RM-2260 (Users with read&file permissions on content can not classify it if they are not the owners)

+review RM @rwetherall

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@105541 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ContentClassificationServiceImpl.java

@@ -33,9 +33,8 @@ import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationE
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationException.LevelIdNotFound;
 import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel;
 import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
-import org.alfresco.service.cmr.dictionary.DictionaryService;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.namespace.QName;
 
 /**
@@ -48,15 +47,11 @@ public class ContentClassificationServiceImpl extends ServiceBaseImpl implements
 {
     private ClassificationLevelManager levelManager;
     private ClassificationReasonManager reasonManager;
-    private NodeService nodeService;
-    private DictionaryService dictionaryService;
     private SecurityClearanceService securityClearanceService;
     private ClassificationServiceBootstrap classificationServiceBootstrap;
 
     public void setLevelManager(ClassificationLevelManager levelManager) { this.levelManager = levelManager; }
     public void setReasonManager(ClassificationReasonManager reasonManager) { this.reasonManager = reasonManager; }
-    public void setNodeService(NodeService nodeService) { this.nodeService = nodeService; }
-    public void setDictionaryService(DictionaryService dictionaryService) { this.dictionaryService = dictionaryService; }
     public void setSecurityClearanceService(SecurityClearanceService securityClearanceService) { this.securityClearanceService = securityClearanceService; }
     public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; }
 
@@ -83,7 +78,7 @@ public class ContentClassificationServiceImpl extends ServiceBaseImpl implements
 
     @Override
     public void classifyContent(String classificationLevelId, String classificationAuthority,
-                Set<String> classificationReasonIds, NodeRef content)
+                Set<String> classificationReasonIds, final NodeRef content)
     {
         checkNotBlank("classificationLevelId", classificationLevelId);
         checkNotBlank("classificationAuthority", classificationAuthority);
@@ -108,7 +103,7 @@ public class ContentClassificationServiceImpl extends ServiceBaseImpl implements
             throw new LevelIdNotFound(classificationLevelId);
         }
 
-        Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
+        final Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
         // Initial classification id
         if (nodeService.getProperty(content, PROP_INITIAL_CLASSIFICATION) == null)
         {
@@ -132,7 +127,14 @@ public class ContentClassificationServiceImpl extends ServiceBaseImpl implements
         properties.put(PROP_CLASSIFICATION_REASONS, classificationReasons);
 
         // Add aspect
-        nodeService.addAspect(content, ASPECT_CLASSIFIED, properties);
+        authenticationUtil.runAsSystem(new RunAsWork<Void>()
+        {
+            public Void doWork()
+            {
+                nodeService.addAspect(content, ASPECT_CLASSIFIED, properties);
+                return null;
+            }
+        });
     }
 
     @Override

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM2260Test.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
+
+import static com.google.common.collect.Sets.newHashSet;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_USER;
+import static org.alfresco.util.GUID.generate;
+
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Integration test for RM-2260
+ *
+ * @author Tuna Aksoy
+ * @since 3.0
+ */
+public class RM2260Test extends BaseRMTestCase
+{
+    private static final String LEVEL = "level1";
+    private static final String REASON = "Test Reason 1";
+
+    public void testClassifiyingContentAsNonAdminUser()
+    {
+        /**
+         * Given that a user (assigned to an RM role) exists
+         * When filing permissions on a root category and the security clearance for that user are set
+         * Then the user should be able to classify a record within a folder which is within the given category
+         */
+        doBehaviourDrivenTest(new BehaviourDrivenTest()
+        {
+            String myUser;
+            NodeRef category;
+            NodeRef folder;
+            NodeRef record;
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+             */
+            @Override
+            public void given() throws Exception
+            {
+                myUser = generate();
+                createPerson(myUser);
+                filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_USER, myUser);
+
+                category = filePlanService.createRecordCategory(filePlan, generate());
+                folder = recordFolderService.createRecordFolder(category, generate());
+                record = utils.createRecord(folder, generate());
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+             */
+            @Override
+            public void when() throws Exception
+            {
+                filePlanPermissionService.setPermission(category, myUser, FILING);
+                securityClearanceService.setUserSecurityClearance(myUser, LEVEL);
+            }
+
+            /**
+             * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+             */
+            @Override
+            public void then() throws Exception
+            {
+                doTestInTransaction(new Test<Void>()
+                {
+                    @Override
+                    public Void run()
+                    {
+                        contentClassificationService.classifyContent(LEVEL, generate(), newHashSet(REASON), record);
+                        return null;
+                    }
+                }, myUser);
+            }
+        });
+    }
+}

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ContentClassificationServiceImplUnitTest.java

@@ -45,6 +45,8 @@ import org.alfresco.model.QuickShareModel;
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationException.InvalidNode;
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationException.LevelIdNotFound;
 import org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel;
+import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
+import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -74,11 +76,13 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
     @Mock NodeService mockNodeService;
     @Mock DictionaryService mockDictionaryService;
     @Mock SecurityClearanceService mockSecurityClearanceService;
+    @Mock AuthenticationUtil mockAuthenticationUtil;
     @Captor ArgumentCaptor<Map<QName, Serializable>> propertiesCaptor;
 
     @Before public void setUp()
     {
         MockitoAnnotations.initMocks(this);
+        MockAuthenticationUtilHelper.setup(mockAuthenticationUtil);
     }
 
     /** Classify a piece of content with a couple of reasons and check the NodeService is called correctly. */