Example 26 with RunAsWork
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class CreateRecordTest method testCreateRecordViaCoreServices.
/**
* Given I have ViewRecord and CreateRecord capabilities
* And I have filling on a record folder
* When I create content via ScriptNode (simulated)
* Then the record is successfully created
*
* @see https://issues.alfresco.com/jira/browse/RM-1956
*/
public void testCreateRecordViaCoreServices() throws Exception {
doBehaviourDrivenTest(new BehaviourDrivenTest() {
/**
* test data
*/
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef recordFolder;
NodeRef record;
public void given() {
// create a role with view and create capabilities
Set<Capability> capabilities = new HashSet<Capability>(2);
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
public void when() {
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
record = AuthenticationUtil.runAs(new RunAsWork<NodeRef>() {
public NodeRef doWork() throws Exception {
NodeRef record = fileFolderService.create(recordFolder, "testRecord.txt", ContentModel.TYPE_CONTENT).getNodeRef();
ContentData content = (ContentData) nodeService.getProperty(record, PROP_CONTENT);
nodeService.setProperty(record, PROP_CONTENT, ContentData.setMimetype(content, MimetypeMap.MIMETYPE_TEXT_PLAIN));
return record;
}
}, user);
}
public void then() {
// check the details of the record
assertTrue(recordService.isRecord(record));
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// we are expecting an expception here
try {
ContentData content = (ContentData) nodeService.getProperty(record, PROP_CONTENT);
nodeService.setProperty(record, PROP_CONTENT, ContentData.setMimetype(content, MimetypeMap.MIMETYPE_TEXT_PLAIN));
fail("Expecting access denied exception");
} catch (AccessDeniedException exception) {
// expceted
}
return null;
}
}, user);
}
});
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException)
Set(java.util.Set)
HashSet(java.util.HashSet)
ContentData(org.alfresco.service.cmr.repository.ContentData)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException)
Example 27 with RunAsWork
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class CreateRecordTest method testCreateRecordCapabilityOnlyFromFileFolderService.
/**
*/
public void testCreateRecordCapabilityOnlyFromFileFolderService() throws Exception {
doBehaviourDrivenTest(new BehaviourDrivenTest() {
/**
* test data
*/
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef recordFolder;
NodeRef record;
public void given() {
// create role
Set<Capability> capabilities = new HashSet<Capability>(2);
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
public void when() {
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
record = fileFolderService.create(recordFolder, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
ContentWriter writer = contentService.getWriter(record, ContentModel.TYPE_CONTENT, true);
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
writer.setEncoding("UTF-8");
writer.putContent("Lucy Wetherall");
return null;
}
}, user);
}
public void then() {
// check the details of the record
assertTrue(recordService.isRecord(record));
}
});
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
ContentWriter(org.alfresco.service.cmr.repository.ContentWriter)
Set(java.util.Set)
HashSet(java.util.HashSet)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
Example 28 with RunAsWork
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class RejectRecordTest method testRevertAfterReject.
/**
*/
public void testRevertAfterReject() throws Exception {
doBehaviourDrivenTest(new BehaviourDrivenTest() {
private NodeRef document;
public void given() {
NodeRef folder = fileFolderService.create(documentLibrary, GUID.generate(), TYPE_FOLDER).getNodeRef();
document = fileFolderService.create(folder, GUID.generate(), TYPE_CONTENT).getNodeRef();
assertFalse(recordService.isRecord(document));
ownableService.setOwner(document, userName);
versionService.ensureVersioningEnabled(document, null);
// document is declared as a record by user
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// declare record
recordService.createRecord(filePlan, document);
return null;
}
}, userName);
assertTrue(nodeService.hasAspect(document, ASPECT_FILE_PLAN_COMPONENT));
}
public void when() {
// reject the record
recordService.rejectRecord(document, REASON);
assertFalse(nodeService.hasAspect(document, ASPECT_FILE_PLAN_COMPONENT));
// upload a new version of the document
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
ContentWriter writer = contentService.getWriter(document, ContentModel.PROP_CONTENT, true);
writer.putContent("This is a change to the content and should force a new version");
versionService.createVersion(document, null);
return null;
}
}, userName);
assertFalse(nodeService.hasAspect(document, ASPECT_FILE_PLAN_COMPONENT));
VersionHistory history = versionService.getVersionHistory(document);
assertEquals(2, history.getAllVersions().size());
final Version initial = history.getRootVersion();
assertFalse(nodeService.hasAspect(initial.getFrozenStateNodeRef(), ASPECT_FILE_PLAN_COMPONENT));
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// revert the document to a previous version
versionService.revert(document, initial);
return null;
}
}, userName);
}
public void then() {
// document is no longer a record
assertFalse(recordService.isRecord(document));
// expected owner has be re-set
assertEquals(userName, ownableService.getOwner(document));
}
});
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
ContentWriter(org.alfresco.service.cmr.repository.ContentWriter)
RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
Version(org.alfresco.service.cmr.version.Version)
VersionHistory(org.alfresco.service.cmr.version.VersionHistory)
Example 29 with RunAsWork
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class ReadPermissionsOnTransferFolderTest method testReadPermissionsOnTransferFolder.
public void testReadPermissionsOnTransferFolder() {
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1) {
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() {
runAs(new RunAsWork<Void>() {
public Void doWork() {
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser1, FILING);
filePlanPermissionService.setPermission(category, testUser2, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
// See RM-3931
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() {
// FIXME: If the transfer step is executed here the test fails. See RM-3931
// transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
// Give testUser2 read permissions on transfer folder
filePlanPermissionService.setPermission(transferFolder, testUser2, READ_RECORDS);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() {
// Check transfer folder
assertNotNull(transferFolder);
// testUser1 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser1 has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
runAs(new RunAsWork<Void>() {
public Void doWork() {
// Check transfer folder
assertNotNull(transferFolder);
// testUser2 should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if testUser2 has read permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, READ_RECORDS));
// Check if testUser2 filing permissions on the transfer folder
assertEquals(DENIED, permissionService.hasPermission(transferFolder, FILING));
// Try to execute transfer complete action as testUser2 who has no filing permissions on the transfer folder
try {
rmActionService.executeRecordsManagementAction(transferFolder, TransferCompleteAction.NAME);
} catch (AccessDeniedException ade) {
// Expected
}
return null;
}
}, testUser2);
}
});
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Serializable(java.io.Serializable)
AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException)
RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
HashMap(java.util.HashMap)
Example 30 with RunAsWork
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class ExtendedSecurityServiceImplTest method testDifferentUsersDifferentPermissions.
public void testDifferentUsersDifferentPermissions() {
final String userNone = createTestUser();
final String userRead = createTestUser();
final String userWrite = createTestUser();
final String siteShortName = GUID.generate();
doTestInTransaction(new Test<Void>() {
public Void run() throws Exception {
siteService.createSite(null, siteShortName, "test", "test", SiteVisibility.PRIVATE);
return null;
}
});
final NodeRef documentLibrary = doTestInTransaction(new Test<NodeRef>() {
public NodeRef run() throws Exception {
siteService.setMembership(siteShortName, userRead, SiteModel.SITE_CONSUMER);
siteService.setMembership(siteShortName, userWrite, SiteModel.SITE_COLLABORATOR);
return siteService.createContainer(siteShortName, SiteService.DOCUMENT_LIBRARY, null, null);
}
});
final NodeRef record = doTestInTransaction(new Test<NodeRef>() {
public NodeRef run() throws Exception {
NodeRef record = fileFolderService.create(documentLibrary, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
recordService.createRecord(filePlan, record);
return record;
}
});
doTestInTransaction(new Test<Void>() {
public Void run() throws Exception {
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userNone);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userRead);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
return null;
}
}, userWrite);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userNone);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(record, FILING));
return null;
}
}, userRead);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
public Void doWork() throws Exception {
// check permissions
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(record, FILING));
return null;
}
}, userWrite);
return null;
}
});
}Aggregations
RunAsWork (org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)34
NodeRef (org.alfresco.service.cmr.repository.NodeRef)26
HashMap (java.util.HashMap)11
Serializable (java.io.Serializable)8
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)7
FileNotFoundException (org.alfresco.service.cmr.model.FileNotFoundException)5
ArrayList (java.util.ArrayList)4
List (java.util.List)4
FileExistsException (org.alfresco.service.cmr.model.FileExistsException)4
ContentWriter (org.alfresco.service.cmr.repository.ContentWriter)4
QName (org.alfresco.service.namespace.QName)4
HashSet (java.util.HashSet)3
Map (java.util.Map)3
Set (java.util.Set)3
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)3
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)3
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)3
Version (org.alfresco.service.cmr.version.Version)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
