Java Code Examples for org.alfresco.repo.security.authentication.AuthenticationUtil

@Override
protected void setUp() throws Exception
{
    applicationContext = ApplicationContextHelper.getApplicationContext();
    nodeService = (NodeService)applicationContext.getBean("nodeService");
    repositoryHelper = (Repository)this.applicationContext.getBean("repositoryHelper");
    transactionService = (TransactionService)applicationContext.getBean("transactionService");
    
    ChildApplicationContextFactory fileServersSubSystem = (ChildApplicationContextFactory) applicationContext.getBean("fileServers");
    assertNotNull("fileServers subsystem is null", fileServersSubSystem);
    lockKeeper =  (LockKeeper)fileServersSubSystem.getApplicationContext().getBean("lockKeeper");
    
	assertNotNull("nodeService is null", nodeService);
	assertNotNull("lockKeeper is null", lockKeeper);
	assertNotNull("transactionService is null", transactionService);

    
    AuthenticationUtil.setRunAsUserSystem();
    AuthenticationUtil.setFullyAuthenticatedUser("bugsBunny");
}
 

private StringBuilder calculateDisplayPath(final NodeRef nodeRef)
{
    return AuthenticationUtil.runAs(new RunAsWork<StringBuilder>()
    {
        @Override
        public StringBuilder doWork() throws Exception
        {
            // Get the full path to the file/folder node
            Path nodePath = m_nodeService.getPath(nodeRef);
            String fName = (String) m_nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);

            // Build the share relative path to the node
            StringBuilder result = new StringBuilder();
            result.append(nodePath.toDisplayPath(m_nodeService, m_permissionService));
            if ((0 == result.length()) || ('/' != (result.charAt(result.length() - 1)) && ('\\' != result.charAt(result.length() - 1))))
            {
                result.append("\\");
            }
            return result.append(fName);
        }
    }, AuthenticationUtil.SYSTEM_USER_NAME);
}
 

/**
 * Write the description to a content file and store the content URL in
 * ContentModel.PROP_PERSONDESC
 * 
 * @param description
 * @param nodeRef
 */
private void savePersonDescription(final String description, final NodeRef nodeRef)
{
    AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
    {
        @Override
        public Void doWork() throws Exception
        {
            if (description != null)
            {
                ContentWriter writer = contentService.getWriter(nodeRef, ContentModel.PROP_PERSONDESC, true);
                writer.putContent(description);
            }
            else
            {
                nodeService.setProperty(nodeRef, ContentModel.PROP_PERSONDESC, null);
            }
            return null;
        }
    });
}
 

protected Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse)
{
    String userName = AuthenticationUtil.getRunAsUser();
    HashSet<AccessPermission> accessPermissions = new HashSet<AccessPermission>();
    for (PermissionReference pr : getSettablePermissionReferences(nodeRef))
    {
        if (hasPermission(nodeRef, pr) == AccessStatus.ALLOWED)
        {
            accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.ALLOWED, userName, -1));
        }
        else
        {
            if (includeFalse)
            {
                accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.DENIED, userName, -1));
            }
        }
    }
    return accessPermissions;
}
 

/**
 * {@inheritDoc}
 */
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getAuthorisations()
{
    // Use TX cache 
    @SuppressWarnings("unchecked")
    Set<String> auths = (Set<String>) AlfrescoTransactionSupport.getResource("MyAuthCache");
    Authentication auth = AuthenticationUtil.getRunAsAuthentication();
    if (auths != null)
    {
        if (auth == null || !auths.contains(((User)auth.getPrincipal()).getUsername()))
        {
            auths = null;
        }
    }
    if (auths == null)
    {
        auths = getCoreAuthorisations(auth);
        AlfrescoTransactionSupport.bindResource("MyAuthCache", auths);
    }
    return Collections.unmodifiableSet(auths);   
}
 

public  void initContextAndCreateUser()
{
    appContext = ApplicationContextHelper.getApplicationContext();

    authenticationService = (MutableAuthenticationService) appContext.getBean("AuthenticationService");
    contentService = (ContentService) appContext.getBean("ContentService");
    nodeService = (NodeService) appContext.getBean("NodeService");
    permissionService = (PermissionService) appContext.getBean("PermissionService");
    personService = (PersonService) appContext.getBean("PersonService");
    renditionService = (RenditionService) appContext.getBean("RenditionService");
    repositoryHelper = (Repository) appContext.getBean("repositoryHelper");
    transactionService = (TransactionService) appContext.getBean("TransactionService");
    txnHelper = transactionService.getRetryingTransactionHelper();
    ownableService = (OwnableService) appContext.getBean("ownableService");

    ADMIN_USER = AuthenticationUtil.getAdminUserName();
    
    // Create a nonAdminUser
    createUser(NON_ADMIN_USER);

}
 

/**
 * Normalizes a user id, taking into account existing user accounts and case sensitivity settings.
 * 
 * @param userId
 *            the user id
 * @return the string
 */
private String normalizeUserId(final String userId)
{
    if (userId == null)
    {
        return null;
    }
    String normalized = AuthenticationUtil.runAs(new RunAsWork<String>()
    {
        public String doWork() throws Exception
        {
            return personService.getUserIdentifier(userId);
        }
    }, AuthenticationUtil.getSystemUserName());
    if (logger.isDebugEnabled())
        logger.debug("The normalized user name is: " + normalized + " for user id " + userId);
    return normalized == null ? userId : normalized;
}
 

private RenditionDefinition loadAndValidateRenditionDefinition(String renditionLocalName)
{
    QName renditionQName = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, renditionLocalName);
    RenditionDefinition renditionDefinition = renditionService.loadRenditionDefinition(renditionQName);
    assertNotNull("'" + renditionLocalName + "' rendition definition was missing.", renditionDefinition);
    assertEquals("'" + renditionLocalName + "' renditionDefinition had wrong renditionName", renditionQName,
                renditionDefinition.getRenditionName());

    assertNotNull("'" + renditionLocalName + "' renditionDefinition had null " +
            RenditionDefinitionImpl.RENDITION_DEFINITION_NAME + " parameter",
                renditionDefinition.getParameterValue(RenditionDefinitionImpl.RENDITION_DEFINITION_NAME));
    
    // All builtin renditions should be "runas" system
    assertEquals(AuthenticationUtil.getSystemUserName(), renditionDefinition.getParameterValue(AbstractRenderingEngine.PARAM_RUN_AS));

    return renditionDefinition;
}
 

/**
 * TODO implement as remote api call
 */
protected String getOrCreateUser(String usernameIn, String password, TestNetwork network)
{
    final String tenantDomain = (network != null ? network.getId() : TenantService.DEFAULT_DOMAIN);

    return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>()
    {
        @Override
        public String doWork() throws Exception
        {
            return TenantUtil.runAsTenant(new TenantUtil.TenantRunAsWork<String>()
            {
                public String doWork() throws Exception
                {
                    String username = repoService.getPublicApiContext().createUserName(usernameIn, tenantDomain);
                    PersonInfo personInfo = new PersonInfo(username, username, username, password, null, null, null, null, null, null, null);
                    RepoService.TestPerson person = repoService.getOrCreateUser(personInfo, username, network);
                    return person.getId();
                }
            }, tenantDomain);
        }
    }, networkAdmin);
}
 

/**
 * Tests the creation of a document link when the user doesn't have write
 * permission on the destination node
 * 
 * @throws Exception
 */
public void testCreateDocLinkWithoutWritePermissionOnDestination() throws Exception
{
    try
    {
        AuthenticationUtil.runAs(new RunAsWork<Void>()
        {
            @Override
            public Void doWork() throws Exception
            {
                documentLinkService.createDocumentLink(site1File1, site2Folder1);
                return null;
            }
        }, TEST_USER);

        fail("no write permission on the destination node must generate AccessDeniedException.");
    }
    catch (AccessDeniedException ex)
    {
        // Expected
    }
}
 

public void process(final NodeRef person) throws Throwable
{
    // note: runAs before runAsTenant (to avoid clearing tenant context, if no previous auth)
    AuthenticationUtil.runAs(new RunAsWork<Object>()
    {
        @Override
        public Object doWork() throws Exception
        {
            return TenantUtil.runAsTenant(new TenantRunAsWork<Void>()
            {
                public Void doWork() throws Exception
                {
                   RunAsWorker.this.doWork(person);
                    return null;
                }
            }, tenantDomain);
        }
    }, userName);
}
 

@Before public void initNonStaticData() throws Exception
{
    companyHome = repositoryHelper.getCompanyHome();
    
    // Create the test folder used for these tests
    testFolderName = "Test-folder-"+ System.currentTimeMillis();
    testFolder     = testNodes.createFolder(companyHome, testFolderName, AuthenticationUtil.getAdminUserName());
    
    // Create the node used as a content supplier for one test
    String testImageNodeName = "testImageNode" + System.currentTimeMillis();
    nodeWithImageContent     = testNodes.createQuickFile(MimetypeMap.MIMETYPE_IMAGE_PNG, companyHome, testImageNodeName, AuthenticationUtil.getAdminUserName());
    
    // Create a test site - note that 'admin' is the site creator.
    testSiteInfo = testSites.createTestSiteWithUserPerRole(this.getClass().getSimpleName(),
                                                           "sitePreset",
                                                           SiteVisibility.PRIVATE,
                                                           AuthenticationUtil.getAdminUserName());
    final NodeRef siteDocLib = testSiteInfo.doclib;
    // Put a piece of content in that site - again the creator is admin.
    // This piece of content is malformed and it will not be possible to create thumbnails from it.
    brokenJpg                = testNodes.createQuickFileByName("quickCorrupt.jpg", siteDocLib, AuthenticationUtil.getAdminUserName());
}
 

@Override protected void after()
{
    final RetryingTransactionHelper transactionHelper = getTransactionHelper();
    final DictionaryDAO dictionaryDAO = getDictionaryDAO();
    
    // Run as system to ensure all non-system nodes can be deleted irrespective of which user created them.
    AuthenticationUtil.runAs(new RunAsWork<Void>()
    {
        @Override public Void doWork() throws Exception
        {
            transactionHelper.doInTransaction(new RetryingTransactionCallback<Void>()
            {
                @Override public Void execute() throws Throwable
                {
                	for (QName model : loadedModels)
                	{
                		dictionaryDAO.removeModel(model);
                	}
                	return null;
                }
            });
            return null;
        }
    }, AuthenticationUtil.getSystemUserName());
}
 

private void tidyUpSourceDoc()
{
    // Set the current security context as admin
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
   
    // Clean up the source
    if(sourceDoc != null)
    {
       nodeService.deleteNode(sourceDoc);
    }
  
    // Clean up the target folder
    nodeService.deleteNode(targetFolder);
    targetFolder = null;
    
    // All done
    sourceDoc = null;
    createTargetFolder();
}
 

/**
 * @return              Returns the full name of the currently-authenticated user
 */
public Serializable getData() throws Throwable
{
    String user = AuthenticationUtil.getFullyAuthenticatedUser();
    NodeRef personNodeRef = personService.getPerson(user);
    String fullName = null;
    if (personNodeRef != null && nodeService.exists(personNodeRef))
    {
        String firstName = (String)nodeService.getProperty(personNodeRef, ContentModel.PROP_FIRSTNAME);
        String lastName = (String)nodeService.getProperty(personNodeRef, ContentModel.PROP_LASTNAME);
        
        fullName = ((firstName != null && firstName.length() > 0) ? firstName : "");
        if (lastName != null && lastName.length() > 0)
        {
            fullName += (fullName.length() > 0 ? " " : "");
            fullName += lastName;
        }
    }
    // Done
    if (logger.isDebugEnabled())
    {
        logger.debug("Generated name '" + fullName + "' for user '" + user + "'.");
    }
    return fullName;
}
 

/** 
 * @see junit.framework.TestCase#tearDown()
 */
@Override
protected void tearDown() throws Exception
{
    retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
    {
        @Override
        public Object execute() throws Throwable
        {
            // As system user
            AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
            
            if (useSpacesStore() == false)
            {
                // Delete the created store
                nodeService.deleteStore(storeRef);
            }
            
            return null;
        }
    });
    
    super.tearDown();
}
 

/**
 * Saves any outstanding updates to the site details.
 * <p>
 * If properties of the site are changed and save is not called, those changes will be lost.
 */
public void save()
{
    if (this.isDirty == true)
    {
        if (siteService.isSiteAdmin(AuthenticationUtil.getFullyAuthenticatedUser()))
        {
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
            {
                public Void doWork() throws Exception
                {
                    // Update the site details as a site-admin
                    siteService.updateSite(siteInfo);
                    return null;
                }
            }, AuthenticationUtil.getAdminUserName());
        }
        else
        {
            // Update the site details
            this.siteService.updateSite(this.siteInfo);
        }
        // Reset the dirty flag
        this.isDirty = false;
    }
}
 

/**
 * https://issues.alfresco.com/jira/browse/ETHREEOH-520
 */
public void testETHREEOH_520()
    throws Exception
{
    final String userName = "userInviteServiceTest" + GUID.generate();
    final String emailAddress = " ";

    // Create a person with a blank email address and
    AuthenticationUtil.runAs(new RunAsWork<Object>()
    {
        public Object doWork() throws Exception
        {
            createPerson(PERSON_FIRSTNAME, PERSON_LASTNAME, userName, " ");
            return null;
        }

    }, AuthenticationUtil.getSystemUserName());

    // Try and add an existing person to the site with no email address
    // Should return bad request since the email address has not been provided
    startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_BAD_REQUEST);
}
 

public DownloadStatus getDownloadStatus(final NodeRef downloadNode)
{
    return AuthenticationUtil.runAsSystem(new RunAsWork<DownloadStatus>()
    {
        @Override
        public DownloadStatus doWork() throws Exception
        {
            return transactionHelper.doInTransaction(new RetryingTransactionCallback<DownloadStatus>()
            {
                @Override
                public DownloadStatus execute() throws Throwable
                {
                    return downloadService.getDownloadStatus(downloadNode);
                }
            });
        }
    });

}
 

/**
 * Zero files
 */
@Test
public void testLoad_ZeroFiles() throws Exception
{
    try
    {
        AuthenticationUtil.pushAuthentication();
        AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
        int created = fileFolderLoader.createFiles(
                writeFolderPath,
                0, 256, 1024L, 1024L, Long.MAX_VALUE, false,
                10, 256L);
        assertEquals("Incorrect number of files generated.", 0, created);
        // Count
        assertEquals(0, nodeService.countChildAssocs(writeFolderNodeRef, true));
    }
    finally
    {
        AuthenticationUtil.popAuthentication();
    }
}
 

/**
 * @see org.alfresco.service.cmr.site.SiteService#getSite(java.lang.String)
 */
public SiteInfo getSite(final String shortName)
{
    // MT share - for activity service remote system callback (deprecated)
    if (tenantService.isEnabled() &&
        TenantUtil.isCurrentDomainDefault() &&
        (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) &&
        tenantService.isTenantName(shortName))
    {
        final String tenantDomain = tenantService.getDomain(shortName);
        final String sName = tenantService.getBaseName(shortName, true);
        
        return TenantUtil.runAsSystemTenant(new TenantRunAsWork<SiteInfo>()
        {
            public SiteInfo doWork() throws Exception
            {
                SiteInfo site = getSiteImpl(sName);
                return new SiteInfoImpl(site.getSitePreset(), shortName, site.getTitle(), site.getDescription(), site.getVisibility(), site.getCustomProperties(), site.getNodeRef());
            }
        }, tenantDomain);
    }
    else
    {
        return getSiteImpl(shortName);
    }
}
 

public void listMembers(String shortName, final String nameFilter, final String roleFilter, final boolean collapseGroups, final SiteMembersCallback callback)
{
    // MT share - for activity service system callback
    if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantName(shortName))
    {
        final String tenantDomain = tenantService.getDomain(shortName);
        final String sName = tenantService.getBaseName(shortName, true);
        
        TenantUtil.runAsSystemTenant(new TenantRunAsWork<Void>()
        {
            public Void doWork() throws Exception
            {
                listMembersImpl(sName, nameFilter, roleFilter, collapseGroups, callback);
                return null;
            }
        }, tenantDomain);
    }
    else
    {
        listMembersImpl(shortName, nameFilter, roleFilter, collapseGroups, callback);
    }
}
 

/**
 * Get the RunAs user need to execute a Write operation on the given path.
 * 
 * @param path  Document path
 * @return runas user - will be the Full Authenticated User or System as required
 */
protected String getPathRunAsUser(final String path)
{
    // check we actually are the user we are creating a user specific path for
    String runAsUser = AuthenticationUtil.getFullyAuthenticatedUser();
    String userId = null;
    Matcher matcher;
    if ((matcher = USER_PATTERN_1.matcher(path)).matches())
    {
        userId = matcher.group(1);
    }
    else if ((matcher = USER_PATTERN_2.matcher(path)).matches())
    {
        userId = matcher.group(1);
    }
    if (userId != null && userId.equals(runAsUser))
    {
        runAsUser = AuthenticationUtil.getSystemUserName();
    }
    return runAsUser;
}
 

@Override
public void tearDown() throws Exception
{
    super.tearDown();
    
    AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
    
    transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
    {
        public Void execute() throws Throwable
        {
            if (testNode != null && nodeService.exists(testNode))
            {
                nodeService.deleteNode(testNode);
            }
            return null;
        }
    });
    
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
    
    deleteUser(USER_ONE);
    deleteUser(USER_TWO);

    AuthenticationUtil.clearCurrentSecurityContext();
}
 

public void testStartInviteForSameInviteeButTwoDifferentSites()
    throws Exception
{
    final String inviteeUsername = INVITEE_FIRSTNAME + "_" + INVITEE_LASTNAME;
    final String inviteeEmail = INVITEE_EMAIL_PREFIX + RandomStringUtils.randomAlphanumeric(6) + "@" + INVITEE_EMAIL_DOMAIN;

    // Create person
    AuthenticationUtil.runAs(new RunAsWork<Object>()
    {
        public Object doWork() throws Exception
        {
            createPerson(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeUsername, inviteeEmail);
            return null;
        }

    }, AuthenticationUtil.getSystemUserName());

    JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1,
            Status.STATUS_CREATED);

    startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED);
}
 

/**
 * Gets the last modified time of the content
 * 
 * @return  last modified time
 */
public long lastModified()
{
    return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Long>()
    {
        public Long doWork() throws Exception
        {
            return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Long>()
            {
                public Long execute() throws Exception
                {
                    ContentReader reader = contentService.getReader(nodeRef, ContentModel.PROP_CONTENT);
                    return reader.getLastModified();
                }
            });
        }
    }, AuthenticationUtil.getSystemUserName());            
}
 

@Override
protected String applyInternal() throws Exception
{
    StringBuilder result = new StringBuilder(I18NUtil.getMessage(MSG_START));

    String groupAuthorityName = PermissionService.GROUP_PREFIX + this.groupAuthorityDetails.groupName;
    if (!authorityService.authorityExists(groupAuthorityName))
    {
        groupAuthorityName = authorityService.createAuthority(AuthorityType.GROUP,
                    this.groupAuthorityDetails.groupName,
                    this.groupAuthorityDetails.groupDisplayName,
                    this.groupAuthorityDetails.authorityZones);

        authorityService.addAuthority(groupAuthorityName, AuthenticationUtil.getAdminUserName());

        result.append(I18NUtil.getMessage(MSG_RESULT, groupAuthorityName));
    }
    else
    {
        result.append(I18NUtil.getMessage(MSG_EXIST, groupAuthorityName));
    }
    return result.toString();
}
 

@Before public void createTestFolder()
{
    initContextAndCreateUser();
    AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
    final NodeRef companyHome = repositoryHelper.getCompanyHome();
    
    Map<QName, Serializable> props = new HashMap<QName, Serializable>();
    props.put(ContentModel.PROP_NAME, this.getClass() + "_testFolder");
    testFolder = nodeService.createNode(companyHome, 
                                            ContentModel.ASSOC_CONTAINS, 
                                            ContentModel.ASSOC_CONTAINS, 
                                            ContentModel.TYPE_FOLDER,
                                            props).getChildRef();
    // Let anyone (meaning non-admin) do anything (meaning create new content)
    permissionService.setPermission(testFolder, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true);
    this.nodesToBeTidiedUp.add(testFolder);
}
 

public void testVersionLockedNode()
{
    transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Object>()
    {
        public Object execute() throws Exception
        {
            AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
            
            // create versionable node and ensure it has the necessary aspect
            NodeRef versionableNode = createNewVersionableNode();
            assertEquals(true, nodeService.hasAspect(versionableNode, ContentModel.ASPECT_VERSIONABLE));
            
            // add lockable aspect and write lock the node
            dbNodeService.addAspect(versionableNode, ContentModel.ASPECT_LOCKABLE, new HashMap<QName, Serializable>());
            assertEquals(true, nodeService.hasAspect(versionableNode, ContentModel.ASPECT_LOCKABLE));
            
            checkOutCheckInService.checkout(versionableNode);
            
            // try to create a version
            createVersion(versionableNode);
            VersionHistory vh = versionService.getVersionHistory(versionableNode);
            assertEquals(1, vh.getAllVersions().size());
            return null;
        }
    });
}
 

public void testVerify() throws Exception
{
    String url = "/api/transfer/test";
    PostRequest req = new PostRequest(url, new JSONObject().toString(), "application/json");
    
    //First, we'll try the request as a simple, non-admin user (expect a 401)
    AuthenticationUtil.setFullyAuthenticatedUser(USERNAME);
    sendRequest(req, 401);
    
    //Then we'll have a go as the system user (expect a 200)
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
    sendRequest(req, 200);
    
    //Then we'll disable the transfer receiver and try again as the system user (expect a 404)
    TransferWebScript webscript = (TransferWebScript)getServer().getApplicationContext().getBean("webscript.org.alfresco.repository.transfer.transfer.post");
    webscript.setEnabled(false);
    sendRequest(req, 404);
}
 

@Override public void deleteTestUser(final String userName)
{
    // And tear down afterwards.
    AuthenticationUtil.runAs(new RunAsWork<Void>()
    {
        @Override public Void doWork() throws Exception
        {
            try
            {
                if (personService.personExists(userName))
                {
                    log.debug("Deleting person " + userName + "...");
                    personService.deletePerson(userName);
                }
            } catch (InvalidNodeRefException ignoreIfThrown)
            {
                // It seems that in cloud code, asking if a person exists when the tenant they would be in also doesn't
                // exist, can give this exception.
            }
            return null;
        }
    }, AuthenticationUtil.getAdminUserName());
}
 

/**
 * Deletes the specified NodeRefs, if they exist.
 * @param nodesToDelete
 */
private static void performDeletionOfNodes(final List<NodeRef> nodesToDelete)
{
    TRANSACTION_HELPER.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
    {
       @Override
       public Void execute() throws Throwable
       {
          AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);

          for (NodeRef node : nodesToDelete)
          {
             if (NODE_SERVICE.exists(node))
             {
                NODE_SERVICE.deleteNode(node);
             }
          }

          return null;
       }
    });
}
 

@After
public void tearDown()
{
    // Restore authentication to pre-test state.
    try
    {
        AuthenticationUtil.popAuthentication();
    }
    catch(EmptyStackException e)
    {
        // Nothing to do.
    }
}
 

/**
 * Check whether non-admin users can take part in ML document manipulation
 */
public void testPermissions() throws Exception
{
    // Grant the guest user rights to our working folder
    PermissionService permissionService = serviceRegistry.getPermissionService();
    AuthenticationComponent authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
    permissionService.setPermission(
            folderNodeRef,
            AuthenticationUtil.getGuestUserName(),
            PermissionService.ALL_PERMISSIONS,
            true);
    // Push the current authentication
    AuthenticationUtil.pushAuthentication();
    try
    {
        authenticationComponent.setGuestUserAsCurrentUser();
        // Create some documents
        NodeRef chineseContentNodeRef = createContent();
        NodeRef frenchContentNodeRef = createContent();
        // Do ML work
        multilingualContentService.makeTranslation(chineseContentNodeRef, Locale.CHINESE);
        multilingualContentService.addTranslation(frenchContentNodeRef, chineseContentNodeRef, Locale.FRENCH);
        multilingualContentService.addEmptyTranslation(chineseContentNodeRef, null, Locale.JAPANESE);
    }
    finally
    {
        AuthenticationUtil.popAuthentication();
    }
}
 

public void deletePerson(final String userName)
{
    AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
    {
        public Void doWork() throws Exception
        {
            personService.deletePerson(userName);
            return null;
        }
    }, AuthenticationUtil.getSystemUserName());
    people.remove(userName);
    AuthenticationUtil.clearCurrentSecurityContext();
}
 

@Override
protected void setUp() throws Exception
{
    super.setUp();
    ApplicationContext appContext = getServer().getApplicationContext();

    this.siteService = (SiteService)appContext.getBean("SiteService");
    this.nodeService = (NodeService)appContext.getBean("NodeService");
    this.transactionService = (TransactionService)appContext.getBean("TransactionService");
    this.nodeArchiveService = (NodeArchiveService)getServer().getApplicationContext().getBean("nodeArchiveService");
    
    // set admin as current user
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());

    // delete the test site if it's still hanging around from previous runs
    SiteInfo site = siteService.getSite(TEST_SITE_NAME);
    if (site != null)
    {
        siteService.deleteSite(TEST_SITE_NAME);
        nodeArchiveService.purgeArchivedNode(nodeArchiveService.getArchivedNode(site.getNodeRef()));
    }
    
    // create the test site, this should create a site but it won't have any containers created
    SiteInfo siteInfo = this.siteService.createSite("collaboration", TEST_SITE_NAME, "Read Only Test Site", 
                "Test site for ReadOnlyTransactionRestApiTest", SiteVisibility.PUBLIC);
    this.testSiteNodeRef = siteInfo.getNodeRef();
    this.testSiteNodeRefString = this.testSiteNodeRef.toString().replace("://", "/");
    
    // ensure there are no containers present at the start of the test
    List<ChildAssociationRef> children = nodeService.getChildAssocs(this.testSiteNodeRef);
    assertTrue("The test site should not have any containers", children.isEmpty());
}
 

@Override
protected void setUp() throws Exception
{
    super.setUp();
    
    this.repositoryHelper = (Repository)getServer().getApplicationContext().getBean("repositoryHelper");
    this.nodeService = (NodeService)getServer().getApplicationContext().getBean("nodeService");
    this.transactionService = (TransactionService) getServer().getApplicationContext().getBean("TransactionService");
    this.fileFolderService = (FileFolderService) getServer().getApplicationContext().getBean("FileFolderService");

    // Get the path of the shared folder home
    final NodeRef companyHomeNodeRef = repositoryHelper.getCompanyHome();
    final NodeRef sharedHomeNodeRef = repositoryHelper.getSharedHome();
    RetryingTransactionCallback<NodeRef> createFolderWork = new RetryingTransactionCallback<NodeRef>()
    {
        @Override
        public NodeRef execute() throws Throwable
        {
            List<FileInfo> sharedHomeFileInfos = fileFolderService.getNamePath(companyHomeNodeRef, sharedHomeNodeRef);
            sharedHomePath = "/" + sharedHomeFileInfos.get(0).getName();

            String folderName = UUID.randomUUID().toString();
            // Create a folder
            FileInfo folderInfo = fileFolderService.create(sharedHomeNodeRef, folderName, ContentModel.TYPE_FOLDER);
            loadHomePath = sharedHomePath + "/" + folderName;
            // Done
            return folderInfo.getNodeRef();
        }
    };
    AuthenticationUtil.pushAuthentication();            // Will be cleared later
    AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();

    loadHomeNodeRef = transactionService.getRetryingTransactionHelper().doInTransaction(createFolderWork);
}
 

@Override
protected boolean canReadSite(final RepoCtx ctx, String siteIdIn, final String connectedUser, final String tenantDomain) throws Exception
{
    if (useRemoteCallbacks)
    {
        // note: not implemented
        throw new UnsupportedOperationException("Not implemented");
    }
    
    final String siteId = tenantService.getBaseName(siteIdIn, true);
    
    return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
    {
        public Boolean doWork() throws Exception
        {
            boolean canRead = false;
            SiteInfo siteInfo = siteService.getSite(siteId);
            if (siteInfo != null)
            {
                switch (siteInfo.getVisibility())
                {
                case MODERATED:
                    // moderated - note: need to check site membership
                    canRead = siteService.isMember(siteId, connectedUser);
                    break;
                case PUBLIC:
                case PRIVATE:
                    // public or private - note: for private site, membership is implied (since getSite did not return null)
                    canRead = true;
                    break;
                default:
                    break;
                }
            }
            return canRead;
        }
    }, connectedUser);
}
 

@BeforeClass public static void initStaticData() throws Exception
{
    AUTHORITY_SERVICE         = APP_CONTEXT_INIT.getApplicationContext().getBean("AuthorityService", AuthorityService.class);
    NAMESPACE_SERVICE         = APP_CONTEXT_INIT.getApplicationContext().getBean("namespaceService", NamespaceService.class);
    NODE_SERVICE              = APP_CONTEXT_INIT.getApplicationContext().getBean("NodeService", NodeService.class);
    NODE_ARCHIVE_SERVICE      = APP_CONTEXT_INIT.getApplicationContext().getBean("nodeArchiveService", NodeArchiveService.class);
    SITE_SERVICE              = APP_CONTEXT_INIT.getApplicationContext().getBean("siteService", SiteService.class);
    COCI_SERVICE              = APP_CONTEXT_INIT.getApplicationContext().getBean("checkOutCheckInService", CheckOutCheckInService.class);
    TRANSACTION_HELPER        = APP_CONTEXT_INIT.getApplicationContext().getBean("retryingTransactionHelper", RetryingTransactionHelper.class);
    PERMISSION_SERVICE        = APP_CONTEXT_INIT.getApplicationContext().getBean("permissionServiceImpl", PermissionService.class);
    AUTHENTICATION_SERVICE    = APP_CONTEXT_INIT.getApplicationContext().getBean("authenticationService", MutableAuthenticationService.class);
    PERSON_SERVICE            = APP_CONTEXT_INIT.getApplicationContext().getBean("PersonService", PersonService.class);
    FILE_FOLDER_SERVICE       = APP_CONTEXT_INIT.getApplicationContext().getBean("FileFolderService",FileFolderService.class);
    AUTHENTICATION_COMPONENT  = APP_CONTEXT_INIT.getApplicationContext().getBean("authenticationComponent",AuthenticationComponent.class);
    LOCK_SERVICE              = APP_CONTEXT_INIT.getApplicationContext().getBean("lockService",LockService.class);
    
    // We'll create this test content as admin.
    final String admin = AuthenticationUtil.getAdminUserName();
    
    TEST_SITE_NAME = GUID.generate();
    TEST_SUB_SITE_NAME = GUID.generate();
    
    final QName subSiteType = QName.createQName("testsite", "testSubsite", NAMESPACE_SERVICE);
    
    STATIC_TEST_SITES.createSite("sitePreset", TEST_SITE_NAME, "siteTitle", "siteDescription", SiteVisibility.PUBLIC, admin);
    STATIC_TEST_SITES.createSite("sitePreset", TEST_SUB_SITE_NAME, "siteTitle", "siteDescription", SiteVisibility.PUBLIC, subSiteType, admin);
    
    TEST_SITE_WITH_MEMBERS = STATIC_TEST_SITES.createTestSiteWithUserPerRole(SiteServiceImplMoreTest.class.getSimpleName(), "sitePreset", SiteVisibility.PUBLIC, admin);
}
 

private int searchForDataDictionary(String tenantAdminName, final String query)
{
    return AuthenticationUtil.runAs(new RunAsWork<Integer>()
    {
        public Integer doWork() throws Exception
        {
            ResultSet resultSet = searchService.query(SPACES_STORE, SearchService.LANGUAGE_LUCENE, query, null);
            return resultSet.length();
        }
    }, tenantAdminName);
}
 

/**
 * Is the current user allowed to edit this post?
 * In order to be deemed allowed, you first need write
 *  permissions on the underlying node of the post.
 * You then also need to either be the cm:creator of
 *  the post node, or a site manager
 */
protected boolean canUserEditPost(PostInfo post, SiteInfo site)
{
   // Are they OK on the node?
   AccessStatus canEdit = permissionService.hasPermission(post.getNodeRef(), PermissionService.WRITE); 
   if (canEdit == AccessStatus.ALLOWED)
   {
      // Only the creator and site managers may edit
      String user = AuthenticationUtil.getFullyAuthenticatedUser();
      if (post.getCreator().equals(user))
      {
         // It's their post
         return true;
      }
      if (site != null)
      {
         String role = siteService.getMembersRole(site.getShortName(), user);
         if (SiteServiceImpl.SITE_MANAGER.equals(role))
         {
            // Managers may edit
            return true;
         }
      }
   }
   
   // If in doubt, you may not edit
   return false;
}
 

/**
 * Deletes the specified NodeRefs, if they exist.
 * @param nodesToDelete List<NodeRef>
 */
private static void performDeletionOfNodes(final List<NodeRef> nodesToDelete)
{
    TRANSACTION_HELPER.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
        {
            @Override
            public Void execute() throws Throwable
            {
                AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
                
                for (NodeRef node : nodesToDelete)
                {
                    if (NODE_SERVICE.exists(node))
                    {
                        // st:site nodes can only be deleted via the SiteService
                        if (NODE_SERVICE.getType(node).equals(SiteModel.TYPE_SITE))
                        {
                            
                            SiteInfo siteInfo = SITE_SERVICE.getSite(node);
                            SITE_SERVICE.deleteSite(siteInfo.getShortName());
                        }
                        else
                        {
                            NODE_SERVICE.deleteNode(node);
                        }
                    }
                }
                
                return null;
            }
        });
}
 

@SuppressWarnings("unchecked")
@Before
public void setUp() throws Exception
{
    ChildApplicationContextFactory activitiesFeed = (ChildApplicationContextFactory) ctx.getBean("ActivitiesFeed");
    ApplicationContext activitiesFeedCtx = activitiesFeed.getApplicationContext();
    feedNotifier = (FeedNotifierImpl) activitiesFeedCtx.getBean("feedNotifier");
    activityService = (ActivityService) activitiesFeedCtx.getBean("activityService");
    feedGenerator = (FeedGenerator) activitiesFeedCtx.getBean("feedGenerator");
    postLookup = (PostLookup) activitiesFeedCtx.getBean("postLookup");
    ObjectFactory<ActivitiesFeedModelBuilder> feedModelBuilderFactory = (ObjectFactory<ActivitiesFeedModelBuilder>) activitiesFeedCtx.getBean("feedModelBuilderFactory");
    EmailUserNotifier emailUserNotifier = (EmailUserNotifier) activitiesFeedCtx.getBean("emailUserNotifier");
    
    tenantAdminService = (TenantAdminService) ctx.getBean("tenantAdminService");
    transactionService = (TransactionService) ctx.getBean("transactionService");
    personService = (PersonService) ctx.getBean("personService");
    postDAO = (ActivityPostDAO) ctx.getBean("postDAO");
    nodeService = (NodeService) ctx.getBean("nodeService");
    namespaceService = (NamespaceService) ctx.getBean("namespaceService");
    siteService = (SiteService) ctx.getBean("siteService");
    repoAdminService = (RepoAdminService) ctx.getBean("repoAdminService");
    actionService = (ActionService) ctx.getBean("ActionService");
    authenticationContext = (AuthenticationContext) ctx.getBean("authenticationContext");
    EmailHelper emailHelper = (EmailHelper) ctx.getBean("emailHelper");
    
    AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
    // create some users
    transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
    {
        @SuppressWarnings("synthetic-access")
        public Void execute() throws Throwable
        {
            personNodeRef = createUser(userName1);
            failingPersonNodeRef = createUser(userName2);
            return null;
        }
    }, false, true);
    
    // use our own user notifier for testing purposes
    userNotifier = new RegisterErrorUserFeedNotifier();
    userNotifier.setNodeService(nodeService);
    userNotifier.setNamespaceService(namespaceService);
    userNotifier.setSiteService(siteService);
    userNotifier.setActivityService(activityService);
    userNotifier.setRepoAdminService(repoAdminService);
    userNotifier.setActionService(actionService);
    userNotifier.setActivitiesFeedModelBuilderFactory(feedModelBuilderFactory);
    userNotifier.setAuthenticationContext(authenticationContext);
    userNotifier.setExcludedEmailSuffixes(emailUserNotifier.getExcludedEmailSuffixes());
    userNotifier.setEmailHelper(emailHelper);
    feedNotifier.setUserNotifier(userNotifier);
    
    jobDetail = new JobDetail("feedNotifier", FeedNotifierJob.class);
    JobDataMap jobDataMap = jobDetail.getJobDataMap();
    jobDataMap.put("tenantAdminService", tenantAdminService);
    jobDataMap.put("feedNotifier", feedNotifier);
    feedNotifierJob = new FeedNotifierJob();
    
    when(jobCtx.getJobDetail()).thenReturn(jobDetail);
}
 

private void applyRatingAs(final NodeRef targetNode, final float rating, final String ratingSchemeName,
            String asUser) throws RatingServiceException
{

    String fau = AuthenticationUtil.getFullyAuthenticatedUser();
    try
    {
        AuthenticationUtil.setFullyAuthenticatedUser(asUser);
        RunAsWork<Void> applyRatingsAsWork = new RunAsWork<Void>()
        {

            @Override
            public Void doWork() throws Exception
            {
                ratingService.applyRating(targetNode,
                                          rating,
                                          ratingSchemeName);
                return null;
            }

        };
        AuthenticationUtil.runAs(applyRatingsAsWork,
                                 asUser);
    }
    finally
    {
        AuthenticationUtil.setFullyAuthenticatedUser(fau);
    }
}
 

@Override
protected void tearDown() throws Exception
{
    super.tearDown();
    
    // Admin user required to delete user
    AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
    
    // Delete the users, which also zaps their credentials
    if(personService.personExists(USER_ONE))
    {
       personService.deletePerson(USER_ONE);
    }
    if(this.authenticationService.authenticationExists(USER_ONE))
    {
       this.authenticationService.deleteAuthentication(USER_ONE);
    }
    
    if(personService.personExists(USER_TWO))
    {
       personService.deletePerson(USER_TWO);
    }
    if(this.authenticationService.authenticationExists(USER_TWO))
    {
       this.authenticationService.deleteAuthentication(USER_TWO);
    }
    
    // Unregister the system
    remoteAlfrescoTicketService.registerRemoteSystem(TEST_REMOTE_SYSTEM_ID, null, null);
}
 

@Override
public Object invoke(final MethodInvocation mi) throws Throwable
{
    TenantRunAsWork<Object> runAs = new TenantRunAsWork<Object>()
    {
        public Object doWork() throws Exception
        {
            try
            {
                return mi.proceed();
            }
            catch(Throwable e)
            {
                e.printStackTrace();
                
                // Re-throw the exception
                if (e instanceof RuntimeException)
                {
                    throw (RuntimeException) e;
                }
                throw new RuntimeException("Failed to execute in RunAsTenant context", e);
            }
        }
    };
    
    if (tenantType == TENANT_TYPE.Default)
    {
        return TenantUtil.runAsDefaultTenant(runAs);
    }
    else
    {
        // run as tenant using current tenant context (if no tenant context then it is implied as the primary tenant, based on username)
        return TenantUtil.runAsTenant(runAs, AuthenticationUtil.getUserTenant(AuthenticationUtil.getFullyAuthenticatedUser()).getSecond());
    }
}
 

private boolean isRendition(final NodeRef node)
{
    return AuthenticationUtil.runAs(new RunAsWork<Boolean>()
    {
        public Boolean doWork() throws Exception
        {
            return renditionService.isRendition(node);
        }
    }, AuthenticationUtil.getSystemUserName());
}
 

public void run()
{
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
    
    final RetryingTransactionHelper txnHelperForTest = transactionService.getRetryingTransactionHelper();
    
    RetryingTransactionCallback<Long> callback = new RetryingTransactionCallback<Long>()
    {
        public Long execute() throws Throwable
        {
            incrementCheckValue();
            
            System.out.println("Wait started: "+Thread.currentThread()+" ("+wait+")");
            Thread.sleep(wait);
            System.out.println("Wait finished: "+Thread.currentThread()+" ("+wait+")");
            
            return getCheckValue();
        }
    };
    try
    {
        System.out.println("Txn start: "+Thread.currentThread()+" ("+wait+")");
        txnHelperForTest.doInTransaction(callback);
        System.out.println("Txn finish: "+Thread.currentThread()+" ("+wait+")");
    }
    catch (Throwable e)
    {
        Throwable validCause = ExceptionStackUtil.getCause(e, RetryingTransactionHelper.RETRY_EXCEPTIONS);
        assertNotNull("Unexpected cause of the failure", validCause);
    }
}
 

@Test
public void testNotOnlyCurrentLockOwnerCanChangeInfo() throws NotSupportedException, SystemException
{
    final TransactionService txService = (TransactionService) ctx.getBean("TransactionService");
    UserTransaction txA = txService.getUserTransaction();
    final NodeRef nodeRef = new NodeRef("workspace://SpacesStore/UUID-1");
    Date now = new Date();
    Date expires = new Date(now.getTime() + 180000);
    final LockState lockState1 = LockState.createLock(nodeRef, LockType.WRITE_LOCK,
                "jbloggs", expires, Lifetime.EPHEMERAL, null);
    
    txA.begin();
    try
    {
        AuthenticationUtil.setFullyAuthenticatedUser("jbloggs");
        
        // Set initial lock state
        lockStore.set(nodeRef, lockState1);
        
        // Set different lock state
        // Current lock owner is still authenticated (jbloggs)
        final LockState lockState2 = LockState.createWithOwner(lockState1, "csmith");
        lockStore.set(nodeRef, lockState2);
        
        // Check update
        assertEquals(lockState2, lockStore.get(nodeRef));

        // Incorrect lock owner - this shouldn't fail. See ACE-2181
        final LockState lockState3 = LockState.createWithOwner(lockState1, "dsmithers");

        lockStore.set(nodeRef, lockState3);
        
        // Check update.
        assertEquals(lockState3, lockStore.get(nodeRef));
    }
    finally
    {
        txA.rollback();
    }
}
 

@Override
public RequiredAuthentication getRequiredAuthentication()
{
    if (AuthenticationUtil.isMtEnabled())
    {
        return RequiredAuthentication.guest; // user or guest (ie. at least guest)
    }
    
    return RequiredAuthentication.none;
}
 

@Override
public void tearDown() throws Exception
{
    try
    {
        txn.rollback();
    }
    catch (Throwable e)
    {
        e.printStackTrace();
    }
    AuthenticationUtil.clearCurrentSecurityContext();
}
 

public void testInviteDisabledUser() throws Exception
{
    AuthenticationUtil.pushAuthentication();
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
    String username = "testUser" + System.nanoTime();
    String siteShortName = GUID.generate();
    try
    {
        createUser(username);
        createSite("myPreset", siteShortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);

        NodeRef personNodeRef = personService.getPerson(username);
        String firstName = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_FIRSTNAME);
        String lastName = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_LASTNAME);
        String email = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_EMAIL);
        String serverPath = "http://localhost:8081/share/";
        String acceptURL = "page/accept-invite";
        String rejectURL = "page/reject-invite";

        authenticationService.setAuthenticationEnabled(username, false);
        createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 409);
        fail("The user " + username + " is disabled and cannot be invited");
    }
    catch (JSONException e)
    {
        // expected
    }
    finally
    {
        siteService.deleteSite(siteShortName);
        deleteUser(username);
        AuthenticationUtil.popAuthentication();
    }
}
 

private <T> T doWorkAs(final String userName, final RetryingTransactionCallback<T> work)
{
    return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<T>()
    {
        @Override public T doWork() throws Exception
        {
            return transactionHelper.doInTransaction(work);
        }
    }, userName);
}
 

public void testCommentDoesNotVersion() throws Exception
{
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());

    String versionBefore = getCurrentVersion(nodeRef);
    addComment(nodeRef, AuthenticationUtil.getAdminUserName(), 200);
    String versionAfter = getCurrentVersion(nodeRef);
    assertEquals(versionBefore, versionAfter);
}
 

@Override
protected void tearDown() throws Exception
{
    if ((userTransaction.getStatus() == Status.STATUS_ACTIVE) || (userTransaction.getStatus() == Status.STATUS_MARKED_ROLLBACK))
    {
        userTransaction.rollback();
    }
    AuthenticationUtil.clearCurrentSecurityContext();
    super.tearDown();
}
 

public void testMNT8916RestoreWithoutPermissionsSet() throws Exception
{
    permissionService.setInheritParentPermissions(a, false);
    AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
    commitAndBeginNewTransaction();
    nodeService.deleteNode(a);
    verifyNodeExistence(a, false);
    nodeService.restoreNode(a_, null, null, null);
    // Check the permission
    AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
    assertTrue("Restored node shouldn't have any permissions set", permissionService.getAllSetPermissions(a).isEmpty());
    assertFalse("Restored node shouldn't inherit parent permissions", permissionService.getInheritParentPermissions(a));
}
 

/**
 * Add Repository specific parameters
 * 
 * @param params Map<String, Object>
 */
private void addRepoParameters(Map<String, Object> params)
{
    if (AlfrescoTransactionSupport.getTransactionId() != null &&
        AuthenticationUtil.getFullAuthentication() != null)
    {
        NodeRef rootHome = repository.getRootHome();
        if (rootHome != null)
        {
            params.put("roothome", rootHome);
        }
        NodeRef companyHome = repository.getCompanyHome();
        if (companyHome != null)
        {
            params.put("companyhome", companyHome);
        }
        NodeRef person = repository.getFullyAuthenticatedPerson();
        if (person != null)
        {
            params.put("person", person);
            NodeRef userHome = repository.getUserHome(person);
            if (userHome != null)
            {
                params.put("userhome", userHome);
            }
        }
    }
}
 

public void testRuleServicePermissionsCoordinator()
{
    this.authenticationService.createAuthentication("coordUser", "password".toCharArray());
    this.permissionService.setPermission(this.nodeRef, "coordUser", PermissionService.COORDINATOR, true);
    this.permissionService.setInheritParentPermissions(this.nodeRef, true);
    
	this.authenticationService.authenticate(AuthenticationUtil.getAdminUserName(), "admin".toCharArray());    	
    Rule rule2 = createTestRule();
    this.ruleService.saveRule(this.nodeRef, rule2);        
    this.authenticationService.clearCurrentSecurityContext();
}
 

@Override
protected void tearDown() throws Exception
{
    if (testTX != null)
    {
        try
        {
            testTX.rollback();
        }
        catch (Throwable e) {} // Ignore
    }
    AuthenticationUtil.clearCurrentSecurityContext();
    super.tearDown();
}
 

public synchronized void shutdownModules()
{
    // Check properties
    PropertyCheck.mandatory(this, "serviceRegistry", serviceRegistry);
    PropertyCheck.mandatory(this, "registryService", registryService);
    PropertyCheck.mandatory(this, "moduleService", moduleService);
    PropertyCheck.mandatory(this, "tenantAdminService", tenantAdminService);
    
    /*
     * Ensure correct authentication
     */
    AuthenticationUtil.runAs(new RunAsWork<Object>()
    {
        public Object doWork() throws Exception
        {
            // Get all the modules
            List<ModuleDetails> modules = moduleService.getAllModules();
            loggerService.info(I18NUtil.getMessage(MSG_FOUND_MODULES, modules.size()));

            for (ModuleDetails module : modules)
            {
                Map<String, ModuleComponent> components = getComponents(module.getId());
                for (ModuleComponent component : components.values())
                {
                    component.shutdown();
                }
            }
            return null;
        }
    }, AuthenticationUtil.getSystemUserName());
}