Example 6 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImplUnitTest method preProcessorDoesNotDeny.
/**
* Given a permission pre-processor has been registered
* And does not DENY
* When hasPermission is called
* Then the pre-processor is executed
* And the ACL's are evaluated as normal
*/
@Test
public void preProcessorDoesNotDeny() {
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
when(mockedPermissionProcessorRegistry.getPermissionPreProcessors()).thenReturn(asList(mockedPermissionPreProcessor));
when(mockedPermissionPreProcessor.process(nodeRef, perm)).thenReturn(AccessStatus.UNDETERMINED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.UNDETERMINED, result);
verify(mockedPermissionPreProcessor).process(nodeRef, perm);
verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
BaseUnitTest(org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)
Test(org.junit.Test)
Example 7 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImplUnitTest method postProcessorRegistered.
/**
* Given a permission post-processor has been registered
* When hasPermission is called
* Then the permission post-processor is called
*/
@Test
public void postProcessorRegistered() {
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
List<String> configuredReadPermissions = asList("ReadProperties", "ReadChildren");
List<String> configuredFilePermissions = asList("WriteProperties", "AddChildren");
extendedPermissionServiceImpl.setConfiguredReadPermissions("ReadProperties,ReadChildren");
extendedPermissionServiceImpl.setConfiguredFilePermissions("WriteProperties,AddChildren");
when(mockedPermissionProcessorRegistry.getPermissionPostProcessors()).thenReturn(asList(mockedPermissionPostProcessor));
when(mockedPermissionPostProcessor.process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions)).thenReturn(AccessStatus.ALLOWED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.ALLOWED, result);
verify(mockedPermissionPostProcessor).process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
BaseUnitTest(org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)
Test(org.junit.Test)
Example 8 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RecordsManagementPermissionPostProcessorUnitTest method permissionInherittedFromConfiguredGroup.
/**
* Test that the permission groups configured in the global properties file imply descendant permission groups.
* <p>
* Given a configured permission is an ancestor of another permission P
* And the post processor checks if the user has P
* Then the post processor says that they do.
*/
@Test
public void permissionInherittedFromConfiguredGroup() {
NodeRef nodeRef = new NodeRef("node://ref/");
// permissions do not include perm created above
List<String> configuredReadPermissions = asList();
List<String> configuredFilePermissions = asList("WriteProperties");
when(mockNodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)).thenReturn(true);
when(mockPermissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS)).thenReturn(AccessStatus.ALLOWED);
// Set up "WriteProperties" to imply three other permission groups.
PermissionReference mockWritePropsPermRef = mock(PermissionReference.class);
when(mockPermissionModel.getPermissionReference(null, "WriteProperties")).thenReturn(mockWritePropsPermRef);
PermissionReference childOne = mock(PermissionReference.class);
when(childOne.getName()).thenReturn("Not this one");
PermissionReference childTwo = mock(PermissionReference.class);
when(childTwo.getName()).thenReturn("This is the requested permission");
PermissionReference childThree = mock(PermissionReference.class);
when(childThree.getName()).thenReturn("Not this one either");
when(mockPermissionModel.getGranteePermissions(mockWritePropsPermRef)).thenReturn(Sets.newHashSet(childOne, childTwo, childThree));
// Call the method under test.
AccessStatus result = recordsManagementPermissionPostProcessor.process(AccessStatus.DENIED, nodeRef, "This is the requested permission", configuredReadPermissions, configuredFilePermissions);
assertEquals(AccessStatus.ALLOWED, result);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Test(org.junit.Test)
Example 9 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class CapabilityServiceImpl method getCapabilitiesAccessState.
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService#getCapabilitiesAccessState(org.alfresco.service.cmr.repository.NodeRef, java.util.List)
*/
public Map<Capability, AccessStatus> getCapabilitiesAccessState(NodeRef nodeRef, List<String> capabilityNames) {
ParameterCheck.mandatory("nodeRef", nodeRef);
ParameterCheck.mandatory("capabilityNames", capabilityNames);
HashMap<Capability, AccessStatus> answer = new HashMap<Capability, AccessStatus>();
for (String capabilityName : capabilityNames) {
Capability capability = capabilities.get(capabilityName);
if (capability != null) {
AccessStatus status = capability.hasPermission(nodeRef);
if (answer.put(capability, status) != null) {
throw new IllegalStateException();
}
}
}
return answer;
}
Also used :
HashMap(java.util.HashMap)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 10 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImpl method hasPermission.
/**
* Override to deal with the possibility of hard coded permission checks in core code. Note: Eventually we need to
* merge the RM permission model into the core to make this more robust.
*
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#hasPermission(org.alfresco.service.cmr.repository.NodeRef,
* java.lang.String)
*/
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm) {
AccessStatus result = AccessStatus.UNDETERMINED;
if (nodeService.exists(nodeRef)) {
// permission pre-processors
List<PermissionPreProcessor> preProcessors = permissionProcessorRegistry.getPermissionPreProcessors();
for (PermissionPreProcessor preProcessor : preProcessors) {
// pre process permission
result = preProcessor.process(nodeRef, perm);
// veto if denied
if (AccessStatus.DENIED.equals(result)) {
return result;
}
}
// evaluate permission
result = hasPermissionImpl(nodeRef, perm);
// permission post-processors
List<PermissionPostProcessor> postProcessors = permissionProcessorRegistry.getPermissionPostProcessors();
for (PermissionPostProcessor postProcessor : postProcessors) {
// post process permission
result = postProcessor.process(result, nodeRef, perm, this.configuredReadPermissions, this.configuredFilePermissions);
}
}
return result;
}
Also used :
PermissionPostProcessor(org.alfresco.repo.security.permissions.processor.PermissionPostProcessor)
PermissionPreProcessor(org.alfresco.repo.security.permissions.processor.PermissionPreProcessor)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Aggregations
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)21
NodeRef (org.alfresco.service.cmr.repository.NodeRef)13
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)5
Capability (org.alfresco.module.org_alfresco_module_rm.capability.Capability)4
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)4
BaseUnitTest (org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)3
QName (org.alfresco.service.namespace.QName)3
Date (java.util.Date)2
HashSet (java.util.HashSet)2
Map (java.util.Map)2
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)2
CalendarEntry (org.alfresco.service.cmr.calendar.CalendarEntry)2
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)2
JSONObject (org.json.simple.JSONObject)2
Serializable (java.io.Serializable)1
SimpleDateFormat (java.text.SimpleDateFormat)1
LinkedHashSet (java.util.LinkedHashSet)1
ResourceBundle (java.util.ResourceBundle)1
