inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-08 14:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-567: Refactor protected aspects and properties

Browse Source 
* actions and capabilities no long linked
  * protected aspects and properties can be configured in their own right
  * protected model security service added
  * action implementation refactored accordingly
  * capability implementations refactored accordingly
  * unit tests 



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44229 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-12-03 04:06:47 +00:00
parent 0f7197eb25
commit e7f1b2e62c
52 changed files with 1469 additions and 773 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
View File

@@ -66,6 +66,12 @@ public class CapabilitiesTest extends BaseRMTestCase implements
return true;
}
@Override
protected boolean isFillingForAllUsers()
{
return true;
}
@Override
protected void setupTestDataImpl()
{
@@ -73,19 +79,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements
record = utils.createRecord(rmFolder, "CapabilitiesTest.txt");
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(filePlan, user, FILING);
securityService.setPermission(rmContainer, user, FILING);
}
}
protected void check(Map<Capability, AccessStatus> access, String name, AccessStatus accessStatus)
{
@@ -289,124 +282,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements
}
/**
* Test the capability configuration
*/
public void testConfig()
{
retryingTransactionHelper.doInTransaction(
new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getSystemUserName());
assertEquals(6, securityService.getProtectedAspects()
.size());
assertEquals(13, securityService
.getProtectedProperties().size());
// Test action wire up
testCapabilityActions(0, ACCESS_AUDIT);
testCapabilityActions(2, ADD_MODIFY_EVENT_DATES);
testCapabilityActions(2,
APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF);
testCapabilityActions(0,
ATTACH_RULES_TO_METADATA_PROPERTIES);
testCapabilityActions(2, AUTHORIZE_ALL_TRANSFERS);
testCapabilityActions(2, AUTHORIZE_NOMINATED_TRANSFERS);
testCapabilityActions(0, CHANGE_OR_DELETE_REFERENCES);
testCapabilityActions(1, CLOSE_FOLDERS);
testCapabilityActions(0,
CREATE_AND_ASSOCIATE_SELECTION_LISTS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_EVENTS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_FILEPLAN_TYPES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_FOLDERS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_RECORD_TYPES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_REFERENCE_TYPES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_ROLES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_TIMEFRAMES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_USERS_AND_GROUPS);
testCapabilityActions(0,
CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS);
testCapabilityActions(1, CYCLE_VITAL_RECORDS);
testCapabilityActions(0, DECLARE_AUDIT_AS_RECORD);
testCapabilityActions(2, DECLARE_RECORDS);
testCapabilityActions(1,
DECLARE_RECORDS_IN_CLOSED_FOLDERS);
testCapabilityActions(0, DELETE_AUDIT);
testCapabilityActions(0, DELETE_LINKS);
testCapabilityActions(0, DELETE_RECORDS);
testCapabilityActions(0, DESTROY_RECORDS);
testCapabilityActions(1,
DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION);
testCapabilityActions(0, DISPLAY_RIGHTS_REPORT);
testCapabilityActions(0, EDIT_DECLARED_RECORD_METADATA);
testCapabilityActions(0, EDIT_NON_RECORD_METADATA);
testCapabilityActions(0, EDIT_RECORD_METADATA);
testCapabilityActions(0, EDIT_SELECTION_LISTS);
testCapabilityActions(0, ENABLE_DISABLE_AUDIT_BY_TYPES);
testCapabilityActions(0, EXPORT_AUDIT);
testCapabilityActions(1,
EXTEND_RETENTION_PERIOD_OR_FREEZE);
testCapabilityActions(1, FILE_RECORDS);
testCapabilityActions(0,
MAKE_OPTIONAL_PARAMETERS_MANDATORY);
testCapabilityActions(0, MANAGE_ACCESS_CONTROLS);
testCapabilityActions(0, MANAGE_ACCESS_RIGHTS);
testCapabilityActions(1,
MANUALLY_CHANGE_DISPOSITION_DATES);
testCapabilityActions(0,
MAP_CLASSIFICATION_GUIDE_METADATA);
testCapabilityActions(0, MAP_EMAIL_METADATA);
testCapabilityActions(0, MOVE_RECORDS);
testCapabilityActions(0, PASSWORD_CONTROL);
testCapabilityActions(1, PLANNING_REVIEW_CYCLES);
testCapabilityActions(1, RE_OPEN_FOLDERS);
testCapabilityActions(0, SELECT_AUDIT_METADATA);
testCapabilityActions(0, TRIGGER_AN_EVENT);
testCapabilityActions(1, UNDECLARE_RECORDS);
testCapabilityActions(2, UNFREEZE);
testCapabilityActions(0, UPDATE_CLASSIFICATION_DATES);
testCapabilityActions(0, UPDATE_EXEMPTION_CATEGORIES);
testCapabilityActions(0, UPDATE_TRIGGER_DATES);
testCapabilityActions(0,
UPDATE_VITAL_RECORD_CYCLE_INFORMATION);
testCapabilityActions(0,
UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS);
testCapabilityActions(0, VIEW_RECORDS);
testCapabilityActions(1, VIEW_UPDATE_REASONS_FOR_FREEZE);
return null;
}
}, false, true);
}
/**
* Test the capability actions
*
* @param count
* @param capability
*/
private void testCapabilityActions(int count, String capability)
{
assertEquals(count, capabilityService.getCapability(capability)
.getActionNames().size());
}
/**
* Test file plan as system
*/

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -150,8 +150,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
capability.isPrivate() == false &&
capability.getName().equals("MoveRecords") == false &&
capability.getName().equals("DeleteLinks") == false &&
capability.getName().equals("ChangeOrDeleteReferences") == false &&
capability.getActionNames().isEmpty() == true)
capability.getName().equals("ChangeOrDeleteReferences") == false)
{
testDeclarativeCapability((DeclarativeCapability)capability);
}

24
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java
View File

@@ -1,3 +1,21 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.io.Serializable;
@@ -13,6 +31,12 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Dataset Service Test
*
* @author Tuna Aksoy
* @since 2.1
*/
public class DataSetServiceImplTest extends BaseRMTestCase
{
/** Id of the test data set*/

19
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java
View File

@@ -1,4 +1,21 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.HashMap;

254
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java Normal file
View File

@@ -0,0 +1,254 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedAspect;
import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedProperty;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.namespace.QName;
/**
* Model security service test.
*
* @author Roy Wetherall
* @since 2.1
*/
public class ModelSecurityServiceImplTest extends BaseRMTestCase
{
private static final QName CUSTOM_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customAspect");
private static final QName CUSTOM_PROTECTED_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedAspect");
private static final QName CUSTOM_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProperty");
private static final QName CUSTOM_PROTECTED_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedProperty");
/** Model security service */
private ModelSecurityService modelSecurityService;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected boolean isFillingForAllUsers()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices()
*/
@Override
protected void initServices()
{
super.initServices();
modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestDataImpl()
*/
@Override
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
}
/**
* test - getProtectedAspects(), isProtectedAspect(), getProtectedAspect()
*/
public void testProtectedAspects() throws Exception
{
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
Set<QName> protectedAspects = modelSecurityService.getProtectedAspects();
assertNotNull(protectedAspects);
assertFalse(protectedAspects.isEmpty());
assertTrue(protectedAspects.contains(CUSTOM_PROTECTED_ASPECT));
assertFalse(protectedAspects.contains(CUSTOM_ASPECT));
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.isProtectedAspect(CUSTOM_ASPECT));
ProtectedAspect protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_ASPECT);
assertNull(protectedAspect);
protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_PROTECTED_ASPECT);
assertNotNull(protectedAspect);
assertNotNull(protectedAspect.getQName());
assertNotNull(protectedAspect.getCapabilities());
}
});
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to add the protected aspect.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
assertTrue(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
// check protected aspect via removeAspect
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to remove the custom aspect.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
assertFalse(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
}
/**
* test - getProtectedProperties(), isProtectedProperty(), getProtectedProperty()
*/
public void testProtectedProperties() throws Exception
{
doTestInTransaction(new VoidTest()
{
public void runImpl()
{
Set<QName> protectedProperties = modelSecurityService.getProtectedProperties();
assertNotNull(protectedProperties);
assertFalse(protectedProperties.isEmpty());
assertTrue(protectedProperties.contains(CUSTOM_PROTECTED_PROPERTY));
assertFalse(protectedProperties.contains(CUSTOM_PROPERTY));
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.isProtectedProperty(CUSTOM_PROPERTY));
ProtectedProperty protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROPERTY);
assertNull(protectedProperty);
protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROTECTED_PROPERTY);
assertNotNull(protectedProperty);
assertNotNull(protectedProperty.getQName());
assertNotNull(protectedProperty.getCapabilities());
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
}
});
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Should not have the permissions to edit protected property.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
assertEquals("hello", nodeService.getProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
}
}

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -22,7 +22,6 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.dm.CreateRecordAction;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.site.SiteModel;
@@ -147,7 +146,7 @@ public class RecordServiceTestImpl extends BaseRMTestCase
assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertTrue(rmService.isRecord(dmDocument));
assertTrue(recordService.isRecord(dmDocument));
//
Capability createCapability = capabilityService.getCapability("Create");

58
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -27,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.dataset.DataSetService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
@@ -70,7 +71,7 @@ import org.springframework.context.ApplicationContext;
* @author Roy Wetherall
*/
public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
implements RecordsManagementModel, ContentModel
implements RecordsManagementModel, ContentModel, RMPermissionModel
{
/** Application context */
protected static final String[] CONFIG_LOCATIONS = new String[]
@@ -221,6 +222,15 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
return false;
}
/**
* Indicates whether the test users should have filling on the file plan structure
* by default or not.
*/
protected boolean isFillingForAllUsers()
{
return false;
}
/**
* @see junit.framework.TestCase#setUp()
*/
@@ -431,8 +441,23 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
recordsManagerName,
rmAdminName
};
if (isFillingForAllUsers() == true)
{
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(filePlan, user, FILING);
securityService.setPermission(rmContainer, user, FILING);
}
}
}
/**
* Util method to create a person.
* @param userName user name
* @return NodeRef user node reference
*/
protected NodeRef createPerson(String userName)
{
authenticationService.createAuthentication(userName, "password".toCharArray());
@@ -498,4 +523,35 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
mhRecordFolder44 = rmService.createRecordFolder(mhContainer34, "mhFolder44");
mhRecordFolder45 = rmService.createRecordFolder(mhContainer35, "mhFolder45");
}
/**
* Helper class to try and simplify {@link Void} tests.
*
* @author Roy Wetherall
* @since 2.1
*/
protected abstract class VoidTest extends Test<Void>
{
@Override
public Void run() throws Exception
{
runImpl();
return null;
}
public abstract void runImpl() throws Exception;
@Override
public void test(Void result) throws Exception
{
testImpl();
}
public void testImpl() throws Exception
{
// empty implementation
}
}
}