inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged DEV to /BRANCHES/v2.3

Browse Source 
93906: RM-1644 : Possible to create "report" records and copy records without Create Record capability
   - added "CreateRecord" constant in RMPermissionModel 
   - in CreateCapability evaluator I checked if the user has the capability
   - wrote unit test
93998: RM-1644 : Possible to create "report" records and copy records without Create Record capability
   - changed test implementation using the framework to specify the expected exception correctly



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@94003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Ana Bozianu
2015-01-26 10:27:07 +00:00
parent d14dafe33d
commit fc750835eb
3 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
View File

@@ -64,7 +64,8 @@ public interface RMPermissionModel
// Capability permissions
String DECLARE_RECORDS = "DeclareRecords";
String VIEW_RECORDS = "ViewRecords";
String VIEW_RECORDS = "ViewRecords";
String CREATE_RECORDS = "CreateRecords";
String CREATE_MODIFY_DESTROY_FOLDERS = "CreateModifyDestroyFolders";
String EDIT_RECORD_METADATA = "EditRecordMetadata";
String EDIT_NON_RECORD_METADATA = "EditNonRecordMetadata";

4
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -80,6 +80,10 @@ public class CreateCapability extends DeclarativeCapability
*/
public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
{
//if the user doesn't have Create Record capability deny access
if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
return AccessDecisionVoter.ACCESS_DENIED;
if (linkee != null)
{
int state = checkRead(linkee, true);

46
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
View File

@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID;
@@ -201,4 +202,49 @@ public class CreateRecordTest extends BaseRMTestCase
}
});
}
public void testCreateRecordWithoutCreateRecordCapability() throws Exception
{
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
{
/** test data */
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef recordFolder;
public void given()
{
// create role
Set<Capability> capabilities = new HashSet<Capability>(2);
capabilities.add(capabilityService.getCapability("ViewRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
public void when()
{
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user,
RMPermissionModel.FILING);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
recordService.createRecordFromContent(recordFolder, GUID.generate(),
TYPE_CONTENT, null, null);
return null;
}
}, user);
}
});
}
}