writers);
+ /**
+ * Remove all extended readers and writers from the given node reference.
+ *
+ * @param nodeRef node reference
+ */
+ // TODO rename to removeExtendedSecurity
+ void removeAllExtendedSecurity(NodeRef nodeRef);
+
/**
* Add extended security for the specified authorities to a node.
*
@@ -84,17 +98,27 @@ public interface ExtendedSecurityService
* @param readers set of authorities to add extended read permissions
* @param writers set of authorities to add extended write permissions
* @param applyToParents true if extended security applied to parents (read only) false otherwise.
+ *
+ * @deprecated as of 2.5, because extended security is no longer applied to parents. Note that calling this method will
+ * only apply the exetended securiyt to the node and the applyToParents parameter value will be ignored.
+ *
+ * @see #addExtendedSecurity(NodeRef, Set, Set)
*/
- void addExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents);
-
+ @Deprecated void addExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents);
+
/**
* Remove the extended security for the specified authorities from a node.
*
* @param nodeRef node reference
* @param readers set of authorities to remove as extended readers
* @param writers set of authorities to remove as extended writers
+ *
+ * @deprecated as of 2.5, because partial removal of readers and writers from node or parents is no longer supported.
+ * Note that calling this method will now remove all extended security from the node and never applied to parents.
+ *
+ * @see #removeAllExtendedSecurity(NodeRef)
*/
- void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers);
+ @Deprecated void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers);
/**
* Remove the extended security for the specified authorities from a node.
@@ -108,21 +132,24 @@ public interface ExtendedSecurityService
* @param writers set of authorities to remove as extedned writers
* @param applyToParents true if removal of extended security is applied to parent hierarchy (read only), false
* otherwise
+ *
+ * @deprecated as of 2.5, because partial removal of readers and writers from node or parents is no longer supported.
+ * Note that calling this method will now remove all extended security from the node and never applied to parents.
+ *
+ * @see #removeAllExtendedSecurity(NodeRef)
*/
- void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents);
-
- /**
- * Remove all extended readers and writers from the given node reference.
- *
- * @param nodeRef node reference
- */
- void removeAllExtendedSecurity(NodeRef nodeRef);
+ @Deprecated void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents);
/**
* Remove all extended readers and writers from the given node reference.
*
* @param nodeRef node reference
* @param applyToParents if true then apply removal to parent hierarchy (read only) false otherwise.
+ *
+ * @deprecated as of 2.5, because partial removal of readers and writers from node or parents is no longer supported.
+ * Note that calling this method will now remove all extended security from the node and never applied to parents.
+ *
+ * @see #removeAllExtendedSecurity(NodeRef)
*/
- void removeAllExtendedSecurity(NodeRef nodeRef, boolean applyToParents);
+ @Deprecated void removeAllExtendedSecurity(NodeRef nodeRef, boolean applyToParents);
}
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
index f1db301030..74419ac5b3 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
@@ -27,23 +27,28 @@
package org.alfresco.module.org_alfresco_module_rm.security;
-import java.io.Serializable;
-import java.util.HashMap;
+import java.util.Collections;
import java.util.List;
-import java.util.Map;
import java.util.Set;
+import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.RenditionModel;
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
+import org.alfresco.service.cmr.security.AuthorityService;
+import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
-import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
+import org.springframework.extensions.webscripts.ui.common.StringUtils;
+
+import com.google.gdata.util.common.base.Pair;
/**
* Extended security service implementation.
@@ -55,11 +60,20 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
implements ExtendedSecurityService,
RecordsManagementModel
{
+ private static final String READER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "R_";
+ private static final String WRITER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "W_";
+
/** File plan service */
private FilePlanService filePlanService;
/** File plan role service */
private FilePlanRoleService filePlanRoleService;
+
+ /** authority service */
+ private AuthorityService authorityService;
+
+ /** permission service */
+ private PermissionService permissionService;
/**
* @param filePlanService file plan service
@@ -76,13 +90,29 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
this.filePlanRoleService = filePlanRoleService;
}
+
+ /**
+ * @param authorityService authority service
+ */
+ public void setAuthorityService(AuthorityService authorityService)
+ {
+ this.authorityService = authorityService;
+ }
+
+ /**
+ * @param permissionService permission service
+ */
+ public void setPermissionService(PermissionService permissionService)
+ {
+ this.permissionService = permissionService;
+ }
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#hasExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef)
*/
public boolean hasExtendedSecurity(NodeRef nodeRef)
{
- return nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_SECURITY);
+ return (getIPRGroups(nodeRef) != null);
}
/**
@@ -93,13 +123,18 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public Set getExtendedReaders(NodeRef nodeRef)
{
Set result = null;
-
- Map readerMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS);
- if (readerMap != null)
+
+ Pair iprGroups = getIPRGroups(nodeRef);
+ if (iprGroups != null)
{
- result = readerMap.keySet();
+ result = authorityService.getContainedAuthorities(null, iprGroups.first, true);
+ result.remove(iprGroups.second);
}
-
+ else
+ {
+ result = Collections.EMPTY_SET;
+ }
+
return result;
}
@@ -111,14 +146,19 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public Set getExtendedWriters(NodeRef nodeRef)
{
Set result = null;
-
- Map map = (Map)nodeService.getProperty(nodeRef, PROP_WRITERS);
- if (map != null)
+
+ Pair iprGroups = getIPRGroups(nodeRef);
+ if (iprGroups != null)
{
- result = map.keySet();
+ result = authorityService.getContainedAuthorities(null, iprGroups.second, true);
}
-
+ else
+ {
+ result = Collections.EMPTY_SET;
+ }
+
return result;
+
}
/**
@@ -126,25 +166,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
*/
@Override
public void addExtendedSecurity(NodeRef nodeRef, Set readers, Set writers)
- {
- addExtendedSecurity(nodeRef, readers, writers, true);
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#addExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set, boolean)
- */
- @Override
- public void addExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
- ParameterCheck.mandatory("applyToParents", applyToParents);
if (nodeRef != null)
{
- addExtendedSecurityImpl(nodeRef, readers, writers, applyToParents);
+ addExtendedSecurityImpl(nodeRef, readers, writers);
// add to the extended security roles
- addExtendedSecurityRoles(nodeRef, readers, writers);
+ addExtendedSecurityRoles(nodeRef, readers, writers);
}
}
@@ -156,38 +186,16 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* @param writers
* @param applyToParents
*/
- @SuppressWarnings("unchecked")
- private void addExtendedSecurityImpl(final NodeRef nodeRef, Set readers, Set writers, boolean applyToParents)
+ private void addExtendedSecurityImpl(final NodeRef nodeRef, Set readers, Set writers)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
- ParameterCheck.mandatory("applyToParents", applyToParents);
-
- // get the properties
- final Map properties = nodeService.getProperties(nodeRef);
-
- // update the readers map
- if (readers != null && readers.size() != 0)
- {
- // get reader map
- Map readersMap = (Map)properties.get(PROP_READERS);
-
- // set the readers property (this will in turn apply the aspect if required)
- properties.put(PROP_READERS, (Serializable)addToMap(readersMap, readers));
- }
-
- // update the writers map
- if (writers != null && writers.size() != 0)
- {
- // get writer map
- Map writersMap = (Map)properties.get(PROP_WRITERS);
-
- // set the writers property (this will in turn apply the aspect if required)
- properties.put(PROP_WRITERS, (Serializable)addToMap(writersMap, writers));
- }
-
- // set properties
- nodeService.setProperties(nodeRef, properties);
-
+
+ // find groups
+ Pair iprGroups = getIPRGroups(readers, writers);
+
+ // assign groups to node
+ assignIPRGroupsToNode(iprGroups, nodeRef);
+
// apply the readers to any renditions of the content
if (isRecord(nodeRef))
{
@@ -195,10 +203,188 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
- addExtendedSecurityImpl(child, readers, writers, false);
+ assignIPRGroupsToNode(iprGroups, child);
}
}
}
+
+ /**
+ *
+ * @param nodeRef
+ * @return
+ */
+ private Pair getIPRGroups(NodeRef nodeRef)
+ {
+ Pair result = null;
+ String iprReaderGroup = null;
+ String iprWriterGroup = null;
+
+ Set permissions = permissionService.getAllSetPermissions(nodeRef);
+ for (AccessPermission permission : permissions)
+ {
+ if (permission.getAuthority().startsWith(PermissionService.GROUP_PREFIX + READER_GROUP_PREFIX))
+ {
+ iprReaderGroup = permission.getAuthority();
+ }
+ else if (permission.getAuthority().startsWith(PermissionService.GROUP_PREFIX + WRITER_GROUP_PREFIX))
+ {
+ iprWriterGroup = permission.getAuthority();
+ }
+ }
+
+ if (iprReaderGroup != null && iprWriterGroup != null)
+ {
+ result = new Pair(iprReaderGroup, iprWriterGroup);
+ }
+
+ return result;
+ }
+
+ /**
+ *
+ * @param readers
+ * @param writers
+ * @return
+ */
+ private Pair getIPRGroups(Set readers, Set writers)
+ {
+ Pair result = null;
+
+ // see if the groups already exists or not
+ String readerGroupName = getIPRGroupName(READER_GROUP_PREFIX, readers, writers, false);
+ String writerGroupName = getIPRGroupName(WRITER_GROUP_PREFIX, readers, writers, false);
+ if (authorityService.authorityExists(readerGroupName) &&
+ authorityService.authorityExists(writerGroupName))
+ {
+ // check that the groups are a true match
+ if (authorityService.getContainingAuthorities(AuthorityType.GROUP, writerGroupName, true).contains(readerGroupName) &&
+ isIPRGroupTrueMatch(readers, readerGroupName) &&
+ isIPRGroupTrueMatch(writers, writerGroupName))
+ {
+ // reuse the existing groups
+ result = new Pair(readerGroupName, writerGroupName);
+ }
+ else
+ {
+ // TODO - CLASH
+ throw new AlfrescoRuntimeException("IPR Group Name Clash!");
+ }
+ }
+ else
+ {
+ // create inplace record reader and writer groups
+ result = createIPRGroups(readers, writers);
+ }
+
+ return result;
+ }
+
+ /**
+ *
+ * @param authorities
+ * @param group
+ * @return
+ */
+ private boolean isIPRGroupTrueMatch(Set authorities, String group)
+ {
+ // TODO
+ return true;
+ }
+
+ /**
+ *
+ * @param prefix
+ * @param authorities
+ * @param shortName
+ * @return
+ */
+ private String getIPRGroupName(String prefix, Set readers, Set writers, boolean shortName)
+ {
+ StringBuilder builder = new StringBuilder(128);
+
+ if (!shortName)
+ {
+ builder.append(PermissionService.GROUP_PREFIX);
+ }
+
+ builder.append(prefix)
+ .append(getAuthoritySetHashCode(readers))
+ .append("-")
+ .append(getAuthoritySetHashCode(writers));
+
+ return builder.toString();
+ }
+
+ /**
+ *
+ * @param authorities
+ * @return
+ */
+ private int getAuthoritySetHashCode(Set authorities)
+ {
+ int result = 0;
+ if (authorities != null && !authorities.isEmpty())
+ {
+ result = StringUtils.join(authorities.toArray(), "").hashCode();
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param readers
+ * @param writers
+ * @return
+ */
+ private Pair createIPRGroups(Set readers, Set writers)
+ {
+ String iprReaderGroup = createIPRGroup(getIPRGroupName(READER_GROUP_PREFIX, readers, writers, true), null, readers);
+ String iprWriterGroup = createIPRGroup(getIPRGroupName(WRITER_GROUP_PREFIX, readers, writers, true), iprReaderGroup, writers);
+ return new Pair(iprReaderGroup, iprWriterGroup);
+ }
+
+ /**
+ *
+ * @param groupShortName
+ * @param parent
+ * @param children
+ * @return
+ */
+ private String createIPRGroup(String groupShortName, String parent, Set children)
+ {
+ ParameterCheck.mandatory("groupShortName", groupShortName);
+
+ String group = authorityService.createAuthority(AuthorityType.GROUP, groupShortName); // TODO set appropriate zone
+
+ if (parent != null)
+ {
+ authorityService.addAuthority(parent, group);
+ }
+
+ if (children != null)
+ {
+ for (String child : children)
+ {
+ if (!PermissionService.ALL_AUTHORITIES.equals(child))
+ {
+ authorityService.addAuthority(group, child);
+ }
+ }
+ }
+
+ return group;
+ }
+
+ /**
+ *
+ * @param iprGroups
+ * @param nodeRef
+ */
+ private void assignIPRGroupsToNode(Pair iprGroups, NodeRef nodeRef)
+ {
+ permissionService.setPermission(nodeRef, iprGroups.first, RMPermissionModel.READ_RECORDS, true);
+ permissionService.setPermission(nodeRef, iprGroups.second, RMPermissionModel.FILING, true);
+ }
/**
*
@@ -235,60 +421,16 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
}
}
}
-
+
/**
- *
- * @param map
- * @param keys
- * @return
- */
- private Map addToMap(Map map, Set keys)
- {
- if (map == null)
- {
- // create map
- map = new HashMap(7);
- }
-
- for (String key : keys)
- {
- if (!key.equals(PermissionService.ALL_AUTHORITIES))
- {
- if (map.containsKey(key))
- {
- // increment reference count
- Integer count = map.get(key);
- map.put(key, Integer.valueOf(count.intValue()+1));
- }
- else
- {
- // add key with initial count
- map.put(key, Integer.valueOf(1));
- }
- }
- }
-
- return map;
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set)
+ * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
- public void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers)
- {
- removeExtendedSecurity(nodeRef, readers, writers, true);
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set, boolean)
- */
- @Override
- public void removeExtendedSecurity(NodeRef nodeRef, Set readers, Setwriters, boolean applyToParents)
+ public void removeAllExtendedSecurity(NodeRef nodeRef)
{
if (hasExtendedSecurity(nodeRef))
{
- removeExtendedSecurityImpl(nodeRef, readers, writers);
+ removeExtendedSecurityImpl(nodeRef);
// remove the readers from any renditions of the content
if (isRecord(nodeRef))
@@ -297,110 +439,62 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
- removeExtendedSecurityImpl(child, readers, writers);
- }
- }
-
- if (applyToParents)
- {
- // apply the extended readers up the file plan primary hierarchy
- NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
- if (parent != null &&
- filePlanService.isFilePlanComponent(parent))
- {
- removeExtendedSecurity(parent, readers, null, applyToParents);
- removeExtendedSecurity(parent, writers, null, applyToParents);
+ removeExtendedSecurityImpl(child);
}
}
}
}
/**
- * Removes a set of readers and writers from a node reference.
- *
- * Removes the aspect and resets the property to null if all readers and writers are removed.
- *
- * @param nodeRef node reference
- * @param readers {@link Set} of readers
- * @param writers {@link Set} of writers
+ *
+ * @param nodeRef
+ * @param readers
+ * @param writers
*/
- @SuppressWarnings("unchecked")
- private void removeExtendedSecurityImpl(NodeRef nodeRef, Set readers, Set writers)
+ private void removeExtendedSecurityImpl(NodeRef nodeRef)
{
- Map readersMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS);
- nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)removeFromMap(readersMap, readers));
-
- Map writersMap = (Map)nodeService.getProperty(nodeRef, PROP_WRITERS);
- nodeService.setProperty(nodeRef, PROP_WRITERS, (Serializable)removeFromMap(writersMap, writers));
-
- if (readersMap == null && writersMap == null)
+ ParameterCheck.mandatory("nodeRef", nodeRef);
+
+ Pair iprGroups = getIPRGroups(nodeRef);
+ if (iprGroups != null)
{
- // remove the aspect
- nodeService.removeAspect(nodeRef, ASPECT_EXTENDED_SECURITY);
+ // remove group permissions from node
+ permissionService.clearPermission(nodeRef, iprGroups.first);
+ permissionService.clearPermission(nodeRef, iprGroups.second);
+
+ // TODO delete the groups if they are no longer in use (easier said than done perhaps!)
}
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#addExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set, boolean)
+ */
+ @Override @Deprecated public void addExtendedSecurity(NodeRef nodeRef, Set readers, Set writers, boolean applyToParents)
+ {
+ addExtendedSecurity(nodeRef, readers, writers);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set)
+ */
+ @Override @Deprecated public void removeExtendedSecurity(NodeRef nodeRef, Set readers, Set writers)
+ {
+ removeAllExtendedSecurity(nodeRef);
}
/**
- * Helper method to remove items from map or reduce reference count
- *
- * @param map ref count map
- * @param keys keys
- * @return Map ref count map
+ * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set, boolean)
*/
- private Map removeFromMap(Map map, Set keys)
+ @Override @Deprecated public void removeExtendedSecurity(NodeRef nodeRef, Set readers, Setwriters, boolean applyToParents)
{
- if (map != null && keys != null && keys.size() != 0)
- {
- // remove the keys
- for (String key : keys)
- {
- if (!key.equals(PermissionService.ALL_AUTHORITIES))
- {
- Integer count = map.get(key);
- if (count != null)
- {
- if (count == 1)
- {
- // remove entry all together if the reference count is now 0
- map.remove(key);
- }
- else
- {
- // decrement the reference count by 1
- map.put(key, Integer.valueOf(count.intValue()-1));
- }
- }
- }
- }
- }
-
- // reset the map to null if now empty
- if (map != null && map.isEmpty())
- {
- map = null;
- }
-
- return map;
- }
-
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef)
- */
- @Override
- public void removeAllExtendedSecurity(NodeRef nodeRef)
- {
- removeAllExtendedSecurity(nodeRef, true);
+ removeAllExtendedSecurity(nodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/
- @Override
- public void removeAllExtendedSecurity(NodeRef nodeRef, boolean applyToParents)
+ @Override @Deprecated public void removeAllExtendedSecurity(NodeRef nodeRef, boolean applyToParents)
{
- if (hasExtendedSecurity(nodeRef))
- {
- removeExtendedSecurity(nodeRef, getExtendedReaders(nodeRef), getExtendedWriters(nodeRef));
- }
+ removeAllExtendedSecurity(nodeRef);
}
}
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
index 43068da49a..103f702fe5 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -27,8 +27,6 @@
package org.alfresco.module.org_alfresco_module_rm.security;
-import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority.EXTENDED_READER;
-import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority.EXTENDED_WRITER;
import static org.alfresco.repo.policy.Behaviour.NotificationFrequency.TRANSACTION_COMMIT;
import static org.alfresco.repo.policy.annotation.BehaviourKind.CLASS;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getSystemUserName;
@@ -383,13 +381,29 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
boolean inheritanceAllowed = isInheritanceAllowed(nodeRef, isParentNodeFilePlan);
getPermissionService().setInheritParentPermissions(nodeRef, inheritanceAllowed);
- // clear all existing permissions
+ Set keepPerms = new HashSet(5);
+ Set origionalPerms= getPermissionService().getAllSetPermissions(nodeRef);
+
+ for (AccessPermission perm : origionalPerms)
+ {
+ if (perm.getAuthority().startsWith(PermissionService.GROUP_PREFIX + ExtendedSecurityService.IPR_GROUP_PREFIX))
+ {
+ // then we can assume this is a permission we want to preserve
+ keepPerms.add(perm);
+ }
+ }
+
+ // clear all existing permissions and start again
getPermissionService().clearPermission(nodeRef, null);
+ // re-add keep'er permissions
+ for (AccessPermission keeper : keepPerms)
+ {
+ setPermission(nodeRef, keeper.getAuthority(), keeper.getPermission());
+ }
+
if (!inheritanceAllowed)
{
- getPermissionService().setPermission(nodeRef, EXTENDED_READER, READ_RECORDS, true);
- getPermissionService().setPermission(nodeRef, EXTENDED_WRITER, FILING, true);
String adminRole = getAdminRole(nodeRef);
getPermissionService().setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
}
@@ -494,11 +508,8 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
for (AccessPermission recordPermission : origionalRecordPerms)
{
String permission = recordPermission.getPermission();
- String authority = recordPermission.getAuthority();
if ((RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
- recordPermission.isSetDirectly() &&
- !ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) &&
- !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority))
+ recordPermission.isSetDirectly())
{
// then we can assume this is a permission we want to preserve
keepPerms.add(recordPermission);
@@ -506,7 +517,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
}
// clear all existing permissions and start again
- permissionService.deletePermissions(record);
+ // permissionService.deletePermissions(record);
// re-setup the records permissions
setupPermissions(destinationAssocRef.getParentRef(), record);
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
index 27a5fd4f7e..d0464b7e6b 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -337,9 +337,6 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && isNotBlank(adminRole)
&& !inheritParentPermissions)
{
- setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS,
- true);
- setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
}
super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateInplaceRecordTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateInplaceRecordTest.java
new file mode 100644
index 0000000000..ca818eedc2
--- /dev/null
+++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateInplaceRecordTest.java
@@ -0,0 +1,186 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail. Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ * #L%
+ */
+
+package org.alfresco.module.org_alfresco_module_rm.test.integration.record;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.service.cmr.model.FileExistsException;
+import org.alfresco.service.cmr.model.FileNotFoundException;
+import org.alfresco.service.cmr.security.AccessStatus;
+
+/**
+ * Create Inplace Record Test
+ *
+ * @author Roy Wetherall
+ */
+public class CreateInplaceRecordTest extends BaseRMTestCase
+{
+ @Override
+ protected boolean isCollaborationSiteTest()
+ {
+ return true;
+ }
+
+ /**
+ * Given a document in a collaboration site
+ * When the document is declared by a site collaborator
+ * Then the document becomes a record
+ * And the site users have the appropriate in-place permissions on the record
+ */
+ public void testCreateInplaceRecordFromCollabSite()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest()
+ {
+ public void given()
+ {
+ // Check that the document is not a record
+ assertFalse(recordService.isRecord(dmDocument));
+ }
+
+ public void when()
+ {
+ // Declare the document as a record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ // Declare record
+ recordService.createRecord(filePlan, dmDocument);
+
+ return null;
+ }
+ }, dmCollaborator);
+ }
+
+ public void then()
+ {
+ // Check that the document is a record now
+ assertTrue(recordService.isRecord(dmDocument));
+
+ // Check that the record is in the unfiled container
+
+ // Check that the record is still a child of the collaboration folder
+
+ // Check that the collaborator has filling permissions on the record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.FILING));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
+ return null;
+ }
+ }, dmCollaborator);
+
+
+ // Check that the consumer has read permissions on the record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(dmDocument, RMPermissionModel.FILING));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
+ return null;
+ }
+ }, dmConsumer);
+
+ }
+ });
+ }
+
+ public void testFileInplaceRecordFromCollabSite()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest()
+ {
+ public void given()
+ {
+ // Check that the document is not a record
+ assertFalse(recordService.isRecord(dmDocument));
+
+ // Declare the document as a record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ // Declare record
+ recordService.createRecord(filePlan, dmDocument);
+
+ return null;
+ }
+ }, dmCollaborator);
+
+ // Check that the document is a record
+ assertTrue(recordService.isRecord(dmDocument));
+ assertFalse(recordService.isFiled(dmDocument));
+ }
+
+ public void when() throws FileExistsException, FileNotFoundException
+ {
+ // file the document to a location in the file plan
+ fileFolderService.move(dmDocument, rmFolder, null);
+ }
+
+ public void then()
+ {
+ // Check that the document is a record now
+ assertTrue(recordService.isRecord(dmDocument));
+ assertTrue(recordService.isFiled(dmDocument));
+
+ // Check that the record is in the unfiled container
+
+ // Check that the record is still a child of the collaboration folder
+
+ // Check that the collaborator has filling permissions on the record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.FILING));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
+ return null;
+ }
+ }, dmCollaborator);
+
+
+ // Check that the consumer has read permissions on the record
+ AuthenticationUtil.runAs(new RunAsWork()
+ {
+ public Void doWork() throws Exception
+ {
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(dmDocument, RMPermissionModel.FILING));
+ assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
+ return null;
+ }
+ }, dmConsumer);
+
+ }
+ });
+ }
+}
diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/action/RejectActionTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/action/RejectActionTest.java
index e302801910..550b2c778e 100644
--- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/action/RejectActionTest.java
+++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/action/RejectActionTest.java
@@ -113,7 +113,8 @@ public class RejectActionTest extends BaseRMTestCase
assertTrue(nodeService.getParentAssocs(dmDocument).size() == 1);
// The extended reader information should be removed
- assertNull(extendedSecurityService.getExtendedReaders(dmDocument));
+ assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
+ assertTrue(extendedSecurityService.getExtendedReaders(dmDocument).isEmpty());
return null;
}
diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/ExtendedSecurityServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/ExtendedSecurityServiceImplTest.java
index f1ddc47a14..e89963e833 100644
--- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/ExtendedSecurityServiceImplTest.java
+++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/ExtendedSecurityServiceImplTest.java
@@ -27,9 +27,7 @@
package org.alfresco.module.org_alfresco_module_rm.test.legacy.service;
-import java.util.HashMap;
import java.util.HashSet;
-import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
@@ -101,64 +99,29 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
assertFalse(extendedSecurityService.hasExtendedSecurity(rmFolder));
assertFalse(extendedSecurityService.hasExtendedSecurity(record));
- assertNull(extendedSecurityService.getExtendedReaders(record));
- assertNull(extendedSecurityService.getExtendedWriters(record));
+ assertTrue(extendedSecurityService.getExtendedReaders(record).isEmpty());
+ assertTrue(extendedSecurityService.getExtendedWriters(record).isEmpty());
Set extendedReaders = new HashSet(2);
extendedReaders.add(monkey);
extendedReaders.add(elephant);
extendedSecurityService.addExtendedSecurity(record, extendedReaders, null);
-
- Map testMap = new HashMap(2);
- testMap.put(monkey, Integer.valueOf(1));
- testMap.put(elephant, Integer.valueOf(1));
-
- checkExtendedReaders(record, testMap);
+ checkExtendedReaders(record, extendedReaders);
Set extendedReadersToo = new HashSet(2);
extendedReadersToo.add(monkey);
extendedReadersToo.add(snake);
extendedSecurityService.addExtendedSecurity(recordToo, extendedReadersToo, null);
+ checkExtendedReaders(recordToo, extendedReadersToo);
- Map testMapToo = new HashMap(2);
- testMapToo.put(monkey, Integer.valueOf(1));
- testMapToo.put(snake, Integer.valueOf(1));
-
- Map testMapThree = new HashMap(3);
- testMapThree.put(monkey, Integer.valueOf(2));
- testMapThree.put(elephant, Integer.valueOf(1));
- testMapThree.put(snake, Integer.valueOf(1));
-
- checkExtendedReaders(recordToo, testMapToo);
-
- // test remove (with no parent inheritance)
-
- Set removeMap1 = new HashSet(2);
- removeMap1.add(elephant);
- removeMap1.add(monkey);
-
- extendedSecurityService.removeExtendedSecurity(rmFolder, removeMap1, null, false);
-
- Map testMapFour = new HashMap(2);
- testMapFour.put(monkey, Integer.valueOf(1));
- testMapFour.put(snake, Integer.valueOf(1));
-
- checkExtendedReaders(recordToo, testMapToo);
-
- // test remove (apply to parents)
-
- Set removeMap2 = new HashSet(1);
- removeMap2.add(snake);
-
- extendedSecurityService.removeExtendedSecurity(recordToo, removeMap2, null, true);
-
- testMapThree.remove(snake);
- testMapFour.remove(snake);
- testMapToo.remove(snake);
-
- checkExtendedReaders(recordToo, testMapToo);
+ // test remove
+ extendedSecurityService.removeAllExtendedSecurity(recordToo);
+
+ assertFalse(extendedSecurityService.hasExtendedSecurity(recordToo));
+ assertTrue(extendedSecurityService.getExtendedReaders(recordToo).isEmpty());
+ assertTrue(extendedSecurityService.getExtendedWriters(recordToo).isEmpty());
return null;
}
@@ -172,12 +135,12 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
doTestInTransaction(new Test()
{
- Map testMap = new HashMap(2);
+ Set extendedReaders = new HashSet(2);;
public Void run() throws Exception
{
- testMap.put(monkey, Integer.valueOf(1));
- testMap.put(elephant, Integer.valueOf(1));
+ extendedReaders.add(monkey);
+ extendedReaders.add(elephant);
assertFalse(extendedSecurityService.hasExtendedSecurity(filePlan));
assertFalse(extendedSecurityService.hasExtendedSecurity(rmContainer));
@@ -186,15 +149,11 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
assertFalse(extendedSecurityService.hasExtendedSecurity(moveRecordCategory));
assertFalse(extendedSecurityService.hasExtendedSecurity(moveRecordFolder));
- assertNull(extendedSecurityService.getExtendedReaders(record));
-
- Set extendedReaders = new HashSet(2);
- extendedReaders.add(monkey);
- extendedReaders.add(elephant);
+ assertTrue(extendedSecurityService.getExtendedReaders(record).isEmpty());
extendedSecurityService.addExtendedSecurity(record, extendedReaders, null);
- checkExtendedReaders(record, testMap);
+ checkExtendedReaders(record, extendedReaders);
assertFalse(extendedSecurityService.hasExtendedSecurity(moveRecordCategory));
assertFalse(extendedSecurityService.hasExtendedSecurity(moveRecordFolder));
@@ -206,31 +165,21 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
@Override
public void test(Void result) throws Exception
{
- checkExtendedReaders(record, testMap);
+ checkExtendedReaders(record, extendedReaders);
}
});
}
-
- @SuppressWarnings("unchecked")
- private void checkExtendedReaders(NodeRef nodeRef, Map testMap)
+ /**
+ * Check extended readers helper method
+ */
+ private void checkExtendedReaders(NodeRef nodeRef, Set testReaders)
{
assertTrue(extendedSecurityService.hasExtendedSecurity(nodeRef));
- Map readersMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS);
- assertNotNull(readersMap);
- assertEquals(testMap.size(), readersMap.size());
-
- for (Map.Entry entry: testMap.entrySet())
- {
- assertTrue(readersMap.containsKey(entry.getKey()));
- assertEquals(entry.getKey(), entry.getValue(), readersMap.get(entry.getKey()));
-
- }
-
Set readers = extendedSecurityService.getExtendedReaders(nodeRef);
assertNotNull(readers);
- assertEquals(testMap.size(), readers.size());
+ assertEquals(testReaders, readers);
}
public void testDifferentUsersDifferentPermissions()
diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanPermissionServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanPermissionServiceImplTest.java
index 0064691ac7..b36b0c87a8 100644
--- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanPermissionServiceImplTest.java
+++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanPermissionServiceImplTest.java
@@ -33,8 +33,6 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
-import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
-import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -1241,10 +1239,6 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
accessPermissions.put(permission.getAuthority(), permission.getPermission());
}
- assertTrue(accessPermissions.containsKey(ExtendedReaderDynamicAuthority.EXTENDED_READER));
- assertEquals(RMPermissionModel.READ_RECORDS, accessPermissions.get(ExtendedReaderDynamicAuthority.EXTENDED_READER));
- assertTrue(accessPermissions.containsKey(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
- assertEquals(RMPermissionModel.FILING, accessPermissions.get(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
String adminRole = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
assertTrue(accessPermissions.containsKey(adminRole));
assertEquals(RMPermissionModel.FILING, accessPermissions.get(adminRole));
diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordServiceImplTest.java
index 28ea6cc461..bf2366335e 100644
--- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordServiceImplTest.java
+++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordServiceImplTest.java
@@ -38,8 +38,6 @@ import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.Role;
-import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
-import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
@@ -181,22 +179,13 @@ public class RecordServiceImplTest extends BaseRMTestCase
public void testExtendedWriters() throws Exception
{
- final ExtendedReaderDynamicAuthority readerDy = (ExtendedReaderDynamicAuthority)applicationContext.getBean("extendedReaderDynamicAuthority");
- final ExtendedWriterDynamicAuthority writerDy = (ExtendedWriterDynamicAuthority)applicationContext.getBean("extendedWriterDynamicAuthority");
-
doTestInTransaction(new Test()
{
@Override
public Void run()
{
- assertNull(extendedSecurityService.getExtendedReaders(recordOne));
- assertNull(extendedSecurityService.getExtendedWriters(recordOne));
-
- assertFalse(readerDy.hasAuthority(recordOne, dmCollaborator));
- assertFalse(writerDy.hasAuthority(recordOne, dmCollaborator));
-
- assertFalse(readerDy.hasAuthority(filePlan, dmCollaborator));
- assertFalse(writerDy.hasAuthority(filePlan, dmCollaborator));
+ assertTrue(extendedSecurityService.getExtendedReaders(recordOne).isEmpty());
+ assertTrue(extendedSecurityService.getExtendedWriters(recordOne).isEmpty());
return null;
}
@@ -209,16 +198,9 @@ public class RecordServiceImplTest extends BaseRMTestCase
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(recordOne, RMPermissionModel.FILING));
-
- assertFalse(readerDy.hasAuthority(recordOne, dmCollaborator));
- assertFalse(writerDy.hasAuthority(recordOne, dmCollaborator));
-
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA));
- assertFalse(readerDy.hasAuthority(filePlan, dmCollaborator));
- assertFalse(writerDy.hasAuthority(filePlan, dmCollaborator));
-
return null;
}
}, dmCollaborator);
@@ -232,7 +214,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
writers.add(dmCollaborator);
extendedSecurityService.addExtendedSecurity(recordOne, null, writers);
- assertNull(extendedSecurityService.getExtendedReaders(recordOne));
+ assertTrue(extendedSecurityService.getExtendedReaders(recordOne).isEmpty());
assertFalse(extendedSecurityService.getExtendedWriters(recordOne).isEmpty());
return null;
@@ -247,9 +229,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(recordOne, RMPermissionModel.FILING));
- assertFalse(readerDy.hasAuthority(recordOne, dmCollaborator));
- assertTrue(writerDy.hasAuthority(recordOne, dmCollaborator));
-
+ // ALLOWED, becuase users have been added to the in-place roles
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA));
diff --git a/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java_225739127569027 b/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java_225739127569027
new file mode 100644
index 0000000000..e69de29bb2