inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-600: A user with the "EditDocumentMetaData" capability can only edit the properties of the records content.

Browse Source 
* record service extended with isPropertyEditable method .. indicates, based on the capabilities of the current user and the nature of the property, whether it can be edited
  * the record service monitors record aspect property updates and throws ModelExceptions if a user tries to update a record or non-record property if they don't have the appropriate capability
  * form filter updated to protect record properties the current user may not be able to edit
  * unit tests

So what does this all mean?  

It means we can control the write permissions of individual properties on a record based on capabilities.  In this case we slice the capability to edit a record in two .. you can either edit the content properties (ie the normal meta-data) or the record properties .. or both of course!



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49041 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-04-10 07:26:45 +00:00
parent 90a9bd99c0
commit f041d32b21
16 changed files with 816 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

475
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
View File

@@ -22,10 +22,12 @@ import java.util.Arrays;
import java.util.List;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.Role;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;
@@ -37,10 +39,11 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
/**
* Records Service Implementation Test
*
*
* @author Roy Wetherall
* @author Tuna Aksoy
* @since 2.1
@@ -49,7 +52,9 @@ public class RecordServiceImplTest extends BaseRMTestCase
{
/** Services */
protected ActionService dmActionService;
protected PermissionService dmPermissionService;
protected ExtendedSecurityService extendedSecurityService;
/**
@@ -67,7 +72,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
/**
* This is a user test
*
*
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
@@ -78,7 +83,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
/**
* This is a record test
*
*
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest()
*/
@Override
@@ -116,19 +121,14 @@ public class RecordServiceImplTest extends BaseRMTestCase
/**
* Helper method for getting a list of record meta data aspects
*
*
* @return Record meta data aspects as list
*/
private List<QName> getAspectList()
{
QName[] aspects = new QName[]
{
DOD5015Model.ASPECT_DIGITAL_PHOTOGRAPH_RECORD,
DOD5015Model.ASPECT_PDF_RECORD,
DOD5015Model.ASPECT_WEB_RECORD,
DOD5015Model.ASPECT_SCANNED_RECORD,
ASPECT_RECORD_META_DATA
};
QName[] aspects = new QName[] { DOD5015Model.ASPECT_DIGITAL_PHOTOGRAPH_RECORD,
DOD5015Model.ASPECT_PDF_RECORD, DOD5015Model.ASPECT_WEB_RECORD,
DOD5015Model.ASPECT_SCANNED_RECORD, ASPECT_RECORD_META_DATA };
return Arrays.asList(aspects);
}
@@ -190,22 +190,21 @@ public class RecordServiceImplTest extends BaseRMTestCase
}
/**
* @see RecordService#createRecord(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
* @see RecordService#createRecord(org.alfresco.service.cmr.repository.NodeRef,
* org.alfresco.service.cmr.repository.NodeRef)
*/
public void testCreateRecord() throws Exception
{
// show that users without WRITE can not create a record from a document
doTestInTransaction(new FailureTest
(
"Can not create a record from a document if you do not have WRITE permissions.",
AccessDeniedException.class
)
doTestInTransaction(new FailureTest(
"Can not create a record from a document if you do not have WRITE permissions.",
AccessDeniedException.class)
{
public void run() throws Exception
{
recordService.createRecord(filePlan, dmDocument);
}
}, dmConsumer);
}, dmConsumer);
// create record from document
doTestInTransaction(new Test<Void>()
@@ -218,107 +217,108 @@ public class RecordServiceImplTest extends BaseRMTestCase
assertFalse(recordService.isRecord(dmDocument));
assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
checkPermissions(READ_RECORDS,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(READ_RECORDS, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
assertEquals(AccessStatus.DENIED,
dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.DENIED, dmPermissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
checkPermissions(FILING,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(FILING, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
recordService.createRecord(filePlan, dmDocument);
checkPermissions(READ_RECORDS,
AccessStatus.ALLOWED, // file plan
AccessStatus.ALLOWED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
checkPermissions(READ_RECORDS, AccessStatus.ALLOWED, // file
// plan
AccessStatus.ALLOWED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
assertEquals(AccessStatus.ALLOWED,
dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
checkPermissions(FILING,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
checkPermissions(FILING, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
assertTrue(recordService.isRecord(dmDocument));
assertTrue(extendedSecurityService.hasExtendedSecurity(dmDocument));
assertFalse(recordService.isFiled(dmDocument));
// show that the record has meta-data about it's original location
// show that the record has meta-data about it's original
// location
assertTrue(nodeService.hasAspect(dmDocument, ASPECT_RECORD_ORIGINATING_DETAILS));
assertEquals(originalLocation, nodeService.getProperty(dmDocument, PROP_RECORD_ORIGINATING_LOCATION));
assertFalse(originalLocation == nodeService.getPrimaryParent(dmDocument).getParentRef());
// show that the record is linked to it's original location
assertEquals(2, nodeService.getParentAssocs(dmDocument).size());
// ****
// Capability Tests
// ****
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan,
RMPermissionModel.EDIT_RECORD_METADATA));
Capability filling = capabilityService.getCapability("FileRecords");
assertEquals(AccessStatus.DENIED, filling.hasPermission(dmDocument));
Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
assertEquals(AccessStatus.ALLOWED, editRecordMetadata.hasPermission(dmDocument));
Capability updateProperties = capabilityService.getCapability("UpdateProperties");
assertEquals(AccessStatus.ALLOWED, updateProperties.hasPermission(dmDocument));
return null;
}
}, dmCollaborator);
// check the consumer's permissions are correct for the newly created document
// check the consumer's permissions are correct for the newly created
// document
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
checkPermissions(READ_RECORDS,
AccessStatus.ALLOWED, // file plan
AccessStatus.ALLOWED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
checkPermissions(READ_RECORDS, AccessStatus.ALLOWED, // file
// plan
AccessStatus.ALLOWED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.ALLOWED); // doc/record
checkPermissions(FILING, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan,
RMPermissionModel.EDIT_RECORD_METADATA));
checkPermissions(FILING,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
Capability filling = capabilityService.getCapability("FileRecords");
assertEquals(AccessStatus.DENIED, filling.hasPermission(dmDocument));
Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
assertEquals(AccessStatus.DENIED, editRecordMetadata.hasPermission(dmDocument));
Capability updateProperties = capabilityService.getCapability("UpdateProperties");
assertEquals(AccessStatus.DENIED, updateProperties.hasPermission(dmDocument));
return null;
}
}, dmConsumer);
@@ -327,17 +327,15 @@ public class RecordServiceImplTest extends BaseRMTestCase
public void testCreateRecordNoLink() throws Exception
{
// show that users without WRITE can not create a record from a document
doTestInTransaction(new FailureTest
(
"Can not create a record from a document if you do not have WRITE permissions.",
AccessDeniedException.class
)
doTestInTransaction(new FailureTest(
"Can not create a record from a document if you do not have WRITE permissions.",
AccessDeniedException.class)
{
public void run() throws Exception
{
recordService.createRecord(filePlan, dmDocument, false);
}
}, dmConsumer);
}, dmConsumer);
// create record from document
final NodeRef originalLocation = doTestInTransaction(new Test<NodeRef>()
@@ -347,44 +345,40 @@ public class RecordServiceImplTest extends BaseRMTestCase
{
NodeRef originalLocation = nodeService.getPrimaryParent(dmDocument).getParentRef();
assertFalse(recordService.isRecord(dmDocument));
assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
//assertFalse(recordService.isRecord(dmDocument));
//assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
checkPermissions(READ_RECORDS,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(READ_RECORDS, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
assertEquals(AccessStatus.DENIED,
dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.DENIED, dmPermissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
checkPermissions(FILING,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(FILING, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
recordService.createRecord(filePlan, dmDocument, false);
checkPermissions(READ_RECORDS,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(READ_RECORDS, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
assertEquals(AccessStatus.DENIED,
dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.DENIED, dmPermissionService.hasPermission(filePlan,
RMPermissionModel.VIEW_RECORDS));
checkPermissions(FILING,
AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
checkPermissions(FILING, AccessStatus.DENIED, // file plan
AccessStatus.DENIED, // unfiled container
AccessStatus.DENIED, // record category
AccessStatus.DENIED, // record folder
AccessStatus.DENIED); // doc/record
return originalLocation;
}
@@ -399,7 +393,8 @@ public class RecordServiceImplTest extends BaseRMTestCase
assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
assertFalse(recordService.isFiled(dmDocument));
// show that the record has meta-data about it's original location
// show that the record has meta-data about it's original
// location
assertTrue(nodeService.hasAspect(dmDocument, ASPECT_RECORD_ORIGINATING_DETAILS));
assertEquals(originalLocation, nodeService.getProperty(dmDocument, PROP_RECORD_ORIGINATING_LOCATION));
assertFalse(originalLocation == nodeService.getPrimaryParent(dmDocument).getParentRef());
@@ -419,7 +414,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
@Override
public NodeRef run()
{
NodeRef record = fileFolderService.create(rmFolder, "test101.txt" , TYPE_CONTENT).getNodeRef();
NodeRef record = fileFolderService.create(rmFolder, "test101.txt", TYPE_CONTENT).getNodeRef();
ContentWriter writer = contentService.getWriter(record, PROP_CONTENT, true);
writer.setEncoding("UTF-8");
@@ -495,21 +490,245 @@ public class RecordServiceImplTest extends BaseRMTestCase
}, AuthenticationUtil.getSystemUserName());
}
private void checkPermissions(String permission, AccessStatus filePlanExpected,
AccessStatus unfiledExpected,
AccessStatus recordCatExpected,
AccessStatus recordFolderExpected,
AccessStatus recordExpected)
private void checkPermissions(String permission, AccessStatus filePlanExpected, AccessStatus unfiledExpected,
AccessStatus recordCatExpected, AccessStatus recordFolderExpected, AccessStatus recordExpected)
{
assertEquals(filePlanExpected,
dmPermissionService.hasPermission(filePlan, permission));
assertEquals(unfiledExpected,
dmPermissionService.hasPermission(unfiledContainer, permission));
assertEquals(recordCatExpected,
dmPermissionService.hasPermission(rmContainer, permission));
assertEquals(recordFolderExpected,
dmPermissionService.hasPermission(rmFolder, permission));
assertEquals(recordExpected,
dmPermissionService.hasPermission(dmDocument, permission));
assertEquals(filePlanExpected, dmPermissionService.hasPermission(filePlan, permission));
assertEquals(unfiledExpected, dmPermissionService.hasPermission(unfiledContainer, permission));
assertEquals(recordCatExpected, dmPermissionService.hasPermission(rmContainer, permission));
assertEquals(recordFolderExpected, dmPermissionService.hasPermission(rmFolder, permission));
assertEquals(recordExpected, dmPermissionService.hasPermission(dmDocument, permission));
}
private String createUserWithCapabilties(final String... capabiltyNames)
{
return doTestInTransaction(new Test<String>()
{
@Override
public String run() throws Exception
{
Role role = utils.createRole(filePlan, GUID.generate(), capabiltyNames);
String userName = GUID.generate();
createPerson(userName);
filePlanRoleService.assignRoleToAuthority(filePlan, role.getName(), userName);
return userName;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Test {@link RecordService#isPropertyEditable(NodeRef, QName)}
*/
public void testIsPropertyEditable() throws Exception
{
final String nonRecordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_NON_RECORD_METADATA);
final String recordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_RECORD_METADATA);
final String declaredRecordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_DECLARED_RECORD_METADATA);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
filePlanPermissionService.setPermission(rmFolder, rmUserName, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, nonRecordMetadata, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, recordMetadata, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, declaredRecordMetadata, RMPermissionModel.FILING);
}
});
// test rmadmin
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(recordService.isPropertyEditable(recordOne, PROP_ORIGINATING_ORGANIZATION));
assertTrue(recordService.isPropertyEditable(recordOne, PROP_DESCRIPTION));
assertTrue(recordService.isPropertyEditable(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_DESCRIPTION));
}
});
// test normal user
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertFalse(recordService.isPropertyEditable(recordOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordOne, PROP_DESCRIPTION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_DESCRIPTION));
}
}, rmUserName);
// test undeclared record with edit non-record metadata capability
// test declared record with edit non-record metadata capability
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertFalse(recordService.isPropertyEditable(recordOne, PROP_ORIGINATING_ORGANIZATION));
assertTrue(recordService.isPropertyEditable(recordOne, PROP_DESCRIPTION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_DESCRIPTION));
}
}, nonRecordMetadata);
// test undeclared record with edit record metadata capability
// test declared record with edit record metadata capability
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(recordService.isPropertyEditable(recordOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordOne, PROP_DESCRIPTION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_DESCRIPTION));
}
}, recordMetadata);
// test undeclared record with edit declared record metadata capability
// test declared record with edit declared record metadata capability
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertFalse(recordService.isPropertyEditable(recordOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordOne, PROP_DESCRIPTION));
assertTrue(recordService.isPropertyEditable(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION));
assertFalse(recordService.isPropertyEditable(recordDeclaredOne, PROP_DESCRIPTION));
}
}, declaredRecordMetadata);
}
public void testRecordPropertiesUpdate() throws Exception
{
final String nonRecordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_NON_RECORD_METADATA);
final String recordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_RECORD_METADATA);
final String declaredRecordMetadata = createUserWithCapabilties(
RMPermissionModel.VIEW_RECORDS,
RMPermissionModel.EDIT_DECLARED_RECORD_METADATA);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
filePlanPermissionService.setPermission(rmFolder, rmUserName, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, nonRecordMetadata, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, recordMetadata, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmFolder, declaredRecordMetadata, RMPermissionModel.FILING);
}
});
// test rmadmin
canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmAdminName);
canEditProperty(recordOne, PROP_ORIGINATING_ORGANIZATION, rmAdminName);
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, rmAdminName);
canEditProperty(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION, rmAdminName);
// test normal user
cantEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, rmUserName);
cantEditProperty(recordOne, PROP_ORIGINATING_ORGANIZATION, rmUserName);
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, rmUserName);
cantEditProperty(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION, rmUserName);
// test undeclared record with edit non-record metadata capability
canEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, nonRecordMetadata);
cantEditProperty(recordOne, PROP_ORIGINATING_ORGANIZATION, nonRecordMetadata);
// test declared record with edit non-record metadata capability
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, nonRecordMetadata);
cantEditProperty(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION, nonRecordMetadata);
// test undeclared record with edit record metadata capability
cantEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, recordMetadata);
canEditProperty(recordOne, PROP_ORIGINATING_ORGANIZATION, recordMetadata);
// test declared record with edit record metadata capability
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, recordMetadata);
cantEditProperty(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION, recordMetadata);
// test undeclared record with edit declared record metadata capability
cantEditProperty(recordOne, ContentModel.PROP_DESCRIPTION, declaredRecordMetadata);
cantEditProperty(recordOne, PROP_ORIGINATING_ORGANIZATION, declaredRecordMetadata);
// test declared record with edit declared record metadata capability
cantEditProperty(recordDeclaredOne, ContentModel.PROP_DESCRIPTION, declaredRecordMetadata);
canEditProperty(recordDeclaredOne, PROP_ORIGINATING_ORGANIZATION, declaredRecordMetadata);
}
public abstract class CommitPropertyFailTest extends Test<Void>
{
@Override
public Void run() throws Exception
{
// TODO Auto-generated method stub
return null;
}
@Override
public void test(Void result) throws Exception
{
// TODO Auto-generated method stub
super.test(result);
}
}
private void cantEditProperty(final NodeRef nodeRef, final QName property, String user) throws Exception
{
boolean failure = false;
try
{
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
nodeService.setProperty(nodeRef, property, GUID.generate());
}
}, user);
}
catch (Throwable exception)
{
// expected
failure = true;
}
// assert fail not failure
if (failure == false)
{
fail("Property should not have been editable.");
}
}
private void canEditProperty(final NodeRef nodeRef, final QName property, String user) throws Exception
{
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
nodeService.setProperty(nodeRef, property, GUID.generate());
}
}, user);
}
}

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -454,8 +454,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
unfiledContainer = filePlanService.getUnfiledContainer(filePlan);
assertNotNull(unfiledContainer);
}
},
AuthenticationUtil.getAdminUserName());
}, AuthenticationUtil.getSystemUserName());
}
/**
@@ -566,6 +565,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
{
filePlanPermissionService.setPermission(filePlan, user, FILING);
filePlanPermissionService.setPermission(rmContainer, user, FILING);
filePlanPermissionService.setPermission(rmFolder, user, FILING);
filePlanPermissionService.setPermission(unfiledContainer, user, FILING);
}
}

27
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java
View File

@@ -7,16 +7,23 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.role.Role;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
@@ -38,6 +45,8 @@ public class CommonRMTestUtils implements RecordsManagementModel
private ContentService contentService;
private RecordsManagementActionService actionService;
private ModelSecurityService modelSecurityService;
private FilePlanRoleService filePlanRoleService;
private CapabilityService capabilityService;
/** test values */
public static final String DEFAULT_DISPOSITION_AUTHORITY = "disposition authority";
@@ -54,6 +63,8 @@ public class CommonRMTestUtils implements RecordsManagementModel
contentService = (ContentService)applicationContext.getBean("ContentService");
actionService = (RecordsManagementActionService)applicationContext.getBean("RecordsManagementActionService");
modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService");
filePlanRoleService = (FilePlanRoleService)applicationContext.getBean("FilePlanRoleService");
capabilityService = (CapabilityService)applicationContext.getBean("CapabilityService");
}
/**
@@ -231,4 +242,20 @@ public class CommonRMTestUtils implements RecordsManagementModel
}, AuthenticationUtil.getSystemUserName());
}
public Role createRole(NodeRef filePlan, String roleName, String ... capabilityNames)
{
Set<Capability> capabilities = new HashSet<Capability>(capabilityNames.length);
for (String name : capabilityNames)
{
Capability capability = capabilityService.getCapability(name);
if (capability == null)
{
throw new AlfrescoRuntimeException("capability " + name + " not found.");
}
capabilities.add(capability);
}
return filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
}
}