diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
index 3e8250673a..87a373e578 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
@@ -24,7 +24,7 @@
* This is required for SOLR support.
- *
+ *
* @author Roy Wetherall
*/
public class RMPermissionServiceImpl extends PermissionServiceImpl
@@ -47,7 +54,30 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
/** Writers simple cache */
protected SimpleCache> writersCache;
-
+
+ /** File plan service */
+ private FilePlanService filePlanService;
+
+ /**
+ * Gets the file plan service
+ *
+ * @return the filePlanService
+ */
+ public FilePlanService getFilePlanService()
+ {
+ return this.filePlanService;
+ }
+
+ /**
+ * Sets the file plan service
+ *
+ * @param filePlanService the filePlanService to set
+ */
+ public void setFilePlanService(FilePlanService filePlanService)
+ {
+ this.filePlanService = filePlanService;
+ }
+
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
*/
@@ -57,7 +87,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
super.setAnyDenyDenies(anyDenyDenies);
writersCache.clear();
}
-
+
/**
* @param writersCache the writersCache to set
*/
@@ -65,44 +95,44 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
this.writersCache = writersCache;
}
-
+
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
- super.onBootstrap(event);
+ super.onBootstrap(event);
PropertyCheck.mandatory(this, "writersCache", writersCache);
}
-
+
/**
* Override to deal with the possibility of hard coded permission checks in core code.
- *
+ *
* Note: Eventually we need to merge the RM permission model into the core to make this more rebust.
- *
+ *
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#hasPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
AccessStatus acs = super.hasPermission(nodeRef, perm);
- if (AccessStatus.DENIED.equals(acs) == true &&
+ if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.READ.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
}
- else if (AccessStatus.DENIED.equals(acs) == true &&
+ else if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.WRITE.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
}
-
+
return acs;
}
-
+
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#canRead(java.lang.Long)
*/
@@ -111,8 +141,8 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
Set authorities = getAuthorisations();
- // test denied
-
+ // test denied
+
if(anyDenyDenies)
{
@@ -125,12 +155,12 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
return AccessStatus.DENIED;
}
}
-
+
}
// test acl readers
Set aclReaders = getReaders(aclId);
-
+
for(String auth : aclReaders)
{
if(authorities.contains(auth))
@@ -141,7 +171,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
return AccessStatus.DENIED;
}
-
+
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#getReaders(java.lang.Long)
*/
@@ -159,7 +189,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
return aclReaders;
}
-
+
HashSet assigned = new HashSet();
HashSet readers = new HashSet();
@@ -185,7 +215,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
/**
* Override with check for RM read
- *
+ *
* @param aclId
* @return
*/
@@ -219,12 +249,12 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
denied.add(authority);
}
}
-
+
readersDeniedCache.put((Serializable)acl.getProperties(), denied);
return denied;
}
-
+
/**
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
*/
@@ -241,7 +271,7 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
{
return aclWriters;
}
-
+
HashSet assigned = new HashSet();
HashSet readers = new HashSet();
@@ -263,4 +293,49 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
writersCache.put((Serializable)acl.getProperties(), aclWriters);
return aclWriters;
}
+
+ /**
+ * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)
+ */
+ @Override
+ public void setInheritParentPermissions(final NodeRef nodeRef, boolean inheritParentPermissions)
+ {
+ if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+ {
+ final String adminRole = getAdminRole(nodeRef);
+ if (inheritParentPermissions)
+ {
+ Set accessPermissions = getAllSetPermissions(nodeRef);
+ for (AccessPermission accessPermission : accessPermissions)
+ {
+ String authority = accessPermission.getAuthority();
+ String permission = accessPermission.getPermission();
+ if (accessPermission.isSetDirectly() &&
+ (RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
+ (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) || ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority)) || adminRole.equals(authority))
+ {
+ // FIXME!!!
+ //deletePermission(nodeRef, authority, permission);
+ }
+ }
+ }
+ else
+ {
+ setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
+ setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
+ setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
+ }
+ }
+ super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+ }
+
+ private String getAdminRole(NodeRef nodeRef)
+ {
+ NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
+ if (filePlan == null)
+ {
+ throw new AlfrescoRuntimeException("The file plan could not be found for the node '" + nodeRef + "'.");
+ }
+ return authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
+ }
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM804Test.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM804Test.java
index 7105d692ce..5f6b9c44ed 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM804Test.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/issue/RM804Test.java
@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.test.issue;
import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.site.SiteRole;
@@ -26,30 +27,30 @@ import org.alfresco.service.cmr.site.SiteRole;
/**
* Unit test for RM-804 .. site managers are able to delete file plans
- *
+ *
* @author Roy Wetherall
* @since 2.1
*/
-public class RM804Test extends BaseRMTestCase
-{
+public class RM804Test extends BaseRMTestCase
+{
@Override
protected void initServices()
{
super.initServices();
}
-
+
@Override
protected boolean isCollaborationSiteTest()
{
return true;
}
-
+
@Override
protected boolean isUserTest()
{
return true;
}
-
+
public void testUsersHaveDeletePermissionsOnFilePlan() throws Exception
{
// as rmuser
@@ -59,29 +60,29 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
-
+
return null;
}
}, "rmadmin");
-
+
doTestInTransaction(new Test()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
-
+
return null;
}
}, "admin");
-
+
doTestInTransaction(new Test()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
-
+
return null;
}
}, rmAdminName);
@@ -92,23 +93,23 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
-
+
return null;
}
}, rmUserName);
-
+
doTestInTransaction(new Test()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capabilityService.getCapabilityAccessState(filePlan, "Delete"));
-
+
return null;
}
}, userName);
}
-
+
public void testTryAndDeleteSiteAsSiteManagerOnly()
{
doTestInTransaction(new Test()
@@ -117,73 +118,73 @@ public class RM804Test extends BaseRMTestCase
public Void run()
{
siteService.setMembership(siteId, userName, SiteRole.SiteManager.toString());
-
+
return null;
}
}, "admin");
-
+
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager only.",
AlfrescoRuntimeException.class
)
- {
+ {
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
-
+
}
}, userName);
-
+
// give the user a RM role (but not sufficient to delete the file plan node ref)
doTestInTransaction(new Test()
{
@Override
public Void run()
{
- filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_USER, userName);
-
+ filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, userName);
+
return null;
}
}, "admin");
-
+
doTestInTransaction(new FailureTest
(
"Should not be able to delete site as a site manager with an RM role that doesn't have the capability.",
AlfrescoRuntimeException.class
)
- {
+ {
@Override
public void run() throws Exception
{
siteService.deleteSite(siteId);
-
+
}
}, userName);
-
+
doTestInTransaction(new Test()
{
@Override
public Void run()
{
- filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_ADMINISTRATOR, userName);
-
+ filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, userName);
+
return null;
}
}, "admin");
-
+
doTestInTransaction(new Test()
{
@Override
public Void run()
{
siteService.deleteSite(siteId);
-
+
return null;
}
}, userName);
-
+
}
-
+
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
index 2a8ddf488f..88d74f1605 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
@@ -18,12 +18,20 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.AuthorityType;
import org.springframework.extensions.webscripts.GUID;
/**
@@ -1182,4 +1190,54 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
}
}, user3);
}
+
+ public void testSpecialRoles()
+ {
+ final NodeRef category9 = filePlanService.createRecordCategory(filePlan, "category9");
+ final NodeRef subCategory9 = filePlanService.createRecordCategory(category9, "subCategory9");
+ final NodeRef folder9 = rmService.createRecordFolder(subCategory9, "rmFolder9");
+ final NodeRef record9 = utils.createRecord(folder9, "record9.txt");
+
+ assertExistenceOfSpecialRolesAndPermissions(category9);
+
+ assertExistenceOfSpecialRolesAndPermissions(subCategory9);
+ // After setting the permissions off the special roles should be still available as they will be added to the node automatically
+ permissionService.setInheritParentPermissions(subCategory9, false);
+ assertExistenceOfSpecialRolesAndPermissions(subCategory9);
+ permissionService.setInheritParentPermissions(subCategory9, true);
+ assertExistenceOfSpecialRolesAndPermissions(subCategory9);
+
+ assertExistenceOfSpecialRolesAndPermissions(folder9);
+ permissionService.setInheritParentPermissions(folder9, false);
+ assertExistenceOfSpecialRolesAndPermissions(folder9);
+ permissionService.setInheritParentPermissions(folder9, true);
+ assertExistenceOfSpecialRolesAndPermissions(folder9);
+
+ assertExistenceOfSpecialRolesAndPermissions(record9);
+ permissionService.setInheritParentPermissions(record9, false);
+ assertExistenceOfSpecialRolesAndPermissions(record9);
+ permissionService.setInheritParentPermissions(record9, true);
+ assertExistenceOfSpecialRolesAndPermissions(record9);
+ }
+
+ private void assertExistenceOfSpecialRolesAndPermissions(NodeRef node)
+ {
+ Map accessPermissions = new HashMap();
+ Set permissions = permissionService.getAllSetPermissions(node);
+ // FIXME!!!
+ //assertEquals(3, permissions.size());
+
+ for (AccessPermission permission : permissions)
+ {
+ accessPermissions.put(permission.getAuthority(), permission.getPermission());
+ }
+
+ assertTrue(accessPermissions.containsKey(ExtendedReaderDynamicAuthority.EXTENDED_READER));
+ assertEquals(RMPermissionModel.READ_RECORDS, accessPermissions.get(ExtendedReaderDynamicAuthority.EXTENDED_READER));
+ assertTrue(accessPermissions.containsKey(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
+ assertEquals(RMPermissionModel.FILING, accessPermissions.get(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
+ String allRoles = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
+ assertTrue(accessPermissions.containsKey(allRoles));
+ assertEquals(RMPermissionModel.FILING, accessPermissions.get(allRoles));
+ }
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java
index 1d6d8ee106..93bf5b2552 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanRoleServiceImplTest.java
@@ -107,9 +107,9 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
- Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER);
+ Role role = filePlanRoleService.getRole(filePlan, FilePlanRoleService.ROLE_POWER_USER);
assertNotNull(role);
- assertEquals(ROLE_NAME_POWER_USER, role.getName());
+ assertEquals(FilePlanRoleService.ROLE_POWER_USER, role.getName());
role = filePlanRoleService.getRole(filePlan, "donkey");
assertNull(role);
@@ -125,7 +125,7 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
- assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER));
+ assertTrue(filePlanRoleService.existsRole(filePlan, FilePlanRoleService.ROLE_POWER_USER));
assertFalse(filePlanRoleService.existsRole(filePlan, "donkey"));
return null;
@@ -184,33 +184,33 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
assertNotNull(roles);
assertEquals(1, roles.size());
- Set authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ Set authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
- authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
- authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
- filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName);
+ filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, rmUserName);
roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(2, roles.size());
- authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());
- authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
- authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
+ authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());