diff --git a/config/alfresco/authority-services-context.xml b/config/alfresco/authority-services-context.xml index 32d0030997..8183879829 100644 --- a/config/alfresco/authority-services-context.xml +++ b/config/alfresco/authority-services-context.xml @@ -47,6 +47,14 @@ administrator + + + + + + ALFRESCO_ADMINISTRATORS + + diff --git a/config/alfresco/bootstrap-context.xml b/config/alfresco/bootstrap-context.xml index 321293f195..aed09ecd20 100644 --- a/config/alfresco/bootstrap-context.xml +++ b/config/alfresco/bootstrap-context.xml @@ -181,6 +181,10 @@ /${alfresco_user_store.system_container.childname}/sys:authorities alfresco/bootstrap/emailServer.xml + + /${alfresco_user_store.system_container.childname}/sys:authorities + alfresco/bootstrap/adminGroup.xml + diff --git a/config/alfresco/bootstrap/adminGroup.xml b/config/alfresco/bootstrap/adminGroup.xml new file mode 100644 index 0000000000..0077fdc3ac --- /dev/null +++ b/config/alfresco/bootstrap/adminGroup.xml @@ -0,0 +1,23 @@ + + + + + + + + + user + alfrescoUserStore + GROUP_ALFRESCO_ADMINISTRATORS + GROUP_ALFRESCO_ADMINISTRATORS + GROUP_ALFRESCO_ADMINISTRATORS + + + + + \ No newline at end of file diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties index 46f7812375..f8142b6af8 100644 --- a/config/alfresco/messages/patch-service.properties +++ b/config/alfresco/messages/patch-service.properties @@ -239,3 +239,5 @@ patch.calendarModelNamespacePatch.result=Updated the Calendar model namespace UR patch.spacesStoreGuestPermission.description=Sets READ permissions for GUEST on root node of the SpacesStore. patch.spacesStoreGuestPermission.result=Granted READ permissions for GUEST on root node of the SpacesStore. + +patch.administratorGroup.description=Adds the 'ALFRESCO_ADMINISTRATORS' group. diff --git a/config/alfresco/patch/patch-services-context.xml b/config/alfresco/patch/patch-services-context.xml index 3f2545611e..faad459f4d 100644 --- a/config/alfresco/patch/patch-services-context.xml +++ b/config/alfresco/patch/patch-services-context.xml @@ -1539,4 +1539,25 @@ + + patch.administratorGroup + patch.administratorGroup.description + 0 + 1001 + 1002 + + + + + + /${alfresco_user_store.system_container.childname}/sys:authorities/usr:GROUP_ALFRESCO_ADMINISTRATORS + + + + /${alfresco_user_store.system_container.childname}/sys:authorities + alfresco/bootstrap/adminGroup.xml + + + + diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties index 3009593d03..114eb373c2 100644 --- a/config/alfresco/version.properties +++ b/config/alfresco/version.properties @@ -19,4 +19,4 @@ version.build=@build-number@ # Schema number -version.schema=1001 \ No newline at end of file +version.schema=1002 \ No newline at end of file diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java index 2346a79623..1c45c1f9f0 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java @@ -42,13 +42,14 @@ import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.InitializingBean; /** * The default implementation of the authority service. * * @author Andy Hind */ -public class AuthorityServiceImpl implements AuthorityService +public class AuthorityServiceImpl implements AuthorityService, InitializingBean { private static Log logger = LogFactory.getLog(AuthorityServiceImpl.class); @@ -68,8 +69,10 @@ public class AuthorityServiceImpl implements AuthorityService private Set allSet = Collections.singleton(PermissionService.ALL_AUTHORITIES); - private Set adminUsers; + private Set adminUsers = Collections.emptySet(); + private Set adminGroups = Collections.emptySet(); + public AuthorityServiceImpl() { super(); @@ -110,15 +113,34 @@ public class AuthorityServiceImpl implements AuthorityService this.adminUsers = adminUsers; } - /** - * Currently the admin authority is granted only to the ALFRESCO_ADMIN_USER user. + public void setAdminGroups(Set adminGroups) + { + this.adminGroups = adminGroups; + } + + /* (non-Javadoc) + * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet() */ + public void afterPropertiesSet() throws Exception + { + // Fully qualify the admin group names + if (!this.adminGroups.isEmpty()) + { + Set adminGroups = new HashSet(this.adminGroups.size()); + for (String group : this.adminGroups) + { + adminGroups.add(getName(AuthorityType.GROUP, group)); + } + this.adminGroups = adminGroups; + } + } + public boolean hasAdminAuthority() { String currentUserName = AuthenticationUtil.getRunAsUser(); - // for MT, see note for getAuthoritiesForUser - return ((currentUserName != null) && (adminUsers.contains(currentUserName) || adminUsers.contains(tenantService.getBaseNameUser(currentUserName)))); + // Determine whether the administrator role is mapped to this user or one of their groups + return ((currentUserName != null) && getAuthoritiesForUser(currentUserName).contains(PermissionService.ADMINISTRATOR_AUTHORITY)); } public boolean isAdminAuthority(String authorityName) @@ -128,8 +150,9 @@ public class AuthorityServiceImpl implements AuthorityService { canonicalName = authorityName; } - // for MT, see note for getAuthoritiesForUser - return (adminUsers.contains(canonicalName) || adminUsers.contains(tenantService.getBaseNameUser(canonicalName))); + + // Determine whether the administrator role is mapped to this user or one of their groups + return getAuthoritiesForUser(canonicalName).contains(PermissionService.ADMINISTRATOR_AUTHORITY); } public Set getAuthorities() @@ -142,20 +165,38 @@ public class AuthorityServiceImpl implements AuthorityService { Set authorities = new HashSet(); + authorities.addAll(getContainingAuthorities(null, currentUserName, false)); + + // Work out mapped roles + + // Check named admin users // note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will // have the same base name as the default non-tenant specific admin. Typically "admin" is the default required admin user, // although, if for example "bob" is also listed as an admin then all tenant-specific bob's will also have admin authority + String currentUserBaseName = tenantService.getBaseNameUser(currentUserName); + boolean isAdminUser = (adminUsers.contains(currentUserName) || adminUsers.contains(currentUserBaseName)); - if (adminUsers.contains(currentUserName) || - adminUsers.contains(tenantService.getBaseNameUser(currentUserName))) + // Check named admin groups + if (!isAdminUser && !adminGroups.isEmpty()) + { + for (String authority : authorities) + { + if (adminGroups.contains(authority) || adminGroups.contains(tenantService.getBaseNameUser(authority))) + { + isAdminUser = true; + break; + } + } + } + + if (isAdminUser) { authorities.addAll(adminSet); } - if (AuthorityType.getAuthorityType(tenantService.getBaseNameUser(currentUserName)) != AuthorityType.GUEST) + if (AuthorityType.getAuthorityType(currentUserBaseName) != AuthorityType.GUEST) { authorities.addAll(allSet); } - authorities.addAll(getContainingAuthorities(null, currentUserName, false)); return authorities; } diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java index 0e91c628ae..ef147aeb40 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java @@ -185,8 +185,8 @@ public class AuthorityServiceTest extends TestCase assertTrue(pubAuthorityService.getAllAuthorities(AuthorityType.ADMIN).contains(PermissionService.ADMINISTRATOR_AUTHORITY)); assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.EVERYONE).size()); assertTrue(pubAuthorityService.getAllAuthorities(AuthorityType.EVERYONE).contains(PermissionService.ALL_AUTHORITIES)); - // group added for email - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + // groups added for email and admin + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertFalse(pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).contains(PermissionService.ALL_AUTHORITIES)); assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GUEST).size()); assertTrue(pubAuthorityService.getAllAuthorities(AuthorityType.GUEST).contains(PermissionService.GUEST_AUTHORITY)); @@ -265,14 +265,14 @@ public class AuthorityServiceTest extends TestCase { String auth; - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "woof"); assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "woof"); + assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); pubAuthorityService.deleteAuthority(auth); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); assertEquals(0, pubAuthorityService.getAllAuthorities(AuthorityType.ROLE).size()); assertEquals(0, pubAuthorityService.getAllRootAuthorities(AuthorityType.ROLE).size()); @@ -293,40 +293,40 @@ public class AuthorityServiceTest extends TestCase String auth5; assertFalse(pubAuthorityService.authorityExists(pubAuthorityService.getName(AuthorityType.GROUP, "one"))); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); assertTrue(pubAuthorityService.authorityExists(auth1)); - assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); + auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); pubAuthorityService.deleteAuthority(auth5); - assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); pubAuthorityService.deleteAuthority(auth4); - assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); pubAuthorityService.deleteAuthority(auth3); + assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + pubAuthorityService.deleteAuthority(auth2); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - pubAuthorityService.deleteAuthority(auth2); + pubAuthorityService.deleteAuthority(auth1); assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - pubAuthorityService.deleteAuthority(auth1); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); assertEquals(0, pubAuthorityService.getAllAuthorities(AuthorityType.ROLE).size()); assertEquals(0, pubAuthorityService.getAllRootAuthorities(AuthorityType.ROLE).size()); @@ -387,33 +387,33 @@ public class AuthorityServiceTest extends TestCase String auth4; String auth5; - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); - assertEquals("GROUP_one", auth1); assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); - assertEquals("GROUP_two", auth2); + auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); + assertEquals("GROUP_one", auth1); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); + assertEquals("GROUP_two", auth2); + assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); assertEquals("GROUP_three", auth3); - assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); assertEquals("GROUP_four", auth4); - assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); assertEquals("GROUP_five", auth5); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); pubAuthorityService.addAuthority(auth5, "andy"); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(2, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -430,8 +430,8 @@ public class AuthorityServiceTest extends TestCase assertTrue(pubAuthorityService.getContainedAuthorities(null, auth5, false).contains("andy")); pubAuthorityService.removeAuthority(auth5, "andy"); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(0, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -454,30 +454,30 @@ public class AuthorityServiceTest extends TestCase String auth4; String auth5; - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); + auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); + auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER).size()); pubAuthorityService.addAuthority(auth5, "andy"); pubAuthorityService.addAuthority(auth1, "andy"); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(3, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -495,8 +495,8 @@ public class AuthorityServiceTest extends TestCase pubAuthorityService.removeAuthority(auth1, "andy"); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(2, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -521,30 +521,30 @@ public class AuthorityServiceTest extends TestCase String auth4; String auth5; - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); + auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); assertEquals(3, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); + auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); assertEquals(4, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth3 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "three"); assertEquals(5, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); - auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth4 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "four"); assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + auth5 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth2, "five"); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); pubAuthorityService.addAuthority(auth5, "andy"); pubAuthorityService.addAuthority(auth1, "andy"); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(3, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -562,8 +562,8 @@ public class AuthorityServiceTest extends TestCase pubAuthorityService.addAuthority(auth3, auth2); - assertEquals(6, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(3, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(7, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(4, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); // The next call looks for people not users :-) checkAuthorityCollectionSize(3, pubAuthorityService.getAllAuthorities(AuthorityType.USER), AuthorityType.USER); assertEquals(4, pubAuthorityService.getContainingAuthorities(null, "andy", false).size()); @@ -592,8 +592,8 @@ public class AuthorityServiceTest extends TestCase personService.getPerson("andy4"); personService.getPerson("andy5"); personService.getPerson("andy6"); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); String auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); pubAuthorityService.addAuthority(auth1, "andy1"); String auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, auth1, "two"); @@ -765,8 +765,8 @@ public class AuthorityServiceTest extends TestCase personService.getPerson("an3dy"); assertTrue(personService.personExists("an3dy")); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); String auth1 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "one"); pubAuthorityService.addAuthority(auth1, "1234"); String auth2 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "two"); @@ -810,8 +810,8 @@ public class AuthorityServiceTest extends TestCase public void testGroupNameTokenisation() { - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); String auth1234 = pubAuthorityService.createAuthority(AuthorityType.GROUP, null, "1234"); assertEquals(0, pubAuthorityService.getContainedAuthorities(AuthorityType.GROUP, auth1234, false).size()); @@ -840,8 +840,20 @@ public class AuthorityServiceTest extends TestCase pubAuthorityService.deleteAuthority(authC1); pubAuthorityService.deleteAuthority(auth1234); - assertEquals(1, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); - assertEquals(1, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllAuthorities(AuthorityType.GROUP).size()); + assertEquals(2, pubAuthorityService.getAllRootAuthorities(AuthorityType.GROUP).size()); + } + + public void testAdminGroup() + { + personService.getPerson("andy"); + String adminGroup = pubAuthorityService.getName(AuthorityType.GROUP, "ALFRESCO_ADMINISTRATORS"); + pubAuthorityService.removeAuthority(adminGroup, "andy"); + assertFalse(pubAuthorityService.isAdminAuthority("andy")); + pubAuthorityService.addAuthority(adminGroup, "andy"); + assertTrue(pubAuthorityService.isAdminAuthority("andy")); + pubAuthorityService.removeAuthority(adminGroup, "andy"); + assertFalse(pubAuthorityService.isAdminAuthority("andy")); } private Map createDefaultProperties(String userName, String firstName, String lastName, String email, String orgId, NodeRef home)