inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restrict lock method to content types. REPO-1158

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@129897 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Martin Muller
2016-08-26 09:15:52 +00:00
parent 25988a8efb
commit ed67760ab4
2 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/java/org/alfresco/rest/api/impl/NodesImpl.java
View File

@@ -2963,6 +2963,11 @@ public class NodesImpl implements Nodes
throw new PermissionDeniedException("Current user doesn't have permission to lock node " + nodeId); throw new PermissionDeniedException("Current user doesn't have permission to lock node " + nodeId);
} }
if (!nodeMatches(nodeRef, Collections.singleton(ContentModel.TYPE_CONTENT), null, false))
{
throw new InvalidArgumentException("NodeId of content is expected: " + nodeRef.getId());
}
lockInfo = validateLockInformation(lockInfo); lockInfo = validateLockInformation(lockInfo);
lockService.lock(nodeRef, lockInfo.getMappedType(), lockInfo.getTimeToExpire(), lockInfo.getLifetime()); lockService.lock(nodeRef, lockInfo.getMappedType(), lockInfo.getTimeToExpire(), lockInfo.getLifetime());

37
source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
View File

@@ -3625,12 +3625,13 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
assertEquals(LockType.READ_ONLY_LOCK.toString(), documentResp.getProperties().get("cm:lockType")); assertEquals(LockType.READ_ONLY_LOCK.toString(), documentResp.getProperties().get("cm:lockType"));
assertNotNull(documentResp.getProperties().get("cm:lockOwner")); assertNotNull(documentResp.getProperties().get("cm:lockOwner"));
assertNull(documentResp.getIsLocked()); assertNull(documentResp.getIsLocked());
unlock(d1Id);
// Empty lock body, the default values are used // Empty lock body, the default values are used
post(getNodeOperationUrl(folderId, "lock"), EMPTY_BODY, null, 200); post(getNodeOperationUrl(d1Id, "lock"), EMPTY_BODY, null, 200);
// Lock on already locked node // Lock on already locked node
post(getNodeOperationUrl(folderId, "lock"), toJsonAsStringNonNull(lockInfo), null, 200); post(getNodeOperationUrl(d1Id, "lock"), toJsonAsStringNonNull(lockInfo), null, 200);
// Test delete on a folder which contains a locked node - NodeLockedException // Test delete on a folder which contains a locked node - NodeLockedException
deleteNode(folderId, true, 409); deleteNode(folderId, true, 409);
@@ -3665,12 +3666,12 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
updateTextFile(node.getId(), "Updated text", null, 200); updateTextFile(node.getId(), "Updated text", null, 200);
// Lock body properties - boundary values // Lock body properties - boundary values
Folder folderB = createFolder(Nodes.PATH_MY, "folder" + RUNID + "_B"); Document dB1 = createTextFile(folderAId, "content" + RUNID + "_dB1", "dB1 content");
String folderBId = folderB.getId(); String dB1Id = dB1.getId();
lockInfo = new LockInfo(); lockInfo = new LockInfo();
lockInfo.setTimeToExpire(-100); // values lower than 0 are considered as no expiry time lockInfo.setTimeToExpire(-100); // values lower than 0 are considered as no expiry time
post(getNodeOperationUrl(folderBId, "lock"), toJsonAsStringNonNull(lockInfo), null, 200); post(getNodeOperationUrl(dB1Id, "lock"), toJsonAsStringNonNull(lockInfo), null, 200);
// Lock node by a different user than the owner // Lock node by a different user than the owner
setRequestContext(user1); setRequestContext(user1);
@@ -3701,7 +3702,7 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
post(getNodeOperationUrl(ddNodeId, "lock"), toJsonAsStringNonNull(lockInfo), null, 403); post(getNodeOperationUrl(ddNodeId, "lock"), toJsonAsStringNonNull(lockInfo), null, 403);
// Lock node already locked by another user - UnableToAquireLockException // Lock node already locked by another user - UnableToAquireLockException
post(getNodeOperationUrl(folderId, "lock"), EMPTY_BODY, null, 422); post(getNodeOperationUrl(dB1Id, "lock"), EMPTY_BODY, null, 422);
// Lock node without permission (node created by user 1 in the Home folder) // Lock node without permission (node created by user 1 in the Home folder)
setRequestContext(user1); setRequestContext(user1);
@@ -3720,29 +3721,35 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
Folder folderC = createFolder(Nodes.PATH_MY, "folder" + RUNID + "_C"); Folder folderC = createFolder(Nodes.PATH_MY, "folder" + RUNID + "_C");
String folderCId = folderC.getId(); String folderCId = folderC.getId();
Document dC1 = createTextFile(folderCId, "content" + RUNID + "_dC1", "dC1 content");
String dC1Id = dC1.getId();
Map<String, String> body = new HashMap<>(); Map<String, String> body = new HashMap<>();
body.put("type", "FULL123"); body.put("type", "FULL123");
post(getNodeOperationUrl(folderCId, "lock"), toJsonAsStringNonNull(body), null, 400); post(getNodeOperationUrl(dC1Id, "lock"), toJsonAsStringNonNull(body), null, 400);
body = new HashMap<>(); body = new HashMap<>();
body.put("lifetime", "PERSISTENT123"); body.put("lifetime", "PERSISTENT123");
post(getNodeOperationUrl(folderCId, "lock"), toJsonAsStringNonNull(body), null, 400); post(getNodeOperationUrl(dC1Id, "lock"), toJsonAsStringNonNull(body), null, 400);
body = new HashMap<>(); body = new HashMap<>();
body.put("timeToExpire", "NaN"); body.put("timeToExpire", "NaN");
post(getNodeOperationUrl(folderCId, "lock"), toJsonAsStringNonNull(body), null, 400); post(getNodeOperationUrl(dC1Id, "lock"), toJsonAsStringNonNull(body), null, 400);
body = new HashMap<>(); body = new HashMap<>();
body.put("invalid_property", "true"); body.put("invalid_property", "true");
post(getNodeOperationUrl(folderCId, "lock"), toJsonAsStringNonNull(body), null, 400); post(getNodeOperationUrl(dC1Id, "lock"), toJsonAsStringNonNull(body), null, 400);
// Invalid lock of a folder
post(getNodeOperationUrl(folderId, "lock"), toJsonAsStringNonNull(lockInfo), null, 400);
//cleanup //cleanup
setRequestContext(user1); // all locks were made by user1 setRequestContext(user1); // all locks were made by user1
unlock(folderId); unlock(dB1Id);
deleteNode(dB1Id);
deleteNode(folderId); deleteNode(folderId);
deleteNode(folderAId); deleteNode(folderAId);
unlock(folderBId);
deleteNode(folderBId);
deleteNode(folderCId); deleteNode(folderCId);
deleteNode(folder1Id); deleteNode(folder1Id);
deleteNode(folder2Id); deleteNode(folder2Id);