if (linkee != null)
        {
            int state = checkRead(linkee, true);
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/transfer/TransferServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/transfer/TransferServiceImpl.java
@@ -30,6 +30,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
 import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition;
 import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
+import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
@@ -74,6 +75,9 @@ public class TransferServiceImpl extends ServiceBaseImpl
    /** Record folder service */
    protected RecordFolderService recordFolderService;

+    /** Freeze Service */
+    protected FreezeService freezeService;
+
    /**
     * @param filePlanService file plan service
     */
@@ -106,6 +110,14 @@ public class TransferServiceImpl extends ServiceBaseImpl
        this.recordFolderService = recordFolderService;
    }

+    /**
+     * @param freezeService freeze service
+     */
+    public void setFreezeService(FreezeService freezeService)
+    {
+        this.freezeService = freezeService;
+    }
+
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.transfer.TransferService#transfer(NodeRef, boolean)
     */
@@ -228,6 +240,10 @@ public class TransferServiceImpl extends ServiceBaseImpl
        List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ASSOC_TRANSFERRED, RegexQNamePattern.MATCH_ALL);
        for (ChildAssociationRef assoc : assocs)
        {
+            if (freezeService.hasFrozenChildren(assoc.getChildRef()))
+            {
+                throw new AlfrescoRuntimeException("Could not complete a transfer that contain frozen children.");
+            }
            markComplete(assoc.getChildRef(), accessionIndicator, transferLocation);
        }

--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
 import org.alfresco.repo.content.MimetypeMap;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.util.GUID;
@@ -201,4 +202,49 @@ public class CreateRecordTest extends BaseRMTestCase
            }
        });
    }
+
+    public void testCreateRecordWithoutCreateRecordCapability() throws Exception
+    {
+        doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
+        {
+            /** test data */
+            String roleName = GUID.generate();
+            String user = GUID.generate();
+            NodeRef recordFolder;
+
+            public void given()
+            {
+                // create role
+                Set<Capability> capabilities = new HashSet<Capability>(2);
+                capabilities.add(capabilityService.getCapability("ViewRecords"));
+                filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
+
+                // create user and assign to role
+                createPerson(user, true);
+                filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
+
+                // create file plan structure
+                NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
+                recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
+            }
+
+            public void when()
+            {
+                // give read and file permissions to user
+                filePlanPermissionService.setPermission(recordFolder, user,
+                            RMPermissionModel.FILING);
+
+                AuthenticationUtil.runAs(new RunAsWork<Void>()
+                {
+                    public Void doWork() throws Exception
+                    {
+                        recordService.createRecordFromContent(recordFolder, GUID.generate(),
+                                    TYPE_CONTENT, null, null);
+
+                        return null;
+                    }
+                }, user);
+            }
+        });
+    }
 }