diff --git a/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java b/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java index af19f2268d..46b37e6268 100644 --- a/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java +++ b/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java @@ -331,10 +331,26 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean ContentInfo contentInfo = new ContentInfo((String) map.get("mimetype"), null, (Long) map.get("size"), null); - // note: we do not currently return userids (to be consistent with v0 internal - limited disclosure) - UserInfo modifiedByUser = new UserInfo(null, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName")); + // note: if not authenticated then we do not currently return userids (to be consistent with v0 internal - limited disclosure) + boolean noAuth = (AuthenticationUtil.isRunAsUserTheSystemUser()); // TODO review - for now assume "System" implies unauthenticated access - // TODO review - limit to authenticated users ? (not exposed by V0 but needed for "find") + // + // modifiedByUser + // + UserInfo modifiedByUser = null; + if (noAuth) + { + modifiedByUser = new UserInfo(null, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName")); + } + else + { + String modifiedByUserId = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_MODIFIER); + modifiedByUser = new UserInfo(modifiedByUserId, (String) map.get("modifierFirstName"), (String) map.get("modifierLastName")); + } + + // + // sharedByUser + // UserInfo sharedByUser = null; String sharedByUserId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDBY); if (sharedByUserId != null) @@ -345,10 +361,19 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean PersonService.PersonInfo pInfo = personService.getPerson(pRef); if (pInfo != null) { - sharedByUser = new UserInfo(null, pInfo.getFirstName(), pInfo.getLastName()); + // TODO review - limit to authenticated users only ?? (not exposed by V0 but needed for "find") + if (noAuth) + { + sharedByUser = new UserInfo(null, pInfo.getFirstName(), pInfo.getLastName()); + } + else + { + sharedByUser = new UserInfo(sharedByUserId, pInfo.getFirstName(), pInfo.getLastName()); + } } } } + // TODO other "properties" (if needed) - eg. cm:title, cm:lastThumbnailModificationData, ... thumbnail info ... QuickShareLink qs = new QuickShareLink(sharedId, nodeRef.getId()); diff --git a/source/test-java/org/alfresco/rest/api/tests/SharedLinkApiTest.java b/source/test-java/org/alfresco/rest/api/tests/SharedLinkApiTest.java index 33267dca44..148d427e55 100644 --- a/source/test-java/org/alfresco/rest/api/tests/SharedLinkApiTest.java +++ b/source/test-java/org/alfresco/rest/api/tests/SharedLinkApiTest.java @@ -197,6 +197,7 @@ public class SharedLinkApiTest extends AbstractBaseApiTest Node nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class); Date docModifiedAt = nodeResp.getModifiedAt(); String docModifiedBy = nodeResp.getModifiedByUser().getId(); + assertEquals(user1, docModifiedBy); // create shared link Map body = new HashMap<>(); @@ -210,10 +211,11 @@ public class SharedLinkApiTest extends AbstractBaseApiTest assertEquals(d1Id, resp.getNodeId()); assertEquals(docName1, resp.getName()); - assertEquals(docModifiedAt.getTime(), resp.getModifiedAt().getTime()); // ie. not changed - assertEquals(user1+" "+user1, resp.getModifiedByUser().getDisplayName()); // ie. not user2 - assertEquals(user2+" "+user2, resp.getSharedByUser().getDisplayName()); + assertEquals(docModifiedAt.getTime(), resp.getModifiedAt().getTime()); // not changed + assertEquals(docModifiedBy, resp.getModifiedByUser().getId()); // not changed (ie. not user2) + + assertEquals(user2, resp.getSharedByUser().getId()); // try to create again (same user) - should return previous shared id response = post(URL_SHARED_LINKS, user2, toJsonAsStringNonNull(body), 201); @@ -230,6 +232,11 @@ public class SharedLinkApiTest extends AbstractBaseApiTest assertEquals(d1Id, resp.getNodeId()); assertEquals(docName1, resp.getName()); + assertNull(resp.getModifiedByUser().getId()); + assertEquals(user1+" "+user1, resp.getModifiedByUser().getDisplayName()); + assertNull(resp.getSharedByUser().getId()); + assertEquals(user2+" "+user2, resp.getSharedByUser().getDisplayName()); + // unauth access to get shared link file content response = getSingle(QuickShareLinkEntityResource.class, null, sharedId + "/content", null, 200); @@ -248,7 +255,9 @@ public class SharedLinkApiTest extends AbstractBaseApiTest resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class); assertEquals(sharedId, resp.getSharedId()); - assertEquals(user2+" "+user2, resp.getSharedByUser().getDisplayName()); + + assertEquals(user1, resp.getModifiedByUser().getId()); + assertEquals(user2, resp.getSharedByUser().getId()); // As user 1 ... @@ -261,16 +270,27 @@ public class SharedLinkApiTest extends AbstractBaseApiTest // delete shared link delete(URL_SHARED_LINKS, user2, sharedId, 204); + response = getSingle(NodesEntityResource.class, user2, d1Id, null, 200); + nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class); + + //assertEquals(docModifiedAt.getTime(), nodeResp.getModifiedAt().getTime()); // not changed + //assertEquals(docModifiedBy, nodeResp.getModifiedByUser().getId()); // not changed (ie. not user2) // -ve create tests { + // -ve - create - missing nodeId + body = new HashMap<>(); + post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 400); + // -ve - create - unknown nodeId + body = new HashMap<>(); body.put("nodeId", "dummy"); post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 404); // -ve - create - try to link to folder (ie. not a file) String f1Id = createFolder(user1, myFolderNodeId, "f1 " + RUNID).getId(); + body = new HashMap<>(); body.put("nodeId", f1Id); post(URL_SHARED_LINKS, user1, toJsonAsStringNonNull(body), 404);