Search in sources :

Example 1 with NodePermissions

use of org.alfresco.rest.api.model.NodePermissions in project alfresco-remote-api by Alfresco.

the class NodeApiTest method testUpdatePermissionsDefaultInheritFromParent.

/**
 * Test default inherit from parent
 *
 * @throws Exception
 */
private void testUpdatePermissionsDefaultInheritFromParent() throws Exception {
    // create folder
    Folder folder = new Folder();
    folder.setName("testFolder" + GUID.generate());
    folder.setNodeType(TYPE_CM_FOLDER);
    // set permissions on previously created folder
    NodePermissions nodePermissions = new NodePermissions();
    List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
    locallySetPermissions.add(new NodePermissions.NodePermission(groupA, PermissionService.EDITOR, AccessStatus.DENIED.toString()));
    nodePermissions.setLocallySet(locallySetPermissions);
    folder.setPermissions(nodePermissions);
    HttpResponse response = post(getNodeChildrenUrl(Nodes.PATH_MY), RestApiUtil.toJsonAsStringNonNull(folder), 201);
    Folder f = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Folder.class);
    // create a new document in testFolder
    String docId = createDocument(getNodeChildrenUrl(f.getId()));
    Map params = new HashMap<>();
    params.put("include", "permissions");
    response = getSingle(NodesEntityResource.class, docId, params, 200);
    Document docResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
    assertTrue("Inheritance hasn't been enabled!", docResp.getPermissions().getIsInheritanceEnabled());
    assertTrue("Permissions were not inherited from parent!", docResp.getPermissions().getInherited().size() > 0);
}
Also used : NodePermissions(org.alfresco.rest.api.model.NodePermissions) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) NodesEntityResource(org.alfresco.rest.api.nodes.NodesEntityResource) Folder(org.alfresco.rest.api.tests.client.data.Folder) Document(org.alfresco.rest.api.tests.client.data.Document) Map(java.util.Map) MimetypeMap(org.alfresco.repo.content.MimetypeMap) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 2 with NodePermissions

use of org.alfresco.rest.api.model.NodePermissions in project alfresco-remote-api by Alfresco.

the class NodeApiTest method testUpdatePermissionInvalidName.

/**
 * Test attempt to set permission with an invalid name
 *
 * @throws Exception
 */
private void testUpdatePermissionInvalidName() throws Exception {
    // create folder with an empty document
    String postUrl = createFolder();
    String dId = createDocument(postUrl);
    // update permissions
    Document dUpdate = new Document();
    NodePermissions nodePermissions = new NodePermissions();
    List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
    locallySetPermissions.add(new NodePermissions.NodePermission(groupA, "InvalidName", AccessStatus.DENIED.toString()));
    nodePermissions.setLocallySet(locallySetPermissions);
    dUpdate.setPermissions(nodePermissions);
    // "Cannot set permissions on this node - unknown permission name:
    // InvalidName"
    put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
}
Also used : NodePermissions(org.alfresco.rest.api.model.NodePermissions) ArrayList(java.util.ArrayList) Document(org.alfresco.rest.api.tests.client.data.Document)

Example 3 with NodePermissions

use of org.alfresco.rest.api.model.NodePermissions in project alfresco-remote-api by Alfresco.

the class NodeApiTest method testUpdatePermissionInvalidAccessStatus.

/**
 * Test attempt to set permission with an invalid access status
 *
 * @throws Exception
 */
private void testUpdatePermissionInvalidAccessStatus() throws Exception {
    // create folder with an empty document
    String postUrl = createFolder();
    String dId = createDocument(postUrl);
    // update permissions
    Document dUpdate = new Document();
    NodePermissions nodePermissions = new NodePermissions();
    List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
    locallySetPermissions.add(new NodePermissions.NodePermission(groupA, PermissionService.CONSUMER, "InvalidAccessLevel"));
    nodePermissions.setLocallySet(locallySetPermissions);
    dUpdate.setPermissions(nodePermissions);
    // "Cannot set permissions on this node - unknown access status:
    // InvalidName"
    put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
}
Also used : NodePermissions(org.alfresco.rest.api.model.NodePermissions) ArrayList(java.util.ArrayList) Document(org.alfresco.rest.api.tests.client.data.Document)

Example 4 with NodePermissions

use of org.alfresco.rest.api.model.NodePermissions in project alfresco-remote-api by Alfresco.

the class NodeApiTest method testUpdatePermissionsOnNode.

/**
 * Test update permission on a node
 *
 * @throws Exception
 */
private void testUpdatePermissionsOnNode() throws Exception {
    // create folder with an empty document
    String postUrl = createFolder();
    String dId = createDocument(postUrl);
    // update permissions
    Document dUpdate = new Document();
    NodePermissions nodePermissions = new NodePermissions();
    List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
    locallySetPermissions.add(new NodePermissions.NodePermission(groupA, PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
    nodePermissions.setLocallySet(locallySetPermissions);
    dUpdate.setPermissions(nodePermissions);
    // update node
    HttpResponse response = put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 200);
    Document documentResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
    validatePermissionsAfterUpdate(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), locallySetPermissions);
    // Check permissions on node for user2 (part of groupB)
    AuthenticationUtil.setRunAsUser(user2);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.CONSUMER) == AccessStatus.DENIED);
    // Check permissions on node for user1 (part of groupA)
    AuthenticationUtil.setRunAsUser(user1);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.CONSUMER) == AccessStatus.ALLOWED);
    // add two groups with different permissions for each
    locallySetPermissions.clear();
    locallySetPermissions.add(new NodePermissions.NodePermission(groupA, PermissionService.EDITOR, AccessStatus.ALLOWED.toString()));
    locallySetPermissions.add(new NodePermissions.NodePermission(groupB, PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
    nodePermissions.setLocallySet(locallySetPermissions);
    dUpdate.setPermissions(nodePermissions);
    // update node
    response = put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 200);
    documentResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
    validatePermissionsAfterUpdate(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), locallySetPermissions);
    // Check permissions on node for user2 (part of groupB)
    AuthenticationUtil.setRunAsUser(user2);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.CONSUMER) == AccessStatus.ALLOWED);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.EDITOR) == AccessStatus.DENIED);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.WRITE) == AccessStatus.DENIED);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.READ) == AccessStatus.ALLOWED);
    // Check permissions on node for user1 (part of groupA)
    AuthenticationUtil.setRunAsUser(user1);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.EDITOR) == AccessStatus.ALLOWED);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.WRITE) == AccessStatus.ALLOWED);
    assertTrue(permissionService.hasPermission(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, documentResp.getId()), PermissionService.READ) == AccessStatus.ALLOWED);
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) NodePermissions(org.alfresco.rest.api.model.NodePermissions) ArrayList(java.util.ArrayList) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) Document(org.alfresco.rest.api.tests.client.data.Document)

Example 5 with NodePermissions

use of org.alfresco.rest.api.model.NodePermissions in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method testGetSharedLinksIncludePath.

/**
 * Tests for get /shared-links?include=path
 *
 * <p>GET:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links?include=path}
 */
@Test
@Category({ LuceneTests.class, RedundantTests.class })
public void testGetSharedLinksIncludePath() throws Exception {
    String contentText = "includePathTest" + RUNID;
    Paging paging = getPaging(0, 100);
    Map<String, String> queryParams = new HashMap<>();
    queryParams.put("include", "path");
    // As user 1: Test the backward compatibility by checking response with and without path is consistent when no shared-links
    setRequestContext(user1);
    // Get all shared links visible to user 1
    HttpResponse response = getAll(URL_SHARED_LINKS, paging, 200);
    List<QuickShareLink> sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    // Check that the same no of items is returned with include=path
    response = getAll(URL_SHARED_LINKS, paging, queryParams, 200);
    List<QuickShareLink> sharedLinksWithPath = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    assertEquals("get /shared-links/ API returns same no of shared-links with or without include=path, when there are no shared-links", sharedLinks, sharedLinksWithPath);
    // Create Files in various locations: My Files, SharedFiles, Sites with different visibility
    // Create doc in "My Files"
    Document myFile = createTextFile(getMyNodeId(), "MyFile" + RUNID + ".txt", contentText);
    // Create doc in "Shared" folder
    Document sharedFile = createTextFile(getSharedNodeId(), "SharedFile" + RUNID + ".txt", contentText);
    // Create Sites
    Site publicSite = createSite("TestSite-Public-" + RUNID, SiteVisibility.PUBLIC);
    Site modSite = createSite("TestSite-Moderate-" + RUNID, SiteVisibility.MODERATED);
    Site privateSite = createSite("TestSite-Private-" + RUNID, SiteVisibility.PRIVATE);
    // Create file in Site Public > DocumentLibrary
    String docLibPub = getSiteContainerNodeId(publicSite.getId(), "documentLibrary");
    Document filePublic = createTextFile(docLibPub, "filePublic.txt", contentText);
    // Create files in Site Moderated > DocumentLibrary > Folder 1 and Folder 2
    String docLibMod = getSiteContainerNodeId(modSite.getId(), "documentLibrary");
    Folder folder1 = createFolder(docLibMod, "1");
    Folder folder2 = createFolder(docLibMod, "2");
    Document fileMod = createTextFile(folder1.getId(), "fileMod.txt", contentText);
    Document fileMod2 = createTextFile(folder2.getId(), "fileMod2.txt", contentText);
    // Create file in Site Private > DocumentLibrary
    String docLibPvt = getSiteContainerNodeId(privateSite.getId(), "documentLibrary");
    Document filePrivate = createTextFile(docLibPvt, "filePrivate.txt", contentText);
    // Share the files above in: My Files, SharedFiles, Sites with different visibility
    String myFileLinkId = postSharedLink(myFile);
    String sharedLinkId = postSharedLink(sharedFile);
    String filePublicLinkId = postSharedLink(filePublic);
    String fileModLinkId = postSharedLink(fileMod);
    String fileMod2LinkId = postSharedLink(fileMod2);
    String filePrivateLinkId = postSharedLink(filePrivate);
    // Grant user2: Consumer Permission for Moderated Site > File1
    List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
    locallySetPermissions.add(new NodePermissions.NodePermission(user2, PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
    NodePermissions nodePermissions = new NodePermissions();
    nodePermissions.setIsInheritanceEnabled(false);
    nodePermissions.setLocallySet(locallySetPermissions);
    Document docPermissions = new Document();
    docPermissions.setPermissions(nodePermissions);
    put(URL_NODES, fileMod.getId(), toJsonAsStringNonNull(docPermissions), null, 200);
    // Grant user2: Consumer Permission for Moderated Site > Folder 2, File2
    put(URL_NODES, fileMod2.getId(), toJsonAsStringNonNull(docPermissions), null, 200);
    Folder folderPermissions = new Folder();
    folderPermissions.setPermissions(nodePermissions);
    put(URL_NODES, folder2.getId(), toJsonAsStringNonNull(folderPermissions), null, 200);
    // Get links For User1
    setRequestContext(user1);
    response = getSingle(QuickShareLinkEntityResource.class, myFileLinkId, null, 200);
    QuickShareLink link = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNull("get /shared-links/<id> API does not return Path info by default", link.getPath());
    // Path info is not included for get shared-links/<id>
    response = getSingle(QuickShareLinkEntityResource.class, myFileLinkId, queryParams, 200);
    link = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNull("get /shared-links/<id> API ignores Path info when requested as it is a noAuth API.", link.getPath());
    response = getAll(URL_SHARED_LINKS, paging, 200);
    sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    assertEquals("API returns correct shared-links as expected: without path info", 6, sharedLinks.size());
    sharedLinks.forEach(sharedLink -> assertNull("API does not return Path info for any shared-links by default", sharedLink.getPath()));
    // Path info is included for get shared-links when requested
    response = getAll(URL_SHARED_LINKS, paging, queryParams, 200);
    sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    // Complete path info is retrieved for the user with access to the complete path
    assertEquals("API returns correct shared-links as expected: with path info", 6, sharedLinks.size());
    sharedLinks.forEach(sharedLink -> assertTrue("API returns Complete Path info for each link when requested by content owner", sharedLink.getPath().getIsComplete()));
    // Get links For User2
    setRequestContext(user2);
    response = getAll(URL_SHARED_LINKS, paging, 200);
    sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    // Path info is not included when not requested
    assertEquals("API returns correct shared-links as expected for user2: without path info", 4, sharedLinks.size());
    sharedLinks.forEach(sharedLink -> assertNull("get /shared-links/ API does not return Path info for any shared-links by default", sharedLink.getPath()));
    response = getAll(URL_SHARED_LINKS, paging, queryParams, 200);
    sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    // Path info is retrieved for the user with access to the complete path: Sorted as LIFO
    assertEquals("API returns correct shared-links as expected for user2: with path info", 4, sharedLinks.size());
    sharedLinks.forEach(sharedLink -> assertNotNull("API returns Path info for each link when requested by user2", sharedLink.getPath()));
    // Moderated Site > fileMod2: Path only includes elements where user2 has access
    QuickShareLink sharedLink = sharedLinks.get(0);
    assertEquals("Incorrect sort order or SharedLink ID for fileMod2: " + sharedLink, fileMod2LinkId, sharedLink.getId());
    PathInfo path = sharedLink.getPath();
    assertEquals("Complete Path is returned even when user2 does not have appropriate permissions. SharedLink Path: " + path, false, path.getIsComplete());
    assertEquals("Path omits immediate Parent folder Name when user has access to it. SharedLink Path: " + path, "/" + folder2.getName(), path.getName());
    assertEquals("Path omits immediate Parent folder ID when user has access to it. SharedLink Path: " + path, folder2.getId(), path.getElements().get(0).getId());
    // Moderated Site > fileMod: Path empty when user2 does not have access to the immediate parent
    sharedLink = sharedLinks.get(1);
    assertEquals("Incorrect sort order or SharedLink ID for fileMod: " + sharedLink, fileModLinkId, sharedLink.getId());
    path = sharedLink.getPath();
    assertNotNull("Path info is not included in the response when user does not have right permissions. SharedLink Path: " + path, path);
    assertNull("Path Name is returned when user does not have right permissions. SharedLink Path: " + path, path.getName());
    assertNull("Path info is returned when user does not have right permissions. SharedLink Path: " + path, path.getIsComplete());
    assertNull("Path Elements are returned when user does not have right permissions. SharedLink Path: " + path, path.getElements());
    // Public Site > filePublic: Path includes all the elements when user2 has appropriate access
    sharedLink = sharedLinks.get(2);
    assertEquals("Incorrect sort order or SharedLink ID for filePublic: " + sharedLink, filePublicLinkId, sharedLink.getId());
    path = sharedLink.getPath();
    assertEquals("Complete Path is not returned for user2 for public files. SharedLink Path: " + path, true, path.getIsComplete());
    assertEquals("Incorrect Path Name for Public Site Files. SharedLink Path: " + path, "/Company Home/Sites/" + publicSite.getId() + "/documentLibrary", path.getName());
    assertEquals("Incorrect Path Elements for Public Site Files. SharedLink Path: " + path, 4, path.getElements().size());
    assertEquals("Incorrect ID in the Path for Company Home. SharedLink Path: " + path, getRootNodeId(), path.getElements().get(0).getId());
    assertEquals("Incorrect ID in the Path for Public Site. SharedLink Path: " + path, publicSite.getGuid(), path.getElements().get(2).getId());
    assertEquals("Incorrect ID in the Path for Public Site DocLib. SharedLink Path: " + path, docLibPub, path.getElements().get(3).getId());
    // Shared Files > shared: Path includes all the elements when user2 has appropriate access
    sharedLink = sharedLinks.get(3);
    assertEquals("Incorrect sort order or SharedLink ID for sharedFiles: " + sharedLink, sharedLinkId, sharedLink.getId());
    path = sharedLink.getPath();
    assertEquals("Complete Path is not returned for user2 for shared files. SharedLink Path: " + path, true, path.getIsComplete());
    assertEquals("Incorrect Path Name for Shared Files. SharedLink Path: " + path, "/Company Home/Shared", path.getName());
    assertEquals("Incorrect Path Elements for Shared Files. SharedLink Path: " + path, 2, path.getElements().size());
    assertEquals("Incorrect ID in the Path for Company Home. SharedLink Path: " + path, getRootNodeId(), path.getElements().get(0).getId());
    assertEquals("Incorrect ID in the path for Shared Files. SharedLink Path: " + path, getSharedNodeId(), path.getElements().get(1).getId());
    // Unauthorized request returns 401
    setRequestContext(null, "UserNotKnown", DEFAULT_ADMIN_PWD);
    queryParams = new HashMap<>();
    getAll(URL_SHARED_LINKS, paging, queryParams, 401);
    // Unauthenticated request returns 401
    setRequestContext(user2, null, null);
    getAll(URL_SHARED_LINKS, paging, queryParams, 401);
    // Delete the shared links
    setRequestContext(user1);
    deleteSharedLink(myFileLinkId);
    deleteSharedLink(sharedLinkId);
    deleteSharedLink(filePublicLinkId);
    deleteSharedLink(fileModLinkId);
    deleteSharedLink(fileMod2LinkId);
    deleteSharedLink(filePrivateLinkId);
}
Also used : Site(org.alfresco.rest.api.model.Site) NodePermissions(org.alfresco.rest.api.model.NodePermissions) HashMap(java.util.HashMap) Paging(org.alfresco.rest.api.tests.client.PublicApiClient.Paging) ArrayList(java.util.ArrayList) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) Document(org.alfresco.rest.api.tests.client.data.Document) Folder(org.alfresco.rest.api.tests.client.data.Folder) QuickShareLinkEntityResource(org.alfresco.rest.api.quicksharelinks.QuickShareLinkEntityResource) PathInfo(org.alfresco.rest.api.model.PathInfo) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink) Category(org.junit.experimental.categories.Category) Test(org.junit.Test)

Aggregations

NodePermissions (org.alfresco.rest.api.model.NodePermissions)15 ArrayList (java.util.ArrayList)13 Document (org.alfresco.rest.api.tests.client.data.Document)12 HttpResponse (org.alfresco.rest.api.tests.client.HttpResponse)7 HashMap (java.util.HashMap)6 NodesEntityResource (org.alfresco.rest.api.nodes.NodesEntityResource)5 LinkedHashMap (java.util.LinkedHashMap)3 Map (java.util.Map)3 MimetypeMap (org.alfresco.repo.content.MimetypeMap)3 Serializable (java.io.Serializable)2 HashSet (java.util.HashSet)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 PathInfo (org.alfresco.rest.api.model.PathInfo)2 Folder (org.alfresco.rest.api.tests.client.data.Folder)2 Node (org.alfresco.rest.api.tests.client.data.Node)2 NodeRef (org.alfresco.service.cmr.repository.NodeRef)2 AccessPermission (org.alfresco.service.cmr.security.AccessPermission)2 QName (org.alfresco.service.namespace.QName)2 Test (org.junit.Test)2 File (java.io.File)1