Search in sources :

Example 66 with HttpResponse

use of org.alfresco.rest.api.tests.client.HttpResponse in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method testSharedLinkCreateGetDelete_MultiTenant.

/**
 * Tests shared links to file (content) in a multi-tenant system.
 *
 * <p>POST:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links}
 *
 * <p>DELETE:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>}
 *
 * <p>GET:</p>
 * The following do not require authentication
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/content}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions/<renditionId>}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions/<renditionId>/content}
 */
// TODO now covered by testSharedLinkCreateGetDelete ? (since base class now uses tenant context by default)
@Test
public void testSharedLinkCreateGetDelete_MultiTenant() throws Exception {
    // As user1
    setRequestContext(user1);
    String docLibNodeId = getSiteContainerNodeId(tSiteId, "documentLibrary");
    String folderName = "folder" + System.currentTimeMillis() + "_1";
    String folderId = createFolder(docLibNodeId, folderName, null).getId();
    // create doc d1 - pdf
    String fileName1 = "quick" + RUNID + "_1.pdf";
    File file1 = getResourceFile("quick.pdf");
    byte[] file1_originalBytes = Files.readAllBytes(Paths.get(file1.getAbsolutePath()));
    String file1_MimeType = MimetypeMap.MIMETYPE_PDF;
    MultiPartBuilder.MultiPartRequest reqBody = MultiPartBuilder.create().setFileData(new MultiPartBuilder.FileData(fileName1, file1, file1_MimeType)).build();
    HttpResponse response = post(getNodeChildrenUrl(folderId), reqBody.getBody(), null, reqBody.getContentType(), 201);
    Document doc1 = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
    String d1Id = doc1.getId();
    assertNotNull(d1Id);
    // create shared link to document 1
    Map<String, String> body = new HashMap<>();
    body.put("nodeId", d1Id);
    response = post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 201);
    QuickShareLink resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    String shared1Id = resp.getId();
    assertNotNull(shared1Id);
    assertEquals(d1Id, resp.getNodeId());
    assertEquals(fileName1, resp.getName());
    assertEquals(file1_MimeType, resp.getContent().getMimeType());
    assertEquals(user1, resp.getSharedByUser().getId());
    // allowable operations not included - no params
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, null, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNull(resp.getAllowableOperations());
    setRequestContext(null);
    // unauth access to get shared link info
    // note: this will be ignore for unauth access
    Map<String, String> params = Collections.singletonMap("include", "allowableOperations");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, params, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertEquals(shared1Id, resp.getId());
    assertEquals(fileName1, resp.getName());
    assertEquals(d1Id, resp.getNodeId());
    // include is ignored
    assertNull(resp.getAllowableOperations());
    // include is ignored
    assertNull(resp.getAllowableOperationsOnTarget());
    // unauth access to file 1 content (via shared link)
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/content", null, 200);
    assertArrayEquals(file1_originalBytes, response.getResponseAsBytes());
    Map<String, String> responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(file1_MimeType + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get("Expires"));
    assertEquals("attachment; filename=\"" + fileName1 + "\"; filename*=UTF-8''" + fileName1 + "", responseHeaders.get("Content-Disposition"));
    String lastModifiedHeader = responseHeaders.get(LAST_MODIFIED_HEADER);
    assertNotNull(lastModifiedHeader);
    // Test 304 response
    Map<String, String> headers = Collections.singletonMap(IF_MODIFIED_SINCE_HEADER, lastModifiedHeader);
    getSingle(URL_SHARED_LINKS, shared1Id + "/content", null, headers, 304);
    // unauth access to file 1 content (via shared link) - without Content-Disposition header (attachment=false)
    params = new HashMap<>();
    params.put("attachment", "false");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/content", params, 200);
    assertArrayEquals(file1_originalBytes, response.getResponseAsBytes());
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(file1_MimeType + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get(LAST_MODIFIED_HEADER));
    assertNotNull(responseHeaders.get("Expires"));
    assertNull(responseHeaders.get("Content-Disposition"));
    // -ve shared link rendition tests
    {
        // -ve test - try to get non-existent rendition content
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", null, 404);
        // -ve test - try to get unregistered rendition content
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/dummy/content", null, 404);
    }
    // unauth access to get rendition info for a shared link (available => CREATED rendition only)
    // -ve shared link rendition tests
    {
        // -ve test - try to get not created rendition for the given shared link
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib", null, 404);
        // -ve test - try to get unregistered rendition
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/dummy", null, 404);
    }
    // unauth access to get shared link renditions info (available => CREATED renditions only)
    response = getAll(URL_SHARED_LINKS + "/" + shared1Id + "/renditions", null, 200);
    List<Rendition> renditions = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Rendition.class);
    assertEquals(0, renditions.size());
    // create rendition of pdf doc - note: for some reason create rendition of txt doc fail on build m/c (TBC) ?
    setRequestContext(user1);
    Rendition rendition = createAndGetRendition(d1Id, "doclib");
    assertNotNull(rendition);
    assertEquals(Rendition.RenditionStatus.CREATED, rendition.getStatus());
    setRequestContext(null);
    // unauth access to get shared link renditions info (available => CREATED renditions only)
    response = getAll(URL_SHARED_LINKS + "/" + shared1Id + "/renditions", null, 200);
    renditions = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Rendition.class);
    assertEquals(1, renditions.size());
    assertEquals(Rendition.RenditionStatus.CREATED, renditions.get(0).getStatus());
    assertEquals("doclib", renditions.get(0).getId());
    // unauth access to get rendition info for a shared link (available => CREATED rendition only)
    {
        // get a created rendition for the given shared link
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib", null, 200);
    }
    // unauth access to get shared link file rendition content
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", null, 200);
    assertTrue(response.getResponseAsBytes().length > 0);
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(MimetypeMap.MIMETYPE_IMAGE_PNG + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get(LAST_MODIFIED_HEADER));
    assertNotNull(responseHeaders.get("Expires"));
    String docName = "doclib";
    assertEquals("attachment; filename=\"" + docName + "\"; filename*=UTF-8''" + docName + "", responseHeaders.get("Content-Disposition"));
    // unauth access to get shared link file rendition content - without Content-Disposition header (attachment=false)
    params = new HashMap<>();
    params.put("attachment", "false");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", params, 200);
    assertTrue(response.getResponseAsBytes().length > 0);
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(MimetypeMap.MIMETYPE_IMAGE_PNG + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get("Expires"));
    assertNull(responseHeaders.get("Content-Disposition"));
    lastModifiedHeader = responseHeaders.get(LAST_MODIFIED_HEADER);
    assertNotNull(lastModifiedHeader);
    // Test 304 response
    headers = Collections.singletonMap(IF_MODIFIED_SINCE_HEADER, lastModifiedHeader);
    getSingle(URL_SHARED_LINKS, shared1Id + "/renditions/doclib/content", null, headers, 304);
    // -ve test - userTwoN1 cannot delete shared link
    setRequestContext(user2);
    deleteSharedLink(shared1Id, 403);
    // -ve test - unauthenticated
    setRequestContext(null);
    deleteSharedLink(shared1Id, 401);
    // delete shared link
    setRequestContext(user1);
    deleteSharedLink(shared1Id);
}
Also used : HashMap(java.util.HashMap) Rendition(org.alfresco.rest.api.tests.client.data.Rendition) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) Document(org.alfresco.rest.api.tests.client.data.Document) QuickShareLinkEntityResource(org.alfresco.rest.api.quicksharelinks.QuickShareLinkEntityResource) MultiPartBuilder(org.alfresco.rest.api.tests.util.MultiPartBuilder) File(java.io.File) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink) Test(org.junit.Test)

Example 67 with HttpResponse

use of org.alfresco.rest.api.tests.client.HttpResponse in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method testCreateSharedLinkWithIncludeParam.

/**
 * Tests create shared-links with 'include' parameter.
 *
 * <p>POST:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links?include=path}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links?include=allowableOperations}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links?include=path,allowableOperations}
 */
@Test
@Category({ LuceneTests.class, RedundantTests.class })
public void testCreateSharedLinkWithIncludeParam() throws Exception {
    String content = "The quick brown fox jumps over the lazy dog.";
    String fileName1 = "fileOne_" + RUNID + ".txt";
    String fileName2 = "fileTwo_" + RUNID + ".txt";
    String fileName3 = "fileThree_" + RUNID + ".txt";
    // As user 1 create 3 text files in -my- folder (i.e. User's Home)
    setRequestContext(user1);
    String doc1Id = createTextFile(getMyNodeId(), fileName1, content).getId();
    String doc2Id = createTextFile(getMyNodeId(), fileName2, content).getId();
    String doc3Id = createTextFile(getMyNodeId(), fileName3, content).getId();
    // Share the 'fileName1' doc and use the query parameter 'include=path' to return path information
    QuickShareLink body = new QuickShareLink();
    body.setNodeId(doc1Id);
    HttpResponse response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), "?include=path", 201);
    QuickShareLink quickShareLinkResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    PathInfo pathInfo = quickShareLinkResponse.getPath();
    assertNotNull("API returns Path info when requested upon creation.", pathInfo);
    assertTrue("IsComplete should have been true for user1.", pathInfo.getIsComplete());
    assertEquals("Incorrect number of path elements.", 3, pathInfo.getElements().size());
    assertEquals("Incorrect path name.", "/Company Home/User Homes/" + user1, pathInfo.getName());
    assertEquals("Incorrect path element.", getRootNodeId(), pathInfo.getElements().get(0).getId());
    assertEquals("Incorrect path element.", "Company Home", pathInfo.getElements().get(0).getName());
    assertEquals("Incorrect path element", "User Homes", pathInfo.getElements().get(1).getName());
    assertEquals("Incorrect path element.", getMyNodeId(), pathInfo.getElements().get(2).getId());
    assertEquals("Incorrect path element.", user1, pathInfo.getElements().get(2).getName());
    // Share the 'fileName2' doc and use the query parameter 'include=allowableOperations' to return allowableOperations information
    body.setNodeId(doc2Id);
    response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), "?include=allowableOperations", 201);
    quickShareLinkResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    List<String> allowableOperations = quickShareLinkResponse.getAllowableOperations();
    assertNotNull("'allowableOperations' should have been returned.", allowableOperations);
    assertEquals("allowableOperations should only have 'Delete' as allowable operation.", 1, allowableOperations.size());
    assertEquals("Incorrect allowable operation.", "delete", allowableOperations.get(0));
    // Share the 'fileName3' doc and use the query parameter 'include=path,allowableOperations' to return path and allowableOperations information
    body.setNodeId(doc3Id);
    response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), "?include=path,allowableOperations", 201);
    quickShareLinkResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    // Check Path info
    pathInfo = quickShareLinkResponse.getPath();
    assertNotNull("'path' should have been returned.", pathInfo);
    assertTrue("IsComplete should have been true for user1.", pathInfo.getIsComplete());
    assertEquals("Incorrect number of path elements.", 3, pathInfo.getElements().size());
    assertEquals("Incorrect path name.", "/Company Home/User Homes/" + user1, pathInfo.getName());
    // Check allowableOperations (i.e. the shared link)
    allowableOperations = quickShareLinkResponse.getAllowableOperations();
    assertNotNull("'allowableOperations' should have been returned.", allowableOperations);
    assertEquals("allowableOperations should only have 'Delete' as allowable operation.", 1, allowableOperations.size());
    assertEquals("Incorrect allowable operation.", "delete", allowableOperations.get(0));
    // Check allowableOperationsOnTarget (i.e. for the actual file being shared)
    allowableOperations = quickShareLinkResponse.getAllowableOperationsOnTarget();
    assertNotNull("'allowableOperationsOnTarget' should have been returned.", allowableOperations);
    Collection<String> expectedOps = Arrays.asList("delete", "update", "updatePermissions");
    assertTrue(allowableOperations.containsAll(expectedOps));
    assertEquals(expectedOps.size(), allowableOperations.size());
    assertEquals("Incorrect allowable operation.", "delete", allowableOperations.get(0));
    // Test that listing shared links also support the include parameter.
    Paging paging = getPaging(0, 100);
    response = getAll(URL_SHARED_LINKS, paging, Collections.singletonMap("include", "path,allowableOperations"), 200);
    List<QuickShareLink> sharedLinks = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), QuickShareLink.class);
    assertEquals("Incorrect number of shared-links returned.", 3, sharedLinks.size());
    sharedLinks.forEach(sharedLink -> {
        // Check Path info
        PathInfo path = sharedLink.getPath();
        assertNotNull("'path' should have been returned.", path);
        assertTrue("IsComplete should have been true for user1.", path.getIsComplete());
        assertEquals("Incorrect number of path elements.", 3, path.getElements().size());
        assertEquals("Incorrect path name.", "/Company Home/User Homes/" + user1, path.getName());
        // Check allowableOperations
        List<String> operations = sharedLink.getAllowableOperations();
        assertNotNull("'allowableOperations' should have been returned.", operations);
        assertEquals("allowableOperations should only have 'Delete' as allowable operation.", 1, operations.size());
        assertEquals("Incorrect allowable operation.", "delete", operations.get(0));
        // Check allowableOperationsOnTarget (i.e. for the actual file being shared)
        operations = sharedLink.getAllowableOperationsOnTarget();
        assertNotNull("'allowableOperationsOnTarget' should have been returned.", operations);
        assertTrue(operations.containsAll(expectedOps));
        assertEquals(expectedOps.size(), operations.size());
        assertEquals("Incorrect allowable operation.", "delete", operations.get(0));
        // Quick check that some extended info is present.
        assertEquals("The quick brown fox jumps over the lazy dog", sharedLink.getTitle());
        assertEquals("Gym class featuring a brown fox and lazy dog", sharedLink.getDescription());
    });
}
Also used : Paging(org.alfresco.rest.api.tests.client.PublicApiClient.Paging) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) PathInfo(org.alfresco.rest.api.model.PathInfo) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink) Category(org.junit.experimental.categories.Category) Test(org.junit.Test)

Example 68 with HttpResponse

use of org.alfresco.rest.api.tests.client.HttpResponse in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method postSharedLink.

private String postSharedLink(Document file) {
    Map<String, String> body = new HashMap<>();
    body.put("nodeId", file.getId());
    HttpResponse response;
    try {
        response = post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 201);
        QuickShareLink resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
        return resp.getId();
    } catch (Exception e) {
        throw new RuntimeException("Error sharing link for File: " + file.getId(), e);
    }
}
Also used : HashMap(java.util.HashMap) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink)

Example 69 with HttpResponse

use of org.alfresco.rest.api.tests.client.HttpResponse in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method testSharedLinkWithExpiryDate.

/**
 * Tests shared links to file with expiry date.
 * <p>POST:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links}
 */
@Test
public void testSharedLinkWithExpiryDate() throws Exception {
    // Clear any hanging security context from other tests.
    // We add it here as getSchedules method will throw an exception.
    AuthenticationUtil.clearCurrentSecurityContext();
    final int numOfSchedules = getSchedules();
    setRequestContext(user1);
    // Create plain text document
    String myFolderNodeId = getMyNodeId();
    String contentText = "The quick brown fox jumps over the lazy dog.";
    String fileName = "file-" + RUNID + ".txt";
    String docId = createTextFile(myFolderNodeId, fileName, contentText).getId();
    // Create shared link to document
    QuickShareLink body = new QuickShareLink();
    body.setNodeId(docId);
    // Invalid time - passed time
    body.setExpiresAt(DateTime.now().minusSeconds(20).toDate());
    post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), 400);
    // The default expiryDate period is DAYS (see: 'system.quickshare.expiry_date.enforce.minimum.period' property),
    // so the expiry date must be at least 1 day from now
    body.setExpiresAt(DateTime.now().plusMinutes(5).toDate());
    post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), 400);
    // Set the expiry date to be in the next 2 days
    Date time = DateTime.now().plusDays(2).toDate();
    body.setExpiresAt(time);
    // Post the share request
    HttpResponse response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), 201);
    QuickShareLink resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNotNull(resp.getId());
    assertEquals(fileName, resp.getName());
    assertEquals(time, resp.getExpiresAt());
    // Check that the schedule is persisted
    // Note: No need to check for expiry actions here, as the scheduledPersistedActionService
    // checks that the expiry action is persisted first and if it wasn't will throw an exception.
    assertEquals(numOfSchedules + 1, getSchedules());
    // Delete the shared link
    deleteSharedLink(resp.getId());
    // Check the shred link has been deleted
    getSingle(QuickShareLinkEntityResource.class, resp.getId(), null, 404);
    // As we deleted the shared link, the expiry action and its related schedule should have been removed as well.
    // Check that the schedule is deleted
    assertEquals(numOfSchedules, getSchedules());
    // Set the expiry date to be in the next 24 hours
    time = DateTime.now().plusDays(1).toDate();
    body.setExpiresAt(time);
    // Post the share request
    response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), 201);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNotNull(resp.getId());
    // Check that the schedule is persisted
    assertEquals(numOfSchedules + 1, getSchedules());
    // Get the shared link info
    response = getSingle(QuickShareLinkEntityResource.class, resp.getId(), null, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertEquals(fileName, resp.getName());
    assertEquals(time, resp.getExpiresAt());
    // Change the expiry time to be in the next 6 seconds.
    // Here we'll bypass the QuickShareService in order to force the new time.
    // As the QuickShareService by default will enforce the expiry date to not be less than 24 hours.
    forceNewExpiryTime(resp.getId(), DateTime.now().plusSeconds(6).toDate());
    // Wait for 10 seconds - the expiry action should be triggered in the next 6 seconds.
    Thread.sleep((10000));
    // Check that the expiry action unshared the link
    getSingle(QuickShareLinkEntityResource.class, resp.getId(), null, 404);
    // The expiry action and its related schedule should have been removed after the link unshared by the action executor.
    // Check that the schedule is deleted
    assertEquals(numOfSchedules, getSchedules());
    // Create a shared link without an expiry date
    body.setExpiresAt(null);
    response = post(URL_SHARED_LINKS, RestApiUtil.toJsonAsString(body), 201);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNotNull(resp.getId());
    assertNull("The 'expiryDate' property should have benn null.", resp.getExpiresAt());
    assertEquals(numOfSchedules, getSchedules());
    // Delete the share link that hasn't got an expiry date
    deleteSharedLink(resp.getId());
}
Also used : HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink) Date(java.util.Date) QuickShareLinkEntityResource(org.alfresco.rest.api.quicksharelinks.QuickShareLinkEntityResource) Test(org.junit.Test)

Example 70 with HttpResponse

use of org.alfresco.rest.api.tests.client.HttpResponse in project alfresco-remote-api by Alfresco.

the class SharedLinkApiTest method testSharedLinkCreateGetDelete.

/**
 * Tests shared links to file (content)
 *
 * <p>POST:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links}
 *
 * <p>DELETE:</p>
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>}
 *
 * <p>GET:</p>
 * The following do not require authentication
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/content}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions/<renditionId>}
 * {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/shared-links/<sharedId>/renditions/<renditionId>/content}
 */
@Test
public void testSharedLinkCreateGetDelete() throws Exception {
    // As user 1 ...
    setRequestContext(user1);
    // create doc d1 - pdf
    String sharedFolderNodeId = getSharedNodeId();
    String fileName1 = "quick" + RUNID + "_1.pdf";
    File file1 = getResourceFile("quick.pdf");
    byte[] file1_originalBytes = Files.readAllBytes(Paths.get(file1.getAbsolutePath()));
    String file1_MimeType = MimetypeMap.MIMETYPE_PDF;
    MultiPartBuilder multiPartBuilder = MultiPartBuilder.create().setFileData(new MultiPartBuilder.FileData(fileName1, file1, file1_MimeType));
    MultiPartBuilder.MultiPartRequest reqBody = multiPartBuilder.build();
    HttpResponse response = post(getNodeChildrenUrl(sharedFolderNodeId), reqBody.getBody(), null, reqBody.getContentType(), 201);
    Document doc1 = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
    String d1Id = doc1.getId();
    // create doc d2 - plain text
    String myFolderNodeId = getMyNodeId();
    String content2Text = "The quick brown fox jumps over the lazy dog 2.";
    String fileName2 = "content" + RUNID + "_2.txt";
    Document doc2 = createTextFile(myFolderNodeId, fileName2, content2Text);
    String d2Id = doc2.getId();
    String file2_MimeType = MimetypeMap.MIMETYPE_TEXT_PLAIN;
    // As user 2 ...
    setRequestContext(user2);
    response = getSingle(NodesEntityResource.class, d1Id, null, 200);
    Node nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class);
    Date docModifiedAt = nodeResp.getModifiedAt();
    String docModifiedBy = nodeResp.getModifiedByUser().getId();
    assertEquals(user1, docModifiedBy);
    // create shared link to document 1
    Map<String, String> body = new HashMap<>();
    body.put("nodeId", d1Id);
    response = post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 201);
    QuickShareLink resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    String shared1Id = resp.getId();
    assertNotNull(shared1Id);
    assertEquals(d1Id, resp.getNodeId());
    assertEquals(fileName1, resp.getName());
    assertEquals("The quick brown fox jumps over the lazy dog", resp.getTitle());
    assertEquals("Gym class featuring a brown fox and lazy dog", resp.getDescription());
    assertEquals(file1_MimeType, resp.getContent().getMimeType());
    assertEquals("Adobe PDF Document", resp.getContent().getMimeTypeName());
    assertEquals(new Long(file1_originalBytes.length), resp.getContent().getSizeInBytes());
    assertEquals("UTF-8", resp.getContent().getEncoding());
    // not changed
    assertEquals(docModifiedAt.getTime(), resp.getModifiedAt().getTime());
    // not changed (ie. not user2)
    assertEquals(docModifiedBy, resp.getModifiedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(docModifiedBy), resp.getModifiedByUser().getDisplayName());
    assertEquals(user2, resp.getSharedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user2), resp.getSharedByUser().getDisplayName());
    // -ve test - try to create again (same user) - already exists
    post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 409);
    // As user 1 ...
    setRequestContext(user1);
    // create shared link to document 2
    body = new HashMap<>();
    body.put("nodeId", d2Id);
    response = post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 201);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    String shared2Id = resp.getId();
    // currently passing auth should make no difference (irrespective of MT vs non-MY enb)
    // access to get shared link info - pass user1 (but ignore in non-MT)
    Map<String, String> params = Collections.singletonMap("include", "allowableOperations");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, params, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertEquals(shared1Id, resp.getId());
    assertEquals(fileName1, resp.getName());
    assertEquals("The quick brown fox jumps over the lazy dog", resp.getTitle());
    assertEquals("Gym class featuring a brown fox and lazy dog", resp.getDescription());
    assertEquals(d1Id, resp.getNodeId());
    // include is ignored
    assertNull(resp.getAllowableOperations());
    // include is ignored
    assertNull(resp.getAllowableOperationsOnTarget());
    // userId not returned
    assertNull(resp.getModifiedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user1), resp.getModifiedByUser().getDisplayName());
    // userId not returned
    assertNull(resp.getSharedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user2), resp.getSharedByUser().getDisplayName());
    // access to get shared link info - pass user2 (but ignore in non-MT)
    params = Collections.singletonMap("include", "allowableOperations");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, params, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertEquals(shared1Id, resp.getId());
    assertEquals(fileName1, resp.getName());
    assertEquals(d1Id, resp.getNodeId());
    // include is ignored
    assertNull(resp.getAllowableOperations());
    // include is ignored
    assertNull(resp.getAllowableOperationsOnTarget());
    // userId not returned
    assertNull(resp.getModifiedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user1), resp.getModifiedByUser().getDisplayName());
    // userId not returned
    assertNull(resp.getSharedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user2), resp.getSharedByUser().getDisplayName());
    // allowable operations not included - no params
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, null, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertNull(resp.getAllowableOperations());
    assertNull(resp.getAllowableOperationsOnTarget());
    setRequestContext(null);
    // unauth access to get shared link info
    // note: this will be ignore for unauth access
    params = Collections.singletonMap("include", "allowableOperations");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id, params, 200);
    resp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), QuickShareLink.class);
    assertEquals(shared1Id, resp.getId());
    assertEquals(fileName1, resp.getName());
    assertEquals(d1Id, resp.getNodeId());
    // include is ignored
    assertNull(resp.getAllowableOperations());
    // include is ignored
    assertNull(resp.getAllowableOperationsOnTarget());
    // userId not returned
    assertNull(resp.getModifiedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user1), resp.getModifiedByUser().getDisplayName());
    // userId not returned
    assertNull(resp.getSharedByUser().getId());
    assertEquals(UserInfo.getTestDisplayName(user2), resp.getSharedByUser().getDisplayName());
    // unauth access to file 1 content (via shared link)
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/content", null, 200);
    assertArrayEquals(file1_originalBytes, response.getResponseAsBytes());
    Map<String, String> responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(file1_MimeType + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get("Expires"));
    assertEquals("attachment; filename=\"" + fileName1 + "\"; filename*=UTF-8''" + fileName1 + "", responseHeaders.get("Content-Disposition"));
    String lastModifiedHeader = responseHeaders.get(LAST_MODIFIED_HEADER);
    assertNotNull(lastModifiedHeader);
    // Test 304 response
    Map<String, String> headers = Collections.singletonMap(IF_MODIFIED_SINCE_HEADER, lastModifiedHeader);
    getSingle(URL_SHARED_LINKS, shared1Id + "/content", null, headers, 304);
    // unauth access to file 1 content (via shared link) - without Content-Disposition header (attachment=false)
    params = new HashMap<>();
    params.put("attachment", "false");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/content", params, 200);
    assertArrayEquals(file1_originalBytes, response.getResponseAsBytes());
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(file1_MimeType + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get(LAST_MODIFIED_HEADER));
    assertNotNull(responseHeaders.get("Expires"));
    assertNull(responseHeaders.get("Content-Disposition"));
    // unauth access to file 2 content (via shared link)
    response = getSingle(QuickShareLinkEntityResource.class, shared2Id + "/content", null, 200);
    assertArrayEquals(content2Text.getBytes(), response.getResponseAsBytes());
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(file2_MimeType + ";charset=ISO-8859-1", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get("Expires"));
    assertNotNull(responseHeaders.get(LAST_MODIFIED_HEADER));
    assertEquals("attachment; filename=\"" + fileName2 + "\"; filename*=UTF-8''" + fileName2 + "", responseHeaders.get("Content-Disposition"));
    // -ve test - unauth access to get shared link file content - without Content-Disposition header (attachment=false) - header ignored (plain text is not in white list)
    params = new HashMap<>();
    params.put("attachment", "false");
    response = getSingle(QuickShareLinkEntityResource.class, shared2Id + "/content", params, 200);
    assertEquals("attachment; filename=\"" + fileName2 + "\"; filename*=UTF-8''" + fileName2 + "", response.getHeaders().get("Content-Disposition"));
    // -ve shared link rendition tests
    {
        // -ve test - try to get non-existent rendition content
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", null, 404);
        // -ve test - try to get unregistered rendition content
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/dummy/content", null, 404);
    }
    // unauth access to get rendition info for a shared link (available => CREATED rendition only)
    // -ve shared link rendition tests
    {
        // -ve test - try to get not created rendition for the given shared link
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib", null, 404);
        // -ve test - try to get unregistered rendition
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/dummy", null, 404);
    }
    // unauth access to get shared link renditions info (available => CREATED renditions only)
    response = getAll(URL_SHARED_LINKS + "/" + shared1Id + "/renditions", null, 200);
    List<Rendition> renditions = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Rendition.class);
    assertEquals(0, renditions.size());
    // create rendition of pdf doc - note: for some reason create rendition of txt doc fail on build m/c (TBC) ?
    setRequestContext(user2);
    Rendition rendition = createAndGetRendition(d1Id, "doclib");
    assertNotNull(rendition);
    assertEquals(Rendition.RenditionStatus.CREATED, rendition.getStatus());
    setRequestContext(null);
    // unauth access to get shared link renditions info (available => CREATED renditions only)
    response = getAll(URL_SHARED_LINKS + "/" + shared1Id + "/renditions", null, 200);
    renditions = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Rendition.class);
    assertEquals(1, renditions.size());
    assertEquals(Rendition.RenditionStatus.CREATED, renditions.get(0).getStatus());
    assertEquals("doclib", renditions.get(0).getId());
    {
        // try to get a created rendition for the given shared link
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib", null, 200);
    }
    // unauth access to get shared link file rendition content
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", null, 200);
    assertTrue(response.getResponseAsBytes().length > 0);
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(MimetypeMap.MIMETYPE_IMAGE_PNG + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get(LAST_MODIFIED_HEADER));
    assertNotNull(responseHeaders.get("Expires"));
    String docName = "doclib";
    assertEquals("attachment; filename=\"" + docName + "\"; filename*=UTF-8''" + docName + "", responseHeaders.get("Content-Disposition"));
    // unauth access to get shared link file rendition content - without Content-Disposition header (attachment=false)
    params = new HashMap<>();
    params.put("attachment", "false");
    response = getSingle(QuickShareLinkEntityResource.class, shared1Id + "/renditions/doclib/content", params, 200);
    assertTrue(response.getResponseAsBytes().length > 0);
    responseHeaders = response.getHeaders();
    assertNotNull(responseHeaders);
    assertEquals(MimetypeMap.MIMETYPE_IMAGE_PNG + ";charset=UTF-8", responseHeaders.get("Content-Type"));
    assertNotNull(responseHeaders.get("Expires"));
    assertNull(responseHeaders.get("Content-Disposition"));
    lastModifiedHeader = responseHeaders.get(LAST_MODIFIED_HEADER);
    assertNotNull(lastModifiedHeader);
    // Test 304 response
    headers = Collections.singletonMap(IF_MODIFIED_SINCE_HEADER, lastModifiedHeader);
    getSingle(URL_SHARED_LINKS, shared1Id + "/renditions/doclib/content", null, headers, 304);
    // -ve delete tests
    {
        // -ve test - unauthenticated
        setRequestContext(null);
        deleteSharedLink(shared1Id, 401);
        setRequestContext(user1);
        // -ve test - user1 cannot delete shared link
        deleteSharedLink(shared1Id, 403);
        // -ve test - delete - cannot delete non-existent link
        deleteSharedLink("dummy", 404);
    }
    // -ve create tests
    {
        // As user 1 ...
        // -ve test - try to create again (different user, that has read permission) - already exists
        body = new HashMap<>();
        body.put("nodeId", d1Id);
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 409);
        // -ve - create - missing nodeId
        body = new HashMap<>();
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 400);
        // -ve - create - unknown nodeId
        body = new HashMap<>();
        body.put("nodeId", "dummy");
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 404);
        // -ve - create - try to link to folder (ie. not a file)
        String f1Id = createFolder(myFolderNodeId, "f1 " + RUNID).getId();
        body = new HashMap<>();
        body.put("nodeId", f1Id);
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 400);
        // -ve test - cannot create if user does not have permission to read
        setRequestContext(user2);
        body = new HashMap<>();
        body.put("nodeId", d2Id);
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 403);
        // -ve test - unauthenticated
        setRequestContext(null);
        body = new HashMap<>();
        body.put("nodeId", d1Id);
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 401);
    }
    // delete shared link
    setRequestContext(user2);
    deleteSharedLink(shared1Id);
    // -ve test - delete - cannot delete non-existent link
    setRequestContext(user1);
    deleteSharedLink(shared1Id, 404);
    setRequestContext(user2);
    response = getSingle(NodesEntityResource.class, d1Id, null, 200);
    nodeResp = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Node.class);
    // not changed
    assertEquals(docModifiedAt.getTime(), nodeResp.getModifiedAt().getTime());
    // not changed (ie. not user2)
    assertEquals(docModifiedBy, nodeResp.getModifiedByUser().getId());
    // -ve get tests
    {
        // try to get link that has been deleted (see above)
        getSingle(QuickShareLinkEntityResource.class, shared1Id, null, 404);
        getSingle(QuickShareLinkEntityResource.class, shared1Id + "/content", null, 404);
        // try to get non-existent link
        getSingle(QuickShareLinkEntityResource.class, "dummy", null, 404);
        getSingle(QuickShareLinkEntityResource.class, "dummy/content", null, 404);
    }
    // TODO if and when these tests are optionally runnable via remote env then we could skip this part of the test
    // (else need to verify test mechanism for enterprise admin via jmx ... etc)
    QuickShareLinksImpl quickShareLinks = applicationContext.getBean("quickShareLinks", QuickShareLinksImpl.class);
    try {
        quickShareLinks.setEnabled(false);
        setRequestContext(user1);
        // -ve - disabled service tests
        body.put("nodeId", "dummy");
        post(URL_SHARED_LINKS, toJsonAsStringNonNull(body), 501);
        setRequestContext(null);
        getSingle(QuickShareLinkEntityResource.class, "dummy", null, 501);
        getSingle(QuickShareLinkEntityResource.class, "dummy/content", null, 501);
        setRequestContext(user1);
        deleteSharedLink("dummy", 501);
    } finally {
        quickShareLinks.setEnabled(true);
    }
}
Also used : HashMap(java.util.HashMap) Rendition(org.alfresco.rest.api.tests.client.data.Rendition) Node(org.alfresco.rest.api.tests.client.data.Node) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) NodesEntityResource(org.alfresco.rest.api.nodes.NodesEntityResource) Document(org.alfresco.rest.api.tests.client.data.Document) QuickShareLinksImpl(org.alfresco.rest.api.impl.QuickShareLinksImpl) Date(java.util.Date) QuickShareLinkEntityResource(org.alfresco.rest.api.quicksharelinks.QuickShareLinkEntityResource) MultiPartBuilder(org.alfresco.rest.api.tests.util.MultiPartBuilder) File(java.io.File) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink) Test(org.junit.Test)

Aggregations

HttpResponse (org.alfresco.rest.api.tests.client.HttpResponse)162 Test (org.junit.Test)114 HashMap (java.util.HashMap)59 AbstractSingleNetworkSiteTest (org.alfresco.rest.AbstractSingleNetworkSiteTest)50 Document (org.alfresco.rest.api.tests.client.data.Document)49 Node (org.alfresco.rest.api.tests.client.data.Node)49 LinkedHashMap (java.util.LinkedHashMap)31 ArrayList (java.util.ArrayList)29 Paging (org.alfresco.rest.api.tests.client.PublicApiClient.Paging)27 Folder (org.alfresco.rest.api.tests.client.data.Folder)26 File (java.io.File)25 NodesEntityResource (org.alfresco.rest.api.nodes.NodesEntityResource)25 RequestContext (org.alfresco.rest.api.tests.client.RequestContext)22 CustomModel (org.alfresco.rest.api.model.CustomModel)16 ContentInfo (org.alfresco.rest.api.tests.client.data.ContentInfo)15 MultiPartBuilder (org.alfresco.rest.api.tests.util.MultiPartBuilder)15 JSONObject (org.json.simple.JSONObject)15 NodeRef (org.alfresco.service.cmr.repository.NodeRef)14 Map (java.util.Map)13 CustomAspect (org.alfresco.rest.api.model.CustomAspect)13