Example 16 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RMSecurityCommon method hasViewCapability.
/**
* Helper method to determine whether the current user has view capability on the file plan
*
* @param filePlan file plan
* @return {@link AccessStatus}
*/
private AccessStatus hasViewCapability(NodeRef filePlan) {
Map<Pair<String, NodeRef>, AccessStatus> transactionCache = TransactionalResourceHelper.getMap("rm.security.hasViewCapability");
Pair<String, NodeRef> key = new Pair<String, NodeRef>(AuthenticationUtil.getRunAsUser(), filePlan);
if (transactionCache.containsKey(key)) {
return transactionCache.get(key);
} else {
AccessStatus result = permissionService.hasPermission(filePlan, ViewRecordsCapability.NAME);
transactionCache.put(key, result);
return result;
}
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Pair(org.alfresco.util.Pair)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 17 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RecordsManagementPermissionPostProcessorUnitTest method configurePermissionsDenied.
/**
* Given the configured permissions are not set
* When process is called
* Then access is denied
*/
@Test
public void configurePermissionsDenied() {
AccessStatus accessStatus = AccessStatus.DENIED;
NodeRef nodeRef = new NodeRef("node://ref/");
String perm = AlfMock.generateText();
// permissions do not include perm created above
List<String> configuredReadPermissions = asList("ReadProperties", "ReadChildren");
List<String> configuredFilePermissions = asList("WriteProperties", "AddChildren");
when(mockNodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)).thenReturn(true);
when(mockPermissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS)).thenReturn(AccessStatus.ALLOWED);
AccessStatus result = recordsManagementPermissionPostProcessor.process(accessStatus, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
assertEquals(AccessStatus.DENIED, result);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Test(org.junit.Test)
Example 18 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RecordsManagementPermissionPostProcessorUnitTest method configurePermissionsAllowed.
/**
* Given the configured permissions are set
* When process is called
* Then access is allowed
*/
@Test
public void configurePermissionsAllowed() {
AccessStatus accessStatus = AccessStatus.DENIED;
NodeRef nodeRef = new NodeRef("node://ref/");
String perm = AlfMock.generateText();
// permissions includes the perm created above
List<String> configuredReadPermissions = asList("ReadProperties", "ReadChildren", perm);
List<String> configuredFilePermissions = asList("WriteProperties", "AddChildren");
when(mockNodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)).thenReturn(true);
when(mockPermissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS)).thenReturn(AccessStatus.ALLOWED);
AccessStatus result = recordsManagementPermissionPostProcessor.process(accessStatus, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
assertEquals(AccessStatus.ALLOWED, result);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Test(org.junit.Test)
Example 19 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImplUnitTest method preProcessorDenys.
/**
* Given a permission pre-processor has been registered
* And DENY's
* When hasPermission is called
* Then the pre-processor is executed
* And the remaining permission evaluations do not take place
*/
@Test
public void preProcessorDenys() {
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
when(mockedPermissionProcessorRegistry.getPermissionPreProcessors()).thenReturn(asList(mockedPermissionPreProcessor));
when(mockedPermissionPreProcessor.process(nodeRef, perm)).thenReturn(AccessStatus.DENIED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.DENIED, result);
verify(mockedPermissionPreProcessor).process(nodeRef, perm);
verify(extendedPermissionServiceImpl, never()).hasPermissionImpl(nodeRef, perm);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
BaseUnitTest(org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)
Test(org.junit.Test)
Example 20 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RmSubstitutionSuggestionsGet method isNodeRefAppropriateForPathSuggestion.
/**
* Identifies record category and record folder types of nodeRef
*
* @param nodeRef Instance of NodeRef to be tested
* @return True if the passed NodeRef instance is a record category or record folder
*/
private boolean isNodeRefAppropriateForPathSuggestion(NodeRef nodeRef, boolean unfiled) {
// check node type
QName type = nodeService.getType(nodeRef);
boolean isCorrectType = (!unfiled && (RecordsManagementModel.TYPE_RECORD_FOLDER.equals(type) || RecordsManagementModel.TYPE_RECORD_CATEGORY.equals(type)) || (unfiled && RecordsManagementModel.TYPE_UNFILED_RECORD_FOLDER.equals(type)));
// check permissions
boolean canView = false;
if (isCorrectType) {
Capability createCapability = capabilityService.getCapability(CREATE_CAPABILITY);
Capability viewCapability = capabilityService.getCapability(VIEW_CAPABILITY);
if ((createCapability != null) && (viewCapability != null)) {
List<String> requiredCapabilities = new ArrayList<String>();
requiredCapabilities.add(CREATE_CAPABILITY);
requiredCapabilities.add(VIEW_CAPABILITY);
Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, requiredCapabilities);
if (map.containsKey(createCapability) && map.containsKey(viewCapability)) {
AccessStatus createAccessStatus = map.get(createCapability);
AccessStatus viewAccessStatus = map.get(viewCapability);
if (createAccessStatus.equals(AccessStatus.ALLOWED) && viewAccessStatus.equals(AccessStatus.ALLOWED)) {
canView = true;
}
}
}
}
return isCorrectType && canView;
}
Also used :
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
QName(org.alfresco.service.namespace.QName)
ArrayList(java.util.ArrayList)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Aggregations
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)21
NodeRef (org.alfresco.service.cmr.repository.NodeRef)13
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)5
Capability (org.alfresco.module.org_alfresco_module_rm.capability.Capability)4
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)4
BaseUnitTest (org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)3
QName (org.alfresco.service.namespace.QName)3
Date (java.util.Date)2
HashSet (java.util.HashSet)2
Map (java.util.Map)2
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)2
CalendarEntry (org.alfresco.service.cmr.calendar.CalendarEntry)2
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)2
JSONObject (org.json.simple.JSONObject)2
Serializable (java.io.Serializable)1
SimpleDateFormat (java.text.SimpleDateFormat)1
LinkedHashSet (java.util.LinkedHashSet)1
ResourceBundle (java.util.ResourceBundle)1
