mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-2130 (Check classification after method execution, filtering results where appropriate)
+review RM-94 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ENFORCE@107272 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
@@ -2,12 +2,18 @@
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:aop="http://www.springframework.org/schema/aop"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-3.0.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/aop
|
||||
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd ">
|
||||
|
||||
<context:annotation-config/>
|
||||
<context:component-scan base-package="org.alfresco.module.org_alfresco_module_rm.classification.interceptor"/>
|
||||
|
||||
<!-- Classified content model bootstrap -->
|
||||
|
||||
<bean id="classifiedContentDictionaryBootstrap" parent="dictionaryModelBootstrap">
|
||||
@@ -62,73 +68,6 @@
|
||||
|
||||
<bean id="basePostMethodInvocationProcessorCache" class="org.alfresco.repo.cache.DefaultSimpleCache" />
|
||||
|
||||
<bean id="basePostMethodInvocationProcessor"
|
||||
abstract="true"
|
||||
init-method="register">
|
||||
<property name="nodeService" ref="NodeService" />
|
||||
<property name="dictionaryService" ref="DictionaryService" />
|
||||
<property name="contentClassificationService" ref="ContentClassificationService" />
|
||||
<property name="securityClearanceService" ref="SecurityClearanceService" />
|
||||
<property name="postMethodInvocationProcessor" ref="postMethodInvocationProcessor" />
|
||||
<property name="cache" ref="basePostMethodInvocationProcessorCache" />
|
||||
</bean>
|
||||
|
||||
<bean id="abstractPostMethodInvocationProcessor"
|
||||
abstract="true"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.AbstractPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="nodeRefPostMethodInvocationProcessor"
|
||||
parent="abstractPostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.NodeRefPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="storeRefPostMethodInvocationProcessor"
|
||||
parent="abstractPostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.StoreRefPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="childAssociationRefPostMethodInvocationProcessor"
|
||||
parent="abstractPostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ChildAssociationRefPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="associationRefPostMethodInvocationProcessor"
|
||||
parent="abstractPostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.AssociationRefPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="permissionCheckValuePostMethodInvocationProcessor"
|
||||
parent="abstractPostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PermissionCheckValuePostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="collectionPostMethodInvocationProcessor"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.CollectionPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="resultSetPostMethodInvocationProcessor"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ResultSetPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="queryEngineResultsPostMethodInvocationProcessor"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.QueryEngineResultsPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="pagingResultsPostMethodInvocationProcessor"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PagingResultsPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<bean id="arrayPostMethodInvocationProcessor"
|
||||
parent="basePostMethodInvocationProcessor"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.ArrayPostMethodInvocationProcessor">
|
||||
</bean>
|
||||
|
||||
<!-- Classification service DAO -->
|
||||
|
||||
<bean id="classificationServiceDAO" class="org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceDAO">
|
||||
|
||||
@@ -430,7 +430,7 @@
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-test</artifactId>
|
||||
<version>2.5</version>
|
||||
<scope>test</scope>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.alfresco</groupId>
|
||||
|
||||
@@ -25,12 +25,15 @@ import java.lang.reflect.Array;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* Array Post Method Invocation Processor
|
||||
*
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class ArrayPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
|
||||
|
||||
import org.alfresco.service.cmr.repository.AssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* AssociationRef Post Method Invocation Processor
|
||||
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class AssociationRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -22,6 +22,8 @@ import static org.alfresco.model.ContentModel.TYPE_CONTENT;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService;
|
||||
import org.alfresco.repo.cache.SimpleCache;
|
||||
@@ -29,6 +31,8 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.util.Pair;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
||||
/**
|
||||
* Base class for post method invocation processors
|
||||
@@ -36,25 +40,32 @@ import org.alfresco.util.Pair;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@ContextConfiguration(locations = {"classpath:alfresco/module/org_alfresco_module_rm/classified-content-context.xml"})
|
||||
public abstract class BasePostMethodInvocationProcessor
|
||||
{
|
||||
/** Node service */
|
||||
@Autowired
|
||||
private NodeService nodeService;
|
||||
|
||||
/** Dictionary service */
|
||||
@Autowired
|
||||
private DictionaryService dictionaryService;
|
||||
|
||||
/** Content classification service */
|
||||
@Autowired
|
||||
private ContentClassificationService contentClassificationService;
|
||||
|
||||
/** Security Clearance Service */
|
||||
@Autowired
|
||||
private SecurityClearanceService securityClearanceService;
|
||||
|
||||
/** Post method invocation processor */
|
||||
@Autowired
|
||||
private PostMethodInvocationProcessor postMethodInvocationProcessor;
|
||||
|
||||
/** Cache to hold the filtered node information */
|
||||
private SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> cache;
|
||||
@Autowired
|
||||
private SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> basePostMethodInvocationProcessorCache;
|
||||
|
||||
/**
|
||||
* @return the nodeService
|
||||
@@ -101,7 +112,7 @@ public abstract class BasePostMethodInvocationProcessor
|
||||
*/
|
||||
protected SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> getCache()
|
||||
{
|
||||
return this.cache;
|
||||
return this.basePostMethodInvocationProcessorCache;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -149,7 +160,7 @@ public abstract class BasePostMethodInvocationProcessor
|
||||
*/
|
||||
public void setCache(SimpleCache<Pair<String, NodeRef>, Pair<Boolean, NodeRef>> cache)
|
||||
{
|
||||
this.cache = cache;
|
||||
this.basePostMethodInvocationProcessorCache = cache;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -170,6 +181,7 @@ public abstract class BasePostMethodInvocationProcessor
|
||||
/**
|
||||
* Registers the post method invocation processors
|
||||
*/
|
||||
@PostConstruct
|
||||
public void register()
|
||||
{
|
||||
getPostMethodInvocationProcessor().register(this);
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
|
||||
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* ChildAssociationRef Post Method Invocation Processor
|
||||
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class ChildAssociationRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -22,12 +22,15 @@ import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* Collection Post Method Invocation Processor
|
||||
*
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class CollectionPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor;
|
||||
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* NodeRef Post Method Invocation Processor
|
||||
@@ -26,6 +27,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class NodeRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -22,6 +22,7 @@ import java.util.List;
|
||||
|
||||
import org.alfresco.query.PagingResults;
|
||||
import org.alfresco.util.Pair;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* PagingResults Post Method Invocation Processor
|
||||
@@ -29,6 +30,7 @@ import org.alfresco.util.Pair;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class PagingResultsPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
|
||||
|
||||
import org.alfresco.repo.security.permissions.PermissionCheckValue;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* Permission Check Value Post Method Invocation Processor
|
||||
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class PermissionCheckValuePostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -25,6 +25,7 @@ import java.util.Set;
|
||||
|
||||
import org.alfresco.repo.search.impl.querymodel.QueryEngineResults;
|
||||
import org.alfresco.service.cmr.search.ResultSet;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* A post method invocation processor for {@link QueryEngineResults}.
|
||||
@@ -32,6 +33,7 @@ import org.alfresco.service.cmr.search.ResultSet;
|
||||
* @author Tom Page
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class QueryEngineResultsPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -30,6 +30,7 @@ import org.alfresco.service.cmr.search.ResultSet;
|
||||
import org.alfresco.service.cmr.search.ResultSetMetaData;
|
||||
import org.alfresco.service.cmr.search.ResultSetRow;
|
||||
import org.alfresco.service.cmr.search.SearchParameters;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* ResultSet Post Method Invocation Processor
|
||||
@@ -37,6 +38,7 @@ import org.alfresco.service.cmr.search.SearchParameters;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class ResultSetPostMethodInvocationProcessor extends BasePostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.pr
|
||||
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.StoreRef;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* StoreRef Post Method Invocation Processor
|
||||
@@ -27,6 +28,7 @@ import org.alfresco.service.cmr.repository.StoreRef;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
@Component
|
||||
public class StoreRefPostMethodInvocationProcessor extends AbstractPostMethodInvocationProcessor
|
||||
{
|
||||
/**
|
||||
|
||||
@@ -19,12 +19,16 @@
|
||||
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
|
||||
|
||||
import static com.google.common.collect.Sets.newHashSet;
|
||||
import static java.lang.Integer.MAX_VALUE;
|
||||
import static org.alfresco.repo.site.SiteModel.SITE_MANAGER;
|
||||
import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
|
||||
import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
|
||||
import static org.alfresco.util.GUID.generate;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.search.SearchParameters;
|
||||
|
||||
/**
|
||||
* Tests for enforcement of classification when searching documents in the document library
|
||||
@@ -314,4 +318,18 @@ public class DocumentSearchClassificationEnforcementTest extends SearchClassific
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor.SearchClassificationEnforcementTestBase#search(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
protected List<NodeRef> search(String searchQuery)
|
||||
{
|
||||
SearchParameters searchParameters = new SearchParameters();
|
||||
searchParameters.setQuery("cm:name:" + searchQuery + "*");
|
||||
searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
|
||||
searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
|
||||
searchParameters.setMaxItems(MAX_VALUE);
|
||||
return searchService.query(searchParameters).getNodeRefs();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.integration.classificati
|
||||
|
||||
import static com.google.common.collect.Lists.newArrayList;
|
||||
import static com.google.common.collect.Sets.newHashSet;
|
||||
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_USER;
|
||||
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_ADMIN;
|
||||
import static org.alfresco.util.GUID.generate;
|
||||
|
||||
import java.util.List;
|
||||
@@ -40,9 +40,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
/**
|
||||
* Given that a test user without security clearance exists
|
||||
* and the test user is added to the RM Users role
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and two records are created in the file plan
|
||||
* and the test user is given read permissions on the category
|
||||
* and one of the records is classified with the highest security level
|
||||
*
|
||||
* When I browse the file plan as admin
|
||||
@@ -68,7 +67,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
folder = recordFolderService.createRecordFolder(category, generate());
|
||||
@@ -84,8 +83,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
|
||||
|
||||
resultsForAdmin = browseAsAdmin(folder);
|
||||
resultsForTestUser = browseAsTestUser(folder);
|
||||
}
|
||||
@@ -132,9 +129,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
/**
|
||||
* Given that a test user with mid-level security clearance exists
|
||||
* and the test user is added to the RM Users role
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and three records are created in the file plan
|
||||
* and the test user is given read permissions on the category
|
||||
* and one of the records is classified with the highest security level
|
||||
* and another record is classified with the mid-level security level
|
||||
*
|
||||
@@ -164,7 +160,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
@@ -183,8 +179,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
|
||||
|
||||
resultsForAdmin = browseAsAdmin(folder);
|
||||
resultsForTestUser = browseAsTestUser(folder);
|
||||
}
|
||||
@@ -235,9 +229,8 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
/**
|
||||
* Given that a test user with highest level security clearance exists
|
||||
* and the test user is added to the RM Users role
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and three records are created in the file plan
|
||||
* and the test user is given read permissions on the category
|
||||
* and one of the records is classified with the highest security level
|
||||
* and another record is classified with the mid-level security level
|
||||
*
|
||||
@@ -265,7 +258,7 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
@@ -284,8 +277,6 @@ public class RecordBrowseClassificationEnforcementTest extends BrowseClassificat
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
filePlanPermissionService.setPermission(category, testUser, READ_RECORDS);
|
||||
|
||||
resultsForAdmin = browseAsAdmin(folder);
|
||||
resultsForTestUser = browseAsTestUser(folder);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,340 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2015 Alfresco Software Limited.
|
||||
*
|
||||
* This file is part of Alfresco
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
|
||||
|
||||
import static com.google.common.collect.Sets.newHashSet;
|
||||
import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_ADMIN;
|
||||
import static org.alfresco.util.GUID.generate;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchParameters;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.util.Pair;
|
||||
|
||||
/**
|
||||
* Enforcement of classification when searching records in the file plan
|
||||
*
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
public class RecordSearchClassificationEnforcementTest extends SearchClassificationEnforcementTestBase
|
||||
{
|
||||
public void testUserWithNoSecurityClearance()
|
||||
{
|
||||
/**
|
||||
* Given that a test user without security clearance exists
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and two records are created in the file plan
|
||||
* and one of the records is classified with the highest security level
|
||||
*
|
||||
* When I search for the records as admin
|
||||
* Then I will see both records
|
||||
*
|
||||
* When I search for the records as the test user
|
||||
* Then I will only see the unclassified record
|
||||
*/
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||
{
|
||||
private NodeRef category;
|
||||
private NodeRef folder;
|
||||
private NodeRef record1;
|
||||
private NodeRef record2;
|
||||
private String searchQuery = generate();
|
||||
private List<NodeRef> resultsForAdmin;
|
||||
private List<NodeRef> resultsForTestUser;
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
|
||||
*/
|
||||
@Override
|
||||
public void given() throws Exception
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
folder = recordFolderService.createRecordFolder(category, generate());
|
||||
record1 = utils.createRecord(folder, searchQuery + generate());
|
||||
record2 = utils.createRecord(folder, searchQuery + generate());
|
||||
|
||||
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
|
||||
*/
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
resultsForAdmin = searchAsAdmin(searchQuery);
|
||||
resultsForTestUser = searchAsTestUser(searchQuery);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
|
||||
*/
|
||||
@Override
|
||||
public void then() throws Exception
|
||||
{
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForAdmin);
|
||||
assertEquals(2, resultsForAdmin.size());
|
||||
assertTrue(resultsForAdmin.contains(record1));
|
||||
assertTrue(resultsForAdmin.contains(record2));
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForTestUser);
|
||||
assertEquals(1, resultsForTestUser.size());
|
||||
assertTrue(resultsForTestUser.contains(record2));
|
||||
|
||||
return null;
|
||||
}
|
||||
}, testUser);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testUserWithMidlevelSecurityClearance()
|
||||
{
|
||||
/**
|
||||
* Given that a test user with mid-level security clearance exists
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and three records are created in the file plan
|
||||
* and one of the records is classified with the highest security level
|
||||
* and another record is classified with the mid-level security level
|
||||
*
|
||||
* When I search for the records as admin
|
||||
* The I will see all three records
|
||||
*
|
||||
* When I search for the records as the test user
|
||||
* Then I will see the unclassified document
|
||||
* and the document with the mid-level classification
|
||||
* and I won't be able to see the document with the classification greater than my clearance level
|
||||
*/
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||
{
|
||||
private NodeRef category;
|
||||
private NodeRef folder;
|
||||
private NodeRef record1;
|
||||
private NodeRef record2;
|
||||
private NodeRef record3;
|
||||
private String searchQuery = generate();
|
||||
private List<NodeRef> resultsForAdmin;
|
||||
private List<NodeRef> resultsForTestUser;
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
|
||||
*/
|
||||
@Override
|
||||
public void given() throws Exception
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
securityClearanceService.setUserSecurityClearance(testUser, LEVEL2);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
folder = recordFolderService.createRecordFolder(category, generate());
|
||||
record1 = utils.createRecord(folder, searchQuery + generate());
|
||||
record2 = utils.createRecord(folder, searchQuery + generate());
|
||||
record3 = utils.createRecord(folder, searchQuery + generate());
|
||||
|
||||
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
|
||||
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
|
||||
*/
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
resultsForAdmin = searchAsAdmin(searchQuery);
|
||||
resultsForTestUser = searchAsTestUser(searchQuery);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
|
||||
*/
|
||||
@Override
|
||||
public void then() throws Exception
|
||||
{
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForAdmin);
|
||||
assertEquals(3, resultsForAdmin.size());
|
||||
assertTrue(resultsForAdmin.contains(record1));
|
||||
assertTrue(resultsForAdmin.contains(record2));
|
||||
assertTrue(resultsForAdmin.contains(record3));
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForTestUser);
|
||||
assertEquals(2, resultsForTestUser.size());
|
||||
assertTrue(resultsForTestUser.contains(record2));
|
||||
assertTrue(resultsForTestUser.contains(record3));
|
||||
|
||||
return null;
|
||||
}
|
||||
}, testUser);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testUseWithHighestLevelSecurityClearance()
|
||||
{
|
||||
/**
|
||||
* Given that a test user with highest level security clearance exists
|
||||
* and the test user is added to the RM Admin role
|
||||
* and a category, a folder and three records are created in the file plan
|
||||
* and one of the records is classified with the highest security level
|
||||
* and another record is classified with the mid-level security level
|
||||
*
|
||||
* When I search for the records as admin
|
||||
* The I will see all three records
|
||||
*
|
||||
* When I search for the records as the test user
|
||||
* The I will see all three records
|
||||
*/
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||
{
|
||||
private NodeRef category;
|
||||
private NodeRef folder;
|
||||
private NodeRef record1;
|
||||
private NodeRef record2;
|
||||
private NodeRef record3;
|
||||
private String searchQuery = generate();
|
||||
private List<NodeRef> resultsForAdmin;
|
||||
private List<NodeRef> resultsForTestUser;
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
|
||||
*/
|
||||
@Override
|
||||
public void given() throws Exception
|
||||
{
|
||||
testUser = generate();
|
||||
createPerson(testUser);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_ADMIN, testUser);
|
||||
securityClearanceService.setUserSecurityClearance(testUser, LEVEL1);
|
||||
|
||||
category = filePlanService.createRecordCategory(filePlan, generate());
|
||||
folder = recordFolderService.createRecordFolder(category, generate());
|
||||
record1 = utils.createRecord(folder, searchQuery + generate());
|
||||
record2 = utils.createRecord(folder, searchQuery + generate());
|
||||
record3 = utils.createRecord(folder, searchQuery + generate());
|
||||
|
||||
contentClassificationService.classifyContent(LEVEL1, generate(), newHashSet(REASON), record1);
|
||||
contentClassificationService.classifyContent(LEVEL2, generate(), newHashSet(REASON), record2);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
|
||||
*/
|
||||
@Override
|
||||
public void when() throws Exception
|
||||
{
|
||||
resultsForAdmin = searchAsAdmin(searchQuery);
|
||||
resultsForTestUser = searchAsTestUser(searchQuery);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
|
||||
*/
|
||||
@Override
|
||||
public void then() throws Exception
|
||||
{
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForAdmin);
|
||||
assertEquals(3, resultsForAdmin.size());
|
||||
assertTrue(resultsForAdmin.contains(record1));
|
||||
assertTrue(resultsForAdmin.contains(record2));
|
||||
assertTrue(resultsForAdmin.contains(record3));
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
doTestInTransaction(new Test<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void run()
|
||||
{
|
||||
assertNotNull(resultsForTestUser);
|
||||
assertEquals(3, resultsForTestUser.size());
|
||||
assertTrue(resultsForTestUser.contains(record1));
|
||||
assertTrue(resultsForTestUser.contains(record2));
|
||||
assertTrue(resultsForTestUser.contains(record3));
|
||||
|
||||
return null;
|
||||
}
|
||||
}, testUser);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor.SearchClassificationEnforcementTestBase#search(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
protected List<NodeRef> search(String searchQuery)
|
||||
{
|
||||
String query = "cm:name:" + searchQuery + "*";
|
||||
RecordsManagementSearchParameters searchParameters = new RecordsManagementSearchParameters();
|
||||
searchParameters.setIncludeUndeclaredRecords(true);
|
||||
List<Pair<NodeRef, NodeRef>> result = rmSearchService.search(siteId, query, searchParameters);
|
||||
|
||||
List<NodeRef> filteredResult = new ArrayList<>();
|
||||
for (Pair<NodeRef, NodeRef> pair : result)
|
||||
{
|
||||
filteredResult.add(pair.getSecond());
|
||||
}
|
||||
|
||||
return filteredResult;
|
||||
}
|
||||
}
|
||||
@@ -18,16 +18,12 @@
|
||||
*/
|
||||
package org.alfresco.module.org_alfresco_module_rm.test.integration.classification.interceptor;
|
||||
|
||||
import static java.lang.Integer.MAX_VALUE;
|
||||
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
|
||||
import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
|
||||
import static org.alfresco.service.cmr.search.SearchService.LANGUAGE_FTS_ALFRESCO;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.search.SearchParameters;
|
||||
|
||||
/**
|
||||
* Base class for classification enforcement tests for the search action
|
||||
@@ -35,26 +31,23 @@ import org.alfresco.service.cmr.search.SearchParameters;
|
||||
* @author Tuna Aksoy
|
||||
* @since 3.0
|
||||
*/
|
||||
public class SearchClassificationEnforcementTestBase extends BaseRMTestCase
|
||||
public abstract class SearchClassificationEnforcementTestBase extends BaseRMTestCase
|
||||
{
|
||||
protected String testUser;
|
||||
protected static final String LEVEL1 = "level1";
|
||||
protected static final String LEVEL2 = "level2";
|
||||
protected static final String REASON = "Test Reason 1";
|
||||
|
||||
protected List<NodeRef> search(String searchQuery, String userName)
|
||||
protected abstract List<NodeRef> search(String searchQuery);
|
||||
|
||||
private List<NodeRef> search(String searchQuery, String userName)
|
||||
{
|
||||
return doTestInTransaction(new Test<List<NodeRef>>()
|
||||
{
|
||||
@Override
|
||||
public List<NodeRef> run()
|
||||
{
|
||||
SearchParameters searchParameters = new SearchParameters();
|
||||
searchParameters.setQuery("cm:name:" + searchQuery + "*");
|
||||
searchParameters.setLanguage(LANGUAGE_FTS_ALFRESCO);
|
||||
searchParameters.addStore(STORE_REF_WORKSPACE_SPACESSTORE);
|
||||
searchParameters.setMaxItems(MAX_VALUE);
|
||||
return searchService.query(searchParameters).getNodeRefs();
|
||||
return search(searchQuery);
|
||||
}
|
||||
}, userName);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user