diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java index 258d3124b6..b684d55ae3 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java @@ -43,7 +43,6 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; -import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; @@ -241,6 +240,8 @@ public class HoldServiceImpl extends ServiceBaseImpl { if (nodeService.exists(hold) && isHold(hold)) { + checkPermissionsForDeleteHold(hold); + RunAsWork work = new RunAsWork() { @Override @@ -531,6 +532,26 @@ public class HoldServiceImpl extends ServiceBaseImpl throw new AlfrescoRuntimeException("Can't delete hold, because passed node is not a hold. (hold=" + hold.toString() + ")"); } + checkPermissionsForDeleteHold(hold); + + invokeBeforeDeleteHold(hold); + + String holdName = (String) nodeService.getProperty(hold, PROP_NAME); + Set classQNames = getTypeAndApsects(hold); + + // delete the hold node + nodeService.deleteNode(hold); + + invokeOnDeleteHold(holdName, classQNames); + } + + /** + * Helper method to check if user has correct permissions to delete hold + * + * @param hold hold to be deleted + */ + private void checkPermissionsForDeleteHold(NodeRef hold) + { List held = AuthenticationUtil.runAsSystem(new RunAsWork>() { @Override @@ -579,16 +600,6 @@ public class HoldServiceImpl extends ServiceBaseImpl } throw new AccessDeniedException(I18NUtil.getMessage(MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR) + sb.toString()); } - - invokeBeforeDeleteHold(hold); - - String holdName = (String) nodeService.getProperty(hold, PROP_NAME); - Set classQNames = getTypeAndApsects(hold); - - // delete the hold node - nodeService.deleteNode(hold); - - invokeOnDeleteHold(holdName, classQNames); } /** diff --git a/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java b/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java index d070548983..bdfdd33c95 100644 --- a/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java +++ b/rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java @@ -88,6 +88,7 @@ public class HoldServiceImplUnitTest extends BaseUnitTest private static final String HOLD_NAME = "holdname"; private static final String HOLD_REASON = "holdreason"; private static final String HOLD_DESCRIPTION = "holddescription"; + private static final String GENERIC_ERROR_MSG = "any error message text"; protected NodeRef holdContainer; protected NodeRef hold; @@ -319,6 +320,21 @@ public class HoldServiceImplUnitTest extends BaseUnitTest // TODO check interactions with policy component!!! } + @Test (expected = AlfrescoRuntimeException.class) + public void deleteHoldNoPermissionsOnContent() + { + mockPoliciesForDeleteHold(); + + ChildAssociationRef childAssociationRef = generateChildAssociationRef(hold, record); + when(mockedNodeService.getChildAssocs(hold, ASSOC_FROZEN_CONTENT, RegexQNamePattern.MATCH_ALL)) + .thenReturn(Collections.singletonList(childAssociationRef)); + + when(mockedPermissionService.hasPermission(record, RMPermissionModel.FILING)).thenReturn(AccessStatus.DENIED); + when(mockedNodeService.getProperty(record, ContentModel.PROP_NAME)).thenThrow(new AccessDeniedException(GENERIC_ERROR_MSG)); + + holdService.beforeDeleteNode(hold); + } + @Test (expected = IntegrityException.class) public void addToHoldNotAHold() {