Example 51 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class PermissionServiceTest method testChangePersonUid.
public void testChangePersonUid() {
runAs("admin");
NodeRef one = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(one, "andy", PermissionService.ALL_PERMISSIONS, true);
runAs("andy");
assertEquals("andy", authenticationComponent.getCurrentUserName());
assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
runAs("admin");
boolean found = false;
Set<AccessPermission> set = permissionService.getAllSetPermissions(one);
for (AccessPermission ap : set) {
if (ap.getAuthority().equals("Andy")) {
found = true;
}
}
assertFalse(found);
NodeRef andy = personService.getPerson("andy");
nodeService.setProperty(andy, ContentModel.PROP_USERNAME, "Andy");
runAs("andy");
assertEquals("Andy", authenticationComponent.getCurrentUserName());
assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
runAs("admin");
found = false;
set = permissionService.getAllSetPermissions(one);
for (AccessPermission ap : set) {
if (ap.getAuthority().equals("Andy")) {
found = true;
}
}
assertTrue(found);
try {
nodeService.setProperty(andy, ContentModel.PROP_USERNAME, "Bob");
fail("Chainging uid Andy -> Bob should fail");
} catch (UnsupportedOperationException e) {
}
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Example 52 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class TransferServiceToBeRefactoredTest method testTransferWithPermissions.
/**
* Test the transfer method with regard to permissions on a node.
* <p>
* Step 1:
* Create a node with a single permission
* Inherit:false
* Read, Admin, Allow
* Transfer
* <p>
* Step 2:
* Update it to have several permissions
* Inherit:false
* Read, Everyone, DENY
* Read, Admin, Allow
* <p>
* Step 3:
* Remove a permission
* Inherit:false
* Read, Admin, Allow
* <p>
* Step 4:
* Revert to inherit all permissions
* Inherit:true
* <p>
* This is a unit test so it does some shenanigans to send to the same instance of alfresco.
*/
@Test
public void testTransferWithPermissions() throws Exception {
final String CONTENT_TITLE = "ContentTitle";
final Locale CONTENT_LOCALE = Locale.GERMAN;
final String CONTENT_STRING = "Hello";
/**
* For unit test - replace the HTTP transport with the in-process transport - replace the node factory with one
* that will map node refs, paths etc.
*/
TransferTransmitter transmitter = new UnitTestInProcessTransmitterImpl(receiver, contentService, transactionService);
transferServiceImpl.setTransmitter(transmitter);
final UnitTestTransferManifestNodeFactory testNodeFactory = new UnitTestTransferManifestNodeFactory(this.transferManifestNodeFactory);
transferServiceImpl.setTransferManifestNodeFactory(testNodeFactory);
List<Pair<Path, Path>> pathMap = testNodeFactory.getPathMap();
// Map company_home/guest_home to company_home so tranferred nodes and moved "up" one level.
pathMap.add(new Pair<Path, Path>(PathHelper.stringToPath(GUEST_HOME_XPATH_QUERY), PathHelper.stringToPath(COMPANY_HOME_XPATH_QUERY)));
DescriptorService mockedDescriptorService = getMockDescriptorService(REPO_ID_A);
transferServiceImpl.setDescriptorService(mockedDescriptorService);
/**
* Now go ahead and create our transfer target
*/
final String targetName = "testTransferWithPermissions";
class TestData {
TransferTarget transferMe;
NodeRef contentNodeRef;
NodeRef destNodeRef;
}
final TestData testData = new TestData();
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
NodeRef guestHome = repositoryHelper.getGuestHome();
/**
* Create a test node that we will read and write
*/
String name = GUID.generate();
ChildAssociationRef child = nodeService.createNode(guestHome, ContentModel.ASSOC_CONTAINS, QName.createQName(name), ContentModel.TYPE_CONTENT);
testData.contentNodeRef = child.getChildRef();
nodeService.setProperty(testData.contentNodeRef, ContentModel.PROP_TITLE, CONTENT_TITLE);
nodeService.setProperty(testData.contentNodeRef, ContentModel.PROP_NAME, name);
ContentWriter writer = contentService.getWriter(testData.contentNodeRef, ContentModel.PROP_CONTENT, true);
writer.setLocale(CONTENT_LOCALE);
writer.putContent(CONTENT_STRING);
permissionService.setInheritParentPermissions(testData.contentNodeRef, false);
permissionService.setPermission(testData.contentNodeRef, "admin", PermissionService.READ, true);
if (!transferService.targetExists(targetName)) {
testData.transferMe = createTransferTarget(targetName);
} else {
testData.transferMe = transferService.getTransferTarget(targetName);
}
return null;
}
});
/**
* Step 1
*/
logger.debug("First transfer - create new node with inheritParent permission off");
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
/**
* Transfer our transfer target node
*/
{
TransferDefinition definition = new TransferDefinition();
Set<NodeRef> nodes = new HashSet<NodeRef>();
nodes.add(testData.contentNodeRef);
definition.setNodes(nodes);
transferService.transfer(targetName, definition);
}
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
// Now validate that the target node exists with the correct permissions
testData.destNodeRef = testNodeFactory.getMappedNodeRef(testData.contentNodeRef);
assertFalse("unit test stuffed up - comparing with self", testData.destNodeRef.equals(testData.transferMe.getNodeRef()));
assertTrue("dest node ref does not exist", nodeService.exists(testData.destNodeRef));
assertEquals("title is wrong", (String) nodeService.getProperty(testData.destNodeRef, ContentModel.PROP_TITLE), CONTENT_TITLE);
assertEquals("type is wrong", nodeService.getType(testData.contentNodeRef), nodeService.getType(testData.destNodeRef));
// Check ACL of destination node
boolean srcInherit = permissionService.getInheritParentPermissions(testData.contentNodeRef);
Set<AccessPermission> srcPerm = permissionService.getAllSetPermissions(testData.contentNodeRef);
boolean destInherit = permissionService.getInheritParentPermissions(testData.destNodeRef);
Set<AccessPermission> destPerm = permissionService.getAllSetPermissions(testData.destNodeRef);
assertFalse("inherit parent permissions (src) flag is incorrect", srcInherit);
assertFalse("inherit parent permissions (dest) flag is incorrect", destInherit);
// Check destination has the source's permissions
for (AccessPermission p : srcPerm) {
logger.debug("checking permission :" + p);
assertTrue("permission is missing", destPerm.contains(p));
}
return null;
}
});
/**
* Step 2
* Update it to have several permissions
* Inherit:false
* Read, Everyone, DENY
* Read, Admin, Allow
*/
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
permissionService.setPermission(testData.contentNodeRef, "EVERYONE", PermissionService.READ, false);
permissionService.setPermission(testData.contentNodeRef, "admin", PermissionService.FULL_CONTROL, true);
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
/**
* Transfer our transfer target node
*/
{
TransferDefinition definition = new TransferDefinition();
Set<NodeRef> nodes = new HashSet<NodeRef>();
nodes.add(testData.contentNodeRef);
definition.setNodes(nodes);
transferService.transfer(targetName, definition);
}
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
// Now validate that the target node exists with the correct permissions
testData.destNodeRef = testNodeFactory.getMappedNodeRef(testData.contentNodeRef);
// Check ACL of destination node
boolean srcInherit = permissionService.getInheritParentPermissions(testData.contentNodeRef);
Set<AccessPermission> srcPerm = permissionService.getAllSetPermissions(testData.contentNodeRef);
boolean destInherit = permissionService.getInheritParentPermissions(testData.destNodeRef);
Set<AccessPermission> destPerm = permissionService.getAllSetPermissions(testData.destNodeRef);
assertFalse("inherit parent permissions (src) flag is incorrect", srcInherit);
assertFalse("inherit parent permissions (dest) flag is incorrect", destInherit);
// Check destination has the source's permissions
for (AccessPermission p : srcPerm) {
logger.debug("checking permission :" + p);
assertTrue("Step2, permission is missing", destPerm.contains(p));
}
return null;
}
});
/**
* Step 3 Remove a permission
*/
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
permissionService.deletePermission(testData.contentNodeRef, "admin", PermissionService.FULL_CONTROL);
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
/**
* Transfer our transfer target node
*/
{
TransferDefinition definition = new TransferDefinition();
Set<NodeRef> nodes = new HashSet<NodeRef>();
nodes.add(testData.contentNodeRef);
definition.setNodes(nodes);
transferService.transfer(targetName, definition);
}
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
// Now validate that the target node exists with the correct permissions
testData.destNodeRef = testNodeFactory.getMappedNodeRef(testData.contentNodeRef);
// Check ACL of destination node
boolean srcInherit = permissionService.getInheritParentPermissions(testData.contentNodeRef);
Set<AccessPermission> srcPerm = permissionService.getAllSetPermissions(testData.contentNodeRef);
boolean destInherit = permissionService.getInheritParentPermissions(testData.destNodeRef);
Set<AccessPermission> destPerm = permissionService.getAllSetPermissions(testData.destNodeRef);
assertFalse("inherit parent permissions (src) flag is incorrect", srcInherit);
assertFalse("inherit parent permissions (dest) flag is incorrect", destInherit);
// Check destination has the source's permissions
for (AccessPermission p : srcPerm) {
logger.debug("checking permission :" + p);
assertTrue("permission is missing", destPerm.contains(p));
}
return null;
}
});
/**
* Step 4 Revert to inherit all permissions
*/
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
permissionService.setInheritParentPermissions(testData.contentNodeRef, true);
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
/**
* Transfer our transfer target node
*/
{
TransferDefinition definition = new TransferDefinition();
Set<NodeRef> nodes = new HashSet<NodeRef>();
nodes.add(testData.contentNodeRef);
definition.setNodes(nodes);
transferService.transfer(targetName, definition);
}
return null;
}
});
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() {
@Override
public Void execute() throws Throwable {
// Now validate that the target node exists with the correct permissions
testData.destNodeRef = testNodeFactory.getMappedNodeRef(testData.contentNodeRef);
assertFalse("unit test stuffed up - comparing with self", testData.destNodeRef.equals(testData.transferMe.getNodeRef()));
assertTrue("dest node ref does not exist", nodeService.exists(testData.destNodeRef));
assertEquals("title is wrong", (String) nodeService.getProperty(testData.destNodeRef, ContentModel.PROP_TITLE), CONTENT_TITLE);
assertEquals("type is wrong", nodeService.getType(testData.contentNodeRef), nodeService.getType(testData.destNodeRef));
// Check ACL of destination node
boolean srcInherit = permissionService.getInheritParentPermissions(testData.contentNodeRef);
Set<AccessPermission> srcPerm = permissionService.getAllSetPermissions(testData.contentNodeRef);
boolean destInherit = permissionService.getInheritParentPermissions(testData.destNodeRef);
Set<AccessPermission> destPerm = permissionService.getAllSetPermissions(testData.destNodeRef);
assertTrue("inherit parent permissions (src) flag is incorrect", srcInherit);
assertTrue("inherit parent permissions (dest) flag is incorrect", destInherit);
// Check destination has the source's permissions
for (AccessPermission p : srcPerm) {
if (p.isSetDirectly()) {
logger.debug("checking permission :" + p);
assertTrue("permission is missing:" + p, destPerm.contains(p));
}
}
return null;
}
});
}
Also used :
Locale(java.util.Locale)
Path(org.alfresco.service.cmr.repository.Path)
ResultSet(org.alfresco.service.cmr.search.ResultSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
TransferTarget(org.alfresco.service.cmr.transfer.TransferTarget)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
TransferDefinition(org.alfresco.service.cmr.transfer.TransferDefinition)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
ContentWriter(org.alfresco.service.cmr.repository.ContentWriter)
DescriptorService(org.alfresco.service.descriptor.DescriptorService)
Pair(org.alfresco.util.Pair)
HashSet(java.util.HashSet)
BaseAlfrescoSpringTest(org.alfresco.util.BaseAlfrescoSpringTest)
Test(org.junit.Test)
Aggregations
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)52
NodeRef (org.alfresco.service.cmr.repository.NodeRef)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
HashMap (java.util.HashMap)13
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)7
Test (org.junit.Test)7
Serializable (java.io.Serializable)5
List (java.util.List)5
Map (java.util.Map)5
Set (java.util.Set)5
AccessPermissionImpl (org.alfresco.repo.security.permissions.impl.AccessPermissionImpl)5
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)5
QName (org.alfresco.service.namespace.QName)5
LinkedHashSet (java.util.LinkedHashSet)4
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)3
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)3
FilterPropString (org.alfresco.repo.node.getchildren.FilterPropString)3
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)3
