REPO-1681 / MNT-17228: CMIS: Attempt to delete non-current version throws "Unexpected: current version does not appear ..."

- Fixed the misuse of the version node instead of live node
   - Added permission check for deleting a version
   - Uncommented the test added by JanV (REPO-1228) + added testcase for deleting with no permission
   - PublicApiCallContextHandler inherits basic auth parameters from BasicAuthCallContextHandler, to ensure proper exceptions are thrown by CMIS servlets (in this case, CmisPermissionDeniedException instead of CmisUnauthorizedException).

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133954 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java

@@ -77,6 +77,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.search.SearchParameters;
 import org.alfresco.service.cmr.search.SearchService;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.version.Version;
 import org.alfresco.service.cmr.version.VersionHistory;
 import org.alfresco.service.cmr.version.VersionType;
@@ -117,6 +119,7 @@ import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisContentAlreadyExistsException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisObjectNotFoundException;
+import org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisStorageException;
 import org.apache.chemistry.opencmis.commons.exceptions.CmisStreamNotSupportedException;
@@ -1767,6 +1770,11 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
             }
 
             // handle versions
+            if (info.isVariant(CMISObjectVariant.VERSION))
+            {
+                nodeRef = info.getCurrentNodeNodeRef();
+            }
+
             if (allVersions)
             {
                 NodeRef workingCopy = connector.getCheckOutCheckInService().getWorkingCopy(nodeRef);
@@ -1777,16 +1785,16 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
             }
             else if (info.isVariant(CMISObjectVariant.VERSION))
             {
+                // Check the DELETE permission since the version service has no restrictions. 
+                if (connector.getServiceRegistry().getPermissionService().hasPermission(nodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED)
+                {
+                    throw new CmisPermissionDeniedException("Cannot delete the node version.");
+                }
                 Version version = ((CMISNodeInfoImpl) info).getVersion();
                 connector.getVersionService().deleteVersion(nodeRef, version);
                 break;      // Reason for do-while
             }
 
-            if (info.isVariant(CMISObjectVariant.VERSION))
-            {
-                nodeRef = info.getCurrentNodeNodeRef();
-            }
-
             // attempt to delete the node
             if (allVersions)
             {
@@ -1794,7 +1802,7 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
             }
             else
             {
-                CMISNodeInfoImpl infoImpl = ((CMISNodeInfoImpl) info);
+                CMISNodeInfoImpl infoImpl = (CMISNodeInfoImpl) info;
                 Version version = infoImpl.getVersion();
 
                 if (infoImpl.getVersionHistory().getPredecessor(version) == null)
@@ -1803,6 +1811,10 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
                 }
                 else
                 {
+                    if (connector.getServiceRegistry().getPermissionService().hasPermission(nodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED)
+                    {
+                        throw new CmisPermissionDeniedException("Cannot delete the node version.");
+                    }
                     connector.getVersionService().deleteVersion(nodeRef, version);
                     // MNT-10032 revert node version to predecessor
                     connector.getVersionService().revert(nodeRef);

source/java/org/alfresco/opencmis/CMISConnector.java

@@ -504,7 +504,15 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
 	public void setServiceRegistry(ServiceRegistry serviceRegistry)
 	{
 		this.serviceRegistry = serviceRegistry;
-	}
+	}
+
+    /**
+     * Return the service registry
+     */
+    public final ServiceRegistry getServiceRegistry()
+    {
+    	return this.serviceRegistry;
+    }
 
 	/**
      * Sets the descriptor service.

source/java/org/alfresco/opencmis/PublicApiCallContextHandler.java

@@ -38,9 +38,16 @@ public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
 
     @Override
 	public Map<String, String> getCallContextMap(HttpServletRequest request)
-	{
+	{
-		Map<String, String> map = new HashMap<String, String>();
+        Map<String, String> map = new HashMap<String, String>();
-		map.put("isPublicApi", "true");
+        
-		return map;
+        Map<String, String> basicAuthMap = super.getCallContextMap(request);
+        if (basicAuthMap != null && !basicAuthMap.isEmpty()) 
+        {
+            map.putAll(basicAuthMap);
+        }
+        
+        map.put("isPublicApi", "true");
+        return map;
 	}
 }