inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-7064 check permissions for delete node

Browse Source
This commit is contained in:
Sara Aspery
2019-11-28 01:09:21 +00:00
parent 486cffb939
commit fe502aadec
2 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java
View File

@@ -43,7 +43,6 @@ import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
@@ -241,6 +240,8 @@ public class HoldServiceImpl extends ServiceBaseImpl
{ {
if (nodeService.exists(hold) && isHold(hold)) if (nodeService.exists(hold) && isHold(hold))
{ {
checkPermissionsForDeleteHold(hold);
RunAsWork<Void> work = new RunAsWork<Void>() RunAsWork<Void> work = new RunAsWork<Void>()
{ {
@Override @Override
@@ -531,6 +532,26 @@ public class HoldServiceImpl extends ServiceBaseImpl
throw new AlfrescoRuntimeException("Can't delete hold, because passed node is not a hold. (hold=" + hold.toString() + ")"); throw new AlfrescoRuntimeException("Can't delete hold, because passed node is not a hold. (hold=" + hold.toString() + ")");
} }
checkPermissionsForDeleteHold(hold);
invokeBeforeDeleteHold(hold);
String holdName = (String) nodeService.getProperty(hold, PROP_NAME);
Set<QName> classQNames = getTypeAndApsects(hold);
// delete the hold node
nodeService.deleteNode(hold);
invokeOnDeleteHold(holdName, classQNames);
}
/**
* Helper method to check if user has correct permissions to delete hold
*
* @param hold hold to be deleted
*/
private void checkPermissionsForDeleteHold(NodeRef hold)
{
List<NodeRef> held = AuthenticationUtil.runAsSystem(new RunAsWork<List<NodeRef>>() List<NodeRef> held = AuthenticationUtil.runAsSystem(new RunAsWork<List<NodeRef>>()
{ {
@Override @Override
@@ -579,16 +600,6 @@ public class HoldServiceImpl extends ServiceBaseImpl
} }
throw new AccessDeniedException(I18NUtil.getMessage(MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR) + sb.toString()); throw new AccessDeniedException(I18NUtil.getMessage(MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR) + sb.toString());
} }
invokeBeforeDeleteHold(hold);
String holdName = (String) nodeService.getProperty(hold, PROP_NAME);
Set<QName> classQNames = getTypeAndApsects(hold);
// delete the hold node
nodeService.deleteNode(hold);
invokeOnDeleteHold(holdName, classQNames);
} }
/** /**

16
rm-community/rm-community-repo/unit-test/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImplUnitTest.java
View File

@@ -88,6 +88,7 @@ public class HoldServiceImplUnitTest extends BaseUnitTest
private static final String HOLD_NAME = "holdname"; private static final String HOLD_NAME = "holdname";
private static final String HOLD_REASON = "holdreason"; private static final String HOLD_REASON = "holdreason";
private static final String HOLD_DESCRIPTION = "holddescription"; private static final String HOLD_DESCRIPTION = "holddescription";
private static final String GENERIC_ERROR_MSG = "any error message text";
protected NodeRef holdContainer; protected NodeRef holdContainer;
protected NodeRef hold; protected NodeRef hold;
@@ -319,6 +320,21 @@ public class HoldServiceImplUnitTest extends BaseUnitTest
// TODO check interactions with policy component!!! // TODO check interactions with policy component!!!
} }
@Test (expected = AlfrescoRuntimeException.class)
public void deleteHoldNoPermissionsOnContent()
{
mockPoliciesForDeleteHold();
ChildAssociationRef childAssociationRef = generateChildAssociationRef(hold, record);
when(mockedNodeService.getChildAssocs(hold, ASSOC_FROZEN_CONTENT, RegexQNamePattern.MATCH_ALL))
.thenReturn(Collections.singletonList(childAssociationRef));
when(mockedPermissionService.hasPermission(record, RMPermissionModel.FILING)).thenReturn(AccessStatus.DENIED);
when(mockedNodeService.getProperty(record, ContentModel.PROP_NAME)).thenThrow(new AccessDeniedException(GENERIC_ERROR_MSG));
holdService.beforeDeleteNode(hold);
}
@Test (expected = IntegrityException.class) @Test (expected = IntegrityException.class)
public void addToHoldNotAHold() public void addToHoldNotAHold()
{ {