diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml
index ce357da3b2..321f38250d 100644
--- a/config/alfresco/public-services-security-context.xml
+++ b/config/alfresco/public-services-security-context.xml
@@ -643,6 +643,10 @@
org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=ACL_NODE.0.sys:base.ChangePermissions
org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=ACL_ALLOW
org.alfresco.service.cmr.security.PermissionService.clearPermission=ACL_NODE.0.sys:base.ChangePermissions
+ org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermission=ACL_METHOD.ROLE_ADMINISTRATOR
+ org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermissionForTheCurrentUser=ACL_ALLOW
+ org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=ACL_METHOD.ROLE_ADMINISTRATOR
+ org.alfresco.service.cmr.security.PermissionService.getAllSetPermissionsForTheCurrentUser=ACL_ALLOW
@@ -672,6 +676,7 @@
org.alfresco.service.cmr.security.AuthorityService.getShortName=ACL_ALLOW
org.alfresco.service.cmr.security.AuthorityService.getName=ACL_ALLOW
org.alfresco.service.cmr.security.AuthorityService.authorityExists=ACL_METHOD.ROLE_ADMINISTRATOR
+ org.alfresco.service.cmr.security.AuthorityService.getAuthoritiesForUser=ACL_METHOD.ROLE_ADMINISTRATOR
diff --git a/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
index 46cc77331f..c14007696a 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
+++ b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
@@ -151,6 +151,29 @@
where
ace.authority.recipient = :authorityRecipient
+
+
+ select
+ ace, acl, node
+ from org.alfresco.repo.domain.hibernate.NodeImpl as node
+ join node.accessControlList as acl
+ join acl.entries as ace
+ where
+ ace.authority.recipient = :authorityRecipient
+
+
+
+ select
+ ace, acl, node
+ from org.alfresco.repo.domain.hibernate.NodeImpl as node
+ join node.accessControlList as acl
+ join acl.entries as ace
+ where
+ ace.authority.recipient = :authorityRecipient and
+ ace.allowed = :allow and
+ ace.permission.name = :permissionName and
+ ace.permission.typeQname = :permissionTypeQname
+
select
diff --git a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
index 8a3e966b6f..02d30f4dcb 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
@@ -26,6 +26,7 @@ package org.alfresco.repo.domain.hibernate;
import java.util.Collection;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -36,9 +37,13 @@ import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.repo.domain.DbPermissionKey;
+import org.alfresco.repo.domain.Node;
+import org.alfresco.repo.domain.NodeStatus;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
+import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
+import org.alfresco.repo.security.permissions.impl.PermissionReferenceImpl;
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
@@ -46,31 +51,40 @@ import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.transaction.TransactionalDao;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.hibernate.Query;
+import org.hibernate.ScrollMode;
+import org.hibernate.ScrollableResults;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
- * Support for accessing persisted permission information.
- *
- * This class maps between persisted objects and the external API defined in the
- * PermissionsDAO interface.
+ * Support for accessing persisted permission information. This class maps between persisted objects and the external
+ * API defined in the PermissionsDAO interface.
*
* @author andyh
*/
-public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent, TransactionalDao
+public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent,
+ TransactionalDao
{
private static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
+
public static final String QUERY_GET_PERMISSION = "permission.GetPermission";
+
public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority";
+
+ public static final String QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAllAccessControlEntriesForAuthority";
+
public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission";
-
+
+ public static final String QUERY_FIND_NODES_BY_PERMISSION = "permission.FindNodesByPermission";
+
private Map fProtocolToACLDAO;
-
+
private AccessControlListDAO fDefaultACLDAO;
/** a uuid identifying this unique instance */
@@ -100,7 +114,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
PermissionsDaoComponentImpl that = (PermissionsDaoComponentImpl) obj;
return this.uuid.equals(that.uuid);
}
-
+
/**
* @see #uuid
*/
@@ -110,8 +124,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
/**
- * Does this Session contain any changes which must be
- * synchronized with the store?
+ * Does this Session contain any changes which must be synchronized with the store?
*
* @return true => changes are pending
*/
@@ -126,7 +139,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
};
// execute the callback
- return ((Boolean)getHibernateTemplate().execute(callback)).booleanValue();
+ return ((Boolean) getHibernateTemplate().execute(callback)).booleanValue();
}
/**
@@ -136,12 +149,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
{
getSession().flush();
}
-
+
public void setProtocolToACLDAO(Map map)
{
fProtocolToACLDAO = map;
}
-
+
public void setDefaultACLDAO(AccessControlListDAO defaultACLDAO)
{
fDefaultACLDAO = defaultACLDAO;
@@ -166,10 +179,8 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
- SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
- nodeRef,
- true,
- Collections. emptySet());
+ SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections
+ . emptySet());
npe = snpe;
}
else
@@ -179,10 +190,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
// done
if (logger.isDebugEnabled())
{
- logger.debug(
- "Created access control list for node: \n" +
- " node: " + nodeRef + "\n" +
- " acl: " + npe);
+ logger.debug("Created access control list for node: \n" + " node: " + nodeRef + "\n" + " acl: " + npe);
}
return npe;
}
@@ -190,14 +198,15 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
/**
* Get the persisted access control list or create it if required.
*
- * @param nodeRef - the node for which to create the list
- * @param create - create the object if it is missing
+ * @param nodeRef -
+ * the node for which to create the list
+ * @param create -
+ * create the object if it is missing
* @return Returns the current access control list or null if not found
*/
private DbAccessControlList getAccessControlList(NodeRef nodeRef, boolean create)
{
- DbAccessControlList acl =
- getACLDAO(nodeRef).getAccessControlList(nodeRef);
+ DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null && create)
{
acl = createAccessControlList(nodeRef);
@@ -205,32 +214,27 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
// done
if (logger.isDebugEnabled())
{
- logger.debug("Retrieved access control list: \n" +
- " node: " + nodeRef + "\n" +
- " list: " + acl);
+ logger.debug("Retrieved access control list: \n" + " node: " + nodeRef + "\n" + " list: " + acl);
}
return acl;
}
-
+
/**
- * Creates an access control list for the node and removes the entry from
- * the nullPermsionCache.
+ * Creates an access control list for the node and removes the entry from the nullPermsionCache.
*/
private DbAccessControlList createAccessControlList(NodeRef nodeRef)
{
DbAccessControlList acl = new DbAccessControlListImpl();
acl.setInherits(INHERIT_PERMISSIONS_DEFAULT);
getHibernateTemplate().save(acl);
-
+
// maintain inverse
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
-
+
// done
if (logger.isDebugEnabled())
{
- logger.debug("Created Access Control List: \n" +
- " node: " + nodeRef + "\n" +
- " list: " + acl);
+ logger.debug("Created Access Control List: \n" + " node: " + nodeRef + "\n" + " list: " + acl);
}
return acl;
}
@@ -241,7 +245,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
try
{
acl = getAccessControlList(nodeRef, false);
- }
+ }
catch (InvalidNodeRefException e)
{
return;
@@ -258,14 +262,13 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
@SuppressWarnings("unchecked")
public void deletePermissions(final String authority)
{
- // get the authority
+ // get the authority
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
{
- Query query = session
- .getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY)
- .setString("authorityRecipient", authority);
+ Query query = session.getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY).setString("authorityRecipient",
+ authority);
return (Integer) HibernateHelper.deleteDbAccessControlEntries(session, query);
}
};
@@ -296,16 +299,15 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
// done
if (logger.isDebugEnabled())
{
- logger.debug("Deleted " + deletedCount + "entries for criteria: \n" +
- " node: " + nodeRef + "\n" +
- " authority: " + authority);
+ logger.debug("Deleted "
+ + deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " authority: "
+ + authority);
}
}
/**
- * Deletes all permission entries (access control list entries) that match
- * the given criteria. Note that the access control list for the node is
- * not deleted.
+ * Deletes all permission entries (access control list entries) that match the given criteria. Note that the access
+ * control list for the node is not deleted.
*/
public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission)
{
@@ -327,10 +329,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
// done
if (logger.isDebugEnabled())
{
- logger.debug("Deleted " + deletedCount + "entries for criteria: \n" +
- " node: " + nodeRef + "\n" +
- " permission: " + permission + "\n" +
- " authority: " + authority);
+ logger.debug("Deleted "
+ + deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " permission: "
+ + permission + "\n" + " authority: " + authority);
}
}
@@ -362,17 +363,17 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
}
}
-
+
/**
- * @param nodeRef the node against which to join
- * @param authority the authority against which to join
- * @param perm the permission against which to join
+ * @param nodeRef
+ * the node against which to join
+ * @param authority
+ * the authority against which to join
+ * @param perm
+ * the permission against which to join
* @return Returns all access control entries that match the criteria
*/
- private DbAccessControlEntry getAccessControlEntry(
- NodeRef nodeRef,
- String authority,
- PermissionReference permission)
+ private DbAccessControlEntry getAccessControlEntry(NodeRef nodeRef, String authority, PermissionReference permission)
{
DbAccessControlList acl = getAccessControlList(nodeRef, false);
DbAccessControlEntry entry = null;
@@ -384,10 +385,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
// done
if (logger.isDebugEnabled())
{
- logger.debug("" + (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" +
- " node: " + nodeRef + "\n" +
- " authority: " + authority + "\n" +
- " permission: " + permission);
+ logger.debug(""
+ + (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" + " node: " + nodeRef
+ + "\n" + " authority: " + authority + "\n" + " permission: " + permission);
}
return entry;
}
@@ -419,7 +419,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
final QName qname = permissionRef.getQName();
final String name = permissionRef.getName();
Session session = getSession();
-
+
DbPermission dbPermission = DbPermissionImpl.find(session, qname, name);
// create if necessary
@@ -435,11 +435,8 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
public void setPermission(PermissionEntry permissionEntry)
{
- setPermission(
- permissionEntry.getNodeRef(),
- permissionEntry.getAuthority(),
- permissionEntry.getPermissionReference(),
- permissionEntry.isAllowed());
+ setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry
+ .getPermissionReference(), permissionEntry.isAllowed());
}
public void setPermission(NodePermissionEntry nodePermissionEntry)
@@ -447,7 +444,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
NodeRef nodeRef = nodePermissionEntry.getNodeRef();
// Get the access control list
- // Note the logic here requires to know whether it was created or not
+ // Note the logic here requires to know whether it was created or not
DbAccessControlList acl = getAccessControlList(nodeRef, false);
if (acl != null)
{
@@ -495,7 +492,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
}
}
-
+
public boolean getInheritParentPermissions(NodeRef nodeRef)
{
DbAccessControlList acl = null;
@@ -522,33 +519,29 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef)
{
- DbAccessControlList acl =
- getACLDAO(nodeRef).getAccessControlList(nodeRef);
+ DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
- SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
- nodeRef,
- true,
- Collections. emptySet());
+ SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections
+ . emptySet());
return snpe;
}
else
{
Set entries = acl.getEntries();
- SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
- nodeRef,
- acl.getInherits(),
+ SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(),
createSimplePermissionEntries(nodeRef, entries));
return snpe;
}
}
/**
- * @param entries access control entries
+ * @param entries
+ * access control entries
* @return Returns a unique set of entries that can be given back to the outside world
*/
- private Set createSimplePermissionEntries(NodeRef nodeRef,
+ private Set createSimplePermissionEntries(NodeRef nodeRef,
Collection entries)
{
if (entries == null)
@@ -566,18 +559,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
return spes;
}
- private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef,
- DbAccessControlEntry ace)
+ private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, DbAccessControlEntry ace)
{
if (ace == null)
{
return null;
}
- return new SimplePermissionEntry(
- nodeRef,
- createSimplePermissionReference(ace.getPermission()),
- ace.getAuthority().getRecipient(),
- ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
+ return new SimplePermissionEntry(nodeRef, createSimplePermissionReference(ace.getPermission()), ace
+ .getAuthority().getRecipient(), ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
}
private static SimplePermissionReference createSimplePermissionReference(DbPermission perm)
@@ -586,14 +575,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
{
return null;
}
- return new SimplePermissionReference(
- perm.getTypeQname(),
- perm.getName());
+ return new SimplePermissionReference(perm.getTypeQname(), perm.getName());
}
-
+
/**
* Helper to choose appropriate NodeService for the given NodeRef
- * @param nodeRef The NodeRef to dispatch from.
+ *
+ * @param nodeRef
+ * The NodeRef to dispatch from.
* @return The appropriate NodeService.
*/
private AccessControlListDAO getACLDAO(NodeRef nodeRef)
@@ -605,4 +594,80 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
return ret;
}
+
+ @SuppressWarnings("unchecked")
+ public Map> getAllSetPermissions(final String authority)
+ {
+ // get the authority
+ HibernateCallback callback = new HibernateCallback()
+ {
+ public Object doInHibernate(Session session)
+ {
+ Query query = session.getNamedQuery(QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY).setString(
+ "authorityRecipient", authority);
+
+ Map> result = new HashMap>();
+
+ ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY);
+ while (entities.next())
+ {
+ DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0);
+ // DbAccessControlList acl = (DbAccessControlList) entities.get(1);
+ Node node = (Node) entities.get(2);
+ DbPermission dbPermission = entry.getPermission();
+ PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission
+ .getName());
+ AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED;
+ AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority()
+ .getRecipient());
+ NodeRef nodeRef = node.getNodeRef();
+ Set nodeSet = result.get(nodeRef);
+ if (nodeSet == null)
+ {
+ nodeSet = new HashSet();
+ result.put(nodeRef, nodeSet);
+ }
+ nodeSet.add(ap);
+ }
+
+ return result;
+ }
+ };
+ return (Map>) getHibernateTemplate().execute(callback);
+
+ }
+
+ public Set findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow)
+ {
+ // get the authority
+ HibernateCallback callback = new HibernateCallback()
+ {
+ public Object doInHibernate(Session session)
+ {
+ Query query = session.getNamedQuery(QUERY_FIND_NODES_BY_PERMISSION).setString(
+ "authorityRecipient", authority).setBoolean("allow", allow).setString("permissionName", permission.getName()).setString("permissionTypeQname", permission.getQName().toString());
+
+ Set result = new HashSet();
+
+ ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY);
+ while (entities.next())
+ {
+ DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0);
+ // DbAccessControlList acl = (DbAccessControlList) entities.get(1);
+ Node node = (Node) entities.get(2);
+ DbPermission dbPermission = entry.getPermission();
+ PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission
+ .getName());
+ AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED;
+ AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority()
+ .getRecipient());
+ NodeRef nodeRef = node.getNodeRef();
+ result.add(nodeRef);
+ }
+
+ return result;
+ }
+ };
+ return (Set) getHibernateTemplate().execute(callback);
+ }
}
diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
index 24dc88a4cd..542af517fc 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
@@ -126,8 +126,13 @@ public class AuthorityServiceImpl implements AuthorityService
public Set getAuthorities()
{
- Set authorities = new HashSet();
String currentUserName = authenticationComponent.getCurrentUserName();
+ return getAuthoritiesForUser(currentUserName);
+ }
+
+ public Set getAuthoritiesForUser(String currentUserName)
+ {
+ Set authorities = new HashSet();
if (adminUsers.contains(currentUserName))
{
authorities.addAll(adminSet);
@@ -139,7 +144,7 @@ public class AuthorityServiceImpl implements AuthorityService
authorities.addAll(getContainingAuthorities(null, currentUserName, false));
return authorities;
}
-
+
public Set getAllAuthorities(AuthorityType type)
{
Set authorities = new HashSet();
diff --git a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
index 076984340d..b705a508df 100644
--- a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
@@ -233,4 +233,18 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
return false;
}
+ public Set getAuthoritiesForUser(String currentUserName)
+ {
+ Set authorities = new HashSet();
+ if (adminUsers.contains(currentUserName))
+ {
+ authorities.addAll(adminSet);
+ }
+ if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST)
+ {
+ authorities.addAll(allSet);
+ }
+ return authorities;
+ }
+
}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java
new file mode 100644
index 0000000000..5a80636125
--- /dev/null
+++ b/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of
+ * the GPL, you may redistribute this Program in connection with Free/Libre
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's
+ * FLOSS exception. You should have recieved a copy of the text describing
+ * the FLOSS exception, and it is also available here:
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.security.permissions.impl;
+
+import org.alfresco.service.cmr.security.AccessPermission;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.AuthorityType;
+
+/**
+ * Standard implementation for access permission info
+ * @author andyh
+ *
+ */
+public class AccessPermissionImpl implements AccessPermission
+{
+ private String permission;
+
+ private AccessStatus accessStatus;
+
+ private String authority;
+
+ private AuthorityType authorityType;
+
+ public AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority)
+ {
+ this.permission = permission;
+ this.accessStatus = accessStatus;
+ this.authority = authority;
+ this.authorityType = AuthorityType.getAuthorityType(authority);
+ }
+
+ public String getPermission()
+ {
+ return permission;
+ }
+
+ public AccessStatus getAccessStatus()
+ {
+ return accessStatus;
+ }
+
+ public String getAuthority()
+ {
+ return authority;
+ }
+
+ public AuthorityType getAuthorityType()
+ {
+ return authorityType;
+ }
+
+ @Override
+ public String toString()
+ {
+ return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")";
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ if (this == o)
+ {
+ return true;
+ }
+ if (!(o instanceof AccessPermissionImpl))
+ {
+ return false;
+ }
+ AccessPermissionImpl other = (AccessPermissionImpl) o;
+ return this.getPermission().equals(other.getPermission())
+ && (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other
+ .getAccessStatus())));
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode();
+ }
+}
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
index 0df47c9ea3..91e2f019d1 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
@@ -28,6 +28,7 @@ import java.io.Serializable;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import net.sf.acegisecurity.Authentication;
@@ -52,7 +53,6 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
-import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
@@ -280,74 +280,6 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return accessPermissions;
}
- private class AccessPermissionImpl implements AccessPermission
- {
- private String permission;
-
- private AccessStatus accessStatus;
-
- private String authority;
-
- private AuthorityType authorityType;
-
- AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority)
- {
- this.permission = permission;
- this.accessStatus = accessStatus;
- this.authority = authority;
- this.authorityType = AuthorityType.getAuthorityType(authority);
- }
-
- public String getPermission()
- {
- return permission;
- }
-
- public AccessStatus getAccessStatus()
- {
- return accessStatus;
- }
-
- public String getAuthority()
- {
- return authority;
- }
-
- public AuthorityType getAuthorityType()
- {
- return authorityType;
- }
-
- @Override
- public String toString()
- {
- return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")";
- }
-
- @Override
- public boolean equals(Object o)
- {
- if (this == o)
- {
- return true;
- }
- if (!(o instanceof AccessPermissionImpl))
- {
- return false;
- }
- AccessPermissionImpl other = (AccessPermissionImpl) o;
- return this.getPermission().equals(other.getPermission())
- && (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other
- .getAccessStatus())));
- }
-
- @Override
- public int hashCode()
- {
- return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode();
- }
- }
-
public Set getSettablePermissions(NodeRef nodeRef)
{
Set settable = getSettablePermissionReferences(nodeRef);
@@ -495,13 +427,16 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{
auths.add(authority.getAuthority());
}
- if (dynamicAuthorities != null)
+ if (nodeRef != null)
{
- for (DynamicAuthority da : dynamicAuthorities)
+ if (dynamicAuthorities != null)
{
- if (da.hasAuthority(nodeRef, user.getUsername()))
+ for (DynamicAuthority da : dynamicAuthorities)
{
- auths.add(da.getAuthority());
+ if (da.hasAuthority(nodeRef, user.getUsername()))
+ {
+ auths.add(da.getAuthority());
+ }
}
}
}
@@ -698,7 +633,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
// Set the required node permissions
if (required.equals(getPermissionReference(ALL_PERMISSIONS)))
{
- nodeRequirements = modelDAO.getRequiredPermissions(getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames,
+ nodeRequirements = modelDAO.getRequiredPermissions(
+ getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames,
RequiredPermission.On.NODE);
}
else
@@ -1199,4 +1135,56 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return value;
}
}
+
+ public Map> getAllSetPermissionsForTheCurrentUser()
+ {
+ String currentUser = authenticationComponent.getCurrentUserName();
+ return getAllSetPermissions(currentUser);
+ }
+
+ public Map> getAllSetPermissions(String authority)
+ {
+ return permissionsDaoComponent.getAllSetPermissions(authority);
+ }
+
+ public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities,
+ boolean exactPermissionMatch)
+ {
+ String currentUser = authenticationComponent.getCurrentUserName();
+ return findNodesByAssignedPermission(currentUser, permission, allow, includeContainingAuthorities, exactPermissionMatch);
+ }
+
+ public Set findNodesByAssignedPermission(String authority, String permission, boolean allow,
+ boolean includeContainingAuthorities, boolean includeContainingPermissions)
+ {
+ // TODO: owned nodes and add owner rights ??
+ // Does not include dynamic permissions (they would have to be done by query - e.g. owership and OWNER rights)
+ // Does not include ACEGI auth object authorities
+ Set authorities = new HashSet();
+ authorities.add(authority);
+ if (includeContainingAuthorities)
+ {
+ authorities.addAll(authorityService.getAuthoritiesForUser(authority));
+ }
+
+ HashSet answer = new HashSet();
+
+ PermissionReference pr = getPermissionReference(permission);
+ Set permissions = new HashSet();
+ permissions.add(pr);
+
+ if (includeContainingPermissions)
+ {
+ permissions.addAll(modelDAO.getGrantingPermissions(pr));
+ }
+
+ for (PermissionReference perm : permissions)
+ {
+ for (String auth : authorities)
+ {
+ answer.addAll(permissionsDaoComponent.findNodeByPermission(auth, perm, allow));
+ }
+ }
+ return answer;
+ }
}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
index 2e16b96857..e7c055c078 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
@@ -34,6 +34,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
@@ -68,7 +69,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
Authentication auth = authenticationComponent.getCurrentAuthentication();
for (GrantedAuthority authority : auth.getAuthorities())
{
- if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; }
+ if (authority.getAuthority().equals(ROLE_AUTHENTICATED))
+ {
+ return;
+ }
}
fail("Missing role ROLE_AUTHENTICATED ");
}
@@ -77,43 +81,33 @@ public class PermissionServiceTest extends AbstractPermissionTest
protected void onSetUpInTransaction() throws Exception
{
super.onSetUpInTransaction();
- denyAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy",
- AccessStatus.DENIED);
- allowAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy",
- AccessStatus.ALLOWED);
- denyAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy",
- AccessStatus.DENIED);
- allowAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy",
- AccessStatus.ALLOWED);
- denyAndyReadProperties = new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED);
- allowAndyReadProperties = new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED);
- allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN),
- "andy", AccessStatus.ALLOWED);
+ denyAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", AccessStatus.DENIED);
+ allowAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", AccessStatus.ALLOWED);
+ denyAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.DENIED);
+ allowAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED);
+ denyAndyReadProperties = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED);
+ allowAndyReadProperties = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED);
+ allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED);
}
-
+
public void testDefaultModelPermissions()
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
-
+
runAs("admin");
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONTRIBUTOR),
- "andy", AccessStatus.ALLOWED));
-
-
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONTRIBUTOR), "andy", AccessStatus.ALLOWED));
+
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
}
-
+
public void testSystemUserPermissions()
{
AuthenticationUtil.setSystemUserAsCurrentUser();
@@ -132,8 +126,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
AuthenticationUtil.clearCurrentSecurityContext();
}
}
-
-
+
public void testAdminUserPermissions()
{
runAs("admin");
@@ -146,20 +139,19 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT) == AccessStatus.ALLOWED);
assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CHECK_OUT) == AccessStatus.ALLOWED);
assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.COORDINATOR) == AccessStatus.ALLOWED);
-
+
}
finally
{
AuthenticationUtil.clearCurrentSecurityContext();
}
}
-
+
public void testWeSetConsumerOnRootIsNotSupportedByHasPermisssionAsItIsTheWrongType()
{
runAs("andy");
assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.CONSUMER),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
assertEquals(permissionService.hasPermission(rootNodeRef, (PermissionService.CONSUMER)), AccessStatus.DENIED);
}
@@ -167,18 +159,12 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testGetAllSetPermissions()
{
runAs("andy");
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE),
- "GROUP_GREEN", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "GROUP_RED", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(systemNodeRef,
- getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(systemNodeRef,
- getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "GROUP_RED", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.DENIED));
NodeRef current = systemNodeRef;
Set setPermissions = new HashSet();
@@ -192,9 +178,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
boolean add = true;
for (AccessPermission existing : setPermissions)
{
- if (add
- && existing.getAuthority().equals(toTest.getAuthority())
- && existing.getPermission().equals(toTest.getPermission()))
+ if (add && existing.getAuthority().equals(toTest.getAuthority()) && existing.getPermission().equals(toTest.getPermission()))
{
add = false;
}
@@ -223,13 +207,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
- AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
runAs("andy");
@@ -283,14 +264,11 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("andy");
Set entries = new HashSet();
- entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"),
- "C"), "user-one", AccessStatus.ALLOWED));
- entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "user-two",
+ entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "user-one", AccessStatus.ALLOWED));
+ entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "user-two", AccessStatus.ALLOWED));
+ entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("D", "E"), "F"), permissionService.getAllAuthorities(),
AccessStatus.ALLOWED));
- entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("D", "E"),
- "F"), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
- entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(),
- permissionService.getAllAuthorities(), AccessStatus.DENIED));
+ entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.DENIED));
SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries);
@@ -305,8 +283,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testSetNodePermissionEntry2()
{
Set entries = new HashSet();
- entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(),
- permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
+ entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries);
@@ -355,10 +332,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
assertEquals("andy", pe.getAuthority());
assertTrue(pe.isAllowed());
- assertTrue(pe.getPermissionReference().getQName().equals(
- permissionService.getAllPermissionReference().getQName()));
- assertTrue(pe.getPermissionReference().getName().equals(
- permissionService.getAllPermissionReference().getName()));
+ assertTrue(pe.getPermissionReference().getQName().equals(permissionService.getAllPermissionReference().getQName()));
+ assertTrue(pe.getPermissionReference().getName().equals(permissionService.getAllPermissionReference().getName()));
assertEquals(rootNodeRef, pe.getNodeRef());
}
@@ -424,10 +399,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
assertEquals("andy", pe.getAuthority());
assertTrue(pe.isAllowed());
- assertTrue(pe.getPermissionReference().getQName().equals(
- permissionService.getAllPermissionReference().getQName()));
- assertTrue(pe.getPermissionReference().getName().equals(
- permissionService.getAllPermissionReference().getName()));
+ assertTrue(pe.getPermissionReference().getQName().equals(permissionService.getAllPermissionReference().getQName()));
+ assertTrue(pe.getPermissionReference().getName().equals(permissionService.getAllPermissionReference().getName()));
assertEquals(rootNodeRef, pe.getNodeRef());
}
@@ -441,8 +414,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
// Set new
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
- .getAllPermissionReference(), "other", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "other", AccessStatus.ALLOWED));
assertNotNull(permissionService.getSetPermissions(rootNodeRef));
assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
@@ -458,15 +430,13 @@ public class PermissionServiceTest extends AbstractPermissionTest
// new
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName
- .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "andy", AccessStatus.DENIED));
assertNotNull(permissionService.getSetPermissions(rootNodeRef));
assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName
- .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "andy", AccessStatus.DENIED));
assertNotNull(permissionService.getSetPermissions(rootNodeRef));
assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
@@ -478,8 +448,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService
- .getAllPermissionReference(), "other", AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "other", AccessStatus.ALLOWED));
assertNotNull(permissionService.getSetPermissions(rootNodeRef));
assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
@@ -495,8 +464,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testGetSettablePermissionsForType()
{
- Set answer = permissionService.getSettablePermissions(QName.createQName("sys", "base",
- namespacePrefixResolver));
+ Set answer = permissionService.getSettablePermissions(QName.createQName("sys", "base", namespacePrefixResolver));
assertEquals(36, answer.size());
answer = permissionService.getSettablePermissions(QName.createQName("cm", "ownable", namespacePrefixResolver));
@@ -507,11 +475,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
answer = permissionService.getSettablePermissions(QName.createQName("cm", "folder", namespacePrefixResolver));
assertEquals(5, answer.size());
-
+
answer = permissionService.getSettablePermissions(QName.createQName("cm", "monkey", namespacePrefixResolver));
assertEquals(0, answer.size());
}
-
public void testGetSettablePermissionsForNode()
{
@@ -541,8 +508,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
@@ -553,32 +519,28 @@ public class PermissionServiceTest extends AbstractPermissionTest
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -602,11 +564,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testGlobalPermissionsForAdmin()
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_CONTENT).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_CONTENT).getChildRef();
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -621,16 +581,11 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "admin", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "admin", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.ALL_PERMISSIONS), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.ALL_PERMISSIONS), "admin", AccessStatus.DENIED));
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
@@ -708,8 +663,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -724,7 +678,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// Changed ny not enfocing READ
- // assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+ // assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) ==
+ // AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(n1,
// getPermission(PermissionService.READ_PROPERTIES)) ==
// AccessStatus.ALLOWED);
@@ -774,8 +729,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1005,29 +959,18 @@ public class PermissionServiceTest extends AbstractPermissionTest
// UserTransaction tx = transactionService.getUserTransaction();
// tx.begin();
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n3 = nodeService.createNode(n2, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}three"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n4 = nodeService.createNode(n3, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}four"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n5 = nodeService.createNode(n4, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}five"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n6 = nodeService.createNode(n5, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}six"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n7 = nodeService.createNode(n6, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}seven"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n8 = nodeService.createNode(n7, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}eight"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n9 = nodeService.createNode(n8, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}nine"),
- ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n10 = nodeService.createNode(n9, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}ten"),
- ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n3 = nodeService.createNode(n2, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n4 = nodeService.createNode(n3, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n5 = nodeService.createNode(n4, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n6 = nodeService.createNode(n5, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n7 = nodeService.createNode(n6, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n8 = nodeService.createNode(n7, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n9 = nodeService.createNode(n8, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n10 = nodeService.createNode(n9, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef();
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
// permissionService.setPermission(new SimplePermissionEntry(n9,
// getPermission(PermissionService.READ),
// "andy", AccessStatus.ALLOWED));
@@ -1153,8 +1096,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE, "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE, "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1219,8 +1161,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1232,8 +1173,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- ROLE_AUTHENTICATED, AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.DENIED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1245,8 +1185,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1273,8 +1212,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1286,8 +1224,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- permissionService.getAllAuthorities(), AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1299,8 +1236,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(),
+ AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1329,8 +1266,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
- .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(),
+ AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED);
@@ -1344,8 +1281,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- permissionService.getAllAuthorities(), AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED);
@@ -1359,8 +1295,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
- .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(),
+ AccessStatus.DENIED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED);
@@ -1389,8 +1325,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1402,8 +1337,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1415,8 +1349,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1428,8 +1361,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1441,8 +1373,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.DENIED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1458,10 +1389,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testInheritPermissions()
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1474,10 +1403,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
- AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1522,10 +1449,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1538,14 +1463,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1558,8 +1479,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN),
- "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.DENIED));
permissionService.setInheritParentPermissions(n2, false);
runAs("andy");
@@ -1578,7 +1498,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
runAs("andy");
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
// Changed by removing permission read parents access
- // assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+ // assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) ==
+ // AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
@@ -1603,12 +1524,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1621,27 +1539,35 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-// getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
-// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-// getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
-// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-// getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
-//
-//
-// runAs("andy");
-// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-// runAs("lemur");
-// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
+ // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
+ // getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
+ // getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
+ // getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
+ //
+ //
+ // runAs("andy");
+ // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) ==
+ // AccessStatus.ALLOWED);
+ // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) ==
+ // AccessStatus.ALLOWED);
+ // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) ==
+ // AccessStatus.ALLOWED);
+ // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) ==
+ // AccessStatus.ALLOWED);
+ // runAs("lemur");
+ // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) ==
+ // AccessStatus.ALLOWED);
+ // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) ==
+ // AccessStatus.ALLOWED);
+ // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) ==
+ // AccessStatus.ALLOWED);
+ // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) ==
+ // AccessStatus.ALLOWED);
}
-
+
public void testEffectiveComposite()
{
@@ -1656,12 +1582,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1680,10 +1603,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
{
runAs("admin");
- NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
- QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
- NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
- ContentModel.TYPE_CONTENT).getChildRef();
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_CONTENT).getChildRef();
runAs("andy");
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1696,14 +1617,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1716,8 +1633,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1730,12 +1646,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(n2,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
- permissionService.deletePermission(new SimplePermissionEntry(n2,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
- permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT),
- "andy", AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1748,8 +1661,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ), "andy",
- AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1777,8 +1689,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1791,14 +1702,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1811,8 +1718,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
- permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED));
+ permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1842,11 +1748,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE),
- "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED);
@@ -1867,8 +1771,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED);
assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED);
- permissionService.setPermission(new SimplePermissionEntry(systemNodeRef,
- getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED));
runAs("andy");
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED);
@@ -1886,15 +1789,11 @@ public class PermissionServiceTest extends AbstractPermissionTest
public void testClearPermission()
{
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "andy", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
- "lemur", AccessStatus.ALLOWED));
- permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
- getPermission(PermissionService.READ_CHILDREN), "lemur", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "lemur", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "lemur", AccessStatus.ALLOWED));
assertEquals(4, permissionService.getAllSetPermissions(rootNodeRef).size());
permissionService.clearPermission(rootNodeRef, "andy");
@@ -1904,8 +1803,331 @@ public class PermissionServiceTest extends AbstractPermissionTest
}
-
-
+ public void testGetAllSetPermissionsFromAllNodes()
+ {
+ runAs("admin");
+
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n5 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n6 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n7 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n8 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n9 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n10 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef();
+
+ assertEquals(0, permissionService.getAllSetPermissionsForTheCurrentUser().size());
+ assertEquals(0, permissionService.getAllSetPermissions("admin").size());
+ assertEquals(0, permissionService.getAllSetPermissions("andy").size());
+
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n4, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n5, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n6, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n7, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n8, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+
+ assertEquals(10, permissionService.getAllSetPermissionsForTheCurrentUser().size());
+ assertEquals(10, permissionService.getAllSetPermissions("admin").size());
+ assertEquals(2, permissionService.getAllSetPermissions("andy").size());
+ assertNull(permissionService.getAllSetPermissionsForTheCurrentUser().get(rootNodeRef));
+ assertNull(permissionService.getAllSetPermissions("admin").get(rootNodeRef));
+ assertNull(permissionService.getAllSetPermissions("andy").get(rootNodeRef));
+ assertEquals(2, permissionService.getAllSetPermissionsForTheCurrentUser().get(n1).size());
+ assertEquals(2, permissionService.getAllSetPermissions("admin").get(n1).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n1));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n2).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n2).size());
+ assertEquals(1, permissionService.getAllSetPermissions("andy").get(n2).size());
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n3).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n3).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n3));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n4).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n4).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n4));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n5).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n5).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n5));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n6).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n6).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n6));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n7).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n7).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n7));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n8).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n8).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n8));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n9).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n9).size());
+ assertNull(permissionService.getAllSetPermissions("andy").get(n9));
+ assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n10).size());
+ assertEquals(1, permissionService.getAllSetPermissions("admin").get(n10).size());
+ assertEquals(1, permissionService.getAllSetPermissions("andy").get(n10).size());
+
+ }
+
+ public void testFindNodesByPermission()
+ {
+ runAs("admin");
+
+ StoreRef storeRef = rootNodeRef.getStoreRef();
+
+ NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n5 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n6 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n7 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n8 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n9 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef();
+ NodeRef n10 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef();
+
+ personService.getPerson("andy");
+ String groupAuth = authorityService.createAuthority(AuthorityType.GROUP, null, "G");
+ authorityService.addAuthority(groupAuth, "andy");
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser("Consumer", true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser("Consumer", false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", "Consumer", true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", "Consumer", false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", "Consumer", true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", "Consumer", false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, "Consumer", true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, "Consumer", false, false, false), storeRef).size());
+
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONSUMER), "admin", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n6, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n7, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n8, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.CONSUMER), groupAuth, AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.CONSUMER), groupAuth, AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED));
+ permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.CONTRIBUTOR), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ_CONTENT), groupAuth, AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n4, getPermission(PermissionService.READ_CHILDREN), groupAuth, AccessStatus.ALLOWED));
+ permissionService.setPermission(new SimplePermissionEntry(n5, getPermission(PermissionService.READ_CONTENT), groupAuth, AccessStatus.ALLOWED));
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, false, false), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, false, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, false, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, false, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, false, false), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, false, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, false, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, false, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, false, false), storeRef).size());
+
+ // Include groups for exact match
+
+ for (NodeRef nodeRef : permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, false))
+ {
+ System.out.println("Found " + nodeService.getPath(nodeRef));
+ }
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, true, false), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, true, false), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, true, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, true, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, true, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, true, false), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, true, false), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, true, false), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, true, false), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, true, false), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, true, false), storeRef).size());
+
+ // Include inexact permission
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, false, true), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, false, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, false, true), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, false, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, false, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, false, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, false, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, false, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, false, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, false, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, false, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, false, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, false, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, false, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, false, true), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, false, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, false, true), storeRef).size());
+
+ // Inexact for all
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, true, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, true, true), storeRef).size());
+
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, true, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, true, true), storeRef).size());
+ assertEquals(4, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, true, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, true, true), storeRef).size());
+ assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, true, true), storeRef).size());
+
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, true, true), storeRef).size());
+ assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, true, true), storeRef).size());
+ assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, true, true), storeRef).size());
+ assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, true, true), storeRef).size());
+ assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, true, true), storeRef).size());
+
+ }
+
+ private Set filterForStore(Set set, StoreRef storeRef)
+ {
+ Set toRemove = new HashSet();
+ for (NodeRef node : set)
+ {
+ if (!node.getStoreRef().equals(storeRef))
+ {
+ toRemove.add(node);
+ }
+ }
+ set.removeAll(toRemove);
+ return set;
+ }
+
// TODO: Test permissions on missing nodes
}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
index 36d1cfecee..d1be6ac957 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
@@ -24,10 +24,14 @@
*/
package org.alfresco.repo.security.permissions.impl;
+import java.util.Map;
+import java.util.Set;
+
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
/**
* The API for accessing persisted Alfresco permissions.
@@ -116,4 +120,21 @@ public interface PermissionsDaoComponent
* @return inheritParentPermissions
*/
public boolean getInheritParentPermissions(NodeRef nodeRef);
+
+ /**
+ * Get all the permissions set for the given authority
+ *
+ * @param authority
+ * @return - the permissions set on all nodes for the given authority.
+ */
+ public Map> getAllSetPermissions(String authority);
+
+ /**
+ * Find nodes which have the given permisson for the given authority
+ * @param authority - the authority to match
+ * @param permission - the permission to match
+ * @param allow - true to match allow, false to match deny
+ * @return - the set of matching nodes
+ */
+ public Set findNodeByPermission(String authority, PermissionReference permission, boolean allow);
}
diff --git a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
index fb7a77f225..1255ae66ed 100644
--- a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
@@ -24,7 +24,9 @@
*/
package org.alfresco.repo.security.permissions.noop;
+import java.util.Collections;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
@@ -224,4 +226,24 @@ public class PermissionServiceNOOPImpl
{
throw new UnsupportedOperationException();
}
+
+ public Map> getAllSetPermissionsForTheCurrentUser()
+ {
+ return Collections.>emptyMap();
+ }
+
+ public Map> getAllSetPermissions(String authority)
+ {
+ return Collections.>emptyMap();
+ }
+
+ public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, boolean exactPermissionMatch)
+ {
+ return Collections.emptySet();
+ }
+
+ public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, boolean includeContainingAuthorities, boolean exactPermissionMatch)
+ {
+ return Collections.emptySet();
+ }
}
diff --git a/source/java/org/alfresco/service/cmr/security/AuthorityService.java b/source/java/org/alfresco/service/cmr/security/AuthorityService.java
index 1679cefc10..3fd92d42bc 100644
--- a/source/java/org/alfresco/service/cmr/security/AuthorityService.java
+++ b/source/java/org/alfresco/service/cmr/security/AuthorityService.java
@@ -75,6 +75,12 @@ public interface AuthorityService
@Auditable
public Set getAuthorities();
+ /**
+ * Get the authorities for the given user
+ */
+ @Auditable(parameters = {"userName"})
+ public Set getAuthoritiesForUser(String userName);
+
/**
* Get all authorities by type.
*
diff --git a/source/java/org/alfresco/service/cmr/security/PermissionService.java b/source/java/org/alfresco/service/cmr/security/PermissionService.java
index 761c598c65..59ba624194 100644
--- a/source/java/org/alfresco/service/cmr/security/PermissionService.java
+++ b/source/java/org/alfresco/service/cmr/security/PermissionService.java
@@ -24,43 +24,67 @@
*/
package org.alfresco.service.cmr.security;
+import java.util.Map;
import java.util.Set;
import org.alfresco.service.Auditable;
import org.alfresco.service.PublicService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
+import org.apache.axis.wsdl.symbolTable.Parameters;
/**
- * The public API for a permission service
- *
- * The implementation may be changed in the application configuration
+ * The public API for a permission service The implementation may be changed in the application configuration
*
* @author Andy Hind
*/
@PublicService
public interface PermissionService
{
+ /**
+ * Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI
+ * implementations It is only used for admin at the moment - which is done outside the usual permission assignments
+ * at the moment. It could be a dynamic authority.
+ */
public static final String ROLE_PREFIX = "ROLE_";
-
+
+ /**
+ * Prefix used for authorities of type group.
+ */
public static final String GROUP_PREFIX = "GROUP_";
-
-
-
+
+ /**
+ * The group that contains everyone except guest.
+ */
public static final String ALL_AUTHORITIES = "GROUP_EVERYONE";
+ /**
+ * The dynamic authority used for ownership
+ */
public static final String OWNER_AUTHORITY = "ROLE_OWNER";
-
+
+ /**
+ * The dynamic authority used for the ownership of locks.
+ */
public static final String LOCK_OWNER_AUTHORITY = "ROLE_LOCK_OWNER";
-
+
+ /**
+ * The admin authority - currently a role.
+ */
public static final String ADMINISTRATOR_AUTHORITY = "ROLE_ADMINISTRATOR";
+ /**
+ * The guest authority
+ */
public static final String GUEST_AUTHORITY = "guest";
-
-
-
+
+ /**
+ * The permission for all - not defined in the model. Repsected in the code.
+ */
public static final String ALL_PERMISSIONS = "All";
-
+
+ // Constants for permissions/permission groups defined in the standard permission model.
+
public static final String FULL_CONTROL = "FullControl";
public static final String READ = "Read";
@@ -114,15 +138,15 @@ public interface PermissionService
public static final String EDITOR = "Editor";
public static final String CONSUMER = "Consumer";
-
+
public static final String LOCK = "Lock";
-
+
public static final String UNLOCK = "Unlock";
-
+
public static final String CHECK_OUT = "CheckOut";
-
+
public static final String CHECK_IN = "CheckIn";
-
+
public static final String CANCEL_CHECK_OUT = "CancelCheckOut";
/**
@@ -150,25 +174,23 @@ public interface PermissionService
public String getAllPermission();
/**
- * Get all the AccessPermissions that are granted/denied to the current
- * authentication for the given node
+ * Get all the AccessPermissions that are granted/denied to the current authentication for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set getPermissions(NodeRef nodeRef);
/**
- * Get all the AccessPermissions that are set for anyone for the
- * given node
+ * Get all the AccessPermissions that are set for anyone for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set getAllSetPermissions(NodeRef nodeRef);
/**
@@ -177,27 +199,27 @@ public interface PermissionService
* @param nodeRef
* @return
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set getSettablePermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given type
*
- * @param nodeRef
- * @return
+ * @param type
+ * @return - set of permissions
*/
- @Auditable(parameters = {"type"})
+ @Auditable(parameters = { "type" })
public Set getSettablePermissions(QName type);
/**
- * Check that the given authentication has a particular permission for the
- * given node. (The default behaviour is to inherit permissions)
+ * Check that the given authentication has a particular permission for the given node. (The default behaviour is to
+ * inherit permissions)
*
* @param nodeRef
* @param permission
- * @return
+ * @return - access status
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "permission"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "permission" })
public AccessStatus hasPermission(NodeRef nodeRef, String permission);
/**
@@ -205,34 +227,36 @@ public interface PermissionService
*
* @param nodeRef
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public void deletePermissions(NodeRef nodeRef);
/**
* Delete all permission for the given authority.
*
* @param nodeRef
- * @param authority (if null then this will match all authorities)
+ * @param authority
+ * (if null then this will match all authorities)
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority" })
public void clearPermission(NodeRef nodeRef, String authority);
-
+
/**
- * Find and delete a access control entry by node, authentication and permission.
- *
- * It is possible to delete
+ * Find and delete a access control entry by node, authentication and permission. It is possible to delete
*
* - a specific permission;
- *
- all permissions for an authority (if the permission is null);
- *
- entries for all authorities that have a specific permission (if the authority is null); and
+ *
- all permissions for an authority (if the permission is null);
+ *
- entries for all authorities that have a specific permission (if the authority is null); and
*
- all permissions set for the node (if both the permission and authority are null).
- *
+ *
*
- * @param nodeRef the node that the entry applies to
- * @param authority the authority recipient (if null then this will match all authorities)
- * @param permission the entry permission (if null then this will match all permissions)
+ * @param nodeRef
+ * the node that the entry applies to
+ * @param authority
+ * the authority recipient (if null then this will match all authorities)
+ * @param permission
+ * the entry permission (if null then this will match all permissions)
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission" })
public void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
@@ -243,7 +267,7 @@ public interface PermissionService
* @param permission
* @param allow
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission", "allow"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission", "allow" })
public void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow);
/**
@@ -252,15 +276,67 @@ public interface PermissionService
* @param nodeRef
* @param inheritParentPermissions
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "inheritParentPermissions"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "inheritParentPermissions" })
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions);
-
+
/**
* Return the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @return inheritParentPermissions
*/
- @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
+ @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public boolean getInheritParentPermissions(NodeRef nodeRef);
-}
+
+ /**
+ * Get all permissions set for the current user.
+ *
+ * @return - A map of noderefs to permissions set
+ */
+ @Auditable
+ public Map> getAllSetPermissionsForTheCurrentUser();
+
+ /**
+ * Get all the permissions set for the given authority
+ *
+ * @param authority
+ * @return - A map of noderefs to permissions set
+ */
+ @Auditable(parameters = { "authority" })
+ public Map> getAllSetPermissions(String authority);
+
+ /**
+ * Find all the nodes where the current user has explicitly been assigned the specified permission.
+ *
+ * @param permission -
+ * the permission to find
+ * @param allow
+ * -search for allow (true) or deny
+ * @param includeContainingAuthorities -
+ * include permissions for authorities that contain the current user in the list
+ * @param includeContainingPermissions -
+ * true; do an exact match: false; search for any permission that woudl imply the one given
+ * @return - the set of nodes where the user is assigned the permission
+ */
+ @Auditable(parameters = { "permission", "allow", "includeContainingAuthorities", "includeContainingPermissions" })
+ public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities,
+ boolean includeContainingPermissions);
+
+ /**
+ * Find all the nodes where the current user has explicitly been assigned the specified permission.
+ *
+ * @param permission -
+ * the permission to find
+ * @param allow
+ * -search for allow (true) or deny
+ * @param includeContainingAuthorities -
+ * include permissions for authorities that contain the current user in the list
+ * @param exactPermissionMatch -
+ * true; do an exact match: false; search for any permission that woudl imply the one given
+ * @return - the set of nodes where the user is assigned the permission
+ */
+ @Auditable(parameters = { "authority", "permission", "allow", "includeContainingAuthorities",
+ "exactPermissionMatch" })
+ public Set findNodesByAssignedPermission(String authority, String permission, boolean allow,
+ boolean includeContainingAuthorities, boolean exactPermissionMatch);
+}
\ No newline at end of file