RM-2130 (Check classification after method execution, filtering results where appropriate)

+review RM-94

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ENFORCE@107272 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml

@@ -2,12 +2,18 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop"
+   xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
+      http://www.springframework.org/schema/context
+      http://www.springframework.org/schema/context/spring-context-3.0.xsd
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/aop
       http://www.springframework.org/schema/aop/spring-aop-3.0.xsd ">
 
+   <context:annotation-config/>
+   <context:component-scan base-package="org.alfresco.module.org_alfresco_module_rm.classification.interceptor"/>
+
    <!--  Classified content model bootstrap -->
 
    <bean id="classifiedContentDictionaryBootstrap" parent="dictionaryModelBootstrap">
@@ -62,73 +68,6 @@
 
    <bean id="basePostMethodInvocationProcessorCache" class="org.alfresco.repo.cache.DefaultSimpleCache" />
 
-   <bean id="basePostMethodInvocationProcessor"
-      abstract="true"
-      init-method="register">
-      <property name="nodeService" ref="NodeService" />
-      <property name="dictionaryService" ref="DictionaryService" />
-      <property name="contentClassificationService" ref="ContentClassificationService" />
-      <property name="securityClearanceService" ref="SecurityClearanceService" />
-      <property name="postMethodInvocationProcessor" ref="postMethodInvocationProcessor" />
-      <property name="cache" ref="basePostMethodInvocationProcessorCache" />
-   </bean>
-
-   <bean id="abstractPostMethodInvocationProcessor"
-      abstract="true"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.AbstractPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="nodeRefPostMethodInvocationProcessor"
-      parent="abstractPostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.NodeRefPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="storeRefPostMethodInvocationProcessor"
-      parent="abstractPostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.StoreRefPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="childAssociationRefPostMethodInvocationProcessor"
-      parent="abstractPostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ChildAssociationRefPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="associationRefPostMethodInvocationProcessor"
-      parent="abstractPostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.AssociationRefPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="permissionCheckValuePostMethodInvocationProcessor"
-      parent="abstractPostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PermissionCheckValuePostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="collectionPostMethodInvocationProcessor"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="resultSetPostMethodInvocationProcessor"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ResultSetPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="queryEngineResultsPostMethodInvocationProcessor"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.QueryEngineResultsPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="pagingResultsPostMethodInvocationProcessor"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PagingResultsPostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="arrayPostMethodInvocationProcessor"
-      parent="basePostMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ArrayPostMethodInvocationProcessor">
-   </bean>
-
    <!-- Classification service DAO -->
 
    <bean id="classificationServiceDAO" class="org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceDAO">

rm-server/pom.xml

@@ -430,7 +430,7 @@
          <groupId>org.springframework</groupId>
          <artifactId>spring-test</artifactId>
          <version>2.5</version>
-         <scope>test</scope>
+         <scope>provided</scope>
        </dependency>
        <dependency>
          <groupId>org.alfresco</groupId>

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ArrayPostMethodInvocationProcessor.java

@@ -25,12 +25,15 @@ import java.lang.reflect.Array;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.springframework.stereotype.Component;
+
 /**
  * Array Post Method Invocation Processor
  *
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class ArrayPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/AssociationRefPostMethodInvocationProcessor.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
 
 import org.alfresco.service.cmr.repository.AssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.springframework.stereotype.Component;
 
 /**
  * AssociationRef Post Method Invocation Processor
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class AssociationRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/BasePostMethodInvocationProcessor.java

@@ -22,6 +22,8 @@ import static org.alfresco.model.ContentModel.TYPE_CONTENT;
 
 import java.util.Collection;
 
+import javax.annotation.PostConstruct;
+
 import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
 import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService;
 import org.alfresco.repo.cache.SimpleCache;
@@ -29,6 +31,8 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.util.Pair;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
 
 /**
  * Base class for post method invocation processors
@@ -36,25 +40,32 @@ import org.alfresco.util.Pair;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@ContextConfiguration(locations = {"classpath:alfresco/module/org_alfresco_module_rm/classified-content-context.xml"})
 public abstract class BasePostMethodInvocationProcessor
 {
     /** Node service */
+    @Autowired
     private NodeService nodeService;
 
     /** Dictionary service */
+    @Autowired
     private DictionaryService dictionaryService;
 
     /** Content classification service */
+    @Autowired
     private ContentClassificationService contentClassificationService;
 
     /** Security Clearance Service */
+    @Autowired
     private SecurityClearanceService securityClearanceService;
 
     /** Post method invocation processor */
+    @Autowired
     private PostMethodInvocationProcessor postMethodInvocationProcessor;
 
     /** Cache to hold the filtered node information */
-    private SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> cache;
+    @Autowired
+    private SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> basePostMethodInvocationProcessorCache;
 
     /**
      * @return the nodeService
@@ -101,7 +112,7 @@ public abstract class BasePostMethodInvocationProcessor
      */
     protected SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> getCache()
     {
-        return this.cache;
+        return this.basePostMethodInvocationProcessorCache;
     }
 
     /**
@@ -149,7 +160,7 @@ public abstract class BasePostMethodInvocationProcessor
      */
     public void setCache(SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> cache)
     {
-        this.cache = cache;
+        this.basePostMethodInvocationProcessorCache = cache;
     }
 
     /**
@@ -170,6 +181,7 @@ public abstract class BasePostMethodInvocationProcessor
     /**
      * Registers the post method invocation processors
      */
+    @PostConstruct
     public void register()
     {
         getPostMethodInvocationProcessor().register(this);

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ChildAssociationRefPostMethodInvocationProcessor.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
 
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.springframework.stereotype.Component;
 
 /**
  * ChildAssociationRef Post Method Invocation Processor
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class ChildAssociationRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/CollectionPostMethodInvocationProcessor.java

@@ -22,12 +22,15 @@ import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
 
+import org.springframework.stereotype.Component;
+
 /**
  * Collection Post Method Invocation Processor
  *
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class CollectionPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/NodeRefPostMethodInvocationProcessor.java

@@ -19,6 +19,7 @@
 package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor;
 
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.springframework.stereotype.Component;
 
 /**
  * NodeRef Post Method Invocation Processor
@@ -26,6 +27,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class NodeRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/PagingResultsPostMethodInvocationProcessor.java

@@ -22,6 +22,7 @@ import java.util.List;
 
 import org.alfresco.query.PagingResults;
 import org.alfresco.util.Pair;
+import org.springframework.stereotype.Component;
 
 /**
  * PagingResults Post Method Invocation Processor
@@ -29,6 +30,7 @@ import org.alfresco.util.Pair;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class PagingResultsPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/PermissionCheckValuePostMethodInvocationProcessor.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
 
 import org.alfresco.repo.security.permissions.PermissionCheckValue;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.springframework.stereotype.Component;
 
 /**
  * Permission Check Value Post Method Invocation Processor
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class PermissionCheckValuePostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/QueryEngineResultsPostMethodInvocationProcessor.java

@@ -25,6 +25,7 @@ import java.util.Set;
 
 import org.alfresco.repo.search.impl.querymodel.QueryEngineResults;
 import org.alfresco.service.cmr.search.ResultSet;
+import org.springframework.stereotype.Component;
 
 /**
  * A post method invocation processor for {@link QueryEngineResults}.
@@ -32,6 +33,7 @@ import org.alfresco.service.cmr.search.ResultSet;
  * @author Tom Page
  * @since 3.0
  */
+@Component
 public class QueryEngineResultsPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ResultSetPostMethodInvocationProcessor.java

@@ -30,6 +30,7 @@ import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.search.ResultSetMetaData;
 import org.alfresco.service.cmr.search.ResultSetRow;
 import org.alfresco.service.cmr.search.SearchParameters;
+import org.springframework.stereotype.Component;
 
 /**
  * ResultSet Post Method Invocation Processor
@@ -37,6 +38,7 @@ import org.alfresco.service.cmr.search.SearchParameters;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class ResultSetPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
 {
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/StoreRefPostMethodInvocationProcessor.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
 
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.StoreRef;
+import org.springframework.stereotype.Component;
 
 /**
  * StoreRef Post Method Invocation Processor
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.StoreRef;
  * @author Tuna Aksoy
  * @since 3.0
  */
+@Component
 public class StoreRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
 {
     /**

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/DocumentSearchClassificationEnforcementTest.java

@@ -19,12 +19,16 @@
 package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
 
 import static com.google.common.collect.Sets.newHashSet;
+import static java.lang.Integer.MAX_VALUE;
 import static org.alfresco.repo.site.SiteModel.SITE_MANAGER;
+import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
+import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
 import static org.alfresco.util.GUID.generate;
 
 import java.util.List;
 
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.search.SearchParameters;
 
 /**
  * Tests for enforcement of classification when searching documents in the document library
@@ -314,4 +318,18 @@ public class DocumentSearchClassificationEnforcementTest extends SearchClassific
             }
         });
     }
+
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor.SearchClassificationEnforcementTestBase#search(java.lang.String)
+     */
+    @Override
+    protected List<NodeRef> search(String searchQuery)
+    {
+        SearchParameters searchParameters = new SearchParameters();
+        searchParameters.setQuery("cm:name:" + searchQuery + "*");
+        searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
+        searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
+        searchParameters.setMaxItems(MAX_VALUE);
+        return searchService.query(searchParameters).getNodeRefs();
+    }
 }

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/RecordBrowseClassificationEnforcementTest.java

@@ -20,7 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.integration.classificati
 
 import static com.google.common.collect.Lists.newArrayList;
 import static com.google.common.collect.Sets.newHashSet;
-import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_USER;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_ADMIN;
 import static org.alfresco.util.GUID.generate;
 
 import java.util.List;
@@ -40,9 +40,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
     {
         /**
          * Given that a test user without security clearance exists
-         * and the test user is added to the RM Users role
+         * and the test user is added to the RM Admin role
          * and a category, a folder and two records are created in the file plan
-         * and the test user is given read permissions on the category
          * and one of the records is classified with the highest security level
          *
          * When I browse the file plan as admin
@@ -68,7 +67,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             {
                 testUser = generate();
                 createPerson(testUser);
-                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
 
                 category = filePlanService.createRecordCategory(filePlan, generate());
                 folder = recordFolderService.createRecordFolder(category, generate());
@@ -84,8 +83,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             @Override
             public void when() throws Exception
             {
-                filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
-
                 resultsForAdmin = browseAsAdmin(folder);
                 resultsForTestUser = browseAsTestUser(folder);
             }
@@ -132,9 +129,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
     {
         /**
          * Given that a test user with mid-level security clearance exists
-         * and the test user is added to the RM Users role
+         * and the test user is added to the RM Admin role
          * and a category, a folder and three records are created in the file plan
-         * and the test user is given read permissions on the category
          * and one of the records is classified with the highest security level
          * and another record is classified with the mid-level security level
          *
@@ -164,7 +160,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             {
                 testUser = generate();
                 createPerson(testUser);
-                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
                 securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
 
                 category = filePlanService.createRecordCategory(filePlan, generate());
@@ -183,8 +179,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             @Override
             public void when() throws Exception
             {
-                filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
-
                 resultsForAdmin = browseAsAdmin(folder);
                 resultsForTestUser = browseAsTestUser(folder);
             }
@@ -235,9 +229,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
     {
         /**
          * Given that a test user with highest level security clearance exists
-         * and the test user is added to the RM Users role
+         * and the test user is added to the RM Admin role
          * and a category, a folder and three records are created in the file plan
-         * and the test user is given read permissions on the category
          * and one of the records is classified with the highest security level
          * and another record is classified with the mid-level security level
          *
@@ -265,7 +258,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             {
                 testUser = generate();
                 createPerson(testUser);
-                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
                 securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
 
                 category = filePlanService.createRecordCategory(filePlan, generate());
@@ -284,8 +277,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
             @Override
             public void when() throws Exception
             {
-                filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
-
                 resultsForAdmin = browseAsAdmin(folder);
                 resultsForTestUser = browseAsTestUser(folder);
             }

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/RecordSearchClassificationEnforcementTest.java

@@ -0,0 +1,340 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
+
+import static com.google.common.collect.Sets.newHashSet;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_ADMIN;
+import static org.alfresco.util.GUID.generate;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchParameters;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.util.Pair;
+
+/**
+ * Enforcement of classification when searching records in the file plan
+ *
+ * @author Tuna Aksoy
+ * @since 3.0
+ */
+public class RecordSearchClassificationEnforcementTest extends SearchClassificationEnforcementTestBase
+{
+    public void testUserWithNoSecurityClearance()
+    {
+        /**
+         * Given that a test user without security clearance exists
+         * and the test user is added to the RM Admin role
+         * and a category, a folder and two records are created in the file plan
+         * and one of the records is classified with the highest security level
+         *
+         * When I search for the records as admin
+         * Then I will see both records
+         *
+         * When I search for the records as the test user
+         * Then I will only see the unclassified record
+         */
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            private NodeRef category;
+            private NodeRef folder;
+            private NodeRef record1;
+            private NodeRef record2;
+            private String searchQuery = generate();
+            private List<NodeRef> resultsForAdmin;
+            private List<NodeRef> resultsForTestUser;
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+             */
+            @Override
+            public void given() throws Exception
+            {
+                testUser = generate();
+                createPerson(testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
+
+                category = filePlanService.createRecordCategory(filePlan, generate());
+                folder = recordFolderService.createRecordFolder(category, generate());
+                record1 = utils.createRecord(folder, searchQuery + generate());
+                record2 = utils.createRecord(folder, searchQuery + generate());
+
+                contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+             */
+            @Override
+            public void when() throws Exception
+            {
+                resultsForAdmin = searchAsAdmin(searchQuery);
+                resultsForTestUser = searchAsTestUser(searchQuery);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+             */
+            @Override
+            public void then() throws Exception
+            {
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForAdmin);
+                        assertEquals(2, resultsForAdmin.size());
+                        assertTrue(resultsForAdmin.contains(record1));
+                        assertTrue(resultsForAdmin.contains(record2));
+
+                        return null;
+                    }
+                });
+
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForTestUser);
+                        assertEquals(1, resultsForTestUser.size());
+                        assertTrue(resultsForTestUser.contains(record2));
+
+                        return null;
+                    }
+                }, testUser);
+            }
+        });
+    }
+
+    public void testUserWithMidlevelSecurityClearance()
+    {
+        /**
+         * Given that a test user with mid-level security clearance exists
+         * and the test user is added to the RM Admin role
+         * and a category, a folder and three records are created in the file plan
+         * and one of the records is classified with the highest security level
+         * and another record is classified with the mid-level security level
+         *
+         * When I search for the records as admin
+         * The I will see all three records
+         *
+         * When I search for the records as the test user
+         * Then I will see the unclassified document
+         * and the document with the mid-level classification
+         * and I won't be able to see the document with the classification greater than my clearance level
+         */
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            private NodeRef category;
+            private NodeRef folder;
+            private NodeRef record1;
+            private NodeRef record2;
+            private NodeRef record3;
+            private String searchQuery = generate();
+            private List<NodeRef> resultsForAdmin;
+            private List<NodeRef> resultsForTestUser;
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+             */
+            @Override
+            public void given() throws Exception
+            {
+                testUser = generate();
+                createPerson(testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
+                securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
+
+                category = filePlanService.createRecordCategory(filePlan, generate());
+                folder = recordFolderService.createRecordFolder(category, generate());
+                record1 = utils.createRecord(folder, searchQuery + generate());
+                record2 = utils.createRecord(folder, searchQuery + generate());
+                record3 = utils.createRecord(folder, searchQuery + generate());
+
+                contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
+                contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+             */
+            @Override
+            public void when() throws Exception
+            {
+                resultsForAdmin = searchAsAdmin(searchQuery);
+                resultsForTestUser = searchAsTestUser(searchQuery);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+             */
+            @Override
+            public void then() throws Exception
+            {
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForAdmin);
+                        assertEquals(3, resultsForAdmin.size());
+                        assertTrue(resultsForAdmin.contains(record1));
+                        assertTrue(resultsForAdmin.contains(record2));
+                        assertTrue(resultsForAdmin.contains(record3));
+
+                        return null;
+                    }
+                });
+
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForTestUser);
+                        assertEquals(2, resultsForTestUser.size());
+                        assertTrue(resultsForTestUser.contains(record2));
+                        assertTrue(resultsForTestUser.contains(record3));
+
+                        return null;
+                    }
+                }, testUser);
+            }
+        });
+    }
+
+    public void testUseWithHighestLevelSecurityClearance()
+    {
+        /**
+         * Given that a test user with highest level security clearance exists
+         * and the test user is added to the RM Admin role
+         * and a category, a folder and three records are created in the file plan
+         * and one of the records is classified with the highest security level
+         * and another record is classified with the mid-level security level
+         *
+         * When I search for the records as admin
+         * The I will see all three records
+         *
+         * When I search for the records as the test user
+         * The I will see all three records
+         */
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            private NodeRef category;
+            private NodeRef folder;
+            private NodeRef record1;
+            private NodeRef record2;
+            private NodeRef record3;
+            private String searchQuery = generate();
+            private List<NodeRef> resultsForAdmin;
+            private List<NodeRef> resultsForTestUser;
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+             */
+            @Override
+            public void given() throws Exception
+            {
+                testUser = generate();
+                createPerson(testUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
+                securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
+
+                category = filePlanService.createRecordCategory(filePlan, generate());
+                folder = recordFolderService.createRecordFolder(category, generate());
+                record1 = utils.createRecord(folder, searchQuery + generate());
+                record2 = utils.createRecord(folder, searchQuery + generate());
+                record3 = utils.createRecord(folder, searchQuery + generate());
+
+                contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
+                contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+             */
+            @Override
+            public void when() throws Exception
+            {
+                resultsForAdmin = searchAsAdmin(searchQuery);
+                resultsForTestUser = searchAsTestUser(searchQuery);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+             */
+            @Override
+            public void then() throws Exception
+            {
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForAdmin);
+                        assertEquals(3, resultsForAdmin.size());
+                        assertTrue(resultsForAdmin.contains(record1));
+                        assertTrue(resultsForAdmin.contains(record2));
+                        assertTrue(resultsForAdmin.contains(record3));
+
+                        return null;
+                    }
+                });
+
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        assertNotNull(resultsForTestUser);
+                        assertEquals(3, resultsForTestUser.size());
+                        assertTrue(resultsForTestUser.contains(record1));
+                        assertTrue(resultsForTestUser.contains(record2));
+                        assertTrue(resultsForTestUser.contains(record3));
+
+                        return null;
+                    }
+                }, testUser);
+            }
+        });
+    }
+
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor.SearchClassificationEnforcementTestBase#search(java.lang.String)
+     */
+    @Override
+    protected List<NodeRef> search(String searchQuery)
+    {
+        String query = "cm:name:" + searchQuery + "*";
+        RecordsManagementSearchParameters searchParameters = new RecordsManagementSearchParameters();
+        searchParameters.setIncludeUndeclaredRecords(true);
+        List<Pair<NodeRef, NodeRef>> result = rmSearchService.search(siteId, query, searchParameters);
+
+        List<NodeRef> filteredResult = new ArrayList<>();
+        for (Pair<NodeRef, NodeRef> pair : result)
+        {
+            filteredResult.add(pair.getSecond());
+        }
+
+        return filteredResult;
+    }
+}

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/classification/interceptor/SearchClassificationEnforcementTestBase.java

@@ -18,16 +18,12 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
 
-import static java.lang.Integer.MAX_VALUE;
 import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
-import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
-import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
 
 import java.util.List;
 
 import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.search.SearchParameters;
 
 /**
  * Base class for classification enforcement tests for the search action
@@ -35,26 +31,23 @@ import org.alfresco.service.cmr.search.SearchParameters;
  * @author Tuna Aksoy
  * @since 3.0
  */
-public class SearchClassificationEnforcementTestBase extends BaseRMTestCase
+public abstract class SearchClassificationEnforcementTestBase extends BaseRMTestCase
 {
     protected String testUser;
     protected static final String LEVEL1 = "level1";
     protected static final String LEVEL2 = "level2";
     protected static final String REASON = "Test Reason 1";
 
-    protected List<NodeRef> search(String searchQuery, String userName)
+    protected abstract List<NodeRef> search(String searchQuery);
+
+    private List<NodeRef> search(String searchQuery, String userName)
     {
         return doTestInTransaction(new Test<List<NodeRef>>()
         {
             @Override
             public List<NodeRef> run()
             {
-                SearchParameters searchParameters = new SearchParameters();
+                return search(searchQuery);
-                searchParameters.setQuery("cm:name:" + searchQuery + "*");
-                searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
-                searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
-                searchParameters.setMaxItems(MAX_VALUE);
-                return searchService.query(searchParameters).getNodeRefs();
             }
         }, userName);
     }