下面列出了org.springframework.context.support.AbstractRefreshableApplicationContext#org.alfresco.service.cmr.security.PermissionService 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Gets the current node permissions
*
* @return the permissions
*/
public List<Permission> getPermissions(NodeRef nodeRef)
{
List<Permission> permissions = null;
AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS);
if (readPermissions.equals(AccessStatus.ALLOWED))
{
List<Permission> nodePermissions = new ArrayList<Permission>();
for (Iterator<AccessPermission> iterator = getPermissionService().getAllSetPermissions(nodeRef).iterator(); iterator
.hasNext();)
{
AccessPermission ap = iterator.next();
nodePermissions.add(new Permission(ap.getPermission(), ap.getAuthority(), ap.getAccessStatus().toString()));
}
permissions = nodePermissions;
}
else
{
List<Permission> noReadPermissions = new ArrayList<Permission>(1);
noReadPermissions.add(new NoReadPermissionGranted());
permissions = noReadPermissions;
}
return permissions;
}
@Test
public void testAccessWithNoPermissions()
{
String ownerUserName = createRandomUser();
NodeRef sourceNodeRef = createSource(ownerUserName, "quick.jpg");
render(ownerUserName, sourceNodeRef, DOC_LIB);
String noPermissionsUser = createRandomUser();
transactionService.getRetryingTransactionHelper().doInTransaction(() ->
{
permissionService.setPermission(sourceNodeRef, noPermissionsUser, PermissionService.ALL_PERMISSIONS, false);
return null;
});
try
{
waitForRendition(noPermissionsUser, sourceNodeRef, DOC_LIB, true);
fail("The rendition should not be visible for user with no permissions");
}
catch (AccessDeniedException ade)
{
// expected
}
}
/**
* REPO-828 (MNT-16401)
* @throws Exception
*/
public void testDeleteCommentPostActivity() throws Exception
{
permissionService.setPermission(sitePage, USER_TWO, PermissionService.ALL_PERMISSIONS, true);
postLookup.execute();
feedGenerator.execute();
int activityNumStart = activityService.getSiteFeedEntries(SITE_SHORT_NAME).size();
Response response = addComment(sitePage, USER_TWO, 200);
postLookup.execute();
feedGenerator.execute();
int activityNumNext = activityService.getSiteFeedEntries(SITE_SHORT_NAME).size();
assertEquals("The activity feeds were not generated after adding a comment", activityNumStart + 1, activityNumNext);
JSONObject jsonResponse = parseResponseJSON(response);
String nodeRefComment = getOrNull(jsonResponse, JSON_KEY_NODEREF);
NodeRef commentNodeRef = new NodeRef(nodeRefComment);
deleteComment(commentNodeRef, sitePage, USER_TWO, 200);
activityNumStart = activityNumNext;
postLookup.execute();
feedGenerator.execute();
activityNumNext = activityService.getSiteFeedEntries(SITE_SHORT_NAME).size();
assertEquals("The activity feeds were not generated after deleting a comment", activityNumStart + 1, activityNumNext);
}
@Override
public Set<AccessPermission> execute(VirtualProtocol virtualProtocol, Reference reference)
throws ProtocolMethodException
{
Set<String> toAllow = userPermissions.getAllowSmartNodes();
Set<String> toDeny = userPermissions.getDenySmartNodes();
VirtualFolderDefinition definition = resolver.resolveVirtualFolderDefinition(reference);
FilingRule filingRule = definition.getFilingRule();
boolean readonly = filingRule.isNullFilingRule()
|| filingRule.filingNodeRefFor(new FilingParameters(reference)) == null;
if (readonly)
{
Set<String> deniedPermissions = userPermissions.getDenyReadonlySmartNodes();
toDeny = new HashSet<>(toDeny);
toDeny.addAll(deniedPermissions);
toAllow.add(PermissionService.READ);
}
return execute(reference,
toAllow,
toDeny);
}
public void deleteGroupMembership(String groupId, String groupMemberId)
{
validateGroupId(groupId, false);
// Not allowed to modify a GROUP_EVERYONE member.
if (PermissionService.ALL_AUTHORITIES.equals(groupId))
{
throw new ConstraintViolatedException(ERR_MSG_MODIFY_FIXED_AUTHORITY);
}
validateGroupMemberId(groupMemberId);
// Verify if groupMemberId is member of groupId
AuthorityType authorityType = AuthorityType.getAuthorityType(groupMemberId);
Set<String> parents = authorityService.getContainingAuthorities(AuthorityType.GROUP, groupMemberId, true);
if (!parents.contains(groupId))
{
throw new NotFoundException(groupMemberId + " is not member of " + groupId);
}
authorityService.removeAuthority(groupId, groupMemberId);
}
@BeforeClass public static void initTestsContext() throws Exception
{
AUTHENTICATION_SERVICE = (MutableAuthenticationService)testContext.getBean("authenticationService");
BEHAVIOUR_FILTER = (BehaviourFilter)testContext.getBean("policyBehaviourFilter");
LINKS_SERVICE = (LinksService)testContext.getBean("LinksService");
NODE_SERVICE = (NodeService)testContext.getBean("nodeService");
PUBLIC_NODE_SERVICE = (NodeService)testContext.getBean("NodeService");
PERSON_SERVICE = (PersonService)testContext.getBean("personService");
TRANSACTION_HELPER = (RetryingTransactionHelper)testContext.getBean("retryingTransactionHelper");
PERMISSION_SERVICE = (PermissionService)testContext.getBean("permissionService");
SITE_SERVICE = (SiteService)testContext.getBean("siteService");
CONTENT_SERVICE = (ContentService)testContext.getBean("ContentService");
// Do the setup as admin
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
createUser(TEST_USER);
// We need to create the test site as the test user so that they can contribute content to it in tests below.
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER);
createTestSites();
}
@Override
public boolean canRead(String sharedId)
{
Pair<String, NodeRef> pair = getTenantNodeRefFromSharedId(sharedId);
final String tenantDomain = pair.getFirst();
final NodeRef nodeRef = pair.getSecond();
return TenantUtil.runAsTenant(new TenantRunAsWork<Boolean>()
{
public Boolean doWork() throws Exception
{
try
{
checkQuickShareNode(nodeRef);
return permissionService.hasPermission(nodeRef, PermissionService.READ) == AccessStatus.ALLOWED;
}
catch (AccessDeniedException ex)
{
return false;
}
}
}, tenantDomain);
}
@Override
protected String applyInternal() throws Exception
{
StringBuilder result = new StringBuilder(I18NUtil.getMessage(MSG_START));
String groupAuthorityName = PermissionService.GROUP_PREFIX + this.groupAuthorityDetails.groupName;
if (!authorityService.authorityExists(groupAuthorityName))
{
groupAuthorityName = authorityService.createAuthority(AuthorityType.GROUP,
this.groupAuthorityDetails.groupName,
this.groupAuthorityDetails.groupDisplayName,
this.groupAuthorityDetails.authorityZones);
authorityService.addAuthority(groupAuthorityName, AuthenticationUtil.getAdminUserName());
result.append(I18NUtil.getMessage(MSG_RESULT, groupAuthorityName));
}
else
{
result.append(I18NUtil.getMessage(MSG_EXIST, groupAuthorityName));
}
return result.toString();
}
@Test
public void testRenderByReader()
{
String ownerUserName = createRandomUser();
NodeRef sourceNodeRef = createSource(ownerUserName, "quick.jpg");
String otherUserName = createRandomUser();
transactionService.getRetryingTransactionHelper().doInTransaction(() ->
{
permissionService.setPermission(sourceNodeRef, otherUserName, PermissionService.READ, true);
return null;
});
render(otherUserName, sourceNodeRef, DOC_LIB);
NodeRef renditionNodeRef = waitForRendition(ownerUserName, sourceNodeRef, DOC_LIB, true);
assertNotNull("The rendition is not visible for owner of source node", renditionNodeRef);
renditionNodeRef = waitForRendition(otherUserName, sourceNodeRef, DOC_LIB, true);
assertNotNull("The rendition is not visible for owner of rendition node", renditionNodeRef);
assertEquals("The creator of the rendition is not correct",
ownerUserName, nodeService.getProperty(sourceNodeRef, ContentModel.PROP_CREATOR));
}
@Override
public AccessStatus execute(VirtualProtocol virtualProtocol, Reference reference) throws ProtocolMethodException
{
VirtualFolderDefinition definition = resolver.resolveVirtualFolderDefinition(reference);
FilingRule filingRule = definition.getFilingRule();
boolean readonly = filingRule.isNullFilingRule()
|| filingRule.filingNodeRefFor(new FilingParameters(reference)) == null;
if (readonly)
{
Set<String> deniedPermissions = userPermissions.getDenyReadonlySmartNodes();
if (deniedPermissions.contains(permissionToCheck))
{
return AccessStatus.DENIED;
}
if (PermissionService.READ.equals(permissionToCheck))
{
return AccessStatus.ALLOWED;
}
}
return userPermissions.hasVirtualNodePermission(permissionToCheck,
readonly);
}
public void testBasicAllowChildAssociationRef2() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("echoChildAssocRef", new Class[] { ChildAssociationRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_PARENT.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
Object answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) });
assertEquals(answer, nodeService.getPrimaryParent(rootNodeRef));
answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
assertEquals(answer, nodeService.getPrimaryParent(systemNodeRef));
}
public void testMultiNodeMethodsArg0() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testManyNodeRef",
new Class[] { NodeRef.class, NodeRef.class, NodeRef.class, NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { null, null, null, null });
try
{
method.invoke(proxy, new Object[] { rootNodeRef, null, null, null });
assertNotNull(null);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
"andy", AccessStatus.ALLOWED));
method.invoke(proxy, new Object[] { rootNodeRef, null, null, null });
}
@Override
protected void setUp() throws Exception
{
super.setUp();
AbstractRefreshableApplicationContext ctx = (AbstractRefreshableApplicationContext)getServer().getApplicationContext();
this.retryingTransactionHelper = (RetryingTransactionHelper)ctx.getBean("retryingTransactionHelper");
this.authenticationService = (MutableAuthenticationService)ctx.getBean("AuthenticationService");
this.personService = (PersonService)ctx.getBean("PersonService");
this.siteService = (SiteService)ctx.getBean("SiteService");
this.nodeService = (NodeService)ctx.getBean("NodeService");
this.nodeArchiveService = (NodeArchiveService)ctx.getBean("nodeArchiveService");
this.checkOutCheckInService = (CheckOutCheckInService)ctx.getBean("checkOutCheckInService");
this.permissionService = (PermissionService)ctx.getBean("permissionService");
// Do the setup as admin
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
// Create a site
TEST_SITE = createSite(TEST_SITE_NAME);
// Create two users, one who's a site member
createUser(USER_ONE, true);
createUser(USER_TWO, false);
// Do our tests by default as the first user who is a contributor
AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
}
AclTest(PermissionReference required, QName typeQName, Set<QName> aspectQNames)
{
this.required = required;
this.typeQName = typeQName;
this.aspectQNames = aspectQNames;
// Set the required node permissions
if (required.equals(getPermissionReference(ALL_PERMISSIONS)))
{
nodeRequirements = modelDAO.getRequiredPermissions(getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames, RequiredPermission.On.NODE);
}
else
{
nodeRequirements = modelDAO.getRequiredPermissions(required, typeQName, aspectQNames, RequiredPermission.On.NODE);
}
if (modelDAO.getRequiredPermissions(required, typeQName, aspectQNames, RequiredPermission.On.PARENT).size() > 0)
{
throw new IllegalStateException("Parent permissions can not be checked for an acl");
}
if (modelDAO.getRequiredPermissions(required, typeQName, aspectQNames, RequiredPermission.On.CHILDREN).size() > 0)
{
throw new IllegalStateException("Child permissions can not be checked for an acl");
}
// Find all the permissions that grant the allowed permission
// All permissions are treated specially.
granters = new LinkedHashSet<PermissionReference>(128, 1.0f);
granters.addAll(modelDAO.getGrantingPermissions(required));
granters.add(getAllPermissionReference());
granters.add(OLD_ALL_PERMISSIONS_REFERENCE);
}
UnconditionalAclTest(PermissionReference required)
{
this.required = required;
// Set the required node permissions
if (required.equals(getPermissionReference(ALL_PERMISSIONS)))
{
nodeRequirements = modelDAO.getUnconditionalRequiredPermissions(getPermissionReference(PermissionService.FULL_CONTROL), RequiredPermission.On.NODE);
}
else
{
nodeRequirements = modelDAO.getUnconditionalRequiredPermissions(required, RequiredPermission.On.NODE);
}
if (modelDAO.getUnconditionalRequiredPermissions(required, RequiredPermission.On.PARENT).size() > 0)
{
throw new IllegalStateException("Parent permissions can not be checked for an acl");
}
if (modelDAO.getUnconditionalRequiredPermissions(required, RequiredPermission.On.CHILDREN).size() > 0)
{
throw new IllegalStateException("Child permissions can not be checked for an acl");
}
// Find all the permissions that grant the allowed permission
// All permissions are treated specially.
granters = new LinkedHashSet<PermissionReference>(128, 1.0f);
granters.addAll(modelDAO.getGrantingPermissions(required));
granters.add(getAllPermissionReference());
granters.add(OLD_ALL_PERMISSIONS_REFERENCE);
}
/**
* {@inheritDoc}
*/
public boolean hasAdminAuthority()
{
String currentUserName = AuthenticationUtil.getRunAsUser();
// Determine whether the administrator role is mapped to this user or one of their groups
return ((currentUserName != null) && getAuthoritiesForUser(currentUserName).contains(PermissionService.ADMINISTRATOR_AUTHORITY));
}
public void testSetFlags() throws Exception
{
NavigableMap<Long, FileInfo> fis = imapService.getFolderStatus(authenticationService.getCurrentUserName(), testImapFolderNodeRef, ImapViewMode.ARCHIVE).search;
if (fis != null && fis.size() > 0)
{
FileInfo messageFileInfo = fis.firstEntry().getValue();
try
{
setFlags(messageFileInfo);
fail("Can't set flags");
}
catch (Exception e)
{
if (e instanceof AccessDeniedException)
{
// expected
}
else
{
throw e;
}
}
reauthenticate(USER_NAME, USER_PASSWORD);
permissionService.setPermission(testImapFolderNodeRef, anotherUserName, PermissionService.WRITE, true);
reauthenticate(anotherUserName, anotherUserName);
setFlags(messageFileInfo);
}
}
protected void build1000NodesReadDenied(final String authority)
{
runAs("admin");
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
String name = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, name, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_1001 = fileFolderService.create(folder, name + "-1001", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setPermission(folder_1001, authority, PermissionService.READ, true);
permissionService.setInheritParentPermissions(folder_1001, false);
for(int j = 0; j < 1000; j++)
{
NodeRef file = fileFolderService.create(folder_1001, name + "-1001-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
permissionService.setInheritParentPermissions(file, false);
permissionService.setPermission(file, authority, PermissionService.READ, false);
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
@Test
public void testRuleServicePermissionsCoordinator()
{
this.authenticationService.createAuthentication("coordUser", "password".toCharArray());
this.permissionService.setPermission(this.nodeRef, "coordUser", PermissionService.COORDINATOR, true);
this.permissionService.setInheritParentPermissions(this.nodeRef, true);
this.authenticationService.authenticate(AuthenticationUtil.getAdminUserName(), "admin".toCharArray());
Rule rule2 = createTestRule();
this.ruleService.saveRule(this.nodeRef, rule2);
this.authenticationService.clearCurrentSecurityContext();
}
protected void buildNodes(final String user, final String permission, final int n, final boolean inherit)
{
RetryingTransactionCallback<Void> cb = new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
String namePrefix = "simple" + System.currentTimeMillis();
NodeRef folder = fileFolderService.create(rootNodeRef, namePrefix, ContentModel.TYPE_FOLDER).getNodeRef();
NodeRef folder_n = fileFolderService.create(folder, namePrefix + "-n", ContentModel.TYPE_FOLDER).getNodeRef();
permissionService.setInheritParentPermissions(folder_n, false);
permissionService.setPermission(folder_n, user, PermissionService.READ, true);
for(int j = 0; j < n; j++)
{
NodeRef file = fileFolderService.create(folder_n, namePrefix + "-n-"+j, ContentModel.TYPE_CONTENT).getNodeRef();
if(!inherit)
{
permissionService.setInheritParentPermissions(file, false);
if(permission != null)
{
permissionService.setPermission(file, user, permission, true);
}
}
}
return null;
}
};
retryingTransactionHelper.doInTransaction(cb, false, false);
}
/**
* @see org.alfresco.service.cmr.site.SiteService#canAddMember(java.lang.String,
* java.lang.String, java.lang.String)
*/
public boolean canAddMember(final String shortName, final String authorityName, final String role)
{
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
if (siteNodeRef == null)
{
throw new SiteDoesNotExistException(shortName);
}
// Get the user's current role
final String currentRole = getMembersRole(shortName, authorityName);
// Get the visibility of the site
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
// If we are ...
// -- the current user has change permissions rights on the site
// or we are ...
// -- referring to a public site and
// -- the role being set is consumer and
// -- the user being added is ourselves and
// -- the member does not already have permissions
// ... then we can set the permissions as system user
final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
return ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
|| isSiteAdmin(currentUserName) || (SiteVisibility.PUBLIC.equals(visibility)
&& role.equals(SiteModel.SITE_CONSUMER) && authorityName.equals(currentUserName) && currentRole == null));
}
@Override
public void setUp() throws Exception
{
ctx = ApplicationContextHelper.getApplicationContext();
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
txnHelper = serviceRegistry.getTransactionService().getRetryingTransactionHelper();
fileFolderService = serviceRegistry.getFileFolderService();
repository = (Repository) ctx.getBean("repositoryHelper");
fixedAclUpdater = (FixedAclUpdater) ctx.getBean("fixedAclUpdater");
permissionsDaoComponent = (PermissionsDaoComponent) ctx.getBean("admPermissionsDaoComponent");
permissionService = (PermissionService) ctx.getBean("permissionService");
nodeDAO = (NodeDAO) ctx.getBean("nodeDAO");
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
NodeRef home = repository.getCompanyHome();
// create a folder hierarchy for which will change permission inheritance
int[] filesPerLevel = { 5, 5, 10 };
RetryingTransactionCallback<NodeRef> cb1 = createFolderHierchyCallback(home, fileFolderService, "rootFolderAsyncCall",
filesPerLevel);
folderAsyncCallNodeRef = txnHelper.doInTransaction(cb1);
RetryingTransactionCallback<NodeRef> cb2 = createFolderHierchyCallback(home, fileFolderService, "rootFolderSyncCall",
filesPerLevel);
folderSyncCallNodeRef = txnHelper.doInTransaction(cb2);
// change setFixedAclMaxTransactionTime to lower value so setInheritParentPermissions on created folder
// hierarchy require async call
setFixedAclMaxTransactionTime(permissionsDaoComponent, home, 50);
}
@Before
public void before() throws Exception
{
super.before();
this.permissionService = (PermissionService)this.applicationContext.getBean("permissionService");
this.authenticationService = (MutableAuthenticationService)this.applicationContext.getBean("authenticationService");
this.searchService = (SearchService) applicationContext.getBean("SearchService");
this.namespaceService = (NamespaceService) applicationContext.getBean("NamespaceService");
this.fileFolderService = (FileFolderService) applicationContext.getBean("FileFolderService");
}
private boolean canEditPermission(NodeRef commentNodeRef)
{
String creator = (String)nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
Serializable owner = nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER);
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
boolean isSiteManager = permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED);
boolean isCoordinator = permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED);
return (isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner));
}
/**
* <a href="https://issues.alfresco.com/jira/browse/MNT-2777">MNT-2777</a>
*/
public void testALF17554ArchiveAndRestoreCheckPermission() throws Exception
{
permissionService.setInheritParentPermissions(a, false);
// Set the permission for the node for user USER_C
AuthenticationUtil.setFullyAuthenticatedUser(USER_C);
assertTrue(
"The user should not have the permission set on the node yet.",
permissionService.hasPermission(a, PermissionService.COORDINATOR) == AccessStatus.DENIED);
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
permissionService.setPermission(a, USER_C, PermissionService.COORDINATOR, true);
assertTrue(
"The user should have the permission set on the node.",
permissionService.hasPermission(a, PermissionService.COORDINATOR) == AccessStatus.ALLOWED);
commitAndBeginNewTransaction();
nodeService.deleteNode(a);
verifyNodeExistence(a, false);
nodeService.restoreNode(a_, null, null, null);
// Check the permission
AuthenticationUtil.setFullyAuthenticatedUser(USER_C);
assertTrue(
"The user should have the same permission after restoring the node.",
permissionService.hasPermission(a, PermissionService.COORDINATOR) == AccessStatus.ALLOWED);
assertFalse(
"The node should have InheritParentPermissions set to false.",
permissionService.getInheritParentPermissions(a));
}
@Test
public void testReadonlyNodeHasPermission() throws Exception
{
// virtual permission should override actual permissions
NodeRef aVFTestTemplate2 = createVirtualizedFolder(testRootFolder.getNodeRef(),
"aVFTestTemplate2",
TEST_TEMPLATE_2_JSON_SYS_PATH);
NodeRef vf2Node2 = nodeService.getChildByName(aVFTestTemplate2,
ContentModel.ASSOC_CONTAINS,
"Node2");
final String[] deniedReadOnly = new String[] { PermissionService.UNLOCK, PermissionService.CANCEL_CHECK_OUT,
PermissionService.CHANGE_PERMISSIONS, PermissionService.CREATE_CHILDREN, PermissionService.DELETE,
PermissionService.WRITE, PermissionService.DELETE_NODE, PermissionService.WRITE_PROPERTIES,
PermissionService.WRITE_CONTENT, PermissionService.CREATE_ASSOCIATIONS };
StringBuilder nonDeniedTrace = new StringBuilder();
for (int i = 0; i < deniedReadOnly.length; i++)
{
AccessStatus accessStatus = hasPermissionAs(vf2Node2,
deniedReadOnly[i],
user1);
if (!AccessStatus.DENIED.equals(accessStatus))
{
if (nonDeniedTrace.length() > 0)
{
nonDeniedTrace.append(",");
}
nonDeniedTrace.append(deniedReadOnly[i]);
}
}
assertTrue("Non-denied permissions on RO virtual nodes : " + nonDeniedTrace,
nonDeniedTrace.length() == 0);
}
@Override
public Set<AccessPermission> getAllSetPermissions(Reference reference)
{
return reference.execute(new GetAllSetPermissionsMethod(this,
userPermissions,
PermissionService.ALL_AUTHORITIES));
}
/**
* MNT-9502
*/
public void testPermissionOfLockedNodeWithWorkingcopyAspect()
{
permissionService.setPermission(rootNodeRef, "andy", PermissionService.ALL_PERMISSIONS, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "lemur", PermissionService.READ, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.CHECK_OUT, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.WRITE, true);
permissionService.setPermission(rootNodeRef, "frog", PermissionService.READ, true);
authenticationService.authenticate("andy", "andy".toCharArray());
NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_CMOBJECT, null).getChildRef();
nodeService.addAspect(testNode, ContentModel.ASPECT_WORKING_COPY, null);
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("lemur", "lemur".toCharArray());
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("andy", "andy".toCharArray());
lockService.unlock(testNode);
authenticationService.authenticate("lemur", "lemur".toCharArray());
lockService.lock(testNode, LockType.READ_ONLY_LOCK);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
authenticationService.authenticate("frog", "frog".toCharArray());
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CHECK_IN));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.CANCEL_CHECK_OUT));
}
/**
* Construct
*/
protected CanCheckOutActionEvaluator(ServiceRegistry serviceRegistry)
{
super(serviceRegistry, Action.CAN_CHECK_OUT);
permissionEvaluator = new PermissionActionEvaluator(
serviceRegistry,
Action.CAN_CHECK_OUT,
PermissionService.CHECK_OUT);
lockService = serviceRegistry.getLockService();
}
public void testBasicAllowNodeParent() throws Exception
{
runAs("andy");
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("echoNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_PARENT.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
Object answer = method.invoke(proxy, new Object[] { rootNodeRef });
assertEquals(answer, rootNodeRef);
try
{
answer = method.invoke(proxy, new Object[] { systemNodeRef });
assertNotNull(answer);
}
catch (InvocationTargetException e)
{
}
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
answer = method.invoke(proxy, new Object[] { systemNodeRef });
assertEquals(answer, systemNodeRef);
}