// security on versions, see TestLocalAPIWithCustomVersioning
@Test
public void testVersionSecurity() throws Exception {
DocumentModel folder = new DocumentModelImpl("/", "folder", "Folder");
folder = session.createDocument(folder);
ACP acp = new ACPImpl();
ACE ace = new ACE("princ1", "perm1", true);
ACL acl = new ACLImpl("acl1", false);
acl.add(ace);
acp.addACL(acl);
session.setACP(folder.getRef(), acp, true);
DocumentModel file = new DocumentModelImpl("/folder", "file", "File");
file = session.createDocument(file);
// set security
acp = new ACPImpl();
ace = new ACE("princ2", "perm2", true);
acl = new ACLImpl("acl2", false);
acl.add(ace);
acp.addACL(acl);
session.setACP(file.getRef(), acp, true);
session.save();
DocumentModel proxy = session.publishDocument(file, folder);
DocumentModel version = session.getLastDocumentVersion(file.getRef());
session.save();
// check security on version
acp = session.getACP(version.getRef());
ACL[] acls = acp.getACLs();
assertEquals(2, acls.length);
acl = acls[0];
assertEquals(1, acl.size());
assertEquals("princ2", acl.get(0).getUsername());
acl = acls[1];
assertEquals(1 + 3, acl.size()); // 1 + 3 root defaults
assertEquals("princ1", acl.get(0).getUsername());
// remove live document (there's a proxy so the version stays)
session.removeDocument(file.getRef());
session.save();
// recheck security on version (works because we're administrator)
acp = session.getACP(version.getRef());
assertNull(acp);
// check proxy still accessible (in another session)
try (CoreSession session2 = openSessionAs(SecurityConstants.ADMINISTRATOR)) {
session2.getDocument(proxy.getRef());
}
}
protected void setPermission(
DocumentModel doc, String userName, String permission, boolean isGranted) {
ACP acp = session.getACP(doc.getRef());
ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL);
localACL.add(new ACE(userName, permission, isGranted));
session.setACP(doc.getRef(), acp, true);
session.save();
}
protected void resetPermissions(DocumentModel doc, String userName) {
ACP acp = session.getACP(doc.getRef());
ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL);
Iterator<ACE> localACLIt = localACL.iterator();
while (localACLIt.hasNext()) {
ACE ace = localACLIt.next();
if (userName.equals(ace.getUsername())) {
localACLIt.remove();
}
}
session.setACP(doc.getRef(), acp, true);
session.save();
}
protected void resetPermissions(DocumentRef docRef, String userName) {
ACP acp = session.getACP(docRef);
ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL);
Iterator<ACE> localACLIt = localACL.iterator();
while (localACLIt.hasNext()) {
ACE ace = localACLIt.next();
if (userName.equals(ace.getUsername())) {
localACLIt.remove();
}
}
session.setACP(docRef, acp, true);
TransactionHelper.commitOrRollbackTransaction();
TransactionHelper.startTransaction();
}
@Override
public boolean isPublished(DocumentModel doc, CoreSession session) throws ClientException {
return session.getACP(doc.getRef()).getACL(CoreProxyWithWorkflowFactory.ACL_NAME) == null;
}