inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged BRANCHES/V2.2 to HEAD:

Browse Source 
76115: Update version to 2.1.1
   83912: Updated the Alfresco dependency from 4.2.2 to 4.2.3.1 for RM 2.2
   89173: Merged BRANCHES/v2.1.0.x to BRANCHES/v2.2:
        68559: (RECORD ONLY) Change base Alfresco version from 4.2.0-RC4 to 4.2.0
        68568: (RECORD ONLY) Merge from HEAD to BRANCHES/V2.1.0.x
        68569: (RECORD ONLY) Update module version to 2.1.0.1
        76475: (RECORD ONLY) Merge HEAD to BRANCHES/V2.1.0.x:
        76597: (RECORD ONLY) Merge HEAD to BRANCHES/V2.1.0.x:
            74932: RM-1461: CLONE - RM slower then standard repo/sites when rendering document details when folder contains 15k documents
        76598: (RECORD ONLY) Merged HEAD to BRANCHES/V2.1.0.x:
             75102: RM Performance testing
        76599: (RECORD ONLY) Update module version to 2.1.0.2
        76601: (RECORD ONLY) Merged HEAD to BRANCHES/V2.1.0.x:
             75186: RM Performance Improvements
   89251: Merge BRANCHES/V2.1.0.x to BRANCHES/V2.2:
        68559: Change base Alfresco version from 4.2.0-RC4 to 4.2.0
        68568: Merge from HEAD to BRANCHES/V2.1.0.x
        68569: Update module version to 2.1.0.1
        76475: Merge HEAD to BRANCHES/V2.1.0.x:
        76597: Merge HEAD to BRANCHES/V2.1.0.x:
            74932: RM-1461: CLONE - RM slower then standard repo/sites when rendering document details when folder contains 15k documents
        76598: Merged HEAD to BRANCHES/V2.1.0.x:
             75102: RM Performance testing
        76599: Update module version to 2.1.0.2
        76601: Merged HEAD to BRANCHES/V2.1.0.x:
             75186: RM Performance Improvements
        76673: Root container cache to improve unfiled record browse performance
            * relates to RM-1594 and RM-1595
        76850: RM performance enhancements
            * serach improvements
            * in-place record browse improvements
            * saved search via file plan browse improvements
        76851: Additional unit test to check extended security with cache is working as expected.
        76852: Rollback checked in config
        77709: RM-1630: Error on manage references page
            * regression caused by performance improvements
        84337: Update version to 2.1.0.3
        84421: Transaction level cahcing of declarative capability evaluation
        84676: Fix build
        84677: Prevent unnessary repeated creation of QName
        84678: Improvements to extended dynamic authorities
            * requiredFor set
            * direct access to extended permission information, not via service
        84679: Correct requiredFor value
        88087: RM-1661 (Performance on setting permissions at a high category level)
        88092: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88144: RM-1661 (Performance on setting permissions at a high category level)
        88182: RM-1724 (Inheritance is not off for root categories, unfiled records, holds and transfers)
        88192: RM-1661 (Performance on setting permissions at a high category level)
             * Added unit tests
        88193: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88358: RM-1661 (Performance on setting permissions at a high category level)
             * Added unit tests
        88685: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
        88686: RM-1741 (Moved root category doesn't inherit permissions)
        88687: RM-1741 (Moved root category doesn't inherit permissions)
             * Unit test added
        88688: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
             * Unit test added
        88691: RM-1745 (RM Admin role can only be added with read permission on the manage permission page)
        88772: RM-1741 (Moved root category doesn't inherit permissions)
        88860: RM-1661 (Performance on setting permissions at a high category level)
        88864: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88959: RM-1746 (Moved record/category always have the inheritance on)
        88960: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88961: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88962: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
   89252: Added missing test
   89253: Removed warnings
   89348: RM-1751 (Merge performance improvements made for RM 2.1.0.3 onto RM 2.2.1)
   89455: RM-1751 (Merge performance improvements made for RM 2.1.0.3 onto RM 2.2.1)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@89458 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-10-29 22:40:00 +00:00
parent aa396d8595 2a4eef688d
commit ff771da50b
45 changed files with 2180 additions and 1060 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
View File

@@ -134,6 +134,9 @@
<ref bean="extendedReaderDynamicAuthority" />
</list>
</property>
<property name="filePlanService">
<ref bean="filePlanService" />
</property>
</bean>
<bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
@@ -233,15 +236,12 @@
<property name="rulesDisabled">
<value>false</value>
</property>
<!-- Since RM 2.1 -->
<property name="filePlanService" ref="FilePlanService" />
<property name="runAsAdmin">
<value>${rm.rule.runasadmin}</value>
</property>
<property name="recordService" ref="RecordService" />
</bean>
<bean id="FormService_security" class="org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor">

9
rm-server/config/alfresco/module/org_alfresco_module_rm/log4j.properties
View File

@@ -47,3 +47,12 @@ log4j.logger.org.alfresco.module.org_alfresco_module_rm.behaviour.BaseBehaviourB
# Patch debug
#
log4j.logger.org.alfresco.module.org_alfresco_module_rm.patch=info
#
# RM Audit service debug
#
#log4j.logger.org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService=debug
#
# Job debug
#
#log4j.logger.org.alfresco.module.org_alfresco_module_rm.job=debug

2
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml
View File

@@ -45,7 +45,7 @@
<bean id="RMSecurityCommon" abstract="true">
<property name="nodeService" ref="nodeService"/>
<property name="permissionService" ref="permissionService"/>
<property name="permissionService" ref="permissionServiceImpl"/>
<property name="caveatConfigComponent" ref="caveatConfigComponent"/>
</bean>

6
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -378,11 +378,12 @@
<!-- File Plan Service -->
<bean id="rootContainerCache" class="org.alfresco.repo.cache.DefaultSimpleCache" />
<bean id="filePlanService"
parent="baseService"
class="org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanServiceImpl">
<property name="nodeDAO" ref="nodeDAO"/>
<property name="filePlanPermissionService" ref="FilePlanPermissionService" />
<property name="rootContainerCache" ref="rootContainerCache" />
</bean>
<bean id="FilePlanService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -444,6 +445,7 @@
<property name="permissionService" ref="PermissionService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="ownableService" ref="ownableService" />
<property name="authorityService" ref="AuthorityService" />
</bean>
<bean id="FilePlanPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">

1
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -399,6 +399,7 @@
<property name="kinds">
<set>
<value>FILE_PLAN</value>
<value>RECORD</value>
<value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value>
<value>UNFILED_RECORD_CONTAINER</value>

9
rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/rmpermissions.get.desc.xml
View File

@@ -1,9 +0,0 @@
<webscript>
<shortname>Records Management Permissions</shortname>
<description>Retrieve the Permissions set against a Records Management node.</description>
<url>/api/node/{store_type}/{store_id}/{id}/rmpermissions</url>
<format default="json">argument</format>
<authentication>user</authentication>
<transaction allow="readonly">required</transaction>
<lifecycle>internal</lifecycle>
</webscript>

86
rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/rmpermissions.get.js
View File

@@ -1,86 +0,0 @@
/**
* Entry point for rmpermissions GET data webscript.
* Queries the permissions from an RM node and constructs the data-model for the template.
*
* @method main
*/
function main()
{
// Get the node from the URL
var pathSegments = url.match.split("/");
var reference = [ url.templateArgs.store_type, url.templateArgs.store_id ].concat(url.templateArgs.id.split("/"));
var node = search.findNode(pathSegments[2], reference);
// 404 if the node is not found
if (node == null)
{
status.setCode(status.STATUS_NOT_FOUND, "The node could not be found");
return;
}
// retrieve permissions applied to this node
var permissions = node.getFullPermissions();
// split tokens - results are in the format:
// [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT]
var result = [];
for (var i=0; i<permissions.length; i++)
{
var tokens = permissions[i].split(";");
if (tokens[0] == "ALLOWED")
{
// we are only interested in the RM specific object level permissions
// Filing and ReadRecords
var id = tokens[2];
switch (id)
{
case "Filing":
case "ReadRecords":
{
var auth = null;
var authId = tokens[1];
var displayName;
if (authId.indexOf("GROUP_") === 0)
{
auth = groups.getGroupForFullAuthorityName(authId);
if (auth != null)
{
displayName = auth.displayName;
}
}
else
{
auth = people.getPerson(authId);
if (auth != null)
{
displayName = auth.properties.firstName + " " + auth.properties.lastName;
}
}
// check for null authority - this could happen if a group is removed
// from the system or similar and should be handled here
if (auth != null)
{
result.push(
{
id: id,
authority:
{
id: authId,
label: displayName
},
inherited: (tokens[3] == "INHERITED")
}
);
}
}
}
}
}
// apply result data-model
model.permissions = result;
model.inherited = node.inheritsPermissions();
}
main();

22
rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/rmpermissions.get.json.ftl
View File

@@ -1,22 +0,0 @@
<#escape x as jsonUtils.encodeJSONString(x)>
{
"data":
{
"permissions":
[
<#list permissions as perm>
{
"id": "${perm.id}",
"authority":
{
"id": "${perm.authority.id}",
"label": "${perm.authority.label}"
},
"inherited": ${perm.inherited?string}
}<#if perm_has_next>,</#if>
</#list>
],
"inherited": ${inherited?string}
}
}
</#escape>

11
rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/rmpermissions.post.json.js
View File

@@ -23,13 +23,18 @@ function main()
status.setCode(status.STATUS_BAD_REQUEST, "Permissions value missing from request.");
}
if (json.has("isInherited"))
{
node.setInheritsPermissions(json.getBoolean("isInherited"));
}
var permissions = json.getJSONArray("permissions");
for (var i=0; i<permissions.length(); i++)
{
var p = permissions.getJSONObject(i);
// collect values for the permission setting
var id = p.getString("id");
var role = p.getString("role");
var authority = p.getString("authority");
var remove = false;
if (p.has("remove"))
@@ -40,11 +45,11 @@ function main()
// apply or remove permission
if (remove)
{
rmService.deletePermission(node, id, authority);
rmService.deletePermission(node, role, authority);
}
else
{
rmService.setPermission(node, id, authority);
rmService.setPermission(node, role, authority);
}
}
}

34
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
View File

@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.capability;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
/**
@@ -34,13 +35,32 @@ public interface RMPermissionModel
String FILE_RECORDS = "FileRecords";
// Roles
String ROLE_NAME_USER = "User";
String ROLE_NAME_POWER_USER = "PowerUser";
String ROLE_NAME_SECURITY_OFFICER = "SecurityOfficer";
String ROLE_NAME_RECORDS_MANAGER = "RecordsManager";
String ROLE_NAME_ADMINISTRATOR = "Administrator";
String ROLE_ADMINISTRATOR = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_ADMINISTRATOR).toString();
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_USER} instead
*/
@Deprecated
public static final String ROLE_NAME_USER = FilePlanRoleService.ROLE_USER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_POWER_USER} instead
*/
@Deprecated
public static final String ROLE_NAME_POWER_USER = FilePlanRoleService.ROLE_POWER_USER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_SECURITY_OFFICER} instead
*/
@Deprecated
public static final String ROLE_NAME_SECURITY_OFFICER = FilePlanRoleService.ROLE_SECURITY_OFFICER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_RECORDS_MANAGER} instead
*/
@Deprecated
public static final String ROLE_NAME_RECORDS_MANAGER = FilePlanRoleService.ROLE_RECORDS_MANAGER;
/**
* @deprecated as of 2.1.0.3, please use {@link FilePlanRoleService.ROLE_ADMIN} instead
*/
@Deprecated
public static final String ROLE_NAME_ADMINISTRATOR = FilePlanRoleService.ROLE_ADMIN;
public static final String ROLE_ADMINISTRATOR = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, FilePlanRoleService.ROLE_ADMIN).toString();
// Capability permissions

77
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java
View File

@@ -18,14 +18,16 @@
*/
package org.alfresco.module.org_alfresco_module_rm.capability;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.TransactionalResourceHelper;
import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -33,6 +35,7 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.Pair;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -201,54 +204,82 @@ public class RMSecurityCommon implements ApplicationContextAware
}
/**
* Core RM read check
*
* @param nodeRef
* @return
* @param nodeRef node reference
* @return int see {@link AccessDecisionVoter}
*/
public int checkRmRead(NodeRef nodeRef)
{
int result = getTransactionCache("checkRmRead", nodeRef);
if (result != NOSET_VALUE)
{
return result;
}
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
Map<Pair<String, NodeRef>, Integer> transactionCache = TransactionalResourceHelper.getMap("rm.security.checkRMRead");
Pair<String, NodeRef> key = new Pair<String, NodeRef>(AuthenticationUtil.getRunAsUser(), nodeRef);
if (transactionCache.containsKey(key))
{
result = transactionCache.get(key);
}
else
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS) == AccessStatus.DENIED)
{
// log message
RMMethodSecurityInterceptor.addMessage("User does not have read record permission on node, access denied. (nodeRef={0}, user={1})", nodeRef, AuthenticationUtil.getRunAsUser());
if (logger.isDebugEnabled())
{
logger.debug("\t\tUser does not have read record permission on node, access denied. (nodeRef=" + nodeRef.toString() + ", user=" + AuthenticationUtil.getRunAsUser() + ")");
}
return setTransactionCache("checkRmRead", nodeRef, AccessDecisionVoter.ACCESS_DENIED);
result = AccessDecisionVoter.ACCESS_DENIED;
}
else
{
// Get the file plan for the node
NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
if (permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS) == AccessStatus.DENIED)
if (hasViewCapability(filePlan) == AccessStatus.DENIED)
{
// log capability details
RMMethodSecurityInterceptor.reportCapabilityStatus(RMPermissionModel.VIEW_RECORDS, AccessDecisionVoter.ACCESS_DENIED);
if (logger.isDebugEnabled())
{
logger.debug("\t\tUser does not have view records capability permission on node, access denied. (filePlan=" + filePlan.toString() + ", user=" + AuthenticationUtil.getRunAsUser() + ")");
}
return setTransactionCache("checkRmRead", nodeRef, AccessDecisionVoter.ACCESS_DENIED);
result = AccessDecisionVoter.ACCESS_DENIED;
}
if (caveatConfigComponent.hasAccess(nodeRef))
else if (!caveatConfigComponent.hasAccess(nodeRef))
{
return setTransactionCache("checkRmRead", nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
result = AccessDecisionVoter.ACCESS_DENIED;
}
else
{
return setTransactionCache("checkRmRead", nodeRef, AccessDecisionVoter.ACCESS_DENIED);
result = AccessDecisionVoter.ACCESS_GRANTED;
}
}
// cache result
transactionCache.put(key, result);
}
return result;
}
/**
* Helper method to determine whether the current user has view capability on the file plan
*
* @param filePlan file plan
* @return {@link AccessStatus}
*/
private AccessStatus hasViewCapability(NodeRef filePlan)
{
Map<Pair<String, NodeRef>, AccessStatus> transactionCache = TransactionalResourceHelper.getMap("rm.security.hasViewCapability");
Pair<String, NodeRef> key = new Pair<String, NodeRef>(AuthenticationUtil.getRunAsUser(), filePlan);
if (transactionCache.containsKey(key))
{
return transactionCache.get(key);
}
else
{
AccessStatus result = permissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS);
transactionCache.put(key, result);
return result;
}
}
@SuppressWarnings("rawtypes")

22
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
View File

@@ -30,6 +30,8 @@ import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.TransactionalResourceHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.apache.commons.logging.Log;
@@ -289,11 +291,20 @@ public class DeclarativeCapability extends AbstractCapability
{
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
// check transaction cache
Map<String, Integer> map = TransactionalResourceHelper.getMap("rm.declarativeCapability");
String key = getName() + "|" + nodeRef.toString() + "|" + AuthenticationUtil.getRunAsUser();
if (map.containsKey(key))
{
result = map.get(key);
}
else
{
// Check we are dealing with a file plan component
if (getFilePlanService().isFilePlanComponent(nodeRef))
if (getFilePlanService().isFilePlanComponent(nodeRef) == true)
{
// Check the kind of the object, the permissions and the conditions
if (checkKinds(nodeRef) && checkPermissions(nodeRef) && checkConditions(nodeRef))
if (checkKinds(nodeRef) == true && checkPermissions(nodeRef) == true && checkConditions(nodeRef) == true)
{
// Opportunity for child implementations to extend
result = evaluateImpl(nodeRef);
@@ -308,9 +319,12 @@ public class DeclarativeCapability extends AbstractCapability
result = onEvaluate(nodeRef, result);
// log access denied to help with debug
if (LOGGER.isDebugEnabled() && AccessDecisionVoter.ACCESS_DENIED == result)
if (LOGGER.isDebugEnabled() == true && AccessDecisionVoter.ACCESS_DENIED == result)
{
LOGGER.debug("FAIL: Capability " + getName() + " returned an Access Denied result during evaluation of node " + nodeRef.toString());
LOGGER.debug("Capability " + getName() + " returned an Access Denied result during evaluation of node " + nodeRef.toString());
}
map.put(key, result);
}
return result;

5
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/AtLeastOneCondition.java
View File

@@ -43,6 +43,11 @@ public class AtLeastOneCondition extends AbstractCapabilityCondition
this.conditions = conditions;
}
/**
* Don't use the transaction cache for the composite condition
*
* @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean evaluate(NodeRef nodeRef)
{

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/IsPropertySetCondition.java
View File

@@ -34,6 +34,7 @@ public class IsPropertySetCondition extends AbstractCapabilityCondition
{
/** property name (eg: rma:location) */
private String propertyName;
private QName propertyQName;
/** namespace service */
private NamespaceService namespaceService;
@@ -59,7 +60,11 @@ public class IsPropertySetCondition extends AbstractCapabilityCondition
*/
protected QName getPropertyQName()
{
return QName.createQName(propertyName, namespaceService);
if (propertyQName == null)
{
propertyQName = QName.createQName(propertyName, namespaceService);
}
return propertyQName;
}
/**

130
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java
View File

@@ -30,12 +30,18 @@ import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.NamespaceService;
@@ -52,7 +58,8 @@ import org.springframework.extensions.surf.util.I18NUtil;
* @since 2.1
*/
public class FilePlanServiceImpl extends ServiceBaseImpl
implements FilePlanService
implements FilePlanService,
RecordsManagementModel
{
/** I18N */
private static final String MSG_DUP_ROOT = "rm.service.dup-root";
@@ -72,34 +79,75 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
/** RM site file plan container */
private static final String FILE_PLAN_CONTAINER = "documentLibrary";
/** node DAO */
/** root container cache */
private SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache;
/** File plan role service */
private FilePlanRoleService filePlanRoleService;
/** Permission service */
private PermissionService permissionService;
/** Node DAO */
private NodeDAO nodeDAO;
/** file plan permission service */
private FilePlanPermissionService filePlanPermissionService;
/** Site service */
private SiteService siteService;
/**
* @param nodeDAO node DAO
* Gets the file plan role service
*
* @return The file plan role service
*/
public void setNodeDAO(NodeDAO nodeDAO)
public FilePlanRoleService getFilePlanRoleService()
{
this.nodeDAO = nodeDAO;
if (filePlanRoleService == null)
{
filePlanRoleService = (FilePlanRoleService) applicationContext.getBean("FilePlanRoleService");
}
return filePlanRoleService;
}
/**
* @return site service
* Gets the permission service
*
* @return The permission service
*/
protected SiteService getSiteService()
public PermissionService getPermissionService()
{
return (SiteService)applicationContext.getBean("siteService");
if (permissionService == null)
{
permissionService = (PermissionService) applicationContext.getBean("permissionService");
}
return permissionService;
}
/**
* @param filePlanPermissionService file plan permission service
* Gets the node DAO
*
* @return The node DAO
*/
public void setFilePlanPermissionService(FilePlanPermissionService filePlanPermissionService)
public NodeDAO getNodeDAO()
{
this.filePlanPermissionService = filePlanPermissionService;
if (nodeDAO == null)
{
nodeDAO = (NodeDAO) applicationContext.getBean("nodeDAO");
}
return nodeDAO;
}
/**
* Gets the site service
*
* @return The site service
*/
public SiteService getSiteService()
{
if (siteService == null)
{
siteService = (SiteService) applicationContext.getBean("SiteService");
}
return siteService;
}
/**
@@ -111,6 +159,14 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
return getFilePlans(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
}
/**
* @param rootContainerCache root container cache
*/
public void setRootContainerCache(SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache)
{
this.rootContainerCache = rootContainerCache;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans(org.alfresco.service.cmr.repository.StoreRef)
*/
@@ -122,7 +178,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
final Set<NodeRef> results = new HashSet<NodeRef>();
Set<QName> aspects = new HashSet<QName>(1);
aspects.add(ASPECT_RECORDS_MANAGEMENT_ROOT);
nodeDAO.getNodesWithAspects(aspects, Long.MIN_VALUE, Long.MAX_VALUE, new NodeDAO.NodeRefQueryCallback()
getNodeDAO().getNodesWithAspects(aspects, Long.MIN_VALUE, Long.MAX_VALUE, new NodeDAO.NodeRefQueryCallback()
{
@Override
public boolean handle(Pair<Long, NodeRef> nodePair)
@@ -146,12 +202,11 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
public NodeRef getFilePlanBySiteId(String siteId)
{
NodeRef filePlan = null;
SiteService siteService = getSiteService();
SiteInfo siteInfo = siteService.getSite(siteId);
if (siteInfo != null && siteService.hasContainer(siteId, FILE_PLAN_CONTAINER))
SiteInfo siteInfo = getSiteService().getSite(siteId);
if (siteInfo != null && getSiteService().hasContainer(siteId, FILE_PLAN_CONTAINER))
{
NodeRef nodeRef = siteService.getContainer(siteId, FILE_PLAN_CONTAINER);
NodeRef nodeRef = getSiteService().getContainer(siteId, FILE_PLAN_CONTAINER);
if (instanceOf(nodeRef, TYPE_FILE_PLAN))
{
filePlan = nodeRef;
@@ -198,10 +253,11 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
}
/**
* Get the file root container for the given type.
*
* @param filePlan
* @param containerName
* @return
* @param filePlan file plan
* @param containerName container type
* @return {@link NodeRef} file plan container
*/
private NodeRef getFilePlanRootContainer(NodeRef filePlan, String containerName)
{
@@ -212,7 +268,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
}
NodeRef result = null;
Pair<NodeRef, String> key = new Pair<NodeRef, String>(filePlan, containerName);
if (!rootContainerCache.contains(key))
{
// try and get the unfiled record container
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(filePlan, ContentModel.ASSOC_CONTAINS, QName.createQName(RM_URI, containerName));
if (assocs.size() > 1)
@@ -222,6 +281,12 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
else if (assocs.size() == 1)
{
result = assocs.get(0).getChildRef();
rootContainerCache.put(key, result);
}
}
else
{
result = rootContainerCache.get(key);
}
return result;
@@ -269,6 +334,8 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
throw new AlfrescoRuntimeException("Unable to create file plan root container, because passed node is not a file plan.");
}
String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan);
// create the properties map
Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1);
properties.put(ContentModel.PROP_NAME, containerName);
@@ -281,8 +348,23 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
containerType,
properties).getChildRef();
// setup the permissions
filePlanPermissionService.setupPermissions(filePlan, container);
// if (inheritPermissions == false)
// {
// set inheritance to false
getPermissionService().setInheritParentPermissions(container, false);
getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
// TODO set the admin users to have filing permissions on the unfiled container!!!
// TODO we will need to be able to get a list of the admin roles from the service
// }
// else
// {
// just inherit eveything
// TODO will change this when we are able to set permissions on holds and transfers!
// getPermissionService().setInheritParentPermissions(container, true);
// }
return container;
}

210
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/freeze/FreezeServiceImpl.java
View File

@@ -38,7 +38,6 @@ import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransacti
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
@@ -107,109 +106,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl
return nodeService.hasAspect(nodeRef, ASPECT_FROZEN);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#hasFrozenChildren(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean hasFrozenChildren(final NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
boolean result = false;
// check that we are dealing with a record folder
if (isRecordFolder(nodeRef))
{
int heldCount = 0;
if (nodeService.hasAspect(nodeRef, ASPECT_HELD_CHILDREN))
{
heldCount = (Integer)getInternalNodeService().getProperty(nodeRef, PROP_HELD_CHILDREN_COUNT);
}
else
{
final TransactionService transactionService = (TransactionService)applicationContext.getBean("transactionService");
heldCount = AuthenticationUtil.runAsSystem(new RunAsWork<Integer>()
{
@Override
public Integer doWork()
{
return transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Integer>()
{
public Integer execute() throws Throwable
{
int heldCount = 0;
// NOTE: this process remains to 'patch' older systems to improve performance next time around
List<ChildAssociationRef> childAssocs = getInternalNodeService().getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS,
RegexQNamePattern.MATCH_ALL);
if (childAssocs != null && !childAssocs.isEmpty())
{
for (ChildAssociationRef childAssociationRef : childAssocs)
{
NodeRef record = childAssociationRef.getChildRef();
if (childAssociationRef.isPrimary() && isRecord(record) && isFrozen(record))
{
heldCount ++;
}
}
}
// add aspect and set count
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1);
props.put(PROP_HELD_CHILDREN_COUNT, heldCount);
getInternalNodeService().addAspect(nodeRef, ASPECT_HELD_CHILDREN, props);
return heldCount;
}
},
false, true);
}
});
}
// true if more than one child held
result = (heldCount > 0);
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#getFreezeDate(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public Date getFreezeDate(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
if (isFrozen(nodeRef))
{
Serializable property = nodeService.getProperty(nodeRef, PROP_FROZEN_AT);
if (property != null) { return (Date) property; }
}
return null;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#getFreezeInitiator(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public String getFreezeInitiator(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
if (isFrozen(nodeRef))
{
Serializable property = nodeService.getProperty(nodeRef, PROP_FROZEN_BY);
if (property != null) { return (String) property; }
}
return null;
}
/**
* Deprecated Method Implementations
*/
@@ -357,6 +253,112 @@ public class FreezeServiceImpl extends ServiceBaseImpl
return new HashSet<NodeRef>(getHoldService().getHolds(filePlan));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#hasFrozenChildren(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public boolean hasFrozenChildren(final NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
boolean result = false;
// check that we are dealing with a record folder
if (isRecordFolder(nodeRef))
{
int heldCount = 0;
if (nodeService.hasAspect(nodeRef, ASPECT_HELD_CHILDREN))
{
heldCount = (Integer)getInternalNodeService().getProperty(nodeRef, PROP_HELD_CHILDREN_COUNT);
}
else
{
final TransactionService transactionService = (TransactionService)applicationContext.getBean("transactionService");
heldCount = AuthenticationUtil.runAsSystem(new RunAsWork<Integer>()
{
@Override
public Integer doWork()
{
return transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Integer>()
{
public Integer execute() throws Throwable
{
int heldCount = 0;
// NOTE: this process remains to 'patch' older systems to improve performance next time around
List<ChildAssociationRef> childAssocs = getInternalNodeService().getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, null);
if (childAssocs != null && !childAssocs.isEmpty())
{
for (ChildAssociationRef childAssociationRef : childAssocs)
{
NodeRef record = childAssociationRef.getChildRef();
if (childAssociationRef.isPrimary() && isRecord(record) && isFrozen(record))
{
heldCount ++;
}
}
}
// add aspect and set count
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1);
props.put(PROP_HELD_CHILDREN_COUNT, heldCount);
getInternalNodeService().addAspect(nodeRef, ASPECT_HELD_CHILDREN, props);
return heldCount;
}
},
false, true);
}
});
}
// true if more than one child held
result = (heldCount > 0);
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#getFreezeDate(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public Date getFreezeDate(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
if (isFrozen(nodeRef))
{
Serializable property = nodeService.getProperty(nodeRef, PROP_FROZEN_AT);
if (property != null) { return (Date) property; }
}
return null;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService#getFreezeInitiator(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public String getFreezeInitiator(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
if (isFrozen(nodeRef))
{
Serializable property = nodeService.getProperty(nodeRef, PROP_FROZEN_BY);
if (property != null) { return (String) property; }
}
return null;
}
/**
* Helper Methods
*/
/**
* Creates a hold using the given nodeRef and reason
*

33
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/slingshot/RMSearchGet.java
View File

@@ -33,9 +33,7 @@ import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearch
import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService;
import org.alfresco.module.org_alfresco_module_rm.search.SavedSearchDetailsCompatibility;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.ContentData;
import org.alfresco.service.cmr.repository.ContentReader;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -44,6 +42,7 @@ import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.extensions.webscripts.Cache;
@@ -199,20 +198,20 @@ public class RMSearchGet extends DeclarativeWebScript
}
// Execute search
List<NodeRef> results = recordsManagementSearchService.search(siteId, query, searchParameters);
List<Pair<NodeRef, NodeRef>> results = recordsManagementSearchService.search(siteId, query, searchParameters);
// Reset person data cache
personDataCache = new HashMap<String, String>(57);
// Process the result items
List<Item> items = new ArrayList<Item>(results.size());
for (NodeRef nodeRef : results)
for (Pair<NodeRef, NodeRef> pair : results)
{
// FIXME: See RM-478
// TC 3-3 Create User Groups
try
{
Item item = new Item(nodeRef);
Item item = new Item(pair.getFirst(), pair.getSecond());
items.add(item);
}
catch(Exception e) {}
@@ -245,7 +244,7 @@ public class RMSearchGet extends DeclarativeWebScript
private Map<QName, Serializable> nodeProperties;
private Map<String, Serializable> properties;
public Item(NodeRef nodeRef)
public Item(NodeRef parent, NodeRef nodeRef)
{
// Set node ref
this.nodeRef = nodeRef;
@@ -265,12 +264,12 @@ public class RMSearchGet extends DeclarativeWebScript
}
// Get parent node reference
NodeRef parent = null;
ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
if (assoc != null)
{
parent = assoc.getParentRef();
}
// NodeRef parent = null;
// ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
// if (assoc != null)
// {
// parent = assoc.getParentRef();
// }
if (isContainer)
{
@@ -334,16 +333,6 @@ public class RMSearchGet extends DeclarativeWebScript
if (!NamespaceService.SYSTEM_MODEL_1_0_URI.equals(qName.getNamespaceURI()))
{
String prefixName = qName.getPrefixString().replace(":", "_");
Serializable value = entry.getValue();
if (value instanceof NodeRef)
{
value = value.toString();
}
else if (value instanceof ContentData)
{
ContentReader contentReader = contentService.getReader(nodeRef, qName);
value = contentReader.getContentString();
}
properties.put(prefixName, entry.getValue());
}
}

5
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/search/RecordsManagementSearchService.java
View File

@@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.search;
import java.util.List;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.Pair;
/**
* Records management search service.
@@ -34,9 +35,9 @@ public interface RecordsManagementSearchService
* @param siteId the id of the rm site to query
* @param query search query string
* @param searchParameters search parameters
* @return {@link List}<{@link NodeRef}> search results
* @return {@link List}<{@link Pair}<{@link NodeRef}, {@link NodeRef}> search results as pairs for parent and child nodes
*/
List<NodeRef> search(String siteId, String query, RecordsManagementSearchParameters searchParameters);
List<Pair<NodeRef, NodeRef>> search(String siteId, String query, RecordsManagementSearchParameters searchParameters);
/**
* Get all the searches saved on the given records management site.

13
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/search/RecordsManagementSearchServiceImpl.java
View File

@@ -30,6 +30,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.model.FileFolderService;
import org.alfresco.service.cmr.model.FileInfo;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.ContentReader;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -41,6 +42,7 @@ import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.ISO9075;
import org.alfresco.util.Pair;
import org.alfresco.util.ParameterCheck;
import org.json.JSONArray;
import org.json.JSONException;
@@ -173,7 +175,7 @@ public class RecordsManagementSearchServiceImpl implements RecordsManagementSear
* @see org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService#search(java.lang.String, java.lang.String, org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchParameters)
*/
@Override
public List<NodeRef> search(String siteId, String query, RecordsManagementSearchParameters rmSearchParameters)
public List<Pair<NodeRef, NodeRef>> search(String siteId, String query, RecordsManagementSearchParameters rmSearchParameters)
{
// build the full RM query
StringBuilder fullQuery = new StringBuilder(1024);
@@ -207,8 +209,15 @@ public class RecordsManagementSearchServiceImpl implements RecordsManagementSear
// execute query
ResultSet resultSet = searchService.query(searchParameters);
// process results
List<Pair<NodeRef, NodeRef>> result = new ArrayList<Pair<NodeRef, NodeRef>>(resultSet.length());
for (ChildAssociationRef childAssoc : resultSet.getChildAssocRefs())
{
result.add(new Pair<NodeRef, NodeRef>(childAssoc.getParentRef(), childAssoc.getChildRef()));
}
// return results
return resultSet.getNodeRefs();
return result;
}
/**

38
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java
View File

@@ -18,8 +18,12 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
/**
@@ -42,11 +46,43 @@ public class ExtendedReaderDynamicAuthority extends ExtendedSecurityBaseDynamicA
return EXTENDED_READER;
}
/**
* @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
*/
@Override
public Set<PermissionReference> requiredFor()
{
if (requiredFor == null)
{
requiredFor = Collections.singleton(getModelDAO().getPermissionReference(null, RMPermissionModel.READ_RECORDS));
}
return requiredFor;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef)
*/
@SuppressWarnings("unchecked")
protected Set<String> getAuthorites(NodeRef nodeRef)
{
return getExtendedSecurityService().getExtendedReaders(nodeRef);
Set<String> result = null;
Map<String, Integer> readerMap = (Map<String, Integer>)getNodeService().getProperty(nodeRef, PROP_READERS);
if (readerMap != null)
{
result = readerMap.keySet();
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getTransactionCacheName()
*/
@Override
protected String getTransactionCacheName()
{
return "rm.extendedreaderdynamicauthority";
}
}

93
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java
View File

@@ -24,10 +24,12 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.ModelDAO;
import org.alfresco.repo.transaction.TransactionalResourceHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.util.Pair;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
@@ -41,9 +43,6 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
RecordsManagementModel,
ApplicationContextAware
{
/** transaction cache key */
private static final String KEY_HAS_AUTHORITY_CACHE = "rm.transaction.hasAuthority";
/** Authority service */
private AuthorityService authorityService;
@@ -56,6 +55,12 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
/** Application context */
protected ApplicationContext applicationContext;
/** model DAO */
protected ModelDAO modelDAO;
/** permission reference */
protected Set<PermissionReference> requiredFor;
// NOTE: we get the services directly from the application context in this way to avoid
// cyclic relationships and issues when loading the application context
@@ -95,6 +100,23 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
return nodeService;
}
/**
* @return model DAO
*/
protected ModelDAO getModelDAO()
{
if (modelDAO == null)
{
modelDAO = (ModelDAO)applicationContext.getBean("permissionsModelDAO");
}
return modelDAO;
}
/**
* @return String transaction cache name
*/
protected abstract String getTransactionCacheName();
/**
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
*/
@@ -121,63 +143,40 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
{
boolean result = false;
if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_SECURITY))
Map<Pair<NodeRef, String>, Boolean> transactionCache = TransactionalResourceHelper.getMap(getTransactionCacheName());
Pair<NodeRef, String> key = new Pair<NodeRef, String>(nodeRef, userName);
if (transactionCache.containsKey(key))
{
result = transactionCache.get(key);
}
else
{
if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_SECURITY) == true)
{
Set<String> authorities = getAuthorites(nodeRef);
if (authorities != null)
{
for (String authority : authorities)
// check for everyone or the user
if (authorities.contains("GROUP_EVEYONE") ||
authorities.contains(userName))
{
if ("GROUP_EVERYONE".equals(authority))
{
// 'eveyone' is there so break
result = true;
break;
}
else if (authority.startsWith("GROUP_"))
{
Map<String, Boolean> transactionCache = TransactionalResourceHelper.getMap(KEY_HAS_AUTHORITY_CACHE);
String key = authority + "|" + userName;
if (transactionCache.containsKey(key))
{
result = transactionCache.get(key);
break;
}
else
{
// determine whether any of the users groups are in the extended security
Set<String> contained = getAuthorityService().getAuthoritiesForUser(userName);
if (contained.contains(authority))
{
result = true;
authorities.retainAll(contained);
result = (authorities.size() != 0);
}
}
}
// cache result
transactionCache.put(key, result);
break;
}
}
}
else
{
// presume we have a user
if (authority.equals(userName))
{
result = true;
break;
}
}
}
}
}
return result;
}
/**
* Base implementation
*
* @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
*/
@Override
public Set<PermissionReference> requiredFor()
{
return null;
}
}

43
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java
View File

@@ -18,8 +18,13 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
/**
@@ -42,11 +47,47 @@ public class ExtendedWriterDynamicAuthority extends ExtendedSecurityBaseDynamicA
return EXTENDED_WRITER;
}
/**
* @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
*/
@Override
public Set<PermissionReference> requiredFor()
{
if (requiredFor == null)
{
requiredFor = new HashSet<PermissionReference>(3);
Collections.addAll(requiredFor,
getModelDAO().getPermissionReference(null, RMPermissionModel.READ_RECORDS),
getModelDAO().getPermissionReference(null, RMPermissionModel.FILING),
getModelDAO().getPermissionReference(null, RMPermissionModel.FILE_RECORDS));
}
return requiredFor;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef)
*/
@SuppressWarnings("unchecked")
protected Set<String> getAuthorites(NodeRef nodeRef)
{
return getExtendedSecurityService().getExtendedWriters(nodeRef);
Set<String> result = null;
Map<String, Integer> map = (Map<String, Integer>)getNodeService().getProperty(nodeRef, PROP_WRITERS);
if (map != null)
{
result = map.keySet();
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getTransactionCacheName()
*/
@Override
protected String getTransactionCacheName()
{
return "rm.extendedwriterdynamicauthority";
}
}

436
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -18,31 +18,36 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority.EXTENDED_READER;
import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority.EXTENDED_WRITER;
import static org.alfresco.repo.policy.Behaviour.NotificationFrequency.TRANSACTION_COMMIT;
import static org.alfresco.repo.policy.annotation.BehaviourKind.CLASS;
import static org.alfresco.repo.security.authentication.AuthenticationUtil.getSystemUserName;
import static org.alfresco.service.cmr.security.OwnableService.NO_OWNER;
import static org.alfresco.util.ParameterCheck.mandatory;
import static org.apache.commons.lang.BooleanUtils.isTrue;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.annotation.Behaviour;
import org.alfresco.repo.policy.annotation.BehaviourBean;
import org.alfresco.repo.policy.annotation.BehaviourKind;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -59,30 +64,43 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
RMPermissionModel
{
/** Permission service */
protected PermissionService permissionService;
private PermissionService permissionService;
/** Ownable service */
protected OwnableService ownableService;
private OwnableService ownableService;
/** Policy component */
protected PolicyComponent policyComponent;
private PolicyComponent policyComponent;
/** Authority service */
private AuthorityService authorityService;
/** Logger */
protected static final Log LOGGER = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
private static final Log LOGGER = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
/**
* Initialisation method
*/
public void init()
{
policyComponent.bindClassBehaviour(
getPolicyComponent().bindClassBehaviour(
NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
new JavaBehaviour(this, "onAddRecord", TRANSACTION_COMMIT));
getPolicyComponent().bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
new JavaBehaviour(this, "onMoveRecord", TRANSACTION_COMMIT));
}
/**
* Gets the permission service
*
* @return The permission service
*/
protected PermissionService getPermissionService()
{
return this.permissionService;
}
/**
@@ -93,6 +111,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
this.permissionService = permissionService;
}
/**
* Gets the policy component
*
* @return The policy component
*/
protected PolicyComponent getPolicyComponent()
{
return this.policyComponent;
}
/**
* @param policyComponent policy component
*/
@@ -101,6 +129,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
this.policyComponent = policyComponent;
}
/**
* Gets the ownable service
*
* @return The ownable service
*/
protected OwnableService getOwnableService()
{
return this.ownableService;
}
/**
* @param ownableService ownable service
*/
@@ -109,13 +147,33 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
this.ownableService = ownableService;
}
/**
* Gets the authority service
*
* @return The authority service
*/
public AuthorityService getAuthorityService()
{
return this.authorityService;
}
/**
* Sets the authority service
*
* @param authorityService The authority service
*/
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService#setupRecordCategoryPermissions(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public void setupRecordCategoryPermissions(final NodeRef recordCategory)
{
ParameterCheck.mandatory("recordCategory", recordCategory);
mandatory("recordCategory", recordCategory);
// assert that we have a record category in our hands
if (!instanceOf(recordCategory, TYPE_RECORD_CATEGORY))
@@ -136,12 +194,13 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
@Behaviour
(
type = "rma:unfiledRecordFolder",
kind = BehaviourKind.CLASS,
kind = CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
notificationFrequency = TRANSACTION_COMMIT
)
public void onCreateUnfiledRecordFolder(ChildAssociationRef childAssocRef)
{
mandatory("childAssocRef", childAssocRef);
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
@@ -153,12 +212,13 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
@Behaviour
(
type = "rma:recordFolder",
kind = BehaviourKind.CLASS,
kind = CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
notificationFrequency = TRANSACTION_COMMIT
)
public void onCreateRecordFolder(ChildAssociationRef childAssocRef)
{
mandatory("childAssocRef", childAssocRef);
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
@@ -170,12 +230,13 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
@Behaviour
(
type = "rma:hold",
kind = BehaviourKind.CLASS,
kind = CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
notificationFrequency = TRANSACTION_COMMIT
)
public void onCreateHold(final ChildAssociationRef childAssocRef)
{
mandatory("childAssocRef", childAssocRef);
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
@@ -187,13 +248,14 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
@Behaviour
(
type = "rma:transfer",
kind = BehaviourKind.CLASS,
kind = CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
notificationFrequency = TRANSACTION_COMMIT
)
public void onCreateTransfer(final ChildAssociationRef childAssocRef)
{
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef(), false);
mandatory("childAssocRef", childAssocRef);
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
/**
@@ -204,90 +266,53 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/
public void setupPermissions(final NodeRef parent, final NodeRef nodeRef)
{
ParameterCheck.mandatory("parent", parent);
ParameterCheck.mandatory("nodeRef", nodeRef);
setupPermissions(parent, nodeRef, true);
}
mandatory("parent", parent);
mandatory("nodeRef", nodeRef);
/**
* Helper method to setup permissions.
*
* @param parent parent node reference
* @param nodeRef child node reference
* @param includeInPlace true if in-place permissions should be included, false otherwise
*/
private void setupPermissions(final NodeRef parent, final NodeRef nodeRef, final boolean includeInPlace)
{
if (nodeService.exists(nodeRef))
{
// initialise permissions
initPermissions(nodeRef, includeInPlace);
if (nodeService.exists(parent))
if (nodeService.exists(nodeRef) && nodeService.exists(parent))
{
authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
// setup inherited permissions
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms)
// set inheritance
boolean isParentNodeFilePlan = isRecordCategory(nodeRef) && isFilePlan(parent);
boolean inheritanceAllowed = isInheritanceAllowed(nodeRef, isParentNodeFilePlan);
getPermissionService().setInheritParentPermissions(nodeRef, inheritanceAllowed);
// clear all existing permissions
getPermissionService().clearPermission(nodeRef, null);
if (!inheritanceAllowed)
{
// only copy filling permissions if the parent is the file plan
if (!inheritFillingOnly(parent, nodeRef) ||
RMPermissionModel.FILING.equals(perm.getPermission()))
{
// don't copy the extended reader or writer permissions as they have already been set
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{
// get the access status details
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
getPermissionService().setPermission(nodeRef, EXTENDED_READER, READ_RECORDS, true);
getPermissionService().setPermission(nodeRef, EXTENDED_WRITER, FILING, true);
String adminRole = getAdminRole(nodeRef);
getPermissionService().setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
}
// set the permission on the target node
permissionService.setPermission(
nodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
// remove owner
getOwnableService().setOwner(nodeRef, NO_OWNER);
return null;
}
});
}
}
private String getAdminRole(NodeRef nodeRef)
{
NodeRef filePlan = getFilePlan(nodeRef);
if (filePlan == null)
{
throw new AlfrescoRuntimeException("The file plan could not be found for the give node: '" + nodeRef + "'.");
}
return authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
}
/**
* Helper method to determine whether all or just filling permissions should be inherited.
*
* @param parent parent node
* @param child child node
* @return boolean true if inherit filling only, false otherwise
*/
private boolean inheritFillingOnly(NodeRef parent, NodeRef child)
private boolean isInheritanceAllowed(NodeRef nodeRef, Boolean isParentNodeFilePlan)
{
boolean result = false;
// if root category or
// if in root of unfiled container or
// if in root of hold container
if ((isFilePlan(parent) && isRecordCategory(child)) ||
FilePlanComponentKind.UNFILED_RECORD_CONTAINER.equals(getFilePlanComponentKind(parent)) ||
FilePlanComponentKind.HOLD_CONTAINER.equals(getFilePlanComponentKind(parent)))
{
result = true;
}
return result;
return !(isFilePlan(nodeRef) || isTransfer(nodeRef) || isHold(nodeRef) || isUnfiledRecordsContainer(nodeRef) || (isRecordCategory(nodeRef) && isTrue(isParentNodeFilePlan)));
}
/**
@@ -300,6 +325,9 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/
public void onAddRecord(final NodeRef record, final QName aspectTypeQName)
{
mandatory("childAssocRef", record);
mandatory("childAssocRef", aspectTypeQName);
authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
@@ -323,27 +351,32 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/
public void onMoveRecord(final ChildAssociationRef sourceAssocRef, final ChildAssociationRef destinationAssocRef)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
mandatory("sourceAssocRef", sourceAssocRef);
mandatory("destinationAssocRef", destinationAssocRef);
authenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
NodeRef record = sourceAssocRef.getChildRef();
if (nodeService.exists(record) && nodeService.hasAspect(record, ASPECT_RECORD))
{
Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
boolean inheritParentPermissions = permissionService.getInheritParentPermissions(record);
// record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent)
Set<AccessPermission> origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef());
Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
Set<AccessPermission> origionalRecordPerms= permissionService.getAllSetPermissions(record);
for (AccessPermission perm : origionalRecordPerms)
for (AccessPermission recordPermission : origionalRecordPerms)
{
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) &&
(perm.getPermission().equals(RMPermissionModel.FILING) || perm.getPermission().equals(RMPermissionModel.FILE_RECORDS)) &&
!origionalParentPerms.contains(perm))
String permission = recordPermission.getPermission();
String authority = recordPermission.getAuthority();
if ((RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
recordPermission.isSetDirectly() &&
!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority))
{
// then we can assume this is a permission we want to preserve
keepPerms.add(perm);
keepPerms.add(recordPermission);
}
}
@@ -358,47 +391,13 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{
setPermission(record, keeper.getAuthority(), keeper.getPermission());
}
permissionService.setInheritParentPermissions(record, inheritParentPermissions);
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Init the permissions for the given node.
*
* @param nodeRef node reference
* @param includeInPlace true if in-place
*/
private void initPermissions(final NodeRef nodeRef, final boolean includeInPlace)
{
if (nodeService.exists(nodeRef))
{
authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
// break inheritance
permissionService.setInheritParentPermissions(nodeRef, false);
// clear all existing permissions
permissionService.clearPermission(nodeRef, null);
if (includeInPlace)
{
// set extended reader permissions
permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
}
// remove owner
ownableService.setOwner(nodeRef, OwnableService.NO_OWNER);
return null;
}
});
}
}, getSystemUserName());
}
/**
@@ -414,21 +413,10 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{
public Void doWork()
{
if (isFilePlan(nodeRef))
if (canPerformPermissionAction(nodeRef))
{
// set the permission down the file plan hierarchy
setPermissionDown(nodeRef, authority, permission);
}
else if (isFilePlanContainer(nodeRef) ||
isRecordFolder(nodeRef) ||
isRecord(nodeRef) ||
isHold(nodeRef))
{
// set read permission to the parents of the node
setReadPermissionUp(nodeRef, authority);
// set the permission on the node and it's children
setPermissionDown(nodeRef, authority, permission);
// Set the permission on the node
getPermissionService().setPermission(nodeRef, authority, permission, true);
}
else
{
@@ -443,146 +431,29 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
});
}
/**
* Helper method to set the read permission up the hierarchy
*
* @param nodeRef node reference
* @param authority authority
*/
private void setReadPermissionUp(NodeRef nodeRef, String authority)
{
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null && isFilePlanComponent(parent))
{
setReadPermissionUpImpl(parent, authority);
}
}
/**
* Helper method used to set the read permission up the hierarchy
*
* @param nodeRef node reference
* @param authority authority
*/
private void setReadPermissionUpImpl(NodeRef nodeRef, String authority)
{
setPermissionImpl(nodeRef, authority, RMPermissionModel.READ_RECORDS);
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null && isFilePlanComponent(parent))
{
setReadPermissionUpImpl(parent, authority);
}
}
/**
* Helper method to set the permission down the hierarchy
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
private void setPermissionDown(NodeRef nodeRef, String authority, String permission)
{
// skip out node's that inherit (for example hold and transfer)
if (!permissionService.getInheritParentPermissions(nodeRef))
{
// set permissions
setPermissionImpl(nodeRef, authority, permission);
if (isFilePlanContainer(nodeRef) ||
isRecordFolder(nodeRef))
{
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
if (isFilePlanContainer(child) ||
isRecordFolder(child) ||
isRecord(child) ||
isHold(child) ||
instanceOf(child, TYPE_TRANSFER))
{
setPermissionDown(child, authority, permission);
}
}
}
}
}
/**
* Set the permission, taking into account that filing is a superset of read
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
private void setPermissionImpl(NodeRef nodeRef, String authority, String permission)
{
boolean hasRead = false;
boolean hasFilling = false;
Set<AccessPermission> perms = permissionService.getAllSetPermissions(nodeRef);
for (AccessPermission perm : perms)
{
if (perm.getAuthority().equals(authority))
{
if (perm.getPermission().equals(FILING))
{
hasFilling = true;
}
else if (perm.getPermission().equals(READ_RECORDS))
{
hasRead = true;
}
}
}
if (FILING.equals(permission) && hasRead)
{
// remove read permission
permissionService.deletePermission(nodeRef, authority, RMPermissionModel.READ_RECORDS);
hasRead = false;
}
if (!hasRead && !hasFilling)
{
// add permission
permissionService.setPermission(nodeRef, authority, permission, true);
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deletePermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/
public void deletePermission(final NodeRef nodeRef, final String authority, final String permission)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
ParameterCheck.mandatory("authority", authority);
ParameterCheck.mandatory("permission", permission);
authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
{
public Void doWork()
{
// can't delete permissions if inherited (eg hold and transfer containers)
if (!permissionService.getInheritParentPermissions(nodeRef))
if (canPerformPermissionAction(nodeRef))
{
// Delete permission on this node
permissionService.deletePermission(nodeRef, authority, permission);
if (isFilePlanContainer(nodeRef) ||
isRecordFolder(nodeRef))
{
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs)
{
NodeRef child = assoc.getChildRef();
if (isFilePlanContainer(child) ||
isRecordFolder(child) ||
isRecord(child)||
isHold(child) ||
instanceOf(child, TYPE_TRANSFER))
{
deletePermission(child, authority, permission);
}
getPermissionService().deletePermission(nodeRef, authority, permission);
}
else
{
if (LOGGER.isWarnEnabled())
{
LOGGER.warn("Deleting permissions for this node is not supported. (nodeRef=" + nodeRef + ", authority=" + authority + ", permission=" + permission + ")");
}
}
@@ -590,4 +461,9 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
}
});
}
private boolean canPerformPermissionAction(NodeRef nodeRef)
{
return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef);
}
}

24
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/util/ServiceBaseImpl.java
View File

@@ -339,6 +339,19 @@ public class ServiceBaseImpl implements RecordsManagementModel, ApplicationConte
return instanceOf(nodeRef, TYPE_TRANSFER);
}
/**
* Indicates whether the given node reference is an unfiled records container or not.
*
* @param nodeRef node reference
* @return boolean true if rma:unfiledRecordContainer or sub-type, false otherwise
*/
public boolean isUnfiledRecordsContainer(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
return instanceOf(nodeRef, TYPE_UNFILED_RECORD_CONTAINER);
}
/**
* Indicates whether a record is complete or not.
*
@@ -361,6 +374,13 @@ public class ServiceBaseImpl implements RecordsManagementModel, ApplicationConte
{
NodeRef result = null;
if (nodeRef != null)
{
Map<NodeRef, NodeRef> transactionCache = TransactionalResourceHelper.getMap("rm.servicebase.getFilePlan");
if (transactionCache.containsKey(nodeRef))
{
result = transactionCache.get(nodeRef);
}
else
{
result = (NodeRef)getInternalNodeService().getProperty(nodeRef, PROP_ROOT_NODEREF);
if (result == null || !instanceOf(result, TYPE_FILE_PLAN))
@@ -378,6 +398,10 @@ public class ServiceBaseImpl implements RecordsManagementModel, ApplicationConte
}
}
}
// cache result in transaction
transactionCache.put(nodeRef, result);
}
}
return result;

89
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
View File

@@ -18,18 +18,26 @@
*/
package org.alfresco.repo.security.permissions.impl;
import static org.apache.commons.lang.StringUtils.isNotBlank;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.PropertyCheck;
import org.springframework.context.ApplicationEvent;
@@ -48,6 +56,29 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
/** Writers simple cache */
protected SimpleCache<Serializable, Set<String>> writersCache;
/** File plan service */
private FilePlanService filePlanService;
/**
* Gets the file plan service
*
* @return the filePlanService
*/
public FilePlanService getFilePlanService()
{
return this.filePlanService;
}
/**
* Sets the file plan service
*
* @param filePlanService the filePlanService to set
*/
public void setFilePlanService(FilePlanService filePlanService)
{
this.filePlanService = filePlanService;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
*/
@@ -87,15 +118,15 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
AccessStatus acs = super.hasPermission(nodeRef, perm);
if (AccessStatus.DENIED.equals(acs) &&
PermissionService.READ.equals(perm) &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.READ.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
}
else if (AccessStatus.DENIED.equals(acs) &&
PermissionService.WRITE.equals(perm) &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
else if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.WRITE.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
}
@@ -263,4 +294,50 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
writersCache.put((Serializable)acl.getProperties(), aclWriters);
return aclWriters;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/
@Override
public void setInheritParentPermissions(final NodeRef nodeRef, boolean inheritParentPermissions)
{
final String adminRole = getAdminRole(nodeRef);
if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && isNotBlank(adminRole))
{
if (inheritParentPermissions)
{
Set<AccessPermission> accessPermissions = getAllSetPermissions(nodeRef);
for (AccessPermission accessPermission : accessPermissions)
{
String authority = accessPermission.getAuthority();
String permission = accessPermission.getPermission();
if (accessPermission.isSetDirectly() &&
(RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
(ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) || ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority)) || adminRole.equals(authority))
{
// FIXME!!!
//deletePermission(nodeRef, authority, permission);
}
}
}
else
{
setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
}
}
super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
}
private String getAdminRole(NodeRef nodeRef)
{
String adminRole = null;
NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
if (filePlan != null)
{
adminRole = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
}
return adminRole;
}
}

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/IssueTestSuite.java
View File

@@ -40,7 +40,8 @@ import org.junit.runners.Suite.SuiteClasses;
RM1464Test.class,
RM452Test.class,
RM804Test.class,
RM994Test.class
RM994Test.class,
RM1039Test.class
})
public class IssueTestSuite
{

14
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
View File

@@ -181,8 +181,9 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
@@ -292,7 +293,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
@@ -318,8 +319,9 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
}
@@ -344,7 +346,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;

186
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1039Test.java Normal file
View File

@@ -0,0 +1,186 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Unit test for RM-1039 ... can't move a folder into a category with a disposition schedule
*
* @author Roy Wetherall
* @since 2.1
*/
public class RM1039Test extends BaseRMTestCase
{
@Override
protected boolean isRecordTest()
{
return true;
}
// try and move a folder from no disposition schedule to a disposition schedule
public void testMoveRecordFolderFromNoDisToDis() throws Exception
{
final NodeRef recordFolder = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create a record category (no disposition schedule)
NodeRef recordCategory = filePlanService.createRecordCategory(filePlan, "Caitlin Reed");
// create a record folder
return recordFolderService.createRecordFolder(recordCategory, "Grace Wetherall");
}
@Override
public void test(NodeRef result) throws Exception
{
assertNotNull(result);
assertNull(dispositionService.getDispositionSchedule(result));
assertFalse(nodeService.hasAspect(result, ASPECT_DISPOSITION_LIFECYCLE));
}
});
final NodeRef record = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create a record
return fileFolderService.create(recordFolder, "mytest.txt", ContentModel.TYPE_CONTENT).getNodeRef();
}
@Override
public void test(NodeRef result) throws Exception
{
assertNotNull(result);
assertNull(dispositionService.getDispositionSchedule(result));
assertFalse(nodeService.hasAspect(result, ASPECT_DISPOSITION_LIFECYCLE));
}
});
doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run() throws Exception
{
Capability capability = capabilityService.getCapability("CreateModifyDestroyFolders");
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(recordFolder));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(recordFolder, rmContainer));
// take a look at the move capability
Capability moveCapability = capabilityService.getCapability("Move");
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, moveCapability.evaluate(recordFolder, rmContainer));
// move the node
return fileFolderService.move(recordFolder, rmContainer, null).getNodeRef();
}
@Override
public void test(NodeRef result) throws Exception
{
assertNotNull(result);
assertNotNull(dispositionService.getDispositionSchedule(result));
assertTrue(nodeService.hasAspect(result, ASPECT_DISPOSITION_LIFECYCLE));
DispositionAction dispositionAction = dispositionService.getNextDispositionAction(result);
assertNotNull(dispositionAction);
assertNull(dispositionAction.getAsOfDate());
assertEquals("cutoff", dispositionAction.getName());
assertEquals(1, dispositionAction.getEventCompletionDetails().size());
// take a look at the record and check things are as we would expect
assertFalse(nodeService.hasAspect(record, ASPECT_DISPOSITION_LIFECYCLE));
}
});
}
// move from a disposition schedule to another .. both record folder level
// move from a disposition schedule to another .. from record to folder level
// try and move a cutoff folder
public void testMoveCutoffRecordFolder() throws Exception
{
final NodeRef destination = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create a record category (no disposition schedule)
return filePlanService.createRecordCategory(filePlan, "Caitlin Reed");
}
});
final NodeRef testFolder = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run()
{
// create folder
NodeRef testFolder = recordFolderService.createRecordFolder(rmContainer, "Peter Edward Francis");
// complete event
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(CompleteEventAction.PARAM_EVENT_NAME, CommonRMTestUtils.DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(testFolder, CompleteEventAction.NAME, params);
// cutoff folder
rmActionService.executeRecordsManagementAction(testFolder, CutOffAction.NAME);
return testFolder;
}
@Override
public void test(NodeRef result) throws Exception
{
// take a look at the move capability
Capability moveCapability = capabilityService.getCapability("Move");
assertEquals(AccessDecisionVoter.ACCESS_DENIED, moveCapability.evaluate(result, destination));
}
});
doTestInTransaction(new FailureTest()
{
@Override
public void run() throws Exception
{
fileFolderService.move(testFolder, destination, null).getNodeRef();
}
});
}
}

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1424Test.java
View File

@@ -23,6 +23,7 @@ import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.integration.hold.DeleteHoldTest;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -65,7 +66,7 @@ public class RM1424Test extends DeleteHoldTest
assertEquals(HOLD1_DESC, (String) nodeService.getProperty(hold1, PROP_DESCRIPTION));
// Add the user to the RM Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, userName);
return null;
}

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1429Test.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.integration.hold.DeleteHoldTest;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -43,7 +44,7 @@ public class RM1429Test extends DeleteHoldTest
public Void run()
{
// Add the user to the RM Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, userName);
// Give the user filing permissions on the hold
permissionService.setPermission(hold, userName, RMPermissionModel.FILING, true);

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1463Test.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.integration.hold.DeleteHoldTest;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -43,7 +44,7 @@ public class RM1463Test extends DeleteHoldTest
public Void run()
{
// Add the user to the RM Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, userName);
// Give the user filing permissions on the hold
permissionService.setPermission(hold, userName, RMPermissionModel.FILING, true);

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1464Test.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.integration.hold.DeleteHoldTest;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -43,7 +44,7 @@ public class RM1464Test extends DeleteHoldTest
public Void run()
{
// Add the user to the RM Manager role
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, userName);
// Give the user read permissions on the hold
permissionService.setPermission(hold, userName, RMPermissionModel.READ_RECORDS, true);

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM804Test.java
View File

@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.test.integration.issue;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.site.SiteRole;
@@ -142,7 +143,7 @@ public class RM804Test extends BaseRMTestCase
@Override
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_USER, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_USER, userName);
return null;
}
@@ -167,7 +168,7 @@ public class RM804Test extends BaseRMTestCase
@Override
public Void run()
{
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_ADMINISTRATOR, userName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, userName);
return null;
}

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/RejectRecordTest.java
View File

@@ -89,7 +89,7 @@ public class RejectRecordTest extends BaseRMTestCase
{
// sanity checks
assertTrue(recordService.isRecord(dmDocument));
assertFalse(permissionService.getInheritParentPermissions(dmDocument));
assertTrue(permissionService.getInheritParentPermissions(dmDocument));
// declare record
recordService.rejectRecord(dmDocument, REASON);

1
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/capabilities/DeclarativeCapabilityTest.java
View File

@@ -141,6 +141,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
for (String user : testUsers)
{
filePlanPermissionService.setPermission(rmFolder, user, RMPermissionModel.FILING);
filePlanPermissionService.setPermission(rmContainer, user, RMPermissionModel.READ_RECORDS);
filePlanPermissionService.setPermission(moveToFolder, user, RMPermissionModel.READ_RECORDS);
filePlanPermissionService.setPermission(moveToCategory, user, RMPermissionModel.READ_RECORDS);
}

117
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/ExtendedSecurityServiceImplTest.java
View File

@@ -23,9 +23,15 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.util.GUID;
/**
@@ -237,4 +243,115 @@ public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
assertNotNull(readers);
assertEquals(testMap.size(), readers.size());
}
public void testDifferentUsersDifferentPermissions()
{
final String userNone = createTestUser();
final String userRead = createTestUser();
final String userWrite = createTestUser();
final String siteShortName = GUID.generate();
doTestInTransaction(new Test<Void>()
{
public Void run() throws Exception
{
siteService.createSite(null, siteShortName, "test", "test", SiteVisibility.PRIVATE);
return null;
}
});
final NodeRef documentLibrary = doTestInTransaction(new Test<NodeRef>()
{
public NodeRef run() throws Exception
{
siteService.setMembership(siteShortName, userRead, SiteModel.SITE_CONSUMER);
siteService.setMembership(siteShortName, userWrite, SiteModel.SITE_COLLABORATOR);
return siteService.createContainer(siteShortName, SiteService.DOCUMENT_LIBRARY, null, null);
}
});
final NodeRef record = doTestInTransaction(new Test<NodeRef>()
{
public NodeRef run() throws Exception
{
NodeRef record = fileFolderService.create(documentLibrary, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
recordService.createRecord(filePlan, record);
return record;
}
});
doTestInTransaction(new Test<Void>()
{
public Void run() throws Exception
{
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userNone);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userRead);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
return null;
}
}, userWrite);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userNone);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userRead);
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
return null;
}
}, userWrite);
return null;
}
});
}
}

765
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanPermissionServiceImplTest.java
View File

@@ -18,12 +18,20 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test.legacy.service;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.springframework.extensions.webscripts.GUID;
/**
@@ -103,7 +111,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
}
/**
* test set/delete permissions on file plan
* Test set/delete permissions on file plan
*/
public void testSetDeletePermissionFilePlan() throws Exception
{
@@ -124,12 +132,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.ALLOWED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.ALLOWED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
deletePermission(filePlan, userName, RMPermissionModel.FILING);
@@ -222,7 +230,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
@@ -234,7 +242,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
@@ -264,9 +272,9 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
@@ -276,9 +284,9 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
@@ -308,6 +316,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -318,6 +327,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
@@ -327,6 +337,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -337,6 +348,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
@@ -346,6 +358,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -364,12 +377,13 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -380,15 +394,17 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -399,15 +415,17 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -433,12 +451,13 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -449,15 +468,17 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userOne);
assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
@@ -468,21 +489,23 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null;
}
}, userTwo);
assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read
AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read
AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null;
}
@@ -490,7 +513,6 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
}
/**
* Helper to assert permissions for passed user
*/
@@ -521,4 +543,701 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
}, userName);
}
/**
* Helper to assert permissions for the passed user
*/
private void assertPermissionsWithInheritance(
final String userName,
final NodeRef subCategory,
final NodeRef folder,
final NodeRef record,
final AccessStatus ... accessStatus)
{
assertEquals(16, accessStatus.length);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING));
assertEquals(accessStatus[2], permissionService.hasPermission(transfersContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[3], permissionService.hasPermission(transfersContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[4], permissionService.hasPermission(holdsContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[5], permissionService.hasPermission(holdsContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[6], permissionService.hasPermission(unfiledContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[7], permissionService.hasPermission(unfiledContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[8], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[9], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[10], permissionService.hasPermission(subCategory, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[11], permissionService.hasPermission(subCategory, RMPermissionModel.FILING));
assertEquals(accessStatus[12], permissionService.hasPermission(folder, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[13], permissionService.hasPermission(folder, RMPermissionModel.FILING));
assertEquals(accessStatus[14], permissionService.hasPermission(record, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[15], permissionService.hasPermission(record, RMPermissionModel.FILING));
return null;
}
}, userName);
}
public void testFilePlanComponentInheritance()
{
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
// Inheritance is turned off for file plan, transfer, holds, unfiled records and root categories
// it is turned on for sub categories, record folders and records
assertFalse(permissionService.getInheritParentPermissions(filePlan));
assertFalse(permissionService.getInheritParentPermissions(filePlanService.getTransferContainer(filePlan)));
assertFalse(permissionService.getInheritParentPermissions(filePlanService.getHoldContainer(filePlan)));
assertFalse(permissionService.getInheritParentPermissions(unfiledContainer));
assertFalse(permissionService.getInheritParentPermissions(rmContainer));
assertTrue(permissionService.getInheritParentPermissions(recordFolderService.createRecordFolder(rmContainer, "subCategory")));
assertTrue(permissionService.getInheritParentPermissions(rmFolder));
assertTrue(permissionService.getInheritParentPermissions(recordOne));
return null;
}
}, ADMIN_USER);
}
public void testRolesSetByDefault()
{
NodeRef subCategory = filePlanService.createRecordCategory(rmContainer, "subCategory1");
NodeRef folder = recordFolderService.createRecordFolder(subCategory, "rmFolder1");
NodeRef record = utils.createRecord(folder, "record1.txt");
// Admin user has read/filing permissions on file plan, transfer, hold, unfiled records, root categories, sub categories, folders and records
assertPermissionsWithInheritance(ADMIN_USER, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.ALLOWED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.ALLOWED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.ALLOWED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.ALLOWED, // root category read
AccessStatus.ALLOWED, // root category file
AccessStatus.ALLOWED, // sub category read
AccessStatus.ALLOWED, // sub category file
AccessStatus.ALLOWED, // folder read
AccessStatus.ALLOWED, // folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
// Test user has read permissions on file plan, transfer, hold and unfiled records as the user will be added in the all records management roles
// which has read permissions on those nodes by default
assertPermissionsWithInheritance(createTestUser(), subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
}
public void testAddUserToContainers()
{
NodeRef subCategory = filePlanService.createRecordCategory(rmContainer, "subCategory2");
NodeRef folder = recordFolderService.createRecordFolder(subCategory, "rmFolder2");
NodeRef record = utils.createRecord(folder, "record2.txt");
// The user1 will have read permissions on the file plan
// and read permissions on transfer, hold and unfiled records as the user will be in the all records management users role
String user1 = createTestUser();
setPermission(filePlan, user1, RMPermissionModel.READ_RECORDS);
assertPermissionsWithInheritance(user1, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
// The user2 will have read and filing permissions on the transfer container
// and read permissions on file plan, hold and unfiled records as the user will be in the all records management users role
String user2 = createTestUser();
setPermission(transfersContainer, user2, RMPermissionModel.FILING);
assertPermissionsWithInheritance(user2, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.ALLOWED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
// The user3 will have read permissions on file plan, transfer, hold and unfiled records
String user3 = createTestUser();
setPermission(holdsContainer, user3, RMPermissionModel.READ_RECORDS);
assertPermissionsWithInheritance(user3, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
// The user4 will have read permissions on file plan, transfer, hold
// and read and filing permissions on unfiled records container
String user4 = createTestUser();
setPermission(unfiledContainer, user4, RMPermissionModel.FILING);
assertPermissionsWithInheritance(user4, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file
// The user5 will read permissions on the root category
// as the inheritance is turned on for the sub category the user will have also read permissions on sub category, folder and record
// and also read permissions on file plan, transfer, hold and unfiled records
String user5 = createTestUser();
setPermission(rmContainer, user5, RMPermissionModel.READ_RECORDS);
assertPermissionsWithInheritance(user5, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.ALLOWED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.ALLOWED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.ALLOWED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.ALLOWED, // record read
AccessStatus.DENIED); // record file
// The user6 will read and filing permissions on the sub category
// as the inheritance is turned on the user will have also read and filing permissions on folder and record
// and also read permissions on file plan, transfer, hold and unfiled records
String user6 = createTestUser();
setPermission(subCategory, user6, RMPermissionModel.FILING);
assertPermissionsWithInheritance(user6, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.ALLOWED, // sub category read
AccessStatus.ALLOWED, // sub category file
AccessStatus.ALLOWED, // folder read
AccessStatus.ALLOWED, // folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
// The user7 will read permissions on the folder
// as the inheritance is turned on the user will have also read on record
// and also read permissions on file plan, transfer, hold and unfiled records
String user7 = createTestUser();
setPermission(folder, user7, RMPermissionModel.READ_RECORDS);
assertPermissionsWithInheritance(user7, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.ALLOWED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.ALLOWED, // record read
AccessStatus.DENIED); // record file
// The user8 will read and filing permissions on the record
// and also read permissions on file plan, transfer, hold and unfiled records
String user8 = createTestUser();
setPermission(record, user8, RMPermissionModel.FILING);
assertPermissionsWithInheritance(user8, subCategory, folder, record,
AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // transfer read
AccessStatus.DENIED, // transfer file
AccessStatus.ALLOWED, // holds read
AccessStatus.DENIED, // holds file
AccessStatus.ALLOWED, // unfiled records file
AccessStatus.DENIED, // unfiled records file
AccessStatus.DENIED, // root category read
AccessStatus.DENIED, // root category file
AccessStatus.DENIED, // sub category read
AccessStatus.DENIED, // sub category file
AccessStatus.DENIED, // folder read
AccessStatus.DENIED, // folder file
AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file
}
public void testAccessPermissionOnSingleRecordWithSeveralUsers()
{
final NodeRef subCategory = filePlanService.createRecordCategory(rmContainer, "subCategory3");
final NodeRef folder = recordFolderService.createRecordFolder(subCategory, "rmFolder3");
final NodeRef record = utils.createRecord(folder, "record3.txt");
String user1 = createTestUser();
String user2 = createTestUser();
setPermission(rmContainer, user1, RMPermissionModel.READ_RECORDS);
// user1 will have access to file plan, root category and because of inheritance sub category, folder and record
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(subCategory, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, RMPermissionModel.READ_RECORDS));
return null;
}
}, user1);
// user2 will have access to file plan
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(subCategory, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, RMPermissionModel.READ_RECORDS));
return null;
}
}, user2);
}
public void testDenyPermissionsOnRecordsWithSeveralUsers()
{
final NodeRef subCategory = filePlanService.createRecordCategory(rmContainer, "subCategory4");
final NodeRef folder = recordFolderService.createRecordFolder(subCategory, "rmFolder4");
final NodeRef record4 = utils.createRecord(folder, "record4.txt");
final NodeRef record5 = utils.createRecord(folder, "record5.txt");
String user1 = createTestUser();
String user2 = createTestUser();
setPermission(rmContainer, user1, RMPermissionModel.READ_RECORDS);
setPermission(rmContainer, user2, RMPermissionModel.READ_RECORDS);
permissionService.setInheritParentPermissions(record4, false);
permissionService.setInheritParentPermissions(record5, false);
setPermission(record4, user1, RMPermissionModel.READ_RECORDS);
setPermission(record5, user1, RMPermissionModel.READ_RECORDS);
// user1 will have access to file plan, root category and because of inheritance sub category, folder, record4 and record5
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(subCategory, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record4, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record5, RMPermissionModel.READ_RECORDS));
return null;
}
}, user1);
// user2 will have access to file plan, root category and because of inheritance sub category and folder
// user2 won't have access to the records as the inheritance is set to false
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(subCategory, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record4, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record5, RMPermissionModel.READ_RECORDS));
return null;
}
}, user2);
}
public void testMoveRootCategoryIntoAnotherRootCategory()
{
final NodeRef category5 = filePlanService.createRecordCategory(filePlan, "category5");
final NodeRef category6 = filePlanService.createRecordCategory(filePlan, "category6");
assertFalse(permissionService.getInheritParentPermissions(category5));
assertFalse(permissionService.getInheritParentPermissions(category6));
final String user1 = createTestUser();
final String user2 = createTestUser();
setPermission(category5, user1, RMPermissionModel.READ_RECORDS);
setPermission(category6, user2, RMPermissionModel.FILING);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category5, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category5, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category6, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category6, RMPermissionModel.FILING));
return null;
}
}, user1);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category5, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category5, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category6, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category6, RMPermissionModel.FILING));
return null;
}
}, user2);
final NodeRef movedCategory5 = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run() throws Exception
{
return fileFolderService.move(category5, category6, null).getNodeRef();
}
});
assertFalse(permissionService.getInheritParentPermissions(movedCategory5));
assertFalse(permissionService.getInheritParentPermissions(category6));
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedCategory5, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(movedCategory5, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category6, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category6, RMPermissionModel.FILING));
return null;
}
}, user1);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(movedCategory5, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(movedCategory5, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category6, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category6, RMPermissionModel.FILING));
return null;
}
}, user2);
}
public void testPermissionsForMovedRecord()
{
final NodeRef category7 = filePlanService.createRecordCategory(filePlan, "category7");
final NodeRef folder7 = recordFolderService.createRecordFolder(category7, "rmFolder7");
final NodeRef record7 = utils.createRecord(folder7, "record7.txt");
final NodeRef category8 = filePlanService.createRecordCategory(filePlan, "category8");
final NodeRef folder8 = recordFolderService.createRecordFolder(category8, "rmFolder8");
final NodeRef record8 = utils.createRecord(folder8, "record8.txt");
final String user1 = createTestUser();
final String user2 = createTestUser();
final String user3 = createTestUser();
setPermission(folder7, user1, RMPermissionModel.FILING);
setPermission(record8, user2, RMPermissionModel.READ_RECORDS);
setPermission(category7, user3, RMPermissionModel.FILING);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record8, RMPermissionModel.FILING));
return null;
}
}, user1);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record8, RMPermissionModel.FILING));
return null;
}
}, user2);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record8, RMPermissionModel.FILING));
return null;
}
}, user3);
final NodeRef movedRecord8 = doTestInTransaction(new Test<NodeRef>()
{
@Override
public NodeRef run() throws Exception
{
return fileFolderService.move(record8, folder7, null).getNodeRef();
}
});
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedRecord8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedRecord8, RMPermissionModel.FILING));
return null;
}
}, user1);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedRecord8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(movedRecord8, RMPermissionModel.FILING));
return null;
}
}, user2);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(category7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(folder7, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record7, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(category8, RMPermissionModel.FILING));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(folder8, RMPermissionModel.FILING));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedRecord8, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(movedRecord8, RMPermissionModel.FILING));
return null;
}
}, user3);
}
public void testSpecialRoles()
{
final NodeRef category9 = filePlanService.createRecordCategory(filePlan, "category9");
final NodeRef subCategory9 = filePlanService.createRecordCategory(category9, "subCategory9");
final NodeRef folder9 = recordFolderService.createRecordFolder(subCategory9, "rmFolder9");
final NodeRef record9 = utils.createRecord(folder9, "record9.txt");
assertExistenceOfSpecialRolesAndPermissions(category9);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
// After setting the permissions off the special roles should be still available as they will be added to the node automatically
permissionService.setInheritParentPermissions(subCategory9, false);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
permissionService.setInheritParentPermissions(subCategory9, true);
assertExistenceOfSpecialRolesAndPermissions(subCategory9);
assertExistenceOfSpecialRolesAndPermissions(folder9);
permissionService.setInheritParentPermissions(folder9, false);
assertExistenceOfSpecialRolesAndPermissions(folder9);
permissionService.setInheritParentPermissions(folder9, true);
assertExistenceOfSpecialRolesAndPermissions(folder9);
assertExistenceOfSpecialRolesAndPermissions(record9);
permissionService.setInheritParentPermissions(record9, false);
assertExistenceOfSpecialRolesAndPermissions(record9);
permissionService.setInheritParentPermissions(record9, true);
assertExistenceOfSpecialRolesAndPermissions(record9);
}
private void assertExistenceOfSpecialRolesAndPermissions(NodeRef node)
{
Map<String, String> accessPermissions = new HashMap<String, String>();
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(node);
// FIXME!!!
//assertEquals(3, permissions.size());
for (AccessPermission permission : permissions)
{
accessPermissions.put(permission.getAuthority(), permission.getPermission());
}
assertTrue(accessPermissions.containsKey(ExtendedReaderDynamicAuthority.EXTENDED_READER));
assertEquals(RMPermissionModel.READ_RECORDS, accessPermissions.get(ExtendedReaderDynamicAuthority.EXTENDED_READER));
assertTrue(accessPermissions.containsKey(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
assertEquals(RMPermissionModel.FILING, accessPermissions.get(ExtendedWriterDynamicAuthority.EXTENDED_WRITER));
String adminRole = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
assertTrue(accessPermissions.containsKey(adminRole));
assertEquals(RMPermissionModel.FILING, accessPermissions.get(adminRole));
}
}

20
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/FilePlanRoleServiceImplTest.java
View File

@@ -107,9 +107,9 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
Role role = filePlanRoleService.getRole(filePlan, ROLE_NAME_POWER_USER);
Role role = filePlanRoleService.getRole(filePlan, FilePlanRoleService.ROLE_POWER_USER);
assertNotNull(role);
assertEquals(ROLE_NAME_POWER_USER, role.getName());
assertEquals(FilePlanRoleService.ROLE_POWER_USER, role.getName());
role = filePlanRoleService.getRole(filePlan, "donkey");
assertNull(role);
@@ -125,7 +125,7 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
{
public Void run()
{
assertTrue(filePlanRoleService.existsRole(filePlan, ROLE_NAME_POWER_USER));
assertTrue(filePlanRoleService.existsRole(filePlan, FilePlanRoleService.ROLE_POWER_USER));
assertFalse(filePlanRoleService.existsRole(filePlan, "donkey"));
return null;
@@ -184,33 +184,33 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
assertNotNull(roles);
assertEquals(1, roles.size());
Set<String> authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
Set<String> authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(1, authorities.size());
filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_NAME_RECORDS_MANAGER, rmUserName);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER, rmUserName);
roles = filePlanRoleService.getRolesByUser(filePlan, rmUserName);
assertNotNull(roles);
assertEquals(2, roles.size());
authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getUsersAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getGroupsAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(0, authorities.size());
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, ROLE_NAME_RECORDS_MANAGER);
authorities = filePlanRoleService.getAllAssignedToRole(filePlan, FilePlanRoleService.ROLE_RECORDS_MANAGER);
assertNotNull(authorities);
assertEquals(2, authorities.size());

11
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordServiceImplTest.java
View File

@@ -272,10 +272,12 @@ public class RecordServiceImplTest extends BaseRMTestCase
// create record from document
doTestInTransaction(new Test<Void>()
{
private NodeRef originalLocation;
@Override
public Void run()
{
NodeRef originalLocation = nodeService.getPrimaryParent(dmDocument).getParentRef();
originalLocation = nodeService.getPrimaryParent(dmDocument).getParentRef();
assertFalse(recordService.isRecord(dmDocument));
assertFalse(extendedSecurityService.hasExtendedSecurity(dmDocument));
@@ -297,6 +299,11 @@ public class RecordServiceImplTest extends BaseRMTestCase
recordService.createRecord(filePlan, dmDocument);
return null;
}
public void test(Void result)
{
checkPermissions(READ_RECORDS, AccessStatus.ALLOWED, // file
// plan
AccessStatus.ALLOWED, // unfiled container
@@ -345,8 +352,6 @@ public class RecordServiceImplTest extends BaseRMTestCase
Capability updateProperties = capabilityService.getCapability("UpdateProperties");
assertEquals(AccessStatus.ALLOWED, updateProperties.hasPermission(dmDocument));
return null;
}
}, dmCollaborator);

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementSearchServiceImplTest.java
View File

@@ -25,7 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.search.SavedSearchDetails;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.util.Pair;
import org.alfresco.util.TestWithUserUtils;
/**
@@ -148,7 +148,7 @@ public class RecordsManagementSearchServiceImplTest extends BaseRMTestCase
// String query = "keywords:\"elephant\"";
// RecordsManagementSearchParameters params = new RecordsManagementSearchParameters();
// params.setIncludeUndeclaredRecords(true);
// List<NodeRef> results = rmSearchService.search(siteId, query, params);
// List<Pair<NodeRef, NodeRef>> results = rmSearchService.search(siteId, query, params);
// assertNotNull(results);
// assertEquals(2, results.size());
//

4
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/DataLoadSystemTest.java
View File

@@ -6,6 +6,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
@@ -117,7 +118,7 @@ public class DataLoadSystemTest
final SiteInfo site = siteService.getSite("test");
if (site == null)
{
Assert.fail("The collab site test is not present.");
throw new AlfrescoRuntimeException("The collab site test is not present.");
}
final NodeRef filePlan = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
@@ -146,7 +147,6 @@ public class DataLoadSystemTest
// create content and declare as record
repeatInTransactionBatches(new RunAsWork<Void>()
{
@SuppressWarnings("null")
public Void doWork() throws Exception
{
// create document

10
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -173,6 +173,8 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected NodeRef rmFolder;
protected NodeRef unfiledContainer;
protected String collabSiteId;
protected NodeRef holdsContainer;
protected NodeRef transfersContainer;
/** multi-hierarchy test data
*
@@ -506,6 +508,14 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
// unfiled container
unfiledContainer = filePlanService.getUnfiledContainer(filePlan);
assertNotNull(unfiledContainer);
// holds container
holdsContainer = filePlanService.getHoldContainer(filePlan);
assertNotNull(holdsContainer);
// transfers container
transfersContainer = filePlanService.getTransferContainer(filePlan);
assertNotNull(transfersContainer);
}
}
}, AuthenticationUtil.getSystemUserName());

37
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImplUnitTest.java
View File

@@ -47,8 +47,6 @@ public class RecordServiceImplUnitTest extends BaseUnitTest
private static QName TYPE_MY_FILE_PLAN = generateQName();
private static QName ASPECT_FOR_FILE_PLAN = generateQName();
private static QName ASPECT_FOR_MY_FILE_PLAN = generateQName();
private static QName ASPECT_FOR_BOTH = generateQName();
@InjectMocks private RecordServiceImpl recordService;
@@ -83,39 +81,4 @@ public class RecordServiceImplUnitTest extends BaseUnitTest
assertEquals(1, types.size());
assertTrue(types.contains(TYPE_FILE_PLAN));
}
@Test
public void testGetRecordMetadataAspects()
{
// register a couple of record meta-data aspects
recordService.registerRecordMetadataAspect(ASPECT_FOR_FILE_PLAN, TYPE_FILE_PLAN);
recordService.registerRecordMetadataAspect(ASPECT_FOR_MY_FILE_PLAN, TYPE_MY_FILE_PLAN);
recordService.registerRecordMetadataAspect(ASPECT_FOR_BOTH, TYPE_FILE_PLAN);
recordService.registerRecordMetadataAspect(ASPECT_FOR_BOTH, TYPE_MY_FILE_PLAN);
Set<QName> set = recordService.getRecordMetadataAspects(filePlanComponent);
assertNotNull(set);
assertEquals(2, set.size());
assertTrue(set.contains(ASPECT_FOR_FILE_PLAN));
assertTrue(set.contains(ASPECT_FOR_BOTH));
set = recordService.getRecordMetadataAspects(nonStandardFilePlanComponent);
assertNotNull(set);
assertEquals(2, set.size());
assertTrue(set.contains(ASPECT_FOR_MY_FILE_PLAN));
assertTrue(set.contains(ASPECT_FOR_BOTH));
set = recordService.getRecordMetadataAspects(TYPE_FILE_PLAN);
assertNotNull(set);
assertEquals(2, set.size());
assertTrue(set.contains(ASPECT_FOR_FILE_PLAN));
assertTrue(set.contains(ASPECT_FOR_BOTH));
set = recordService.getRecordMetadataAspects(TYPE_MY_FILE_PLAN);
assertNotNull(set);
assertEquals(2, set.size());
assertTrue(set.contains(ASPECT_FOR_MY_FILE_PLAN));
assertTrue(set.contains(ASPECT_FOR_BOTH));
}
}