Examples with AccessPermission org.alfresco.service.cmr.security.AccessPermission used on opensource projects

Example 36 with AccessPermission

use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-remote-api by Alfresco.

the class SurfConfigTest method testSurfConfigPermissions.

// MNT-16371
public void testSurfConfigPermissions() throws Exception {
    // Create a site as USER_ONE
    String shortName = UUID.randomUUID().toString();
    JSONObject result = createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
    assertEquals("myPreset", result.get("sitePreset"));
    assertEquals(shortName, result.get("shortName"));
    assertEquals("myTitle", result.get("title"));
    assertEquals("myDescription", result.get("description"));
    assertEquals(SiteVisibility.PUBLIC.toString(), result.get("visibility"));
    // Make ADMRemoteStore to create the surf-config folder and the dashboard.xml file.
    sendRequest(new PostRequest(URL_ADM + "CREATE/alfresco/site-data/pages/site/" + shortName + "/dashboard.xml?s=sitestore", new JSONObject().toString(), "application/json"), 200);
    // {siteName}/cm:surf-config/
    NodeRef surfConfigFolderRef = nodeService.getChildByName(siteService.getSite(shortName).getNodeRef(), ContentModel.ASSOC_CONTAINS, "surf-config");
    assertEquals("surf-config", nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_NAME));
    String owner = (String) nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_OWNER);
    assertFalse(USER_ONE.equalsIgnoreCase(owner));
    assertEquals(AuthenticationUtil.getAdminUserName(), owner);
    assertFalse("Inherit Permissions should be off.", permissionService.getInheritParentPermissions(surfConfigFolderRef));
    Set<AccessPermission> permissions = permissionService.getAllSetPermissions(surfConfigFolderRef);
    assertEquals(1, permissions.size());
    String siteManagerGroup = siteService.getSiteRoleGroup(shortName, SiteModel.SITE_MANAGER);
    AccessPermission accessPermission = permissions.iterator().next();
    assertEquals(siteManagerGroup, accessPermission.getAuthority());
    assertEquals(SiteModel.SITE_MANAGER, accessPermission.getPermission());
    assertTrue(accessPermission.getAccessStatus() == AccessStatus.ALLOWED);
    // This is the method that finally gets called when ALF-21643 steps are followed.
    PagingResults<FileInfo> pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    List<FileInfo> fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Add USER_TWO as a site collaborator
    JSONObject membership = new JSONObject();
    membership.put("role", SiteModel.SITE_COLLABORATOR);
    JSONObject person = new JSONObject();
    person.put("userName", USER_TWO);
    membership.put("person", person);
    // Post the membership
    Response response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_COLLABORATOR, result.get("role"));
    assertEquals(USER_TWO, result.getJSONObject("authority").get("userName"));
    // Add USER_THREE as a site manager
    membership.put("role", SiteModel.SITE_MANAGER);
    person.put("userName", USER_THREE);
    membership.put("person", person);
    // Post the membership
    response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_MANAGER, result.get("role"));
    assertEquals(USER_THREE, result.getJSONObject("authority").get("userName"));
    // USER_TWO is a site collaborator so he should not be able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_TWO);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_TWO dose not have the appropriate permissions to perform this operation.");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_THREE is a site manager so he is able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_THREE);
    pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Update USER_ONE role from SiteManager to SiteContributor.
    membership.put("role", SiteModel.SITE_CONTRIBUTOR);
    person.put("userName", USER_ONE);
    membership.put("person", person);
    response = sendRequest(new PutRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_CONTRIBUTOR, result.get("role"));
    assertEquals(USER_ONE, result.getJSONObject("authority").get("userName"));
    // USER_ONE is no longer a site manager
    // USER_ONE tries to access "{siteName}/cm:surf-config" children
    AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_ONE tries to access "{siteName}/cm:surf-config/pages" children
    try {
        fileFolderService.list(fileInfos.get(0).getNodeRef(), true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
}

Example 37 with AccessPermission

use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.

the class LocalFeedTaskProcessor method canReadImpl.

private boolean canReadImpl(final String connectedUser, final NodeRef nodeRef) throws Exception {
    // check for read permission
    long start = System.currentTimeMillis();
    try {
        // note: deleted node does not exist (hence no permission, although default permission check would return true which is problematic)
        final NodeRef checkNodeRef;
        NodeRef parentToCheckNodeRef = null;
        if (nodeService.exists(nodeRef)) {
            checkNodeRef = nodeRef;
        } else {
            // TODO: require ghosting - this is temp workaround (we should not rely on archive - may be permanently deleted, ie. not archived or already purged)
            NodeRef archiveNodeRef = new NodeRef(StoreRef.STORE_REF_ARCHIVE_SPACESSTORE, nodeRef.getId());
            if (!nodeService.exists(archiveNodeRef)) {
                return false;
            }
            // MNT-10023
            if (permissionService.getInheritParentPermissions(archiveNodeRef)) {
                ChildAssociationRef originalParentAssoc = (ChildAssociationRef) nodeService.getProperty(archiveNodeRef, ContentModel.PROP_ARCHIVED_ORIGINAL_PARENT_ASSOC);
                if (originalParentAssoc != null) {
                    parentToCheckNodeRef = originalParentAssoc.getParentRef();
                }
            }
            checkNodeRef = archiveNodeRef;
        }
        if (connectedUser.equals("")) {
            // site feed (public site)
            Set<AccessPermission> perms = permissionService.getAllSetPermissions(checkNodeRef);
            for (AccessPermission perm : perms) {
                if (perm.getAuthority().equals(PermissionService.ALL_AUTHORITIES) && perm.getAuthorityType().equals(AuthorityType.EVERYONE) && perm.getPermission().equals(PermissionService.READ_PERMISSIONS) && perm.getAccessStatus().equals(AccessStatus.ALLOWED)) {
                    return true;
                }
            }
            if (parentToCheckNodeRef != null) {
                return canReadImpl(connectedUser, parentToCheckNodeRef);
            }
            return false;
        } else {
            // user feed
            boolean allow = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>() {

                public Boolean doWork() throws Exception {
                    return (permissionService.hasPermission(checkNodeRef, PermissionService.READ) == AccessStatus.ALLOWED);
                }
            }, connectedUser);
            if (!allow && parentToCheckNodeRef != null) {
                allow = canReadImpl(connectedUser, parentToCheckNodeRef);
            }
            return allow;
        }
    } finally {
        if (logger.isDebugEnabled()) {
            logger.debug("canRead: " + nodeRef + " in " + (System.currentTimeMillis() - start) + " msecs");
        }
    }
}

Example 38 with AccessPermission

use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.

the class CopyServiceImpl method copyPermissions.

/**
 * Copies the permissions of the source node reference onto the destination node reference
 *
 * @param sourceNodeRef            the source node reference
 * @param destinationNodeRef    the destination node reference
 */
private void copyPermissions(final NodeRef sourceNodeRef, final NodeRef destinationNodeRef) {
    if ((publicServiceAccessService.hasAccess("PermissionService", "getAllSetPermissions", sourceNodeRef) == AccessStatus.ALLOWED) && (publicServiceAccessService.hasAccess("PermissionService", "getInheritParentPermissions", sourceNodeRef) == AccessStatus.ALLOWED)) {
        // Get the permission details of the source node reference
        Set<AccessPermission> permissions = permissionService.getAllSetPermissions(sourceNodeRef);
        boolean includeInherited = permissionService.getInheritParentPermissions(sourceNodeRef);
        if ((publicServiceAccessService.hasAccess("PermissionService", "setPermission", destinationNodeRef, "dummyAuth", "dummyPermission", true) == AccessStatus.ALLOWED) && (publicServiceAccessService.hasAccess("PermissionService", "setInheritParentPermissions", destinationNodeRef, includeInherited) == AccessStatus.ALLOWED)) {
            // Set the permission values on the destination node
            for (AccessPermission permission : permissions) {
                if (permission.isSetDirectly()) {
                    permissionService.setPermission(destinationNodeRef, permission.getAuthority(), permission.getPermission(), permission.getAccessStatus().equals(AccessStatus.ALLOWED));
                }
            }
            permissionService.setInheritParentPermissions(destinationNodeRef, includeInherited);
        }
    }
}

Example 39 with AccessPermission

use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.

the class PermissionServiceImpl method getAllPermissionsImpl.

protected Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse) {
    String userName = AuthenticationUtil.getRunAsUser();
    HashSet<AccessPermission> accessPermissions = new HashSet<AccessPermission>();
    for (PermissionReference pr : getSettablePermissionReferences(nodeRef)) {
        if (hasPermission(nodeRef, pr) == AccessStatus.ALLOWED) {
            accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.ALLOWED, userName, -1));
        } else {
            if (includeFalse) {
                accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.DENIED, userName, -1));
            }
        }
    }
    return accessPermissions;
}

Example 40 with AccessPermission

use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.

the class JSONConversionComponent method allSetPermissionsToJSON.

/**
 * Handles the work of converting all set permissions to JSON.
 *
 * @param nodeRef NodeRef
 * @return JSONArray
 */
@SuppressWarnings("unchecked")
protected JSONArray allSetPermissionsToJSON(NodeRef nodeRef) {
    Set<AccessPermission> acls = permissionService.getAllSetPermissions(nodeRef);
    JSONArray permissions = new JSONArray();
    List<AccessPermission> ordered = ScriptNode.getSortedACLs(acls);
    for (AccessPermission permission : ordered) {
        StringBuilder buf = new StringBuilder(64);
        buf.append(permission.getAccessStatus()).append(';').append(permission.getAuthority()).append(';').append(permission.getPermission()).append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
        permissions.add(buf.toString());
    }
    return permissions;
}