mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Merge V1.4 to HEAD
- Ignored Enterprise-specific changes svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3701 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3703 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3704 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3705 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3707 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3876 . svn revert root\projects\web-client\source\web\jsp\admin\admin-console.jsp git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3879 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
@@ -210,7 +210,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
throw new IllegalArgumentException("Property 'policyComponent' has not been set");
|
||||
}
|
||||
|
||||
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onMoveNode"), ContentModel.ASPECT_AUDITABLE, new JavaBehaviour(this, "onMoveNode"));
|
||||
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onMoveNode"), ContentModel.TYPE_BASE, new JavaBehaviour(this, "onMoveNode"));
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -83,6 +83,16 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN),
|
||||
"andy", AccessStatus.ALLOWED);
|
||||
}
|
||||
|
||||
public void testWeSetConsumerOnRootIsNotSupportedByHasPermisssionAsItIsTheWrongType()
|
||||
{
|
||||
runAs("andy");
|
||||
assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
|
||||
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.CONSUMER),
|
||||
"andy", AccessStatus.ALLOWED));
|
||||
assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
|
||||
assertEquals(permissionService.hasPermission(rootNodeRef, (PermissionService.CONSUMER)), AccessStatus.DENIED);
|
||||
}
|
||||
|
||||
public void testGetAllSetPermissions()
|
||||
{
|
||||
@@ -417,7 +427,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
{
|
||||
Set<String> answer = permissionService.getSettablePermissions(QName.createQName("sys", "base",
|
||||
namespacePrefixResolver));
|
||||
assertEquals(21, answer.size());
|
||||
assertEquals(36, answer.size());
|
||||
|
||||
answer = permissionService.getSettablePermissions(QName.createQName("cm", "ownable", namespacePrefixResolver));
|
||||
assertEquals(0, answer.size());
|
||||
@@ -427,29 +437,33 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
|
||||
answer = permissionService.getSettablePermissions(QName.createQName("cm", "folder", namespacePrefixResolver));
|
||||
assertEquals(5, answer.size());
|
||||
|
||||
answer = permissionService.getSettablePermissions(QName.createQName("cm", "monkey", namespacePrefixResolver));
|
||||
assertEquals(0, answer.size());
|
||||
}
|
||||
|
||||
|
||||
public void testGetSettablePermissionsForNode()
|
||||
{
|
||||
QName ownable = QName.createQName("cm", "ownable", namespacePrefixResolver);
|
||||
|
||||
Set<String> answer = permissionService.getSettablePermissions(rootNodeRef);
|
||||
assertEquals(25, answer.size());
|
||||
assertEquals(42, answer.size());
|
||||
|
||||
nodeService.addAspect(rootNodeRef, ownable, null);
|
||||
answer = permissionService.getSettablePermissions(rootNodeRef);
|
||||
assertEquals(25, answer.size());
|
||||
assertEquals(42, answer.size());
|
||||
|
||||
nodeService.removeAspect(rootNodeRef, ownable);
|
||||
answer = permissionService.getSettablePermissions(rootNodeRef);
|
||||
assertEquals(25, answer.size());
|
||||
assertEquals(42, answer.size());
|
||||
}
|
||||
|
||||
public void testSimplePermissionOnRoot()
|
||||
{
|
||||
runAs("andy");
|
||||
|
||||
assertEquals(25, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(42, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(0, countGranted(permissionService.getPermissions(rootNodeRef)));
|
||||
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
|
||||
|
||||
@@ -462,8 +476,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
|
||||
runAs("andy");
|
||||
|
||||
assertEquals(25, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(1, countGranted(permissionService.getPermissions(rootNodeRef)));
|
||||
assertEquals(42, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(2, countGranted(permissionService.getPermissions(rootNodeRef)));
|
||||
|
||||
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||
runAs("lemur");
|
||||
@@ -578,8 +592,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
permissionService.setPermission(allowAndyRead);
|
||||
runAs("andy");
|
||||
|
||||
assertEquals(25, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(4, countGranted(permissionService.getPermissions(rootNodeRef)));
|
||||
assertEquals(42, permissionService.getPermissions(rootNodeRef).size());
|
||||
assertEquals(7, countGranted(permissionService.getPermissions(rootNodeRef)));
|
||||
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
|
||||
|
||||
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
||||
|
||||
@@ -50,11 +50,7 @@ import org.dom4j.io.SAXReader;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
/**
|
||||
* The implementation of the model DAO
|
||||
*
|
||||
* Reads and stores the top level model information
|
||||
*
|
||||
* Encapsulates access to this information
|
||||
* The implementation of the model DAO Reads and stores the top level model information Encapsulates access to this information
|
||||
*
|
||||
* @author andyh
|
||||
*/
|
||||
@@ -97,16 +93,13 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
private AccessStatus defaultPermission;
|
||||
|
||||
// Cache granting permissions
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions =
|
||||
new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
|
||||
// Cache grantees
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions =
|
||||
new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
|
||||
// Cache the mapping of extended groups to the base
|
||||
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup =
|
||||
new HashMap<PermissionGroup, PermissionGroup>();
|
||||
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<PermissionGroup, PermissionGroup>();
|
||||
|
||||
private HashMap<String, PermissionReference> uniqueMap;
|
||||
|
||||
@@ -115,13 +108,13 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
private HashMap<PermissionReference, PermissionGroup> permissionGroupMap;
|
||||
|
||||
private HashMap<String, PermissionReference> permissionReferenceMap;
|
||||
|
||||
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsExposed =
|
||||
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
|
||||
|
||||
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsUnexposed =
|
||||
new HashMap<QName, LinkedHashSet<PermissionReference>>(128, 1.0f);
|
||||
|
||||
|
||||
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsExposed = new HashMap<QName, LinkedHashSet<PermissionReference>>(
|
||||
128, 1.0f);
|
||||
|
||||
private Map<QName, LinkedHashSet<PermissionReference>> cachedTypePermissionsUnexposed = new HashMap<QName, LinkedHashSet<PermissionReference>>(
|
||||
128, 1.0f);
|
||||
|
||||
public PermissionModel()
|
||||
{
|
||||
super();
|
||||
@@ -145,9 +138,7 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialise from file
|
||||
*
|
||||
* (non-Javadoc)
|
||||
* Initialise from file (non-Javadoc)
|
||||
*
|
||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||
*/
|
||||
@@ -283,7 +274,7 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
{
|
||||
return getAllPermissionsImpl(type, true);
|
||||
}
|
||||
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
|
||||
{
|
||||
@@ -300,18 +291,22 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
if (permissions == null)
|
||||
{
|
||||
permissions = new LinkedHashSet<PermissionReference>();
|
||||
if (dictionaryService.getClass(type).isAspect())
|
||||
ClassDefinition cd = dictionaryService.getClass(type);
|
||||
if (cd != null)
|
||||
{
|
||||
addAspectPermissions(type, permissions, exposedOnly);
|
||||
}
|
||||
else
|
||||
{
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
addTypePermissions(type, permissions, exposedOnly);
|
||||
if (cd.isAspect())
|
||||
{
|
||||
addAspectPermissions(type, permissions, exposedOnly);
|
||||
}
|
||||
else
|
||||
{
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
addTypePermissions(type, permissions, exposedOnly);
|
||||
}
|
||||
}
|
||||
cache.put(type, permissions);
|
||||
}
|
||||
return (Set<PermissionReference>)permissions.clone();
|
||||
return (Set<PermissionReference>) permissions.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -401,10 +396,10 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly)
|
||||
{
|
||||
for(QName aspect : dictionaryService.getAllAspects())
|
||||
for (QName aspect : dictionaryService.getAllAspects())
|
||||
{
|
||||
mergePermissions(target, aspect, exposedOnly, false);
|
||||
}
|
||||
@@ -424,10 +419,10 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
{
|
||||
//
|
||||
// TODO: cache permissions based on type and exposed flag
|
||||
// create JMeter test to see before/after effect!
|
||||
// create JMeter test to see before/after effect!
|
||||
//
|
||||
QName typeName = nodeService.getType(nodeRef);
|
||||
|
||||
|
||||
Set<PermissionReference> permissions = getAllPermissions(typeName);
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
// Add non mandatory aspects...
|
||||
@@ -663,9 +658,7 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
}
|
||||
|
||||
/**
|
||||
* Query the model for a base permission group
|
||||
*
|
||||
* Uses the Data Dictionary to reolve inheritance
|
||||
* Query the model for a base permission group Uses the Data Dictionary to reolve inheritance
|
||||
*
|
||||
* @param pg
|
||||
* @return
|
||||
@@ -775,8 +768,9 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
{
|
||||
for (PermissionGroup pg : ps.getPermissionGroups())
|
||||
{
|
||||
if (target.equals(getBasePermissionGroupOrNull(pg))
|
||||
&& isPartOfDynamicPermissionGroup(pg, qName, aspectQNames))
|
||||
PermissionGroup base = getBasePermissionGroupOrNull(pg);
|
||||
if (target.equals(base)
|
||||
&& (!base.isTypeRequired() || isPartOfDynamicPermissionGroup(pg, qName, aspectQNames)))
|
||||
{
|
||||
// Add includes
|
||||
for (PermissionReference pr : pg.getIncludedPermissionGroups())
|
||||
@@ -791,7 +785,8 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
for (PermissionReference grantedTo : p.getGrantedToGroups())
|
||||
{
|
||||
PermissionGroup base = getBasePermissionGroupOrNull(getPermissionGroupOrNull(grantedTo));
|
||||
if (target.equals(base) && (!base.isTypeRequired() || isPartOfDynamicPermissionGroup(grantedTo, qName, aspectQNames)))
|
||||
if (target.equals(base)
|
||||
&& (!base.isTypeRequired() || isPartOfDynamicPermissionGroup(grantedTo, qName, aspectQNames)))
|
||||
{
|
||||
if (on == RequiredPermission.On.NODE)
|
||||
{
|
||||
@@ -887,7 +882,7 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
|
||||
public PermissionReference getPermissionReference(QName qname, String permissionName)
|
||||
{
|
||||
if(permissionName == null)
|
||||
if (permissionName == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
@@ -963,7 +958,8 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
+ PermissionService.ALL_PERMISSIONS);
|
||||
}
|
||||
uniqueMap.put(PermissionService.ALL_PERMISSIONS, new SimplePermissionReference(QName.createQName(
|
||||
NamespaceService.SECURITY_MODEL_1_0_URI, PermissionService.ALL_PERMISSIONS), PermissionService.ALL_PERMISSIONS));
|
||||
NamespaceService.SECURITY_MODEL_1_0_URI, PermissionService.ALL_PERMISSIONS),
|
||||
PermissionService.ALL_PERMISSIONS));
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ import org.alfresco.repo.security.permissions.PermissionEntry;
|
||||
import org.alfresco.repo.security.permissions.PermissionReference;
|
||||
import org.alfresco.repo.security.permissions.impl.AbstractPermissionTest;
|
||||
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
|
||||
import org.alfresco.repo.security.permissions.impl.RequiredPermission.On;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
|
||||
public class PermissionModelTest extends AbstractPermissionTest
|
||||
@@ -32,12 +33,21 @@ public class PermissionModelTest extends AbstractPermissionTest
|
||||
super();
|
||||
}
|
||||
|
||||
public void testWoof()
|
||||
{
|
||||
QName typeQname = nodeService.getType(rootNodeRef);
|
||||
Set<QName> aspectQNames = nodeService.getAspects(rootNodeRef);
|
||||
PermissionReference ref = permissionModelDAO.getPermissionReference(null, "CheckOut");
|
||||
Set<PermissionReference> answer = permissionModelDAO.getRequiredPermissions(ref, typeQname, aspectQNames, On.NODE);
|
||||
assertEquals(1, answer.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups()
|
||||
{
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "Consumer"));
|
||||
|
||||
assertEquals(5, grantees.size());
|
||||
assertEquals(8, grantees.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups2()
|
||||
@@ -45,7 +55,7 @@ public class PermissionModelTest extends AbstractPermissionTest
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "Contributor"));
|
||||
|
||||
assertEquals(11, grantees.size());
|
||||
assertEquals(17, grantees.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups3()
|
||||
@@ -53,7 +63,7 @@ public class PermissionModelTest extends AbstractPermissionTest
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "Editor"));
|
||||
|
||||
assertEquals(11, grantees.size());
|
||||
assertEquals(17, grantees.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups4()
|
||||
@@ -61,14 +71,34 @@ public class PermissionModelTest extends AbstractPermissionTest
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "Collaborator"));
|
||||
|
||||
assertEquals(16, grantees.size());
|
||||
assertEquals(24, grantees.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups5()
|
||||
{
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "Coordinator"));
|
||||
|
||||
assertEquals(59, grantees.size());
|
||||
}
|
||||
|
||||
public void testIncludePermissionGroups6()
|
||||
{
|
||||
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
|
||||
namespacePrefixResolver), "RecordAdministrator"));
|
||||
|
||||
assertEquals(19, grantees.size());
|
||||
}
|
||||
|
||||
public void testGetGrantingPermissions()
|
||||
{
|
||||
Set<PermissionReference> granters = permissionModelDAO.getGrantingPermissions(new SimplePermissionReference(QName.createQName("sys", "base",
|
||||
namespacePrefixResolver), "ReadProperties"));
|
||||
assertEquals(9, granters.size());
|
||||
assertEquals(10, granters.size());
|
||||
|
||||
granters = permissionModelDAO.getGrantingPermissions(new SimplePermissionReference(QName.createQName("sys", "base",
|
||||
namespacePrefixResolver), "_ReadProperties"));
|
||||
assertEquals(11, granters.size());
|
||||
}
|
||||
|
||||
public void testGlobalPermissions()
|
||||
@@ -76,4 +106,5 @@ public class PermissionModelTest extends AbstractPermissionTest
|
||||
Set<? extends PermissionEntry> globalPermissions = permissionModelDAO.getGlobalPermissionEntries();
|
||||
assertEquals(5, globalPermissions.size());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user