org.alfresco.service.cmr.security.AccessStatus Java Examples

The following examples show how to use org.alfresco.service.cmr.security.AccessStatus. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ACLEntryAfterInvocationTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public void testBasicAllowNodePair() throws Exception
{
    runAs("andy");

    Object o = new ClassWithMethods();
    Method method = o.getClass().getMethod("echoNodePair", new Class[] { NodeRef.class });

    AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();

    ProxyFactory proxyFactory = new ProxyFactory();
    proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read")));
    proxyFactory.setTargetSource(new SingletonTargetSource(o));
    Object proxy = proxyFactory.getProxy();

    permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));

    Pair<Long, NodeRef> rootNodePair = new Pair<Long, NodeRef>(Long.valueOf(1), rootNodeRef);
    Object answer = method.invoke(proxy, new Object[] { rootNodeRef });
    assertEquals(rootNodePair, answer);
}
 
Example #2
Source File: NodeBrowserPost.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Gets the current node permissions
 * 
 * @return the permissions
 */
public List<Permission> getPermissions(NodeRef nodeRef)
{
    List<Permission> permissions = null;
    AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS);
    if (readPermissions.equals(AccessStatus.ALLOWED))
    {
        List<Permission> nodePermissions = new ArrayList<Permission>();
        for (Iterator<AccessPermission> iterator = getPermissionService().getAllSetPermissions(nodeRef).iterator(); iterator
                .hasNext();)
        {
            AccessPermission ap = iterator.next();
            nodePermissions.add(new Permission(ap.getPermission(), ap.getAuthority(), ap.getAccessStatus().toString()));
        }
        permissions = nodePermissions;
    }
    else
    {
        List<Permission> noReadPermissions = new ArrayList<Permission>(1);
        noReadPermissions.add(new NoReadPermissionGranted());
        permissions = noReadPermissions;
    }
    return permissions;
}
 
Example #3
Source File: PermissionServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
protected Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse)
{
    String userName = AuthenticationUtil.getRunAsUser();
    HashSet<AccessPermission> accessPermissions = new HashSet<AccessPermission>();
    for (PermissionReference pr : getSettablePermissionReferences(nodeRef))
    {
        if (hasPermission(nodeRef, pr) == AccessStatus.ALLOWED)
        {
            accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.ALLOWED, userName, -1));
        }
        else
        {
            if (includeFalse)
            {
                accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.DENIED, userName, -1));
            }
        }
    }
    return accessPermissions;
}
 
Example #4
Source File: ScriptNode.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * @return Sorted list of <code>AccessPermission</code> based on <code>CMISConnector.AccessPermissionComparator</code>
 *         and <code>AccessStatus</code> of the permission for an authority.
 */
public static List<AccessPermission> getSortedACLs(Set<AccessPermission> acls)
{
    ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>(acls);
    Map<String, AccessPermission> deDuplicatedPermissions = new HashMap<String, AccessPermission>(acls.size());
    Collections.sort(ordered, new CMISConnector.AccessPermissionComparator());
    for (AccessPermission current : ordered)
    {
        String composedKey = current.getAuthority() + current.getPermission();
        if (current.getAccessStatus() == AccessStatus.ALLOWED)
        {
            deDuplicatedPermissions.put(composedKey, current);
        }
        else if (current.getAccessStatus() == AccessStatus.DENIED)
        {
            deDuplicatedPermissions.remove(composedKey);
        }
    }

    return new ArrayList<AccessPermission>(deDuplicatedPermissions.values());
}
 
Example #5
Source File: PermissionServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
boolean hasSinglePermission(Set<String> authorisations, NodeRef nodeRef)
{
    nodeRef = tenantService.getName(nodeRef);

    Serializable key = generateKey(authorisations, nodeRef, this.required, CacheType.SINGLE_PERMISSION_GLOBAL);

    AccessStatus status = accessCache.get(key);
    if (status != null)
    {
        return status == AccessStatus.ALLOWED;
    }

    // Check global permission

    if (checkGlobalPermissions(authorisations))
    {
        accessCache.put(key, AccessStatus.ALLOWED);
        return true;
    }

    Set<Pair<String, PermissionReference>> denied = new HashSet<Pair<String, PermissionReference>>();

    return hasSinglePermission(authorisations, nodeRef, denied);

}
 
Example #6
Source File: HasPermissionMethod.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public AccessStatus execute(VirtualProtocol virtualProtocol, Reference reference) throws ProtocolMethodException
{
    VirtualFolderDefinition definition = resolver.resolveVirtualFolderDefinition(reference);
    FilingRule filingRule = definition.getFilingRule();

    boolean readonly = filingRule.isNullFilingRule()
                || filingRule.filingNodeRefFor(new FilingParameters(reference)) == null;
    if (readonly)
    {
        Set<String> deniedPermissions = userPermissions.getDenyReadonlySmartNodes();
        if (deniedPermissions.contains(permissionToCheck))
        {
            return AccessStatus.DENIED;
        }
        
        if (PermissionService.READ.equals(permissionToCheck))
        {
            return AccessStatus.ALLOWED;
        }
    }

    return userPermissions.hasVirtualNodePermission(permissionToCheck,
                                                    readonly);
}
 
Example #7
Source File: ScriptNode.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Override Object.toString() to provide useful debug output
 */
public String toString()
{
    if (this.nodeService.exists(nodeRef))
    {
        if (this.services.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PROPERTIES) == AccessStatus.ALLOWED)
        {
            // TODO: DC: Allow debug output of property values - for now it's disabled as this could potentially
            // follow a large network of nodes.
            return "Node Type: " + getType() + ", Node Aspects: " + getAspectsSet().toString();
        }
        else
        {
            return "Access denied to node " + nodeRef;
        }

    }
    else
    {
        return "Node no longer exists: " + nodeRef;
    }
}
 
Example #8
Source File: SimpleAccessControlEntry.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public int compareTo(AccessControlEntry other)
{
    int diff = this.getPosition() - other.getPosition();
    if(diff == 0)
    {
        diff = (this.getAccessStatus()== AccessStatus.DENIED ? 0 : 1) - (other.getAccessStatus()== AccessStatus.DENIED ? 0 : 1); 
        if(diff == 0)
        {
            return getAuthorityType().getOrderPosition()  -   other.getAuthorityType().getOrderPosition();
        }
        else
        {
            return diff;
        }
    }
    else
    {
        return diff;
    }
}
 
Example #9
Source File: VirtualUserPermissions.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public AccessStatus hasVirtualNodePermission(String permission, boolean readonly)
{
    if (readonly)
    {
        if (denyReadonlySmartNodesFull.contains(permission) || denyReadonlySmartNodes.contains(permission))
        {
            return AccessStatus.DENIED;
        }
    }

    if (denySmartNodesFull.contains(permission) || denySmartNodes.contains(permission))
    {
        return AccessStatus.DENIED;
    }
    else if (allowSmartNodesFull.contains(permission) || allowSmartNodes.contains(permission))
    {
        return AccessStatus.ALLOWED;
    }
    else
    {
        return AccessStatus.UNDETERMINED;
    }
}
 
Example #10
Source File: ACLEntryAfterInvocationTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public void testBasicAllowChildAssociationRef2() throws Exception
{
    runAs("andy");

    Object o = new ClassWithMethods();
    Method method = o.getClass().getMethod("echoChildAssocRef", new Class[] { ChildAssociationRef.class });

    AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();

    ProxyFactory proxyFactory = new ProxyFactory();
    proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_PARENT.sys:base.Read")));
    proxyFactory.setTargetSource(new SingletonTargetSource(o));
    Object proxy = proxyFactory.getProxy();

    permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));

    Object answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) });
    assertEquals(answer, nodeService.getPrimaryParent(rootNodeRef));

    answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) });
    assertEquals(answer, nodeService.getPrimaryParent(systemNodeRef));
}
 
Example #11
Source File: PersonServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
public boolean personExists(String caseSensitiveUserName)
{
    if (isSystemUserName(caseSensitiveUserName))
    {
        return false;
    }
    
    NodeRef person = getPersonOrNullImpl(caseSensitiveUserName); 
    if (person != null)
    {
        // re: THOR-293
        return permissionServiceSPI.hasPermission(person, PermissionService.READ) == AccessStatus.ALLOWED;
    }
    return false;
}
 
Example #12
Source File: VirtualPermissionServiceExtension.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference perm)
{
    PermissionServiceTrait theTrait = getTrait();
    Reference reference = Reference.fromNodeRef(nodeRef);
    if (reference == null)
    {
        return theTrait.hasPermission(nodeRef,
                                      perm);
    }
    else
    {
        AccessStatus virtualAccessStatus = smartStore.hasPermission(reference,
                                                                    perm);
        if (!AccessStatus.UNDETERMINED.equals(virtualAccessStatus))
        {
            return virtualAccessStatus;
        }
        else
        {
            NodeRef nodeToAdhereTo = establishPermisisonAdherence(reference);
            if (nodeToAdhereTo == null)
            {
                return AccessStatus.UNDETERMINED;
            }
            else
            {
                return theTrait.hasPermission(nodeToAdhereTo,
                                              perm);
            }
        }
    }
}
 
Example #13
Source File: AlfrescoImapFolder.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * Whether the folder is read-only for user.
 * 
 * @return {@code boolean}
 */
@Override
protected boolean isReadOnly()
{
    AccessStatus status = serviceRegistry.getPublicServiceAccessService().hasAccess(ServiceRegistry.NODE_SERVICE.getLocalName(), "createNode", folderInfo.getNodeRef(), null, null, null);
    //serviceRegistry.getPermissionService().hasPermission(folderInfo.getNodeRef(), PermissionService.WRITE);
    return  status == AccessStatus.DENIED;
}
 
Example #14
Source File: VirtualPermissionServiceExtensionTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
public void testHasPermissionAdherence_missingFolderPath() throws Exception
{

    NodeRef virtualFolderT5 = createVirtualizedFolder(testRootFolder.getNodeRef(),
                                                      "VirtualFolderT5",
                                                      TEST_TEMPLATE_5_JSON_SYS_PATH);

    NodeRef filingFolderVirtualNodeRef = nodeService.getChildByName(virtualFolderT5,
                                                                    ContentModel.ASSOC_CONTAINS,
                                                                    "FilingFolder_filing_path");

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(filingFolderVirtualNodeRef,
                                 PermissionService.DELETE,
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(filingFolderVirtualNodeRef,
                                 asTypedPermission(PermissionService.DELETE),
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(filingFolderVirtualNodeRef,
                                 PermissionService.CREATE_CHILDREN,
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(filingFolderVirtualNodeRef,
                                 asTypedPermission(PermissionService.CREATE_CHILDREN),
                                 user1));

}
 
Example #15
Source File: ACLEntryVoterTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void testMultiChildAssocRefMethodsArg1() throws Exception
{
    runAs("andy");

    Object o = new ClassWithMethods();
    Method method = o.getClass().getMethod(
            "testManyChildAssociationRef",
            new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class,
                    ChildAssociationRef.class });

    AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();

    ProxyFactory proxyFactory = new ProxyFactory();
    proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.1.sys:base.Read")));
    proxyFactory.setTargetSource(new SingletonTargetSource(o));
    Object proxy = proxyFactory.getProxy();

    method.invoke(proxy, new Object[] { null, null, null, null });

    try
    {
        method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null });
        assertNotNull(null);
    }
    catch (InvocationTargetException e)
    {

    }

    permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
            "andy", AccessStatus.ALLOWED));
    method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null });
}
 
Example #16
Source File: CommentsApiTest.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * MNT-9771
 * @throws Exception
 */
public void testCommentPermissions() throws Exception
{
    authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
    UserTransaction txn = transactionService.getUserTransaction();
    txn.begin();
    
    NodeRef contentForUserContributor = fileFolderService.create(companyHomeNodeRef, "CommentyContributor" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef();
    permissionService.setPermission(new SimplePermissionEntry(contentForUserContributor, getPermission(PermissionService.CONTRIBUTOR), USER_TEST, AccessStatus.ALLOWED));
    
    NodeRef contentForUserConsumer = fileFolderService.create(companyHomeNodeRef, "CommentyConsumer" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef();
    permissionService.setPermission(new SimplePermissionEntry(contentForUserConsumer, getPermission(PermissionService.CONSUMER), USER_TEST, AccessStatus.ALLOWED));

    //Contributor should be able to add comments
    addComment(contentForUserContributor, USER_TEST, 200);
    
    txn.commit();       // Hack.  Internally, the addComment starts and rolls back the next txn.
    //Consumer shouldn't be able to add comments see MNT-9883
    addComment(contentForUserConsumer, USER_TEST, 500);
    
    txn = transactionService.getUserTransaction();
    txn.begin();
    nodeService.deleteNode(contentForUserContributor);
    nodeService.deleteNode(contentForUserConsumer);
    
    txn.commit();
}
 
Example #17
Source File: MethodSecurityInterceptor.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public AccessStatus pre(Object object)
{
    ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
    if (this.getAccessDecisionManager() instanceof AffirmativeBasedAccessDecisionManger)
    {
        return ((AffirmativeBasedAccessDecisionManger)getAccessDecisionManager()).pre(object, attr); 
    }
    else
    {
        return AccessStatus.ALLOWED;
    }
}
 
Example #18
Source File: PermissionModel.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * Set the default access status
 * 
 * @return the default access status
 */
public AccessStatus getDefaultPermission()
{
    AccessStatus defaultPermission;
    mutableState.lock.readLock().lock();
    defaultPermission = mutableState.defaultPermission;
    mutableState.lock.readLock().unlock();
    return defaultPermission;
}
 
Example #19
Source File: VirtualPermissionServiceExtension.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public AccessStatus hasPermission(Long aclID, PermissionContext context, String permission)
{
    return getTrait().hasPermission(aclID,
                                    context,
                                    permission);
}
 
Example #20
Source File: SitesImpl.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void deleteSite(String siteId, Parameters parameters)
{
    boolean isSiteAdmin = siteService.isSiteAdmin(AuthenticationUtil.getFullyAuthenticatedUser());
    SiteInfo siteInfo = validateSite(siteId);
    if (siteInfo == null)
    {
        // site does not exist
        throw new EntityNotFoundException(siteId);
    }
    siteId = siteInfo.getShortName();

    NodeRef siteNodeRef = siteInfo.getNodeRef();

    // belt-and-braces - double-check before purge/delete (rather than
    // rollback)
    if ((isSiteAdmin == false) && (permissionService.hasPermission(siteNodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED))
    {
        throw new AccessDeniedException("Cannot delete site: " + siteId);
    }

    // default false (if not provided)
    boolean permanentDelete = Boolean.valueOf(parameters.getParameter(PARAM_PERMANENT));

    if (permanentDelete == true)
    {
        // Set as temporary to delete node instead of archiving.
        nodeService.addAspect(siteNodeRef, ContentModel.ASPECT_TEMPORARY, null);

        // bypassing trashcan means that purge behaviour will not fire, so
        // explicitly force cleanup here
        siteServiceImpl.beforePurgeNode(siteNodeRef);
    }

    siteService.deleteSite(siteId);
}
 
Example #21
Source File: CommentsPost.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * generates an comment item value
 * 
 * @param commentNodeRef
 * @return
 */
private Map<String, Object> generateItemValue(NodeRef commentNodeRef)
{
    Map<String, Object> result = new HashMap<String, Object>(4, 1.0f);
    
    String creator = (String)this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
    
    Serializable created = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATED);
    Serializable modified = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_MODIFIED);
    
    boolean isUpdated = false;
    if (created instanceof Date && modified instanceof Date)
    {
       isUpdated = ((Date)modified).getTime() - ((Date)created).getTime() > 5000;
    }

    // TODO refactor v0 Comments API to use CommentService (see ACE-5437)
    Serializable owner = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER);
    String currentUser = this.serviceRegistry.getAuthenticationService().getCurrentUserName();
    
    boolean isSiteManager = this.permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED);
    boolean isCoordinator = this.permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED);
    boolean canEditComment = isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner);
    
    result.put("node", commentNodeRef);
    result.put("author", this.personService.getPerson(creator));
    result.put("isUpdated", isUpdated);
    result.put("canEditComment", canEditComment);
    
    return result;
}
 
Example #22
Source File: OwnableServiceTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void testContainer()
{  
    authenticationService.authenticate("andy", "andy".toCharArray());
    NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON, ContentModel.TYPE_CONTAINER, null).getChildRef();
    assertNull(ownableService.getOwner(testNode));
    assertFalse(ownableService.hasOwner(testNode));
    assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE));
    assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
    assertFalse(dynamicAuthority.hasAuthority(testNode, "andy"));
    
    assertFalse(permissionService.hasPermission(testNode, PermissionService.READ) == AccessStatus.ALLOWED);
    assertFalse(permissionService.hasPermission(testNode, permissionService.getAllPermission()) == AccessStatus.ALLOWED);
    
    permissionService.setPermission(rootNodeRef, permissionService.getOwnerAuthority(), permissionService.getAllPermission(), true);
    
    ownableService.setOwner(testNode, "muppet");
    assertEquals("muppet", ownableService.getOwner(testNode));
    ownableService.takeOwnership(testNode);
    assertEquals("andy", ownableService.getOwner(testNode));
    assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE));
    assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
    assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
    
    assertTrue(permissionService.hasPermission(testNode, PermissionService.READ) == AccessStatus.ALLOWED);
    assertTrue(permissionService.hasPermission(testNode, permissionService.getAllPermission())== AccessStatus.ALLOWED);
    
    
}
 
Example #23
Source File: ACLEntryAfterInvocationTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void testBasicDenyInvalidNodeRef() throws Exception
{
    runAs("andy");

    Object o = new ClassWithMethods();
    Method method = o.getClass().getMethod("echoNodeRef", new Class[] { NodeRef.class });

    AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();

    ProxyFactory proxyFactory = new ProxyFactory();
    proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read")));
    proxyFactory.setTargetSource(new SingletonTargetSource(o));
    Object proxy = proxyFactory.getProxy();
    
    permissionService.setPermission(
            new SimplePermissionEntry(
                    rootNodeRef,
                    getPermission(PermissionService.READ),
                    "andy",
                    AccessStatus.ALLOWED));
    
    Object answer = method.invoke(proxy, new Object[] { rootNodeRef });
    assertEquals("Value passed out must be valid", rootNodeRef, answer);

    NodeRef invalidNodeRef = new NodeRef("workspace://SpacesStore/noodle");
    answer = method.invoke(proxy, new Object[] { invalidNodeRef });
    method.invoke(proxy, new Object[] { invalidNodeRef });
    assertEquals("Value passed out must be equal", invalidNodeRef, answer);
}
 
Example #24
Source File: PermissionServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
protected AccessStatus adminRead()
{
    AccessStatus result = AccessStatus.DENIED;

    Set<String> authorisations = getAuthorisations();
    if(authorisations.contains(AuthenticationUtil.getAdminRoleName()))
    {
        result = AccessStatus.ALLOWED;
    }

    // ROLE_ADMINISTRATOR authority has FULL_CONTROL in permissionDefinitions
    // so we don't need to check node requirements
    return result;
}
 
Example #25
Source File: CommentServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
private boolean canEditPermission(NodeRef commentNodeRef)
{
    String creator = (String)nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
    Serializable owner = nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER);
    String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();

    boolean isSiteManager = permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED);
    boolean isCoordinator = permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED);
    return (isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner));
}
 
Example #26
Source File: SiteServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * @see org.alfresco.service.cmr.site.SiteService#canAddMember(java.lang.String,
 *      java.lang.String, java.lang.String)
 */
public boolean canAddMember(final String shortName, final String authorityName, final String role)
{
    final NodeRef siteNodeRef = getSiteNodeRef(shortName);
    if (siteNodeRef == null)
    {
        throw new SiteDoesNotExistException(shortName);
    }

    // Get the user's current role
    final String currentRole = getMembersRole(shortName, authorityName);

    // Get the visibility of the site
    SiteVisibility visibility = getSiteVisibility(siteNodeRef);

    // If we are ...
    // -- the current user has change permissions rights on the site
    // or we are ...
    // -- referring to a public site and
    // -- the role being set is consumer and
    // -- the user being added is ourselves and
    // -- the member does not already have permissions
    // ... then we can set the permissions as system user
    final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
    return ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
                || isSiteAdmin(currentUserName) || (SiteVisibility.PUBLIC.equals(visibility)
                && role.equals(SiteModel.SITE_CONSUMER) && authorityName.equals(currentUserName) && currentRole == null));
}
 
Example #27
Source File: NodeContext.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * Adds an Access Control Entry
 * 
 * @param accessStatus AccessStatus
 * @param authority String
 * @param permission String
 */
public void addAccessControlEntry(AccessStatus accessStatus, String authority, String permission)
{
   // Note: Map guest permission to Consumer permission - this is to handle the case where 
   //       exports made against a pre 1.2 RC2 release
   if (permission.equalsIgnoreCase("guest"))
   {
       permission = PermissionService.CONSUMER;
   }
  
   ACE ace = new ACE(accessStatus, authority, permission);
   accessControlEntries.add(ace);
}
 
Example #28
Source File: Site.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * Reset any permissions that have been set on the node.  
 * <p>
 * All permissions will be deleted and the node set to inherit permissions.
 * 
 * @param node   node
 */
public void resetAllPermissions(ScriptNode node)
{
    final NodeRef nodeRef = node.getNodeRef();
    
    // ensure the user has permission to Change Permissions
    final PermissionService permissionService = serviceRegistry.getPermissionService();
    if (permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS).equals(AccessStatus.ALLOWED))
    {
        AuthenticationUtil.runAs(new RunAsWork<Void>()
        {
            public Void doWork() throws Exception
            {
                // Ensure node isn't inheriting permissions from an ancestor before deleting
                if (!permissionService.getInheritParentPermissions(nodeRef))
                {
                    permissionService.deletePermissions(nodeRef);
                    permissionService.setInheritParentPermissions(nodeRef, true);
                }
                return null;
            }
        }, AuthenticationUtil.SYSTEM_USER_NAME);
    }
    else
    {
        throw new AlfrescoRuntimeException("You do not have the authority to update permissions on this node.");
    }
}
 
Example #29
Source File: AbstractPermissionsDaoComponentImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void setPermission(StoreRef storeRef, String authority, PermissionReference permission, boolean allow)
{
    Acl acl = getMutableAccessControlList(storeRef);

    SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
    entry.setAuthority(authority);
    entry.setPermission(permission);
    entry.setAccessStatus(allow ? AccessStatus.ALLOWED : AccessStatus.DENIED);
    entry.setAceType(ACEType.ALL);
    entry.setPosition(Integer.valueOf(0));
    aclDaoComponent.setAccessControlEntry(acl.getId(), entry); 
}
 
Example #30
Source File: VirtualPermissionServiceExtensionTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
public void testHasPermission() throws Exception
{
    setUpTestPermissions();

    // virtual permission should override actual permissions

    assertEquals(AccessStatus.ALLOWED,
                 hasPermissionAs(this.virtualFolder1NodeRef,
                                 PermissionService.DELETE,
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(this.virtualFolder1NodeRef,
                                 PermissionService.CREATE_CHILDREN,
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(vf1Node2,
                                 PermissionService.DELETE,
                                 user1));

    assertEquals(AccessStatus.DENIED,
                 hasPermissionAs(vf1Node2,
                                 asTypedPermission(PermissionService.DELETE),
                                 user1));

    assertEquals(AccessStatus.ALLOWED,
                 hasPermissionAs(vf1Node2,
                                 PermissionService.CREATE_CHILDREN,
                                 user1));

    assertEquals(AccessStatus.ALLOWED,
                 hasPermissionAs(vf1Node2,
                                 asTypedPermission(PermissionService.CREATE_CHILDREN),
                                 user1));

}