Merged DEV to /BRANCHES/v2.3

93906: RM-1644 : Possible to create "report" records and copy records without Create Record capability
   - added "CreateRecord" constant in RMPermissionModel 
   - in CreateCapability evaluator I checked if the user has the capability
   - wrote unit test
93998: RM-1644 : Possible to create "report" records and copy records without Create Record capability
   - changed test implementation using the framework to specify the expected exception correctly



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@94003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java

@@ -64,7 +64,8 @@ public interface RMPermissionModel
 
     // Capability permissions
     String DECLARE_RECORDS = "DeclareRecords";
-    String VIEW_RECORDS = "ViewRecords";    
+    String VIEW_RECORDS = "ViewRecords";
+    String CREATE_RECORDS = "CreateRecords";
     String CREATE_MODIFY_DESTROY_FOLDERS = "CreateModifyDestroyFolders";
     String EDIT_RECORD_METADATA = "EditRecordMetadata";
     String EDIT_NON_RECORD_METADATA = "EditNonRecordMetadata";

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java

@@ -80,6 +80,10 @@ public class CreateCapability extends DeclarativeCapability
      */
     public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
     {
+        //if the user doesn't have Create Record capability deny access 
+        if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
+            return AccessDecisionVoter.ACCESS_DENIED;
+        
         if (linkee != null)
         {
             int state = checkRead(linkee, true);