RM-999: Hold and Transfers are displayed for ExtendedReaders, ExtendedWriters

* remove in-place roles from the 'all roles' group .. now in-place readers and writers can't gain access to items just because they have a role!
 * patch to remove in-place roles from all group in existing installations
 * unit test for patch



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@73532 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/patch/v22/RMv22RemoveInPlaceRolesFromAllPatchUnitTest.java

@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.patch.v22;
+
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.mock;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.role.Role;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+
+/**
+ * Unit test for remove in-place roles from 'all roles' group patch unit test.
+ * 
+ * @author Roy Wetherall
+ * @since 2.2
+ */
+public class RMv22RemoveInPlaceRolesFromAllPatchUnitTest extends BaseUnitTest
+{
+    /** test data */
+    private static final String ALL_ROLES = "allroles";
+    
+    /** patch */
+    @InjectMocks private RMv22RemoveInPlaceRolesFromAllPatch patch;
+    
+    /**
+     * Given there are no file plans to update then the 'all roles' group should not
+     * be changed.
+     */
+    @Test
+    public void noFilePlans()
+    {
+        // given        
+        doReturn(Collections.EMPTY_SET).when(mockedFilePlanService).getFilePlans();
+        
+        // when
+        patch.applyInternal();
+        
+        // then
+        verifyZeroInteractions(mockedAuthorityService);
+    }
+
+    /**
+     * Given that there is one file plan whose 'all roles' group does not contain the 
+     * in-place roles the 'all roles' groups should not be changed.
+     */
+    @Test
+    public void rolesDontNeedRemovingFromGroup()
+    {
+        // given 
+        doReturn(Collections.singleton(filePlan)).when(mockedFilePlanService).getFilePlans();
+        doReturn(getMockedRole(FilePlanRoleService.ROLE_EXTENDED_READERS)).when(mockedFilePlanRoleService).getRole(filePlan, FilePlanRoleService.ROLE_EXTENDED_READERS);
+        doReturn(getMockedRole(FilePlanRoleService.ROLE_EXTENDED_WRITERS)).when(mockedFilePlanRoleService).getRole(filePlan, FilePlanRoleService.ROLE_EXTENDED_WRITERS);
+        doReturn(ALL_ROLES).when(mockedFilePlanRoleService).getAllRolesContainerGroup(filePlan);
+        doReturn(Collections.EMPTY_SET).when(mockedAuthorityService).getContainedAuthorities(null, ALL_ROLES, true);
+        
+        // when
+        patch.applyInternal();
+        
+        // then
+        verify(mockedAuthorityService, times(1)).getContainedAuthorities(null, ALL_ROLES, true);
+        verifyNoMoreInteractions(mockedAuthorityService);
+    }
+    
+    /**
+     * Given that there is one file plan whose 'all roles' group contains the in-place
+     * roles then they should be revoved.
+     */
+    @Test
+    public void removeRolesFromGroup()
+    {
+        // given 
+        doReturn(Collections.singleton(filePlan)).when(mockedFilePlanService).getFilePlans();        
+        doReturn(getMockedRole(FilePlanRoleService.ROLE_EXTENDED_READERS)).when(mockedFilePlanRoleService).getRole(filePlan, FilePlanRoleService.ROLE_EXTENDED_READERS);
+        doReturn(getMockedRole(FilePlanRoleService.ROLE_EXTENDED_WRITERS)).when(mockedFilePlanRoleService).getRole(filePlan, FilePlanRoleService.ROLE_EXTENDED_WRITERS);        
+        doReturn(ALL_ROLES).when(mockedFilePlanRoleService).getAllRolesContainerGroup(filePlan);        
+        Set<String> contains = new HashSet<String>(2);
+        contains.add(FilePlanRoleService.ROLE_EXTENDED_READERS);
+        contains.add(FilePlanRoleService.ROLE_EXTENDED_WRITERS);
+        doReturn(contains).when(mockedAuthorityService).getContainedAuthorities(null, ALL_ROLES, true);
+        
+        // when
+        patch.applyInternal();
+        
+        // then
+        verify(mockedAuthorityService, times(1)).getContainedAuthorities(null, ALL_ROLES, true);
+        verify(mockedAuthorityService, times(1)).removeAuthority(ALL_ROLES, FilePlanRoleService.ROLE_EXTENDED_READERS);
+        verify(mockedAuthorityService, times(1)).removeAuthority(ALL_ROLES, FilePlanRoleService.ROLE_EXTENDED_WRITERS);
+        verifyNoMoreInteractions(mockedAuthorityService);        
+    }
+    
+    /**
+     * Helper method to create a mocked role.
+     */
+    private Role getMockedRole(String name)
+    {
+        Role mockedRole = mock(Role.class);
+        doReturn(name).when(mockedRole).getRoleGroupName();
+        return mockedRole;
+    }
+}

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/AllUnitTestSuite.java

@@ -26,6 +26,7 @@ import org.alfresco.module.org_alfresco_module_rm.job.DispositionLifecycleJobExe
 import org.alfresco.module.org_alfresco_module_rm.jscript.app.evaluator.FrozenEvaluatorUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.jscript.app.evaluator.TransferEvaluatorUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.model.compatibility.DictionaryBootstrapPostProcessorUnitTest;
+import org.alfresco.module.org_alfresco_module_rm.patch.v22.RMv22RemoveInPlaceRolesFromAllPatchUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordMetadataBootstrapUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImplUnitTest;
 import org.alfresco.module.org_alfresco_module_rm.script.hold.HoldPostUnitTest;
@@ -70,7 +71,10 @@ import org.junit.runners.Suite.SuiteClasses;
     HoldCapabilityConditionUnitTest.class,
     
     // action implementations
-    FileReportActionUnitTest.class
+    FileReportActionUnitTest.class,
+    
+    // patches
+    RMv22RemoveInPlaceRolesFromAllPatchUnitTest.class
 })
 public class AllUnitTestSuite
 {

rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseUnitTest.java

@@ -38,6 +38,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
 import org.alfresco.module.org_alfresco_module_rm.report.ReportService;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
@@ -48,6 +49,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.search.SearchService;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.OwnableService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespaceService;
@@ -83,25 +85,27 @@ public class BaseUnitTest implements RecordsManagementModel
     protected NodeRef record;
     
     /** core service mocks */
-    @Mock(name="nodeService")                    protected NodeService mockedNodeService; 
-    @Mock(name="dictionaryService")              protected DictionaryService mockedDictionaryService;
-    @Mock(name="namespaceService")               protected NamespaceService mockedNamespaceService; 
-    @Mock(name="identifierService")              protected IdentifierService mockedIdentifierService;
-    @Mock(name="permissionService")              protected PermissionService mockedPermissionService;
-    @Mock(name="ownableService")                 protected OwnableService mockedOwnableService;
-    @Mock(name="searchService")                  protected SearchService mockedSearchService;
-    @Mock(name="retryingTransactionHelper")      protected RetryingTransactionHelper mockedRetryingTransactionHelper;
+    @Mock(name="nodeService")                    protected NodeService                  mockedNodeService; 
+    @Mock(name="dictionaryService")              protected DictionaryService            mockedDictionaryService;
+    @Mock(name="namespaceService")               protected NamespaceService             mockedNamespaceService; 
+    @Mock(name="identifierService")              protected IdentifierService            mockedIdentifierService;
+    @Mock(name="permissionService")              protected PermissionService            mockedPermissionService;
+    @Mock(name="ownableService")                 protected OwnableService               mockedOwnableService;
+    @Mock(name="searchService")                  protected SearchService                mockedSearchService;
+    @Mock(name="retryingTransactionHelper")      protected RetryingTransactionHelper    mockedRetryingTransactionHelper;
+    @Mock(name="authorityService")               protected AuthorityService             mockedAuthorityService;
     
     /** rm service mocks */
-    @Mock(name="filePlanService")                protected FilePlanService mockedFilePlanService;
-    @Mock(name="recordFolderService")            protected RecordFolderService mockedRecordFolderService;
-    @Mock(name="recordService")                  protected RecordService mockedRecordService;
-    @Mock(name="holdService")                    protected HoldService mockedHoldService;
+    @Mock(name="filePlanService")                protected FilePlanService              mockedFilePlanService;
+    @Mock(name="recordFolderService")            protected RecordFolderService          mockedRecordFolderService;
+    @Mock(name="recordService")                  protected RecordService                mockedRecordService;
+    @Mock(name="holdService")                    protected HoldService                  mockedHoldService;
     @Mock(name="recordsManagementActionService") protected RecordsManagementActionService mockedRecordsManagementActionService;
-    @Mock(name="reportService")                  protected ReportService mockedReportService;
+    @Mock(name="reportService")                  protected ReportService                mockedReportService;
+    @Mock(name="filePlanRoleService")            protected FilePlanRoleService          mockedFilePlanRoleService;
     
     /** application context mock */
-    @Mock(name="applicationContext")             protected ApplicationContext mockedApplicationContext;
+    @Mock(name="applicationContext")             protected ApplicationContext           mockedApplicationContext;
     
     /** expected exception rule */
     @Rule