/** Called at the begining of all tests */
@Override
protected void onSetUpInTransaction() throws Exception {
this.nodeService = (NodeService) this.applicationContext.getBean("nodeService");
AuthenticationComponent authenticationComponent =
(AuthenticationComponent) applicationContext.getBean("authenticationComponent");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
// Create the store and get the root node
this.testStoreRef =
this.nodeService.createStore(
StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
this.rootNodeRef = this.nodeService.getRootNode(this.testStoreRef);
// Create the node used for tests
this.nodeRef =
this.nodeService
.createNode(
this.rootNodeRef,
ContentModel.ASSOC_CHILDREN,
QName.createQName("{test}testnode"),
ContentModel.TYPE_CONTENT)
.getChildRef();
// Get the executer instance
this.executer =
(AddFeaturesActionExecuter) this.applicationContext.getBean(AddFeaturesActionExecuter.NAME);
}
public void setUp() throws Exception {
if (AlfrescoTransactionSupport.getTransactionReadState() != TxnReadState.TXN_NONE) {
throw new AlfrescoRuntimeException(
"A previous tests did not clean up transaction: "
+ AlfrescoTransactionSupport.getTransactionId());
}
nodeService = (NodeService) applicationContext.getBean("nodeService");
dictionaryService =
(DictionaryService)
applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE.getLocalName());
permissionService = (PermissionServiceSPI) applicationContext.getBean("permissionService");
permissionServiceImpl =
(PermissionServiceImpl) applicationContext.getBean("permissionServiceImpl");
namespacePrefixResolver =
(NamespacePrefixResolver)
applicationContext.getBean(ServiceRegistry.NAMESPACE_SERVICE.getLocalName());
authenticationService =
(MutableAuthenticationService) applicationContext.getBean("authenticationService");
authenticationComponent =
(AuthenticationComponent) applicationContext.getBean("authenticationComponent");
serviceRegistry =
(ServiceRegistry) applicationContext.getBean(ServiceRegistry.SERVICE_REGISTRY);
permissionModelDAO = (ModelDAO) applicationContext.getBean("permissionsModelDAO");
personService = (PersonService) applicationContext.getBean("personService");
authorityService = (AuthorityService) applicationContext.getBean("authorityService");
authorityDAO = (AuthorityDAO) applicationContext.getBean("authorityDAO");
authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
authenticationDAO = (MutableAuthenticationDao) applicationContext.getBean("authenticationDao");
nodeDAO = (NodeDAO) applicationContext.getBean("nodeDAO");
aclDaoComponent = (AclDAO) applicationContext.getBean("aclDAO");
publicServiceAccessService =
(PublicServiceAccessService) applicationContext.getBean("publicServiceAccessService");
retryingTransactionHelper =
(RetryingTransactionHelper) applicationContext.getBean("retryingTransactionHelper");
transactionService = (TransactionService) applicationContext.getBean("transactionComponent");
testTX = transactionService.getUserTransaction();
testTX.begin();
testStoreRef =
nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.nanoTime());
rootNodeRef = nodeService.getRootNode(testStoreRef);
QName children = ContentModel.ASSOC_CHILDREN;
QName system = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "system");
QName container = ContentModel.TYPE_CONTAINER;
QName types = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "people");
systemNodeRef = nodeService.createNode(rootNodeRef, children, system, container).getChildRef();
NodeRef typesNodeRef =
nodeService.createNode(systemNodeRef, children, types, container).getChildRef();
Map<QName, Serializable> props = createPersonProperties("andy");
nodeService
.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props)
.getChildRef();
props = createPersonProperties("lemur");
nodeService
.createNode(typesNodeRef, children, ContentModel.TYPE_PERSON, container, props)
.getChildRef();
// create an authentication object e.g. the user
if (authenticationDAO.userExists("andy")) {
authenticationService.deleteAuthentication("andy");
}
authenticationService.createAuthentication("andy", "andy".toCharArray());
if (authenticationDAO.userExists("lemur")) {
authenticationService.deleteAuthentication("lemur");
}
authenticationService.createAuthentication("lemur", "lemur".toCharArray());
if (authenticationDAO.userExists(AuthenticationUtil.getAdminUserName())) {
authenticationService.deleteAuthentication(AuthenticationUtil.getAdminUserName());
}
authenticationService.createAuthentication(
AuthenticationUtil.getAdminUserName(), "admin".toCharArray());
authenticationComponent.clearCurrentSecurityContext();
assertTrue(permissionServiceImpl.getAnyDenyDenies());
}
/** Test for MNT-11725 */
public void testDowngradePermissions() throws Exception {
NodeRef rootNodeRef = this.nodeService.getRootNode(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
NodeRef folderRef =
nodeService
.createNode(
rootNodeRef,
ContentModel.ASSOC_CHILDREN,
QName.createQName(NamespaceService.ALFRESCO_URI, "testFolder"),
ContentModel.TYPE_FOLDER)
.getChildRef();
permissionService.setPermission(folderRef, USER_ONE, PermissionService.COORDINATOR, true);
permissionService.setInheritParentPermissions(folderRef, false);
authenticationComponent.setCurrentUser(USER_ONE);
// JSON fromat
// {"permissions":
// [{"authority":"userA",
// "role":"Consumer"},
// {"authority":"userA",
// "role":"Coordinator",
// "remove":true}],
// "isInherited":true}
/* negative test, we are first deleting the coordinator role and then try to add consumer */
JSONObject changePermission = new JSONObject();
JSONArray permissions = new JSONArray();
// First delete permission, then add
JSONObject addPermission = new JSONObject();
addPermission.put("authority", USER_ONE);
addPermission.put("role", PermissionService.CONSUMER);
JSONObject removePermission = new JSONObject();
removePermission.put("authority", USER_ONE);
removePermission.put("role", PermissionService.COORDINATOR);
removePermission.put("remove", "true");
permissions.put(removePermission);
permissions.put(addPermission);
changePermission.put("permissions", permissions);
changePermission.put("isInherited", "true");
sendRequest(
new PostRequest(
URL_DOCLIB_PERMISSIONS
+ "/"
+ StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getProtocol()
+ "/"
+ StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getIdentifier()
+ "/"
+ folderRef.getId(),
changePermission.toString(),
"application/json"),
Status.STATUS_INTERNAL_SERVER_ERROR);
/* positive test */
changePermission = new JSONObject();
permissions = new JSONArray();
// First add permission, then delete
addPermission = new JSONObject();
addPermission.put("authority", USER_ONE);
addPermission.put("role", PermissionService.CONSUMER);
removePermission = new JSONObject();
removePermission.put("authority", USER_ONE);
removePermission.put("role", PermissionService.COORDINATOR);
removePermission.put("remove", "true");
permissions.put(addPermission);
permissions.put(removePermission);
changePermission.put("permissions", permissions);
changePermission.put("isInherited", "true");
sendRequest(
new PostRequest(
URL_DOCLIB_PERMISSIONS
+ "/"
+ StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getProtocol()
+ "/"
+ StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getIdentifier()
+ "/"
+ folderRef.getId(),
changePermission.toString(),
"application/json"),
Status.STATUS_OK);
AccessStatus accessStatus =
permissionService.hasPermission(folderRef, PermissionService.CONSUMER);
assertTrue("The permission was not set correctly", accessStatus == AccessStatus.ALLOWED);
this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
nodeService.deleteNode(folderRef);
}