Search in sources :

Example 36 with PagingRequest

use of org.alfresco.query.PagingRequest in project alfresco-remote-api by Alfresco.

the class SurfConfigTest method testSurfConfigPermissions.

// MNT-16371
public void testSurfConfigPermissions() throws Exception {
    // Create a site as USER_ONE
    String shortName = UUID.randomUUID().toString();
    JSONObject result = createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
    assertEquals("myPreset", result.get("sitePreset"));
    assertEquals(shortName, result.get("shortName"));
    assertEquals("myTitle", result.get("title"));
    assertEquals("myDescription", result.get("description"));
    assertEquals(SiteVisibility.PUBLIC.toString(), result.get("visibility"));
    // Make ADMRemoteStore to create the surf-config folder and the dashboard.xml file.
    sendRequest(new PostRequest(URL_ADM + "CREATE/alfresco/site-data/pages/site/" + shortName + "/dashboard.xml?s=sitestore", new JSONObject().toString(), "application/json"), 200);
    // {siteName}/cm:surf-config/
    NodeRef surfConfigFolderRef = nodeService.getChildByName(siteService.getSite(shortName).getNodeRef(), ContentModel.ASSOC_CONTAINS, "surf-config");
    assertEquals("surf-config", nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_NAME));
    String owner = (String) nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_OWNER);
    assertFalse(USER_ONE.equalsIgnoreCase(owner));
    assertEquals(AuthenticationUtil.getAdminUserName(), owner);
    assertFalse("Inherit Permissions should be off.", permissionService.getInheritParentPermissions(surfConfigFolderRef));
    Set<AccessPermission> permissions = permissionService.getAllSetPermissions(surfConfigFolderRef);
    assertEquals(1, permissions.size());
    String siteManagerGroup = siteService.getSiteRoleGroup(shortName, SiteModel.SITE_MANAGER);
    AccessPermission accessPermission = permissions.iterator().next();
    assertEquals(siteManagerGroup, accessPermission.getAuthority());
    assertEquals(SiteModel.SITE_MANAGER, accessPermission.getPermission());
    assertTrue(accessPermission.getAccessStatus() == AccessStatus.ALLOWED);
    // This is the method that finally gets called when ALF-21643 steps are followed.
    PagingResults<FileInfo> pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    List<FileInfo> fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Add USER_TWO as a site collaborator
    JSONObject membership = new JSONObject();
    membership.put("role", SiteModel.SITE_COLLABORATOR);
    JSONObject person = new JSONObject();
    person.put("userName", USER_TWO);
    membership.put("person", person);
    // Post the membership
    Response response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_COLLABORATOR, result.get("role"));
    assertEquals(USER_TWO, result.getJSONObject("authority").get("userName"));
    // Add USER_THREE as a site manager
    membership.put("role", SiteModel.SITE_MANAGER);
    person.put("userName", USER_THREE);
    membership.put("person", person);
    // Post the membership
    response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_MANAGER, result.get("role"));
    assertEquals(USER_THREE, result.getJSONObject("authority").get("userName"));
    // USER_TWO is a site collaborator so he should not be able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_TWO);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_TWO dose not have the appropriate permissions to perform this operation.");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_THREE is a site manager so he is able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_THREE);
    pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Update USER_ONE role from SiteManager to SiteContributor.
    membership.put("role", SiteModel.SITE_CONTRIBUTOR);
    person.put("userName", USER_ONE);
    membership.put("person", person);
    response = sendRequest(new PutRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_CONTRIBUTOR, result.get("role"));
    assertEquals(USER_ONE, result.getJSONObject("authority").get("userName"));
    // USER_ONE is no longer a site manager
    // USER_ONE tries to access "{siteName}/cm:surf-config" children
    AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_ONE tries to access "{siteName}/cm:surf-config/pages" children
    try {
        fileFolderService.list(fileInfos.get(0).getNodeRef(), true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
}
Also used : AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) AccessPermission(org.alfresco.service.cmr.security.AccessPermission) PutRequest(org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest) PagingRequest(org.alfresco.query.PagingRequest) Response(org.springframework.extensions.webscripts.TestWebScriptServer.Response) NodeRef(org.alfresco.service.cmr.repository.NodeRef) PostRequest(org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest) JSONObject(org.json.JSONObject) FileInfo(org.alfresco.service.cmr.model.FileInfo)

Aggregations

PagingRequest (org.alfresco.query.PagingRequest)36 ArrayList (java.util.ArrayList)18 Pair (org.alfresco.util.Pair)12 NodeRef (org.alfresco.service.cmr.repository.NodeRef)11 HashMap (java.util.HashMap)10 JSONObject (org.json.simple.JSONObject)10 Paging (org.alfresco.rest.framework.resource.parameters.Paging)8 Map (java.util.Map)7 Date (java.util.Date)6 UserTransaction (javax.transaction.UserTransaction)6 WebScriptException (org.springframework.extensions.webscripts.WebScriptException)6 AbstractList (java.util.AbstractList)5 FacesContext (javax.faces.context.FacesContext)5 InvalidArgumentException (org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)5 TopicInfo (org.alfresco.service.cmr.discussion.TopicInfo)5 PersonInfo (org.alfresco.service.cmr.security.PersonService.PersonInfo)5 AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4 SiteInfo (org.alfresco.service.cmr.site.SiteInfo)4 HashSet (java.util.HashSet)3 List (java.util.List)3