From d8050806af00471b91211bbf7d9b1884912c644b Mon Sep 17 00:00:00 2001 From: Andrew Hind Date: Tue, 19 Jun 2007 15:08:15 +0000 Subject: [PATCH] Updates to the permission service to find nodes by permission assignment git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6020 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../public-services-security-context.xml | 5 + .../repo/domain/hibernate/Permission.hbm.xml | 23 + .../PermissionsDaoComponentImpl.java | 253 +++--- .../authority/AuthorityServiceImpl.java | 9 +- .../authority/SimpleAuthorityServiceImpl.java | 14 + .../impl/AccessPermissionImpl.java | 102 +++ .../impl/PermissionServiceImpl.java | 136 ++-- .../impl/PermissionServiceTest.java | 752 ++++++++++++------ .../impl/PermissionsDaoComponent.java | 21 + .../noop/PermissionServiceNOOPImpl.java | 22 + .../cmr/security/AuthorityService.java | 6 + .../cmr/security/PermissionService.java | 178 +++-- 12 files changed, 1035 insertions(+), 486 deletions(-) create mode 100644 source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml index ce357da3b2..321f38250d 100644 --- a/config/alfresco/public-services-security-context.xml +++ b/config/alfresco/public-services-security-context.xml @@ -643,6 +643,10 @@ org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=ACL_NODE.0.sys:base.ChangePermissions org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=ACL_ALLOW org.alfresco.service.cmr.security.PermissionService.clearPermission=ACL_NODE.0.sys:base.ChangePermissions + org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermission=ACL_METHOD.ROLE_ADMINISTRATOR + org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermissionForTheCurrentUser=ACL_ALLOW + org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=ACL_METHOD.ROLE_ADMINISTRATOR + org.alfresco.service.cmr.security.PermissionService.getAllSetPermissionsForTheCurrentUser=ACL_ALLOW @@ -672,6 +676,7 @@ org.alfresco.service.cmr.security.AuthorityService.getShortName=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.getName=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.authorityExists=ACL_METHOD.ROLE_ADMINISTRATOR + org.alfresco.service.cmr.security.AuthorityService.getAuthoritiesForUser=ACL_METHOD.ROLE_ADMINISTRATOR diff --git a/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml index 46cc77331f..c14007696a 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml +++ b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml @@ -151,6 +151,29 @@ where ace.authority.recipient = :authorityRecipient + + + select + ace, acl, node + from org.alfresco.repo.domain.hibernate.NodeImpl as node + join node.accessControlList as acl + join acl.entries as ace + where + ace.authority.recipient = :authorityRecipient + + + + select + ace, acl, node + from org.alfresco.repo.domain.hibernate.NodeImpl as node + join node.accessControlList as acl + join acl.entries as ace + where + ace.authority.recipient = :authorityRecipient and + ace.allowed = :allow and + ace.permission.name = :permissionName and + ace.permission.typeQname = :permissionTypeQname + select diff --git a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java index 8a3e966b6f..02d30f4dcb 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java @@ -26,6 +26,7 @@ package org.alfresco.repo.domain.hibernate; import java.util.Collection; import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; @@ -36,9 +37,13 @@ import org.alfresco.repo.domain.DbAccessControlList; import org.alfresco.repo.domain.DbAuthority; import org.alfresco.repo.domain.DbPermission; import org.alfresco.repo.domain.DbPermissionKey; +import org.alfresco.repo.domain.Node; +import org.alfresco.repo.domain.NodeStatus; import org.alfresco.repo.security.permissions.NodePermissionEntry; import org.alfresco.repo.security.permissions.PermissionEntry; import org.alfresco.repo.security.permissions.PermissionReference; +import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl; +import org.alfresco.repo.security.permissions.impl.PermissionReferenceImpl; import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent; import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry; import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry; @@ -46,31 +51,40 @@ import org.alfresco.repo.security.permissions.impl.SimplePermissionReference; import org.alfresco.repo.transaction.TransactionalDao; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.namespace.QName; import org.alfresco.util.GUID; import org.hibernate.Query; +import org.hibernate.ScrollMode; +import org.hibernate.ScrollableResults; import org.hibernate.Session; import org.springframework.orm.hibernate3.HibernateCallback; import org.springframework.orm.hibernate3.support.HibernateDaoSupport; /** - * Support for accessing persisted permission information. - * - * This class maps between persisted objects and the external API defined in the - * PermissionsDAO interface. + * Support for accessing persisted permission information. This class maps between persisted objects and the external + * API defined in the PermissionsDAO interface. * * @author andyh */ -public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent, TransactionalDao +public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent, + TransactionalDao { private static final boolean INHERIT_PERMISSIONS_DEFAULT = true; + public static final String QUERY_GET_PERMISSION = "permission.GetPermission"; + public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority"; + + public static final String QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAllAccessControlEntriesForAuthority"; + public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission"; - + + public static final String QUERY_FIND_NODES_BY_PERMISSION = "permission.FindNodesByPermission"; + private Map fProtocolToACLDAO; - + private AccessControlListDAO fDefaultACLDAO; /** a uuid identifying this unique instance */ @@ -100,7 +114,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponentImpl that = (PermissionsDaoComponentImpl) obj; return this.uuid.equals(that.uuid); } - + /** * @see #uuid */ @@ -110,8 +124,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements } /** - * Does this Session contain any changes which must be - * synchronized with the store? + * Does this Session contain any changes which must be synchronized with the store? * * @return true => changes are pending */ @@ -126,7 +139,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements } }; // execute the callback - return ((Boolean)getHibernateTemplate().execute(callback)).booleanValue(); + return ((Boolean) getHibernateTemplate().execute(callback)).booleanValue(); } /** @@ -136,12 +149,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements { getSession().flush(); } - + public void setProtocolToACLDAO(Map map) { fProtocolToACLDAO = map; } - + public void setDefaultACLDAO(AccessControlListDAO defaultACLDAO) { fDefaultACLDAO = defaultACLDAO; @@ -166,10 +179,8 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements if (acl == null) { // there isn't an access control list for the node - spoof a null one - SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry( - nodeRef, - true, - Collections. emptySet()); + SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections + . emptySet()); npe = snpe; } else @@ -179,10 +190,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements // done if (logger.isDebugEnabled()) { - logger.debug( - "Created access control list for node: \n" + - " node: " + nodeRef + "\n" + - " acl: " + npe); + logger.debug("Created access control list for node: \n" + " node: " + nodeRef + "\n" + " acl: " + npe); } return npe; } @@ -190,14 +198,15 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements /** * Get the persisted access control list or create it if required. * - * @param nodeRef - the node for which to create the list - * @param create - create the object if it is missing + * @param nodeRef - + * the node for which to create the list + * @param create - + * create the object if it is missing * @return Returns the current access control list or null if not found */ private DbAccessControlList getAccessControlList(NodeRef nodeRef, boolean create) { - DbAccessControlList acl = - getACLDAO(nodeRef).getAccessControlList(nodeRef); + DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef); if (acl == null && create) { acl = createAccessControlList(nodeRef); @@ -205,32 +214,27 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements // done if (logger.isDebugEnabled()) { - logger.debug("Retrieved access control list: \n" + - " node: " + nodeRef + "\n" + - " list: " + acl); + logger.debug("Retrieved access control list: \n" + " node: " + nodeRef + "\n" + " list: " + acl); } return acl; } - + /** - * Creates an access control list for the node and removes the entry from - * the nullPermsionCache. + * Creates an access control list for the node and removes the entry from the nullPermsionCache. */ private DbAccessControlList createAccessControlList(NodeRef nodeRef) { DbAccessControlList acl = new DbAccessControlListImpl(); acl.setInherits(INHERIT_PERMISSIONS_DEFAULT); getHibernateTemplate().save(acl); - + // maintain inverse getACLDAO(nodeRef).setAccessControlList(nodeRef, acl); - + // done if (logger.isDebugEnabled()) { - logger.debug("Created Access Control List: \n" + - " node: " + nodeRef + "\n" + - " list: " + acl); + logger.debug("Created Access Control List: \n" + " node: " + nodeRef + "\n" + " list: " + acl); } return acl; } @@ -241,7 +245,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements try { acl = getAccessControlList(nodeRef, false); - } + } catch (InvalidNodeRefException e) { return; @@ -258,14 +262,13 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements @SuppressWarnings("unchecked") public void deletePermissions(final String authority) { - // get the authority + // get the authority HibernateCallback callback = new HibernateCallback() { public Object doInHibernate(Session session) { - Query query = session - .getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY) - .setString("authorityRecipient", authority); + Query query = session.getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY).setString("authorityRecipient", + authority); return (Integer) HibernateHelper.deleteDbAccessControlEntries(session, query); } }; @@ -296,16 +299,15 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements // done if (logger.isDebugEnabled()) { - logger.debug("Deleted " + deletedCount + "entries for criteria: \n" + - " node: " + nodeRef + "\n" + - " authority: " + authority); + logger.debug("Deleted " + + deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " authority: " + + authority); } } /** - * Deletes all permission entries (access control list entries) that match - * the given criteria. Note that the access control list for the node is - * not deleted. + * Deletes all permission entries (access control list entries) that match the given criteria. Note that the access + * control list for the node is not deleted. */ public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission) { @@ -327,10 +329,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements // done if (logger.isDebugEnabled()) { - logger.debug("Deleted " + deletedCount + "entries for criteria: \n" + - " node: " + nodeRef + "\n" + - " permission: " + permission + "\n" + - " authority: " + authority); + logger.debug("Deleted " + + deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " permission: " + + permission + "\n" + " authority: " + authority); } } @@ -362,17 +363,17 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements } } } - + /** - * @param nodeRef the node against which to join - * @param authority the authority against which to join - * @param perm the permission against which to join + * @param nodeRef + * the node against which to join + * @param authority + * the authority against which to join + * @param perm + * the permission against which to join * @return Returns all access control entries that match the criteria */ - private DbAccessControlEntry getAccessControlEntry( - NodeRef nodeRef, - String authority, - PermissionReference permission) + private DbAccessControlEntry getAccessControlEntry(NodeRef nodeRef, String authority, PermissionReference permission) { DbAccessControlList acl = getAccessControlList(nodeRef, false); DbAccessControlEntry entry = null; @@ -384,10 +385,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements // done if (logger.isDebugEnabled()) { - logger.debug("" + (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" + - " node: " + nodeRef + "\n" + - " authority: " + authority + "\n" + - " permission: " + permission); + logger.debug("" + + (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" + " node: " + nodeRef + + "\n" + " authority: " + authority + "\n" + " permission: " + permission); } return entry; } @@ -419,7 +419,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements final QName qname = permissionRef.getQName(); final String name = permissionRef.getName(); Session session = getSession(); - + DbPermission dbPermission = DbPermissionImpl.find(session, qname, name); // create if necessary @@ -435,11 +435,8 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements public void setPermission(PermissionEntry permissionEntry) { - setPermission( - permissionEntry.getNodeRef(), - permissionEntry.getAuthority(), - permissionEntry.getPermissionReference(), - permissionEntry.isAllowed()); + setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry + .getPermissionReference(), permissionEntry.isAllowed()); } public void setPermission(NodePermissionEntry nodePermissionEntry) @@ -447,7 +444,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements NodeRef nodeRef = nodePermissionEntry.getNodeRef(); // Get the access control list - // Note the logic here requires to know whether it was created or not + // Note the logic here requires to know whether it was created or not DbAccessControlList acl = getAccessControlList(nodeRef, false); if (acl != null) { @@ -495,7 +492,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements } } } - + public boolean getInheritParentPermissions(NodeRef nodeRef) { DbAccessControlList acl = null; @@ -522,33 +519,29 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef) { - DbAccessControlList acl = - getACLDAO(nodeRef).getAccessControlList(nodeRef); + DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef); if (acl == null) { // there isn't an access control list for the node - spoof a null one - SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry( - nodeRef, - true, - Collections. emptySet()); + SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections + . emptySet()); return snpe; } else { Set entries = acl.getEntries(); - SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry( - nodeRef, - acl.getInherits(), + SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(), createSimplePermissionEntries(nodeRef, entries)); return snpe; } } /** - * @param entries access control entries + * @param entries + * access control entries * @return Returns a unique set of entries that can be given back to the outside world */ - private Set createSimplePermissionEntries(NodeRef nodeRef, + private Set createSimplePermissionEntries(NodeRef nodeRef, Collection entries) { if (entries == null) @@ -566,18 +559,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements return spes; } - private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, - DbAccessControlEntry ace) + private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, DbAccessControlEntry ace) { if (ace == null) { return null; } - return new SimplePermissionEntry( - nodeRef, - createSimplePermissionReference(ace.getPermission()), - ace.getAuthority().getRecipient(), - ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED); + return new SimplePermissionEntry(nodeRef, createSimplePermissionReference(ace.getPermission()), ace + .getAuthority().getRecipient(), ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED); } private static SimplePermissionReference createSimplePermissionReference(DbPermission perm) @@ -586,14 +575,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements { return null; } - return new SimplePermissionReference( - perm.getTypeQname(), - perm.getName()); + return new SimplePermissionReference(perm.getTypeQname(), perm.getName()); } - + /** * Helper to choose appropriate NodeService for the given NodeRef - * @param nodeRef The NodeRef to dispatch from. + * + * @param nodeRef + * The NodeRef to dispatch from. * @return The appropriate NodeService. */ private AccessControlListDAO getACLDAO(NodeRef nodeRef) @@ -605,4 +594,80 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements } return ret; } + + @SuppressWarnings("unchecked") + public Map> getAllSetPermissions(final String authority) + { + // get the authority + HibernateCallback callback = new HibernateCallback() + { + public Object doInHibernate(Session session) + { + Query query = session.getNamedQuery(QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY).setString( + "authorityRecipient", authority); + + Map> result = new HashMap>(); + + ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY); + while (entities.next()) + { + DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0); + // DbAccessControlList acl = (DbAccessControlList) entities.get(1); + Node node = (Node) entities.get(2); + DbPermission dbPermission = entry.getPermission(); + PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission + .getName()); + AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED; + AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority() + .getRecipient()); + NodeRef nodeRef = node.getNodeRef(); + Set nodeSet = result.get(nodeRef); + if (nodeSet == null) + { + nodeSet = new HashSet(); + result.put(nodeRef, nodeSet); + } + nodeSet.add(ap); + } + + return result; + } + }; + return (Map>) getHibernateTemplate().execute(callback); + + } + + public Set findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow) + { + // get the authority + HibernateCallback callback = new HibernateCallback() + { + public Object doInHibernate(Session session) + { + Query query = session.getNamedQuery(QUERY_FIND_NODES_BY_PERMISSION).setString( + "authorityRecipient", authority).setBoolean("allow", allow).setString("permissionName", permission.getName()).setString("permissionTypeQname", permission.getQName().toString()); + + Set result = new HashSet(); + + ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY); + while (entities.next()) + { + DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0); + // DbAccessControlList acl = (DbAccessControlList) entities.get(1); + Node node = (Node) entities.get(2); + DbPermission dbPermission = entry.getPermission(); + PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission + .getName()); + AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED; + AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority() + .getRecipient()); + NodeRef nodeRef = node.getNodeRef(); + result.add(nodeRef); + } + + return result; + } + }; + return (Set) getHibernateTemplate().execute(callback); + } } diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java index 24dc88a4cd..542af517fc 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java @@ -126,8 +126,13 @@ public class AuthorityServiceImpl implements AuthorityService public Set getAuthorities() { - Set authorities = new HashSet(); String currentUserName = authenticationComponent.getCurrentUserName(); + return getAuthoritiesForUser(currentUserName); + } + + public Set getAuthoritiesForUser(String currentUserName) + { + Set authorities = new HashSet(); if (adminUsers.contains(currentUserName)) { authorities.addAll(adminSet); @@ -139,7 +144,7 @@ public class AuthorityServiceImpl implements AuthorityService authorities.addAll(getContainingAuthorities(null, currentUserName, false)); return authorities; } - + public Set getAllAuthorities(AuthorityType type) { Set authorities = new HashSet(); diff --git a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java index 076984340d..b705a508df 100644 --- a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java @@ -233,4 +233,18 @@ public class SimpleAuthorityServiceImpl implements AuthorityService return false; } + public Set getAuthoritiesForUser(String currentUserName) + { + Set authorities = new HashSet(); + if (adminUsers.contains(currentUserName)) + { + authorities.addAll(adminSet); + } + if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST) + { + authorities.addAll(allSet); + } + return authorities; + } + } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java new file mode 100644 index 0000000000..5a80636125 --- /dev/null +++ b/source/java/org/alfresco/repo/security/permissions/impl/AccessPermissionImpl.java @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing" + */ +package org.alfresco.repo.security.permissions.impl; + +import org.alfresco.service.cmr.security.AccessPermission; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.AuthorityType; + +/** + * Standard implementation for access permission info + * @author andyh + * + */ +public class AccessPermissionImpl implements AccessPermission +{ + private String permission; + + private AccessStatus accessStatus; + + private String authority; + + private AuthorityType authorityType; + + public AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority) + { + this.permission = permission; + this.accessStatus = accessStatus; + this.authority = authority; + this.authorityType = AuthorityType.getAuthorityType(authority); + } + + public String getPermission() + { + return permission; + } + + public AccessStatus getAccessStatus() + { + return accessStatus; + } + + public String getAuthority() + { + return authority; + } + + public AuthorityType getAuthorityType() + { + return authorityType; + } + + @Override + public String toString() + { + return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")"; + } + + @Override + public boolean equals(Object o) + { + if (this == o) + { + return true; + } + if (!(o instanceof AccessPermissionImpl)) + { + return false; + } + AccessPermissionImpl other = (AccessPermissionImpl) o; + return this.getPermission().equals(other.getPermission()) + && (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other + .getAccessStatus()))); + } + + @Override + public int hashCode() + { + return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode(); + } +} \ No newline at end of file diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java index 0df47c9ea3..91e2f019d1 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java @@ -28,6 +28,7 @@ import java.io.Serializable; import java.util.HashSet; import java.util.LinkedHashSet; import java.util.List; +import java.util.Map; import java.util.Set; import net.sf.acegisecurity.Authentication; @@ -52,7 +53,6 @@ import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; @@ -280,74 +280,6 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing return accessPermissions; } - private class AccessPermissionImpl implements AccessPermission - { - private String permission; - - private AccessStatus accessStatus; - - private String authority; - - private AuthorityType authorityType; - - AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority) - { - this.permission = permission; - this.accessStatus = accessStatus; - this.authority = authority; - this.authorityType = AuthorityType.getAuthorityType(authority); - } - - public String getPermission() - { - return permission; - } - - public AccessStatus getAccessStatus() - { - return accessStatus; - } - - public String getAuthority() - { - return authority; - } - - public AuthorityType getAuthorityType() - { - return authorityType; - } - - @Override - public String toString() - { - return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")"; - } - - @Override - public boolean equals(Object o) - { - if (this == o) - { - return true; - } - if (!(o instanceof AccessPermissionImpl)) - { - return false; - } - AccessPermissionImpl other = (AccessPermissionImpl) o; - return this.getPermission().equals(other.getPermission()) - && (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other - .getAccessStatus()))); - } - - @Override - public int hashCode() - { - return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode(); - } - } - public Set getSettablePermissions(NodeRef nodeRef) { Set settable = getSettablePermissionReferences(nodeRef); @@ -495,13 +427,16 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing { auths.add(authority.getAuthority()); } - if (dynamicAuthorities != null) + if (nodeRef != null) { - for (DynamicAuthority da : dynamicAuthorities) + if (dynamicAuthorities != null) { - if (da.hasAuthority(nodeRef, user.getUsername())) + for (DynamicAuthority da : dynamicAuthorities) { - auths.add(da.getAuthority()); + if (da.hasAuthority(nodeRef, user.getUsername())) + { + auths.add(da.getAuthority()); + } } } } @@ -698,7 +633,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing // Set the required node permissions if (required.equals(getPermissionReference(ALL_PERMISSIONS))) { - nodeRequirements = modelDAO.getRequiredPermissions(getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames, + nodeRequirements = modelDAO.getRequiredPermissions( + getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames, RequiredPermission.On.NODE); } else @@ -1199,4 +1135,56 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing return value; } } + + public Map> getAllSetPermissionsForTheCurrentUser() + { + String currentUser = authenticationComponent.getCurrentUserName(); + return getAllSetPermissions(currentUser); + } + + public Map> getAllSetPermissions(String authority) + { + return permissionsDaoComponent.getAllSetPermissions(authority); + } + + public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, + boolean exactPermissionMatch) + { + String currentUser = authenticationComponent.getCurrentUserName(); + return findNodesByAssignedPermission(currentUser, permission, allow, includeContainingAuthorities, exactPermissionMatch); + } + + public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, + boolean includeContainingAuthorities, boolean includeContainingPermissions) + { + // TODO: owned nodes and add owner rights ?? + // Does not include dynamic permissions (they would have to be done by query - e.g. owership and OWNER rights) + // Does not include ACEGI auth object authorities + Set authorities = new HashSet(); + authorities.add(authority); + if (includeContainingAuthorities) + { + authorities.addAll(authorityService.getAuthoritiesForUser(authority)); + } + + HashSet answer = new HashSet(); + + PermissionReference pr = getPermissionReference(permission); + Set permissions = new HashSet(); + permissions.add(pr); + + if (includeContainingPermissions) + { + permissions.addAll(modelDAO.getGrantingPermissions(pr)); + } + + for (PermissionReference perm : permissions) + { + for (String auth : authorities) + { + answer.addAll(permissionsDaoComponent.findNodeByPermission(auth, perm, allow)); + } + } + return answer; + } } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java index 2e16b96857..e7c055c078 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java @@ -34,6 +34,7 @@ import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.permissions.PermissionEntry; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.AuthorityType; @@ -68,7 +69,10 @@ public class PermissionServiceTest extends AbstractPermissionTest Authentication auth = authenticationComponent.getCurrentAuthentication(); for (GrantedAuthority authority : auth.getAuthorities()) { - if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; } + if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) + { + return; + } } fail("Missing role ROLE_AUTHENTICATED "); } @@ -77,43 +81,33 @@ public class PermissionServiceTest extends AbstractPermissionTest protected void onSetUpInTransaction() throws Exception { super.onSetUpInTransaction(); - denyAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", - AccessStatus.DENIED); - allowAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", - AccessStatus.ALLOWED); - denyAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", - AccessStatus.DENIED); - allowAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", - AccessStatus.ALLOWED); - denyAndyReadProperties = new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED); - allowAndyReadProperties = new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED); - allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), - "andy", AccessStatus.ALLOWED); + denyAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", AccessStatus.DENIED); + allowAndyAll = new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "andy", AccessStatus.ALLOWED); + denyAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.DENIED); + allowAndyRead = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED); + denyAndyReadProperties = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED); + allowAndyReadProperties = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED); + allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED); } - + public void testDefaultModelPermissions() { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); runAs("andy"); assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED); - + runAs("admin"); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONTRIBUTOR), - "andy", AccessStatus.ALLOWED)); - - + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONTRIBUTOR), "andy", AccessStatus.ALLOWED)); + runAs("andy"); assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED); } - + public void testSystemUserPermissions() { AuthenticationUtil.setSystemUserAsCurrentUser(); @@ -132,8 +126,7 @@ public class PermissionServiceTest extends AbstractPermissionTest AuthenticationUtil.clearCurrentSecurityContext(); } } - - + public void testAdminUserPermissions() { runAs("admin"); @@ -146,20 +139,19 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CANCEL_CHECK_OUT) == AccessStatus.ALLOWED); assertTrue(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.CHECK_OUT) == AccessStatus.ALLOWED); assertFalse(serviceRegistry.getPermissionService().hasPermission(rootNodeRef, PermissionService.COORDINATOR) == AccessStatus.ALLOWED); - + } finally { AuthenticationUtil.clearCurrentSecurityContext(); } } - + public void testWeSetConsumerOnRootIsNotSupportedByHasPermisssionAsItIsTheWrongType() { runAs("andy"); assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.CONSUMER), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED)); assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); assertEquals(permissionService.hasPermission(rootNodeRef, (PermissionService.CONSUMER)), AccessStatus.DENIED); } @@ -167,18 +159,12 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testGetAllSetPermissions() { runAs("andy"); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), - "GROUP_GREEN", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "GROUP_RED", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, - getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, - getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "GROUP_RED", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "GROUP_GREEN", AccessStatus.DENIED)); NodeRef current = systemNodeRef; Set setPermissions = new HashSet(); @@ -192,9 +178,7 @@ public class PermissionServiceTest extends AbstractPermissionTest boolean add = true; for (AccessPermission existing : setPermissions) { - if (add - && existing.getAuthority().equals(toTest.getAuthority()) - && existing.getPermission().equals(toTest.getPermission())) + if (add && existing.getAuthority().equals(toTest.getAuthority()) && existing.getPermission().equals(toTest.getPermission())) { add = false; } @@ -223,13 +207,10 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", - AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); runAs("andy"); @@ -283,14 +264,11 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("andy"); Set entries = new HashSet(); - entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), - "C"), "user-one", AccessStatus.ALLOWED)); - entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "user-two", + entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "user-one", AccessStatus.ALLOWED)); + entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "user-two", AccessStatus.ALLOWED)); + entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("D", "E"), "F"), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); - entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("D", "E"), - "F"), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); - entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), - permissionService.getAllAuthorities(), AccessStatus.DENIED)); + entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.DENIED)); SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries); @@ -305,8 +283,7 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testSetNodePermissionEntry2() { Set entries = new HashSet(); - entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), - permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); + entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries); @@ -355,10 +332,8 @@ public class PermissionServiceTest extends AbstractPermissionTest { assertEquals("andy", pe.getAuthority()); assertTrue(pe.isAllowed()); - assertTrue(pe.getPermissionReference().getQName().equals( - permissionService.getAllPermissionReference().getQName())); - assertTrue(pe.getPermissionReference().getName().equals( - permissionService.getAllPermissionReference().getName())); + assertTrue(pe.getPermissionReference().getQName().equals(permissionService.getAllPermissionReference().getQName())); + assertTrue(pe.getPermissionReference().getName().equals(permissionService.getAllPermissionReference().getName())); assertEquals(rootNodeRef, pe.getNodeRef()); } @@ -424,10 +399,8 @@ public class PermissionServiceTest extends AbstractPermissionTest { assertEquals("andy", pe.getAuthority()); assertTrue(pe.isAllowed()); - assertTrue(pe.getPermissionReference().getQName().equals( - permissionService.getAllPermissionReference().getQName())); - assertTrue(pe.getPermissionReference().getName().equals( - permissionService.getAllPermissionReference().getName())); + assertTrue(pe.getPermissionReference().getQName().equals(permissionService.getAllPermissionReference().getQName())); + assertTrue(pe.getPermissionReference().getName().equals(permissionService.getAllPermissionReference().getName())); assertEquals(rootNodeRef, pe.getNodeRef()); } @@ -441,8 +414,7 @@ public class PermissionServiceTest extends AbstractPermissionTest // Set new - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService - .getAllPermissionReference(), "other", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "other", AccessStatus.ALLOWED)); assertNotNull(permissionService.getSetPermissions(rootNodeRef)); assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); @@ -458,15 +430,13 @@ public class PermissionServiceTest extends AbstractPermissionTest // new - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName - .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); assertNotNull(permissionService.getSetPermissions(rootNodeRef)); assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName - .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); assertNotNull(permissionService.getSetPermissions(rootNodeRef)); assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); @@ -478,8 +448,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService - .getAllPermissionReference(), "other", AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "other", AccessStatus.ALLOWED)); assertNotNull(permissionService.getSetPermissions(rootNodeRef)); assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); @@ -495,8 +464,7 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testGetSettablePermissionsForType() { - Set answer = permissionService.getSettablePermissions(QName.createQName("sys", "base", - namespacePrefixResolver)); + Set answer = permissionService.getSettablePermissions(QName.createQName("sys", "base", namespacePrefixResolver)); assertEquals(36, answer.size()); answer = permissionService.getSettablePermissions(QName.createQName("cm", "ownable", namespacePrefixResolver)); @@ -507,11 +475,10 @@ public class PermissionServiceTest extends AbstractPermissionTest answer = permissionService.getSettablePermissions(QName.createQName("cm", "folder", namespacePrefixResolver)); assertEquals(5, answer.size()); - + answer = permissionService.getSettablePermissions(QName.createQName("cm", "monkey", namespacePrefixResolver)); assertEquals(0, answer.size()); } - public void testGetSettablePermissionsForNode() { @@ -541,8 +508,7 @@ public class PermissionServiceTest extends AbstractPermissionTest runAs("lemur"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); @@ -553,32 +519,28 @@ public class PermissionServiceTest extends AbstractPermissionTest runAs("lemur"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); runAs("lemur"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); runAs("lemur"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); runAs("lemur"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -602,11 +564,9 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testGlobalPermissionsForAdmin() { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_CONTENT).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_CONTENT).getChildRef(); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -621,16 +581,11 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "admin", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "admin", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.ALL_PERMISSIONS), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.ALL_PERMISSIONS), "admin", AccessStatus.DENIED)); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); @@ -708,8 +663,7 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -724,7 +678,8 @@ public class PermissionServiceTest extends AbstractPermissionTest assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); // Changed ny not enfocing READ - // assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); + // assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == + // AccessStatus.ALLOWED); // assertFalse(permissionService.hasPermission(n1, // getPermission(PermissionService.READ_PROPERTIES)) == // AccessStatus.ALLOWED); @@ -774,8 +729,7 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1005,29 +959,18 @@ public class PermissionServiceTest extends AbstractPermissionTest // UserTransaction tx = transactionService.getUserTransaction(); // tx.begin(); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n3 = nodeService.createNode(n2, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}three"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n4 = nodeService.createNode(n3, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}four"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n5 = nodeService.createNode(n4, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}five"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n6 = nodeService.createNode(n5, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}six"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n7 = nodeService.createNode(n6, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}seven"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n8 = nodeService.createNode(n7, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}eight"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n9 = nodeService.createNode(n8, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}nine"), - ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n10 = nodeService.createNode(n9, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}ten"), - ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n3 = nodeService.createNode(n2, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n4 = nodeService.createNode(n3, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n5 = nodeService.createNode(n4, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n6 = nodeService.createNode(n5, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n7 = nodeService.createNode(n6, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n8 = nodeService.createNode(n7, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n9 = nodeService.createNode(n8, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n10 = nodeService.createNode(n9, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef(); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); // permissionService.setPermission(new SimplePermissionEntry(n9, // getPermission(PermissionService.READ), // "andy", AccessStatus.ALLOWED)); @@ -1153,8 +1096,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE, "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE, "andy", AccessStatus.ALLOWED)); assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1219,8 +1161,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1232,8 +1173,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - ROLE_AUTHENTICATED, AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.DENIED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1245,8 +1185,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1273,8 +1212,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1286,8 +1224,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - permissionService.getAllAuthorities(), AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1299,8 +1236,8 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), + AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1329,8 +1266,8 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService - .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), + AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); @@ -1344,8 +1281,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - permissionService.getAllAuthorities(), AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); @@ -1359,8 +1295,8 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService - .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), permissionService.getAllAuthorities(), + AccessStatus.DENIED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); @@ -1389,8 +1325,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1402,8 +1337,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1415,8 +1349,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1428,8 +1361,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1441,8 +1373,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.DENIED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); @@ -1458,10 +1389,8 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testInheritPermissions() { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1474,10 +1403,8 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", - AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1522,10 +1449,8 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1538,14 +1463,10 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1558,8 +1479,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), - "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.DENIED)); permissionService.setInheritParentPermissions(n2, false); runAs("andy"); @@ -1578,7 +1498,8 @@ public class PermissionServiceTest extends AbstractPermissionTest runAs("andy"); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); // Changed by removing permission read parents access - // assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); + // assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == + // AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); @@ -1603,12 +1524,9 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "Andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "ANDY", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "AnDy", AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1621,27 +1539,35 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); -// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, -// getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); -// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, -// getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); -// permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, -// getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); -// -// -// runAs("andy"); -// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); -// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); -// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); -// assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); -// runAs("lemur"); -// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); -// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); -// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); -// assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); + // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, + // getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, + // getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + // permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, + // getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); + // + // + // runAs("andy"); + // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == + // AccessStatus.ALLOWED); + // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == + // AccessStatus.ALLOWED); + // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == + // AccessStatus.ALLOWED); + // assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == + // AccessStatus.ALLOWED); + // runAs("lemur"); + // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == + // AccessStatus.ALLOWED); + // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == + // AccessStatus.ALLOWED); + // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == + // AccessStatus.ALLOWED); + // assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == + // AccessStatus.ALLOWED); } - + public void testEffectiveComposite() { @@ -1656,12 +1582,9 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1680,10 +1603,8 @@ public class PermissionServiceTest extends AbstractPermissionTest { runAs("admin"); - NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, - QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); - NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), - ContentModel.TYPE_CONTENT).getChildRef(); + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_CONTENT).getChildRef(); runAs("andy"); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1696,14 +1617,10 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1716,8 +1633,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1730,12 +1646,9 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(n2, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); - permissionService.deletePermission(new SimplePermissionEntry(n2, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); - permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), - "andy", AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1748,8 +1661,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ), "andy", - AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1777,8 +1689,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1791,14 +1702,10 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1811,8 +1718,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); - permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); + permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); @@ -1842,11 +1748,9 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), - "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.ALLOWED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); @@ -1867,8 +1771,7 @@ public class PermissionServiceTest extends AbstractPermissionTest assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); - permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, - getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED)); runAs("andy"); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); @@ -1886,15 +1789,11 @@ public class PermissionServiceTest extends AbstractPermissionTest public void testClearPermission() { assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "andy", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), - "lemur", AccessStatus.ALLOWED)); - permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, - getPermission(PermissionService.READ_CHILDREN), "lemur", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "lemur", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "lemur", AccessStatus.ALLOWED)); assertEquals(4, permissionService.getAllSetPermissions(rootNodeRef).size()); permissionService.clearPermission(rootNodeRef, "andy"); @@ -1904,8 +1803,331 @@ public class PermissionServiceTest extends AbstractPermissionTest } - - + public void testGetAllSetPermissionsFromAllNodes() + { + runAs("admin"); + + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n5 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n6 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n7 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n8 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n9 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n10 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef(); + + assertEquals(0, permissionService.getAllSetPermissionsForTheCurrentUser().size()); + assertEquals(0, permissionService.getAllSetPermissions("admin").size()); + assertEquals(0, permissionService.getAllSetPermissions("andy").size()); + + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n4, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n5, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n6, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n7, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n8, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); + + assertEquals(10, permissionService.getAllSetPermissionsForTheCurrentUser().size()); + assertEquals(10, permissionService.getAllSetPermissions("admin").size()); + assertEquals(2, permissionService.getAllSetPermissions("andy").size()); + assertNull(permissionService.getAllSetPermissionsForTheCurrentUser().get(rootNodeRef)); + assertNull(permissionService.getAllSetPermissions("admin").get(rootNodeRef)); + assertNull(permissionService.getAllSetPermissions("andy").get(rootNodeRef)); + assertEquals(2, permissionService.getAllSetPermissionsForTheCurrentUser().get(n1).size()); + assertEquals(2, permissionService.getAllSetPermissions("admin").get(n1).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n1)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n2).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n2).size()); + assertEquals(1, permissionService.getAllSetPermissions("andy").get(n2).size()); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n3).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n3).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n3)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n4).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n4).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n4)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n5).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n5).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n5)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n6).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n6).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n6)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n7).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n7).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n7)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n8).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n8).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n8)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n9).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n9).size()); + assertNull(permissionService.getAllSetPermissions("andy").get(n9)); + assertEquals(1, permissionService.getAllSetPermissionsForTheCurrentUser().get(n10).size()); + assertEquals(1, permissionService.getAllSetPermissions("admin").get(n10).size()); + assertEquals(1, permissionService.getAllSetPermissions("andy").get(n10).size()); + + } + + public void testFindNodesByPermission() + { + runAs("admin"); + + StoreRef storeRef = rootNodeRef.getStoreRef(); + + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}three"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}four"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n5 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}five"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n6 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}six"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n7 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}seven"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n8 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}eight"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n9 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}nine"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n10 = nodeService.createNode(n1, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}ten"), ContentModel.TYPE_FOLDER).getChildRef(); + + personService.getPerson("andy"); + String groupAuth = authorityService.createAuthority(AuthorityType.GROUP, null, "G"); + authorityService.addAuthority(groupAuth, "andy"); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser("Consumer", true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser("Consumer", false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", "Consumer", true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", "Consumer", false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", "Consumer", true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", "Consumer", false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, "Consumer", true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, "Consumer", false, false, false), storeRef).size()); + + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONSUMER), "admin", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n6, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n7, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n8, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n9, getPermission(PermissionService.CONSUMER), groupAuth, AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.CONSUMER), groupAuth, AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n10, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.DENIED)); + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.CONTRIBUTOR), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n3, getPermission(PermissionService.READ_CONTENT), groupAuth, AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n4, getPermission(PermissionService.READ_CHILDREN), groupAuth, AccessStatus.ALLOWED)); + permissionService.setPermission(new SimplePermissionEntry(n5, getPermission(PermissionService.READ_CONTENT), groupAuth, AccessStatus.ALLOWED)); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, false, false), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, false, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, false, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, false, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, false, false), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, false, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, false, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, false, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, false, false), storeRef).size()); + + // Include groups for exact match + + for (NodeRef nodeRef : permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, false)) + { + System.out.println("Found " + nodeService.getPath(nodeRef)); + } + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, true, false), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, true, false), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, true, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, true, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, true, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, true, false), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, true, false), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, true, false), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, true, false), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, true, false), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, true, false), storeRef).size()); + + // Include inexact permission + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, false, true), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, false, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, false, true), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, false, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, false, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, false, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, false, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, false, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, false, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, false, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, false, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, false, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, false, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, false, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, false, true), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, false, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, false, true), storeRef).size()); + + // Inexact for all + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONSUMER, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONSUMER, false, true, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, true, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONSUMER, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, true, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONSUMER, false, true, true), storeRef).size()); + + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.CONTRIBUTOR, false, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.CONTRIBUTOR, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.CONTRIBUTOR, false, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.CONTRIBUTOR, false, true, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ, false, true, true), storeRef).size()); + assertEquals(4, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, true, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, true, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ, false, true, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CONTENT, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CONTENT, false, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, true, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CONTENT, false, true, true), storeRef).size()); + assertEquals(3, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, true, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CONTENT, false, true, true), storeRef).size()); + + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermissionForTheCurrentUser(PermissionService.READ_CHILDREN, false, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, true, true, true), storeRef).size()); + assertEquals(0, filterForStore(permissionService.findNodesByAssignedPermission("admin", PermissionService.READ_CHILDREN, false, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, true, true, true), storeRef).size()); + assertEquals(5, filterForStore(permissionService.findNodesByAssignedPermission("andy", PermissionService.READ_CHILDREN, false, true, true), storeRef).size()); + assertEquals(2, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, true, true, true), storeRef).size()); + assertEquals(1, filterForStore(permissionService.findNodesByAssignedPermission(groupAuth, PermissionService.READ_CHILDREN, false, true, true), storeRef).size()); + + } + + private Set filterForStore(Set set, StoreRef storeRef) + { + Set toRemove = new HashSet(); + for (NodeRef node : set) + { + if (!node.getStoreRef().equals(storeRef)) + { + toRemove.add(node); + } + } + set.removeAll(toRemove); + return set; + } + // TODO: Test permissions on missing nodes } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java index 36d1cfecee..d1be6ac957 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java @@ -24,10 +24,14 @@ */ package org.alfresco.repo.security.permissions.impl; +import java.util.Map; +import java.util.Set; + import org.alfresco.repo.security.permissions.NodePermissionEntry; import org.alfresco.repo.security.permissions.PermissionEntry; import org.alfresco.repo.security.permissions.PermissionReference; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessPermission; /** * The API for accessing persisted Alfresco permissions. @@ -116,4 +120,21 @@ public interface PermissionsDaoComponent * @return inheritParentPermissions */ public boolean getInheritParentPermissions(NodeRef nodeRef); + + /** + * Get all the permissions set for the given authority + * + * @param authority + * @return - the permissions set on all nodes for the given authority. + */ + public Map> getAllSetPermissions(String authority); + + /** + * Find nodes which have the given permisson for the given authority + * @param authority - the authority to match + * @param permission - the permission to match + * @param allow - true to match allow, false to match deny + * @return - the set of matching nodes + */ + public Set findNodeByPermission(String authority, PermissionReference permission, boolean allow); } diff --git a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java index fb7a77f225..1255ae66ed 100644 --- a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java @@ -24,7 +24,9 @@ */ package org.alfresco.repo.security.permissions.noop; +import java.util.Collections; import java.util.HashSet; +import java.util.Map; import java.util.Set; import org.alfresco.repo.security.permissions.NodePermissionEntry; @@ -224,4 +226,24 @@ public class PermissionServiceNOOPImpl { throw new UnsupportedOperationException(); } + + public Map> getAllSetPermissionsForTheCurrentUser() + { + return Collections.>emptyMap(); + } + + public Map> getAllSetPermissions(String authority) + { + return Collections.>emptyMap(); + } + + public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, boolean exactPermissionMatch) + { + return Collections.emptySet(); + } + + public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, boolean includeContainingAuthorities, boolean exactPermissionMatch) + { + return Collections.emptySet(); + } } diff --git a/source/java/org/alfresco/service/cmr/security/AuthorityService.java b/source/java/org/alfresco/service/cmr/security/AuthorityService.java index 1679cefc10..3fd92d42bc 100644 --- a/source/java/org/alfresco/service/cmr/security/AuthorityService.java +++ b/source/java/org/alfresco/service/cmr/security/AuthorityService.java @@ -75,6 +75,12 @@ public interface AuthorityService @Auditable public Set getAuthorities(); + /** + * Get the authorities for the given user + */ + @Auditable(parameters = {"userName"}) + public Set getAuthoritiesForUser(String userName); + /** * Get all authorities by type. * diff --git a/source/java/org/alfresco/service/cmr/security/PermissionService.java b/source/java/org/alfresco/service/cmr/security/PermissionService.java index 761c598c65..59ba624194 100644 --- a/source/java/org/alfresco/service/cmr/security/PermissionService.java +++ b/source/java/org/alfresco/service/cmr/security/PermissionService.java @@ -24,43 +24,67 @@ */ package org.alfresco.service.cmr.security; +import java.util.Map; import java.util.Set; import org.alfresco.service.Auditable; import org.alfresco.service.PublicService; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; +import org.apache.axis.wsdl.symbolTable.Parameters; /** - * The public API for a permission service - * - * The implementation may be changed in the application configuration + * The public API for a permission service The implementation may be changed in the application configuration * * @author Andy Hind */ @PublicService public interface PermissionService { + /** + * Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI + * implementations It is only used for admin at the moment - which is done outside the usual permission assignments + * at the moment. It could be a dynamic authority. + */ public static final String ROLE_PREFIX = "ROLE_"; - + + /** + * Prefix used for authorities of type group. + */ public static final String GROUP_PREFIX = "GROUP_"; - - - + + /** + * The group that contains everyone except guest. + */ public static final String ALL_AUTHORITIES = "GROUP_EVERYONE"; + /** + * The dynamic authority used for ownership + */ public static final String OWNER_AUTHORITY = "ROLE_OWNER"; - + + /** + * The dynamic authority used for the ownership of locks. + */ public static final String LOCK_OWNER_AUTHORITY = "ROLE_LOCK_OWNER"; - + + /** + * The admin authority - currently a role. + */ public static final String ADMINISTRATOR_AUTHORITY = "ROLE_ADMINISTRATOR"; + /** + * The guest authority + */ public static final String GUEST_AUTHORITY = "guest"; - - - + + /** + * The permission for all - not defined in the model. Repsected in the code. + */ public static final String ALL_PERMISSIONS = "All"; - + + // Constants for permissions/permission groups defined in the standard permission model. + public static final String FULL_CONTROL = "FullControl"; public static final String READ = "Read"; @@ -114,15 +138,15 @@ public interface PermissionService public static final String EDITOR = "Editor"; public static final String CONSUMER = "Consumer"; - + public static final String LOCK = "Lock"; - + public static final String UNLOCK = "Unlock"; - + public static final String CHECK_OUT = "CheckOut"; - + public static final String CHECK_IN = "CheckIn"; - + public static final String CANCEL_CHECK_OUT = "CancelCheckOut"; /** @@ -150,25 +174,23 @@ public interface PermissionService public String getAllPermission(); /** - * Get all the AccessPermissions that are granted/denied to the current - * authentication for the given node + * Get all the AccessPermissions that are granted/denied to the current authentication for the given node * * @param nodeRef - * the reference to the node * @return the set of allowed permissions */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public Set getPermissions(NodeRef nodeRef); /** - * Get all the AccessPermissions that are set for anyone for the - * given node + * Get all the AccessPermissions that are set for anyone for the given node * * @param nodeRef - * the reference to the node * @return the set of allowed permissions */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public Set getAllSetPermissions(NodeRef nodeRef); /** @@ -177,27 +199,27 @@ public interface PermissionService * @param nodeRef * @return */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public Set getSettablePermissions(NodeRef nodeRef); /** * Get the permissions that can be set for a given type * - * @param nodeRef - * @return + * @param type + * @return - set of permissions */ - @Auditable(parameters = {"type"}) + @Auditable(parameters = { "type" }) public Set getSettablePermissions(QName type); /** - * Check that the given authentication has a particular permission for the - * given node. (The default behaviour is to inherit permissions) + * Check that the given authentication has a particular permission for the given node. (The default behaviour is to + * inherit permissions) * * @param nodeRef * @param permission - * @return + * @return - access status */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "permission"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "permission" }) public AccessStatus hasPermission(NodeRef nodeRef, String permission); /** @@ -205,34 +227,36 @@ public interface PermissionService * * @param nodeRef */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public void deletePermissions(NodeRef nodeRef); /** * Delete all permission for the given authority. * * @param nodeRef - * @param authority (if null then this will match all authorities) + * @param authority + * (if null then this will match all authorities) */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority" }) public void clearPermission(NodeRef nodeRef, String authority); - + /** - * Find and delete a access control entry by node, authentication and permission. - * - * It is possible to delete + * Find and delete a access control entry by node, authentication and permission. It is possible to delete *
    *
  1. a specific permission; - *
  2. all permissions for an authority (if the permission is null); - *
  3. entries for all authorities that have a specific permission (if the authority is null); and + *
  4. all permissions for an authority (if the permission is null); + *
  5. entries for all authorities that have a specific permission (if the authority is null); and *
  6. all permissions set for the node (if both the permission and authority are null). - *
+ * * - * @param nodeRef the node that the entry applies to - * @param authority the authority recipient (if null then this will match all authorities) - * @param permission the entry permission (if null then this will match all permissions) + * @param nodeRef + * the node that the entry applies to + * @param authority + * the authority recipient (if null then this will match all authorities) + * @param permission + * the entry permission (if null then this will match all permissions) */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission" }) public void deletePermission(NodeRef nodeRef, String authority, String permission); /** @@ -243,7 +267,7 @@ public interface PermissionService * @param permission * @param allow */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission", "allow"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission", "allow" }) public void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow); /** @@ -252,15 +276,67 @@ public interface PermissionService * @param nodeRef * @param inheritParentPermissions */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "inheritParentPermissions"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "inheritParentPermissions" }) public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions); - + /** * Return the global inheritance behaviour for permissions on a node. * * @param nodeRef * @return inheritParentPermissions */ - @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"}) + @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public boolean getInheritParentPermissions(NodeRef nodeRef); -} + + /** + * Get all permissions set for the current user. + * + * @return - A map of noderefs to permissions set + */ + @Auditable + public Map> getAllSetPermissionsForTheCurrentUser(); + + /** + * Get all the permissions set for the given authority + * + * @param authority + * @return - A map of noderefs to permissions set + */ + @Auditable(parameters = { "authority" }) + public Map> getAllSetPermissions(String authority); + + /** + * Find all the nodes where the current user has explicitly been assigned the specified permission. + * + * @param permission - + * the permission to find + * @param allow + * -search for allow (true) or deny + * @param includeContainingAuthorities - + * include permissions for authorities that contain the current user in the list + * @param includeContainingPermissions - + * true; do an exact match: false; search for any permission that woudl imply the one given + * @return - the set of nodes where the user is assigned the permission + */ + @Auditable(parameters = { "permission", "allow", "includeContainingAuthorities", "includeContainingPermissions" }) + public Set findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, + boolean includeContainingPermissions); + + /** + * Find all the nodes where the current user has explicitly been assigned the specified permission. + * + * @param permission - + * the permission to find + * @param allow + * -search for allow (true) or deny + * @param includeContainingAuthorities - + * include permissions for authorities that contain the current user in the list + * @param exactPermissionMatch - + * true; do an exact match: false; search for any permission that woudl imply the one given + * @return - the set of nodes where the user is assigned the permission + */ + @Auditable(parameters = { "authority", "permission", "allow", "includeContainingAuthorities", + "exactPermissionMatch" }) + public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, + boolean includeContainingAuthorities, boolean exactPermissionMatch); +} \ No newline at end of file