RM-2123 Use runAsAuthentication instead of actual authentication.

Check that the user the command is run as has clearance to view the
classification levels, rather than the user that initiated the command.

+review RM-58

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104729 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java

@@ -73,7 +73,7 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
             return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
         }
 
-        final String currentUser = authenticationUtil.getFullyAuthenticatedUser();
+        final String currentUser = authenticationUtil.getRunAsUser();
         ParameterCheck.mandatoryString("currentUser", currentUser);
 
         return getUserSecurityClearance(currentUser);

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/util/AuthenticationUtil.java

@@ -18,13 +18,14 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.util;
 
+import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 
 /**
  * Helper bean to allow injection of AuthenticationUtil methods.
  * <p>
  * Useful when testing using mocks.
- * 
+ *
  * @author Roy Wetherall
  * @since 2.3
  */
@@ -53,46 +54,58 @@ public class AuthenticationUtil
     {
         return org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(runAsWork, uid);
     }
-    
+
     /**
      * Helper method that gets the fully authenticated user.
      * <p>
      * Useful when testing using mocks.
-     * 
+     *
      * @see org.alfresco.repo.security.authentication.AuthenticationUtil#getFullyAuthenticatedUser()
      */
     public String getFullyAuthenticatedUser()
     {
         return org.alfresco.repo.security.authentication.AuthenticationUtil.getFullyAuthenticatedUser();
     }
-    
+
     /**
      * Helper method that gets the admin user name.
      * <p>
      * Useful when testing using mocks.
-     * 
+     *
      * @see org.alfresco.repo.security.authentication.AuthenticationUtil#getAdminUserName()
      */
     public String getAdminUserName()
     {
         return org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName();
     }
-    
+
     /**
      * Helper method that gets the system user name.
-     * 
+     *
      * @see org.alfresco.repo.security.authentication.AuthenticationUtil#getSystemUserName()
      */
     public String getSystemUserName()
     {
         return org.alfresco.repo.security.authentication.AuthenticationUtil.getSystemUserName();
     }
-    
+
     /**
      * @see org.alfresco.repo.security.authentication.AuthenticationUtil#isRunAsUserTheSystemUser()
      */
     public boolean isRunAsUserTheSystemUser()
     {
-        return org.alfresco.repo.security.authentication.AuthenticationUtil.isRunAsUserTheSystemUser();        
+        return org.alfresco.repo.security.authentication.AuthenticationUtil.isRunAsUserTheSystemUser();
+    }
+
+    /**
+     * Helper method to get the user that is currently in effect for purposes of authentication. This includes any
+     * overlays introduced by {@link #runAs}.
+     *
+     * @return Returns the name of the user
+     * @throws AuthenticationException
+     */
+    public String getRunAsUser() throws AuthenticationException
+    {
+        return org.alfresco.repo.security.authentication.AuthenticationUtil.getRunAsUser();
     }
 }