Example 16 with Capability
use of org.alfresco.module.org_alfresco_module_rm.capability.Capability in project records-management by Alfresco.
the class CompositeCapabilityTest method testUpdateProperties.
public void testUpdateProperties() {
final Capability capability = capabilityService.getCapability("UpdateProperties");
assertNotNull(capability);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(declaredRecord));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
return null;
}
}, userName);
}
Also used :
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
Example 17 with Capability
use of org.alfresco.module.org_alfresco_module_rm.capability.Capability in project records-management by Alfresco.
the class DeleteRecordFolderTest method testDeleteDestroyedRecordFolder.
// delete a destroyed record folder
public void testDeleteDestroyedRecordFolder() throws Exception {
final NodeRef testFolder = doTestInTransaction(new Test<NodeRef>() {
@Override
public NodeRef run() {
// create folder
NodeRef testFolder = recordFolderService.createRecordFolder(rmContainer, "Peter Edward Francis");
// complete event
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(CompleteEventAction.PARAM_EVENT_NAME, CommonRMTestUtils.DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(testFolder, CompleteEventAction.NAME, params);
// cutoff folder
rmActionService.executeRecordsManagementAction(testFolder, CutOffAction.NAME);
// destroy folder
rmActionService.executeRecordsManagementAction(testFolder, DestroyAction.NAME);
return testFolder;
}
@Override
public void test(NodeRef testFolder) throws Exception {
// take a look at delete capability
Capability deleteCapability = capabilityService.getCapability("DeleteRecordFolder");
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, deleteCapability.evaluate(testFolder));
}
});
doTestInTransaction(new Test<Void>() {
@Override
public Void run() throws Exception {
fileFolderService.delete(testFolder);
return null;
}
});
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Serializable(java.io.Serializable)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 18 with Capability
use of org.alfresco.module.org_alfresco_module_rm.capability.Capability in project records-management by Alfresco.
the class RM1008Test method testHold.
public void testHold() {
final NodeRef hold = doTestInTransaction(new Test<NodeRef>() {
@Override
public NodeRef run() {
// create hold object
NodeRef hold = holdService.createHold(filePlan, "my hold", "my reason", "my description");
holdService.addToHold(hold, rmFolder);
return hold;
}
}, ADMIN_USER);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, ADMIN_USER);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
filePlanPermissionService.setPermission(filePlan, myUser, FILING);
return null;
}
}, ADMIN_USER);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
filePlanPermissionService.deletePermission(filePlan, myUser, FILING);
return null;
}
}, ADMIN_USER);
doTestInTransaction(new Test<Void>() {
@Override
public Void run() {
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(hold));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(hold, RMPermissionModel.FILING));
return null;
}
}, myUser);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
Example 19 with Capability
use of org.alfresco.module.org_alfresco_module_rm.capability.Capability in project records-management by Alfresco.
the class RmSubstitutionSuggestionsGet method isNodeRefAppropriateForPathSuggestion.
/**
* Identifies record category and record folder types of nodeRef
*
* @param nodeRef Instance of NodeRef to be tested
* @return True if the passed NodeRef instance is a record category or record folder
*/
private boolean isNodeRefAppropriateForPathSuggestion(NodeRef nodeRef, boolean unfiled) {
// check node type
QName type = nodeService.getType(nodeRef);
boolean isCorrectType = (!unfiled && (RecordsManagementModel.TYPE_RECORD_FOLDER.equals(type) || RecordsManagementModel.TYPE_RECORD_CATEGORY.equals(type)) || (unfiled && RecordsManagementModel.TYPE_UNFILED_RECORD_FOLDER.equals(type)));
// check permissions
boolean canView = false;
if (isCorrectType) {
Capability createCapability = capabilityService.getCapability(CREATE_CAPABILITY);
Capability viewCapability = capabilityService.getCapability(VIEW_CAPABILITY);
if ((createCapability != null) && (viewCapability != null)) {
List<String> requiredCapabilities = new ArrayList<String>();
requiredCapabilities.add(CREATE_CAPABILITY);
requiredCapabilities.add(VIEW_CAPABILITY);
Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, requiredCapabilities);
if (map.containsKey(createCapability) && map.containsKey(viewCapability)) {
AccessStatus createAccessStatus = map.get(createCapability);
AccessStatus viewAccessStatus = map.get(viewCapability);
if (createAccessStatus.equals(AccessStatus.ALLOWED) && viewAccessStatus.equals(AccessStatus.ALLOWED)) {
canView = true;
}
}
}
}
return isCorrectType && canView;
}
Also used :
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
QName(org.alfresco.service.namespace.QName)
ArrayList(java.util.ArrayList)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 20 with Capability
use of org.alfresco.module.org_alfresco_module_rm.capability.Capability in project records-management by Alfresco.
the class RecordServiceImpl method isPropertyEditable.
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isPropertyEditable(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public boolean isPropertyEditable(NodeRef record, QName property) {
ParameterCheck.mandatory("record", record);
ParameterCheck.mandatory("property", property);
if (!isRecord(record)) {
throw new AlfrescoRuntimeException("Cannot check if the property " + property.toString() + " is editable, because node reference is not a record.");
}
NodeRef filePlan = getFilePlan(record);
// DEBUG ...
boolean debugEnabled = LOGGER.isDebugEnabled();
if (debugEnabled) {
LOGGER.debug("Checking whether property " + property.toString() + " is editable for user " + AuthenticationUtil.getRunAsUser());
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, AuthenticationUtil.getRunAsUser());
LOGGER.debug(" ... users roles");
for (Role role : roles) {
LOGGER.debug(" ... user has role " + role.getName() + " with capabilities ");
for (Capability cap : role.getCapabilities()) {
LOGGER.debug(" ... " + cap.getName());
}
}
LOGGER.debug(" ... user has the following set permissions on the file plan");
Set<AccessPermission> perms = permissionService.getAllSetPermissions(filePlan);
for (AccessPermission perm : perms) {
if ((perm.getPermission().contains(RMPermissionModel.EDIT_NON_RECORD_METADATA) || perm.getPermission().contains(RMPermissionModel.EDIT_RECORD_METADATA))) {
LOGGER.debug(" ... " + perm.getAuthority() + " - " + perm.getPermission() + " - " + perm.getAccessStatus().toString());
}
}
if (permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA).equals(AccessStatus.ALLOWED)) {
LOGGER.debug(" ... user has the edit non record metadata permission on the file plan");
}
}
// END DEBUG ...
boolean result = alwaysEditProperty(property);
if (result) {
LOGGER.debug(" ... property marked as always editable.");
} else {
boolean allowRecordEdit = false;
boolean allowNonRecordEdit = false;
AccessStatus accessNonRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_NON_RECORD_METADATA);
AccessStatus accessDeclaredRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA);
AccessStatus accessRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_RECORD_METADATA);
if (AccessStatus.ALLOWED.equals(accessNonRecord)) {
LOGGER.debug(" ... user has edit nonrecord metadata capability");
allowNonRecordEdit = true;
}
if (AccessStatus.ALLOWED.equals(accessRecord) || AccessStatus.ALLOWED.equals(accessDeclaredRecord)) {
LOGGER.debug(" ... user has edit record or declared metadata capability");
allowRecordEdit = true;
}
if (allowNonRecordEdit && allowRecordEdit) {
LOGGER.debug(" ... so all properties can be edited.");
result = true;
} else if (allowNonRecordEdit && !allowRecordEdit) {
// can only edit non record properties
if (!isRecordMetadata(filePlan, property)) {
LOGGER.debug(" ... property is not considered record metadata so editable.");
result = true;
} else {
LOGGER.debug(" ... property is considered record metadata so not editable.");
}
} else if (!allowNonRecordEdit && allowRecordEdit) {
// can only edit record properties
if (isRecordMetadata(filePlan, property)) {
LOGGER.debug(" ... property is considered record metadata so editable.");
result = true;
} else {
LOGGER.debug(" ... property is not considered record metadata so not editable.");
}
}
// otherwise we can't edit any properties so just return the empty set
}
return result;
}
Also used :
Role(org.alfresco.module.org_alfresco_module_rm.role.Role)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Aggregations
Capability (org.alfresco.module.org_alfresco_module_rm.capability.Capability)29
NodeRef (org.alfresco.service.cmr.repository.NodeRef)15
HashSet (java.util.HashSet)8
HashMap (java.util.HashMap)6
Map (java.util.Map)5
Serializable (java.io.Serializable)4
Role (org.alfresco.module.org_alfresco_module_rm.role.Role)4
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)4
JSONArray (org.json.JSONArray)4
JSONObject (org.json.JSONObject)4
DeclarativeCapability (org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability)3
DeclarativeCompositeCapability (org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCompositeCapability)3
WebScriptException (org.springframework.extensions.webscripts.WebScriptException)3
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
Set (java.util.Set)2
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)2
RunAsWork (org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)2
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)2
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)2
