You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@chemistry.apache.org by je...@apache.org on 2011/10/02 22:35:13 UTC
svn commit: r1178250 [2/3] - in
/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src:
main/java/org/apache/chemistry/opencmis/inmemory/
main/java/org/apache/chemistry/opencmis/inmemory/query/
main/java/org/apache/c...
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/ObjectStoreImpl.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/ObjectStoreImpl.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/ObjectStoreImpl.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/ObjectStoreImpl.java Sun Oct 2 20:35:12 2011
@@ -26,14 +26,17 @@ import java.util.concurrent.ConcurrentHa
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
+import org.apache.chemistry.opencmis.commons.data.Ace;
import org.apache.chemistry.opencmis.commons.data.Acl;
import org.apache.chemistry.opencmis.commons.data.ContentStream;
import org.apache.chemistry.opencmis.commons.data.PropertyData;
+import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
import org.apache.chemistry.opencmis.commons.enums.BaseTypeId;
import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
import org.apache.chemistry.opencmis.commons.enums.VersioningState;
import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
+import org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.Document;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.DocumentVersion;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.Folder;
@@ -70,6 +73,12 @@ import org.apache.chemistry.opencmis.inm
*/
public class ObjectStoreImpl implements ObjectStore {
+
+ /**
+ * user id for administrator always having all rights
+ */
+ public static final String ADMIN_PRINCIPAL_ID = "Admin";
+
/**
* Simple id generator that uses just an integer
*/
@@ -80,6 +89,13 @@ public class ObjectStoreImpl implements
*/
private final Map<String, StoredObject> fStoredObjectMap = new ConcurrentHashMap<String, StoredObject>();
+ /**
+ * a concurrent HashMap to hold all Acls in the repository
+ */
+ private static int NEXT_UNUSED_ACL_ID = 1;
+
+ private final List<InMemoryAcl> fAcls = new ArrayList<InMemoryAcl>();
+
private final Lock fLock = new ReentrantLock();
final String fRepositoryId;
@@ -94,7 +110,11 @@ public class ObjectStoreImpl implements
return NEXT_UNUSED_ID++;
}
- public void lock() {
+ private static synchronized Integer getNextAclId() {
+ return NEXT_UNUSED_ACL_ID++;
+ }
+
+ public void lock() {
fLock.lock();
}
@@ -232,6 +252,8 @@ public class ObjectStoreImpl implements
if (null != folder) {
((FolderImpl)folder).addChildDocument(doc); // add document to folder and
}
+ int aclId = getAclId(((FolderImpl)folder), addACEs, removeACEs);
+ doc.setAclId(aclId);
return doc;
}
@@ -249,6 +271,8 @@ public class ObjectStoreImpl implements
}
version.createSystemBasePropertiesWhenCreated(propMap, user);
version.setCustomProperties(propMap);
+ int aclId = getAclId(((FolderImpl)folder), addACEs, removeACEs);
+ doc.setAclId(aclId);
doc.persist();
return version;
}
@@ -266,6 +290,10 @@ public class ObjectStoreImpl implements
if (null != parent) {
((FolderImpl)parent).addChildFolder(folder); // add document to folder and set
}
+
+ int aclId = getAclId(((FolderImpl)parent), addACEs, removeACEs);
+ folder.setAclId(aclId);
+
return folder;
}
@@ -282,8 +310,8 @@ public class ObjectStoreImpl implements
for (StoredObject so : fStoredObjectMap.values()) {
if (so instanceof VersionedDocument) {
VersionedDocument verDoc = (VersionedDocument) so;
- if (verDoc.isCheckedOut()) {
- res.add(verDoc);
+ if (verDoc.isCheckedOut() && hasReadAccess(user, verDoc)) {
+ res.add(verDoc.getPwc());
}
}
}
@@ -291,6 +319,81 @@ public class ObjectStoreImpl implements
return res;
}
+ public StoredObject createRelationship(StoredObject sourceObject,
+ StoredObject targetObject, Map<String, PropertyData<?>> propMap,
+ String user, Acl addACEs, Acl removeACEs) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Acl applyAcl(StoredObject so, Acl addAces, Acl removeAces, AclPropagation aclPropagation, String principalId) {
+ if (aclPropagation==AclPropagation.OBJECTONLY || !(so instanceof Folder)) {
+ return applyAcl(so, addAces, removeAces);
+ } else {
+ return applyAclRecursive(((Folder)so), addAces, removeAces, principalId);
+ }
+ }
+
+ public Acl applyAcl(StoredObject so, Acl acl, AclPropagation aclPropagation, String principalId) {
+ if (aclPropagation==AclPropagation.OBJECTONLY || !(so instanceof Folder)) {
+ return applyAcl(so, acl);
+ } else {
+ return applyAclRecursive(((Folder)so), acl, principalId);
+ }
+ }
+
+ public List<Integer> getAllAclsForUser(String principalId, Permission permission) {
+ List<Integer> acls = new ArrayList<Integer>();
+ acls.add(0); // ACL with id 0 means no ACL set granting all users any access rights
+ for (InMemoryAcl acl: fAcls) {
+ if (acl.hasPermission(principalId, permission))
+ acls.add(acl.getId());
+ }
+ return acls;
+ }
+
+ public Acl getAcl(int aclId) {
+ InMemoryAcl acl = getInMemoryAcl(aclId);
+ return acl==null ? null : acl.toCommonsAcl();
+ }
+
+ public int getAclId(StoredObjectImpl so, Acl addACEs, Acl removeACEs) {
+ InMemoryAcl newAcl;
+
+ if (so == null) {
+ newAcl = new InMemoryAcl();
+ } else {
+ newAcl = getInMemoryAcl(so.getAclId());
+ if (null == newAcl)
+ newAcl = new InMemoryAcl();
+ else
+ // copy list so that we can safely change it without effecting the original
+ newAcl = new InMemoryAcl(newAcl.getAces());
+ }
+
+ if (newAcl.size() == 0 && addACEs == null && removeACEs == null)
+ return 0;
+
+ // add ACEs
+ if (null != addACEs)
+ for (Ace ace: addACEs.getAces()) {
+ InMemoryAce inMemAce = new InMemoryAce(ace);
+ newAcl.addAce(inMemAce);
+ }
+
+ // remove ACEs
+ if (null != removeACEs)
+ for (Ace ace: removeACEs.getAces()) {
+ InMemoryAce inMemAce = new InMemoryAce(ace);
+ newAcl.removeAce(inMemAce);
+ }
+
+ if (newAcl.size() > 0)
+ return addAcl(newAcl);
+ else
+ return 0;
+ }
+
private void deleteFolder(String folderId, String user) {
StoredObject folder = fStoredObjectMap.get(folderId);
if (folder == null) {
@@ -311,11 +414,162 @@ public class ObjectStoreImpl implements
fStoredObjectMap.remove(folderId);
}
- public StoredObject createRelationship(StoredObject sourceObject,
- StoredObject targetObject, Map<String, PropertyData<?>> propMap,
- String user, Acl addACEs, Acl removeACEs) {
- // TODO Auto-generated method stub
- return null;
+ public boolean hasReadAccess(String principalId, StoredObject so) {
+ return hasAccess(principalId, so, Permission.READ);
+ }
+ /*
+ public boolean hasReadAccess(String principalId, StoredObject so) {
+ int aclId = ((StoredObjectImpl)so).getAclId();
+ if (0 == aclId || null == principalId)
+ return true; // no ACL set or user is admin user
+ List<Integer> aclIds = getAllAclsForUser(principalId, Permission.READ);
+ return hasAccess(principalId, so, Permission.READ);
+ }
+ */
+ public boolean hasWriteAccess(String principalId, StoredObject so) {
+ return hasAccess(principalId, so, Permission.WRITE);
+ }
+
+ public boolean hasAllAccess(String principalId, StoredObject so) {
+ return hasAccess(principalId, so, Permission.ALL);
+ }
+
+
+ public void checkReadAccess(String principalId, StoredObject so) {
+ checkAccess(principalId, so, Permission.READ);
+ }
+
+ public void checkWriteAccess(String principalId, StoredObject so) {
+ checkAccess(principalId, so, Permission.WRITE);
+ }
+
+ public void checkAllAccess(String principalId, StoredObject so) {
+ checkAccess(principalId, so, Permission.ALL);
+ }
+
+ private void checkAccess(String principalId, StoredObject so, Permission permission) {
+ if (!hasAccess(principalId, so, permission))
+ throw new CmisPermissionDeniedException("Object with id " + so.getId() + " and name " + so.getName()
+ + " does not grant " + permission.toString() + " access to principal " + principalId);
+ }
+
+ private boolean hasAccess(String principalId, StoredObject so, Permission permission) {
+ if (null != principalId && principalId.equals(ADMIN_PRINCIPAL_ID))
+ return true;
+ List<Integer> aclIds = getAllAclsForUser(principalId, permission);
+ return aclIds.contains(((StoredObjectImpl)so).getAclId());
+ }
+
+ private InMemoryAcl getInMemoryAcl(int aclId) {
+ if (0 == aclId)
+ return null;
+
+ for (InMemoryAcl acl : fAcls) {
+ if (aclId == acl.getId())
+ return acl;
+ }
+ return null;
+ }
+
+ private int setAcl(StoredObjectImpl so, Acl acl) {
+ int aclId;
+ if (null == acl || acl.getAces().isEmpty())
+ aclId = 0;
+ else {
+ aclId = getAclId(null, acl, null);
+ }
+ so.setAclId(aclId);
+ return aclId;
+ }
+
+ /**
+ * check if an Acl is already known
+ * @param acl
+ * acl to be checked
+ * @return
+ * 0 if Acl is not known, id of Acl otherwise
+ */
+ private int hasAcl(InMemoryAcl acl) {
+ for (InMemoryAcl acl2: fAcls) {
+ if (acl2.equals(acl))
+ return acl2.getId();
+ }
+ return 0;
}
+ private int addAcl(InMemoryAcl acl) {
+ int aclId = 0;
+
+ if (null == acl)
+ return 0;
+
+ lock();
+ try {
+ aclId = hasAcl(acl);
+ if (0 == aclId) {
+ aclId = getNextAclId();
+ acl.setId(aclId);
+ fAcls.add(acl);
+ }
+ } finally {
+ unlock();
+ }
+ return aclId;
+ }
+
+ private Acl applyAcl(StoredObject so, Acl acl) {
+ int aclId = setAcl((StoredObjectImpl) so, acl);
+ return getAcl(aclId);
+ }
+
+ private Acl applyAcl(StoredObject so, Acl addAces, Acl removeAces) {
+ int aclId = getAclId((StoredObjectImpl) so, addAces, removeAces);
+ ((StoredObjectImpl) so).setAclId(aclId);
+ return getAcl(aclId);
+ }
+
+ private Acl applyAclRecursive(Folder folder, Acl addAces, Acl removeAces, String principalId) {
+ List<StoredObject> children = folder.getChildren(-1, -1, ADMIN_PRINCIPAL_ID);
+
+ Acl result = applyAcl(folder, addAces, removeAces);
+
+ if (null == children) {
+ return result;
+ }
+
+ for (StoredObject child : children) {
+ if (hasAllAccess(principalId, child)) {
+ if (child instanceof Folder) {
+ applyAclRecursive((Folder) child, addAces, removeAces, principalId);
+ } else {
+ applyAcl(child, addAces, removeAces);
+ }
+ }
+ }
+
+ return result;
+ }
+
+ private Acl applyAclRecursive(Folder folder, Acl acl, String principalId) {
+ List<StoredObject> children = folder.getChildren(-1, -1, ADMIN_PRINCIPAL_ID);
+
+ Acl result = applyAcl(folder, acl);
+
+ if (null == children) {
+ return result;
+ }
+
+ for (StoredObject child : children) {
+ if (hasAllAccess(principalId, child)) {
+ if (child instanceof Folder) {
+ applyAclRecursive((Folder) child, acl, principalId);
+ } else {
+ applyAcl(child, acl);
+ }
+ }
+ }
+
+ return result;
+ }
+
}
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/Permission.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/Permission.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/Permission.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/Permission.java Sun Oct 2 20:35:12 2011
@@ -18,6 +18,8 @@
*/
package org.apache.chemistry.opencmis.inmemory.storedobj.impl;
+import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions;
+
public enum Permission {
NONE("none"),
@@ -46,15 +48,25 @@ public enum Permission {
public static Permission fromCmisString(String strPerm) {
Permission permission;
- if (strPerm.equals("cmis:read"))
+ if (strPerm.equals(EnumBasicPermissions.CMIS_READ.value()))
permission = Permission.READ;
- else if (strPerm.equals("cmis:write"))
+ else if (strPerm.equals(EnumBasicPermissions.CMIS_WRITE.value()))
permission = Permission.WRITE;
- else if (strPerm.equals("cmis:all"))
+ else if (strPerm.equals(EnumBasicPermissions.CMIS_ALL.value()))
permission = Permission.ALL;
else
throw new IllegalArgumentException("InMemory only supports CMIS basic permissions read, write, all.");
return permission;
}
+ public String toCmisString() {
+ if (this.equals(READ))
+ return EnumBasicPermissions.CMIS_READ.value();
+ else if (this.equals(WRITE))
+ return EnumBasicPermissions.CMIS_WRITE.value();
+ else if (this.equals(ALL))
+ return EnumBasicPermissions.CMIS_ALL.value();
+ else
+ return "";
+ }
}
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoreManagerImpl.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoreManagerImpl.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoreManagerImpl.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoreManagerImpl.java Sun Oct 2 20:35:12 2011
@@ -118,7 +118,7 @@ public class StoreManagerImpl implements
}
public CmisServiceValidator getServiceValidator() {
- return new BaseServiceValidatorImpl(this);
+ return new InMemoryServiceValidatorImpl(this);
}
public BindingsObjectFactory getObjectFactory() {
@@ -390,7 +390,7 @@ public class StoreManagerImpl implements
TypeManager tm = getTypeManager(repositoryId);
ObjectStore objectStore = getObjectStore(repositoryId);
- InMemoryQueryProcessor queryProcessor = new InMemoryQueryProcessor();
+ InMemoryQueryProcessor queryProcessor = new InMemoryQueryProcessor(getStore(repositoryId));
ObjectList objList = queryProcessor.query(tm, objectStore, user, repositoryId, statement, searchAllVersions,
includeAllowableActions, includeRelationships, renditionFilter, maxItems, skipCount);
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoredObjectImpl.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoredObjectImpl.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoredObjectImpl.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/StoredObjectImpl.java Sun Oct 2 20:35:12 2011
@@ -57,6 +57,7 @@ public class StoredObjectImpl implements
protected String fRepositoryId;
protected Map<String, PropertyData<?>> fProperties;
protected final ObjectStoreImpl fObjStore;
+ protected int fAclId;
StoredObjectImpl(ObjectStoreImpl objStore) { // visibility should be package
GregorianCalendar now = getNow();
@@ -377,10 +378,20 @@ public class StoredObjectImpl implements
}
public Acl getAcl() {
- // TODO Auto-generated method stub
- return null;
+ if (0 == getAclId())
+ return null;
+ else
+ return fObjStore.getAcl(fAclId);
}
+ public int getAclId() {
+ return fAclId;
+ }
+
+ public void setAclId(int aclId) {
+ fAclId = aclId;
+ }
+
public ObjectList getObjectRelationships(
Boolean includeSubRelationshipTypes,
RelationshipDirection relationshipDirection, String typeId,
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/VersionedDocumentImpl.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/VersionedDocumentImpl.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/VersionedDocumentImpl.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/storedobj/impl/VersionedDocumentImpl.java Sun Oct 2 20:35:12 2011
@@ -26,17 +26,13 @@ import org.apache.chemistry.opencmis.com
import org.apache.chemistry.opencmis.commons.data.ContentStream;
import org.apache.chemistry.opencmis.commons.data.Properties;
import org.apache.chemistry.opencmis.commons.data.PropertyData;
-import org.apache.chemistry.opencmis.commons.definitions.TypeDefinition;
import org.apache.chemistry.opencmis.commons.enums.VersioningState;
import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
-import org.apache.chemistry.opencmis.commons.impl.dataobjects.PropertiesImpl;
import org.apache.chemistry.opencmis.commons.spi.BindingsObjectFactory;
import org.apache.chemistry.opencmis.inmemory.FilterParser;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.DocumentVersion;
-import org.apache.chemistry.opencmis.inmemory.storedobj.api.Filing;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.VersionedDocument;
-import org.apache.chemistry.opencmis.inmemory.types.PropertyCreationHelper;
public class VersionedDocumentImpl extends AbstractMultiFilingImpl implements VersionedDocument {
@@ -56,15 +52,16 @@ public class VersionedDocumentImpl exten
throw new CmisConstraintException("Cannot add a version to document, document is checked out.");
}
- Map<String, PropertyData<?>> existingProps = fVersions.size() == 0 ? fProperties : getLatestVersion(false)
- .getProperties();
-
DocumentVersionImpl ver = new DocumentVersionImpl(fRepositoryId, this, content, verState, fObjStore);
- PropertiesImpl newProps = PropertyCreationHelper.copyProperties(existingProps, null);
- fProperties = newProps.getProperties();
-
ver.setSystemBasePropertiesWhenCreatedDirect(getName(), getTypeId(), user); // copy
- // name and type id from version series.
+ // name
+ // and
+ // type
+ // id
+ // from
+ // version
+ // series
+ // .
ver.persist();
fVersions.add(ver);
if (verState == VersioningState.CHECKEDOUT) {
@@ -95,8 +92,7 @@ public class VersionedDocumentImpl exten
fCheckedOutUser = null;
}
- public void checkIn(boolean isMajor, Properties properties, ContentStream content, String checkinComment,
- String user, TypeDefinition typeDef) {
+ public void checkIn(boolean isMajor, Properties properties, ContentStream content, String checkinComment, String user) {
if (fIsCheckedOut) {
if (fCheckedOutUser.equals(user)) {
fIsCheckedOut = false;
@@ -111,22 +107,13 @@ public class VersionedDocumentImpl exten
}
DocumentVersion pwc = getPwc();
-
- if (properties != null) {
- // we do not allow a rename on check-in
- PropertyData<?> pd = properties.getProperties().get(PropertyIds.NAME);
- if (pd != null) {
- throw new CmisInvalidArgumentException("Error: Name can't be changed during a check-in (Document " + getId()
- + ").");
- }
-
- PropertyCreationHelper.updateProperties(pwc.getProperties(), properties.getProperties(), typeDef, true);
- }
-
if (null != content)
pwc.setContent(content, false);
+ if (null != properties && null != properties.getProperties())
+ ((DocumentVersionImpl)pwc).setCustomProperties(properties.getProperties());
+
pwc.setCheckinComment(checkinComment);
pwc.commit(isMajor);
}
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryDocumentTypeDefinition.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryDocumentTypeDefinition.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryDocumentTypeDefinition.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryDocumentTypeDefinition.java Sun Oct 2 20:35:12 2011
@@ -100,7 +100,7 @@ public class InMemoryDocumentTypeDefinit
setLocalName(id);
setLocalNamespace("local");
setQueryName(id);
- setIsControllableAcl(false);
+ setIsControllableAcl(true);
setIsControllablePolicy(false);
setIsCreatable(true);
setIsFileable(true);
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryFolderTypeDefinition.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryFolderTypeDefinition.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryFolderTypeDefinition.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/InMemoryFolderTypeDefinition.java Sun Oct 2 20:35:12 2011
@@ -90,7 +90,7 @@ public class InMemoryFolderTypeDefinitio
setLocalName(id);
setLocalNamespace("local");
setQueryName(id);
- setIsControllableAcl(false);
+ setIsControllableAcl(true);
setIsControllablePolicy(false);
setIsCreatable(true);
setIsFileable(true);
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/PropertyCreationHelper.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/PropertyCreationHelper.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/PropertyCreationHelper.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/main/java/org/apache/chemistry/opencmis/inmemory/types/PropertyCreationHelper.java Sun Oct 2 20:35:12 2011
@@ -27,6 +27,7 @@ import java.util.Map;
import java.util.Map.Entry;
import org.apache.chemistry.opencmis.commons.PropertyIds;
+import org.apache.chemistry.opencmis.commons.data.Acl;
import org.apache.chemistry.opencmis.commons.data.AllowableActions;
import org.apache.chemistry.opencmis.commons.data.ExtensionsData;
import org.apache.chemistry.opencmis.commons.data.ObjectData;
@@ -40,7 +41,6 @@ import org.apache.chemistry.opencmis.com
import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
import org.apache.chemistry.opencmis.commons.enums.PropertyType;
import org.apache.chemistry.opencmis.commons.enums.Updatability;
-import org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisObjectNotFoundException;
import org.apache.chemistry.opencmis.commons.impl.dataobjects.AbstractPropertyData;
@@ -61,6 +61,7 @@ import org.apache.chemistry.opencmis.com
import org.apache.chemistry.opencmis.inmemory.DataObjectCreator;
import org.apache.chemistry.opencmis.inmemory.FilterParser;
import org.apache.chemistry.opencmis.inmemory.NameValidator;
+import org.apache.chemistry.opencmis.inmemory.storedobj.api.DocumentVersion;
import org.apache.chemistry.opencmis.inmemory.storedobj.api.StoredObject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -297,7 +298,8 @@ public class PropertyCreationHelper {
}
if (null != includeACL && includeACL) {
- od.setAcl(so.getAcl());
+ Acl acl = so instanceof DocumentVersion ? ((DocumentVersion) so).getParentDocument().getAcl() : so.getAcl();
+ od.setAcl(acl);
}
od.setIsExactAcl(true);
@@ -351,62 +353,6 @@ public class PropertyCreationHelper {
return od;
}
- public static PropertiesImpl copyProperties(Map<String, PropertyData<?>> existingProps, Map<String, PropertyData<?>> newProps) {
-
- PropertiesImpl newPD = new PropertiesImpl();
- // copy all existing properties
- for (PropertyData<?> prop : existingProps.values()) {
- newPD.addProperty(prop);
- }
-
- // overwrite all new properties
- if (newProps != null)
- for (PropertyData<?> prop : newProps.values()) {
- newPD.addProperty(prop);
- }
-
- return newPD;
- }
-
- public static boolean updateProperties(Map<String, PropertyData<?>> properties,
- Map<String, PropertyData<?>> newProps, TypeDefinition typeDef, boolean isCheckedOut) {
- boolean hasUpdated = false;
-
- for (String key : newProps.keySet()) {
- if (key.equals(PropertyIds.NAME))
- {
- continue; // ignore here
- }
-
- PropertyData<?> value = newProps.get(key);
- PropertyDefinition<?> propDef = typeDef.getPropertyDefinitions().get(key);
- if (value.getValues() == null || value.getFirstValue() == null) {
- // delete property
- // check if a required a property
- if (propDef.isRequired()) {
- throw new CmisConstraintException(
- "updateProperties failed, following property can't be deleted, because it is required: "
- + key);
- }
- properties.remove(key);
- hasUpdated = true;
- } else {
- if (propDef.getUpdatability().equals(Updatability.WHENCHECKEDOUT) && !isCheckedOut) {
- throw new CmisConstraintException(
- "updateProperties failed, following property can't be updated, because it is not checked-out: "
- + key);
- } else if (!propDef.getUpdatability().equals(Updatability.READWRITE)) {
- throw new CmisConstraintException(
- "updateProperties failed, following property can't be updated, because it is not writable: "
- + key);
- }
- properties.put(key, value);
- hasUpdated = true;
- }
- }
- return hasUpdated;
- }
-
// internal helpers
private static void createStandardDefinition(AbstractPropertyDefinition<?> prop, String id, PropertyType propType,
String displayName, Cardinality card) {
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AbstractServiceTest.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AbstractServiceTest.java?rev=1178250&r1=1178249&r2=1178250&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AbstractServiceTest.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AbstractServiceTest.java Sun Oct 2 20:35:12 2011
@@ -49,6 +49,7 @@ import org.apache.chemistry.opencmis.com
import org.apache.chemistry.opencmis.commons.enums.VersioningState;
import org.apache.chemistry.opencmis.commons.impl.dataobjects.BindingsObjectFactoryImpl;
import org.apache.chemistry.opencmis.commons.server.CallContext;
+import org.apache.chemistry.opencmis.commons.spi.AclService;
import org.apache.chemistry.opencmis.commons.spi.BindingsObjectFactory;
import org.apache.chemistry.opencmis.commons.spi.CmisBinding;
import org.apache.chemistry.opencmis.commons.spi.DiscoveryService;
@@ -77,6 +78,7 @@ public class AbstractServiceTest {
protected VersioningService fVerSvc;
protected MultiFilingService fMultiSvc;
protected DiscoveryService fDiscSvc;
+ protected AclService fAclSvc;
protected CallContext fTestCallContext;
private String fTypeCreatorClassName;
@@ -162,17 +164,25 @@ public class AbstractServiceTest {
}
protected String createFolderNoCatch(String folderName, String parentFolderId, String typeId) {
+ return createFolderNoCatch(folderName, parentFolderId, typeId, null, null);
+ }
+
+ protected String createFolderNoCatch(String folderName, String parentFolderId, String typeId, Acl addACEs,
+ Acl removeACEs) {
Properties props = createFolderProperties(folderName, typeId);
- String id = fObjSvc.createFolder(fRepositoryId, props, parentFolderId, null, null, null, null);
+ String id = fObjSvc.createFolder(fRepositoryId, props, parentFolderId, null, addACEs, removeACEs, null);
return id;
}
- protected String createDocumentNoCatch(String name, String folderId, String typeId, VersioningState versioningState,
- boolean withContent) {
+ protected String createDocumentNoCatch(String name, String folderId, String typeId,
+ VersioningState versioningState, boolean withContent) {
+ return createDocumentNoCatch(name, folderId, typeId, versioningState, withContent, null, null);
+ }
+
+ protected String createDocumentNoCatch(String name, String folderId, String typeId,
+ VersioningState versioningState, boolean withContent, Acl addACEs, Acl removeACEs) {
ContentStream contentStream = null;
List<String> policies = null;
- Acl addACEs = null;
- Acl removeACEs = null;
ExtensionsData extension = null;
Properties props = createDocumentProperties(name, typeId);
@@ -395,6 +405,7 @@ public class AbstractServiceTest {
fVerSvc = binding.getVersioningService();
fMultiSvc = binding.getMultiFilingService();
fDiscSvc = binding.getDiscoveryService();
+ fAclSvc = binding.getAclService();
}
protected String getStringProperty(ObjectData objData, String propertyKey) {
Added: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.java?rev=1178250&view=auto
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.java (added)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/src/test/java/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.java Sun Oct 2 20:35:12 2011
@@ -0,0 +1,1265 @@
+package org.apache.chemistry.opencmis.inmemory;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import junit.framework.Assert;
+
+import org.apache.chemistry.opencmis.commons.PropertyIds;
+import org.apache.chemistry.opencmis.commons.data.Ace;
+import org.apache.chemistry.opencmis.commons.data.Acl;
+import org.apache.chemistry.opencmis.commons.data.ContentStream;
+import org.apache.chemistry.opencmis.commons.data.ExtensionsData;
+import org.apache.chemistry.opencmis.commons.data.ObjectData;
+import org.apache.chemistry.opencmis.commons.data.ObjectInFolderContainer;
+import org.apache.chemistry.opencmis.commons.data.ObjectInFolderData;
+import org.apache.chemistry.opencmis.commons.data.ObjectInFolderList;
+import org.apache.chemistry.opencmis.commons.data.ObjectList;
+import org.apache.chemistry.opencmis.commons.data.ObjectParentData;
+import org.apache.chemistry.opencmis.commons.data.Properties;
+import org.apache.chemistry.opencmis.commons.data.PropertyData;
+import org.apache.chemistry.opencmis.commons.data.RenditionData;
+import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
+import org.apache.chemistry.opencmis.commons.enums.BaseTypeId;
+import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
+import org.apache.chemistry.opencmis.commons.enums.VersioningState;
+import org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException;
+import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBaseObjectTypeIds;
+import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions;
+import org.apache.chemistry.opencmis.commons.server.CallContext;
+import org.apache.chemistry.opencmis.commons.spi.Holder;
+import org.apache.chemistry.opencmis.inmemory.storedobj.api.ObjectStore;
+import org.apache.chemistry.opencmis.server.support.query.CalendarHelper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class AclPermissionsTest extends AbstractServiceTest {
+
+ private static Log LOG = LogFactory.getLog(AclPermissionsTest.class);
+ private static final BigInteger MINUS_ONE = BigInteger.valueOf(-1L);
+
+ protected ObjectCreator fCreator;
+ protected ObjectStore objectStore = null;
+ protected List<Ace> addACEs = null;
+ protected Acl addAcl = null;
+ protected List<Ace> standardACEs = null;
+ protected Acl standardAcl = null;
+ protected List<Ace> noReadACEs = null;
+ protected Acl noReadAcl = null;
+ protected List<Ace>readACEs = null;
+ protected Acl readAcl = null;
+ protected List<Ace>readWriteACEs = null;
+ protected Acl readWriteAcl = null;
+ protected List<Ace> writerReadACEs = null;
+ protected Acl writerReadAcl = null;
+ protected List<Ace> adminACEs = null;
+ protected Acl adminAcl = null;
+ protected List<Ace> testUserACEs = null;
+ protected Acl testUserAcl = null;
+
+ protected static Map<String, String> idMap = new HashMap<String, String>();
+
+ @Override
+ @After
+ public void tearDown() {
+ super.tearDown();
+ }
+
+ @Override
+ @Before
+ public void setUp() {
+ super.setTypeCreatorClass(UnitTestTypeSystemCreator.class.getName());
+ super.setUp();
+ fCreator = new ObjectCreator(fFactory, fObjSvc, fRepositoryId);
+ List<String> principalIds = new ArrayList<String>(3);
+ principalIds.add("TestAdmin");
+ principalIds.add("Writer");
+ principalIds.add("Reader");
+ principalIds.add("TestUser");
+ addACEs = new ArrayList<Ace>(4);
+ addACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ addACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ addACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+ addACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ addAcl = fFactory.createAccessControlList(addACEs);
+
+ standardACEs = new ArrayList<Ace>(3);
+ standardACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ standardACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ standardACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ standardAcl = fFactory.createAccessControlList(standardACEs);
+
+ noReadACEs = new ArrayList<Ace>(2);
+ noReadACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ noReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ noReadAcl = fFactory.createAccessControlList(noReadACEs);
+
+ readACEs = new ArrayList<Ace>(1);
+ readACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ readAcl = fFactory.createAccessControlList(readACEs);
+
+ readWriteACEs = new ArrayList<Ace>(2);
+ readWriteACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ readWriteACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ readWriteAcl = fFactory.createAccessControlList(readWriteACEs);
+
+ testUserACEs = new ArrayList<Ace>(1);
+ testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+ testUserAcl = fFactory.createAccessControlList(testUserACEs);
+
+ writerReadACEs = new ArrayList<Ace>(1);
+ writerReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_READ));
+ writerReadAcl = fFactory.createAccessControlList(writerReadACEs);
+
+ adminACEs = new ArrayList<Ace>(1);
+ adminACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ adminAcl = fFactory.createAccessControlList(adminACEs);
+ }
+
+ @Test
+ public void testCreateObjectsWithAcl()
+ {
+ // create a document with initial ACL
+ String docId = createDocumentWithAcls("complexDocument", fRootFolderId, UnitTestTypeSystemCreator.COMPLEX_TYPE,
+ addAcl, null);
+ Acl acl1 = fAclSvc.getAcl(fRepositoryId, docId, true, null);
+ assertTrue(aclEquals(addAcl, acl1));
+
+ // create a folder with initial ACL
+ String folderId = createFolderWithAcls("folderWithAcl", fRootFolderId, BaseTypeId.CMIS_FOLDER.value(),
+ addAcl, null);
+ Acl acl2 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
+ assertTrue(aclEquals(addAcl, acl2));
+
+ // add acl later
+ String docId2 = createVersionedDocument("complexDocument2", fRootFolderId);
+ Acl acl = fAclSvc.applyAcl(fRepositoryId, docId2, addAcl, null, AclPropagation.OBJECTONLY, null);
+ assertTrue(aclEquals(addAcl, acl));
+
+ String folderId2 = createFolder("folder2", fRootFolderId, "cmis:folder");
+ acl2 = fAclSvc.applyAcl(fRepositoryId, folderId2, addAcl, null, AclPropagation.OBJECTONLY, null);
+ assertTrue(aclEquals(addAcl, acl2));
+
+ // add a subfolder
+ String subFolderId = createFolder("subFolder", folderId, BaseTypeId.CMIS_FOLDER.value());
+ // folder should inherit acl
+ Acl subAcl = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
+ assertTrue(aclEquals(addAcl, subAcl));
+
+ // add a document
+ String subDocId = createVersionedDocument("subDoc", subFolderId);
+ // document should inherit acl
+ Acl subAclDoc = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+ assertTrue(aclEquals(addAcl, subAclDoc));
+
+ // remove an ace, no permission is left for TestUser
+ Acl removeAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
+ Acl acl3 = fAclSvc.applyAcl(fRepositoryId, docId2, null, removeAcl, AclPropagation.OBJECTONLY, null);
+
+ List<Ace> compareRemoveACEs = new ArrayList<Ace>(3);
+ compareRemoveACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ compareRemoveACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ compareRemoveACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ Acl compareRemoveAcl = fFactory.createAccessControlList(compareRemoveACEs);
+
+ assertTrue(aclEquals(compareRemoveAcl, acl3));
+
+ // addACE not propagated
+ Acl addPropAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
+
+ Acl acl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.OBJECTONLY, null);
+ Acl subAclDoc2 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+ assertTrue(aclEquals(addAcl, subAclDoc2)); // acl of doc did not change
+
+ List<Ace> compareRemoveACEs2 = new ArrayList<Ace>(4);
+ compareRemoveACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ compareRemoveACEs2.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+ compareRemoveACEs2.add(createAce("TestUser", EnumBasicPermissions.CMIS_ALL));
+ compareRemoveACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ Acl compareRemoveAcl2 = fFactory.createAccessControlList(compareRemoveACEs2);
+ assertTrue(aclEquals(compareRemoveAcl2, acl4));
+
+ // addACE propagated
+ Acl acl5 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.PROPAGATE, null);
+ Acl subAclDoc3 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+ assertTrue(aclEquals(compareRemoveAcl2, subAclDoc3)); // acl of doc did change
+ assertTrue(aclEquals(compareRemoveAcl2, acl5));
+ }
+
+
+ @Test
+ public void checkNavigationServiceGeneralAccess()
+ {
+ // starts with call context TestUser
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, "ComplexType",
+ standardAcl, null);
+ String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, null);
+// fTestCallContext = new DummyCallContext("Writer");
+ String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
+
+
+ // TestUser has no permission at all
+ switchCallContext("TestUser");
+ boolean exceptionThrown = false;
+ try
+ {
+ ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null,
+ BigInteger.ZERO , BigInteger.ZERO, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null,
+ BigInteger.ZERO , BigInteger.ZERO, null);
+
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
+
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE,
+ null, MINUS_ONE, MINUS_ONE, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+ switchCallContext("Reader");
+ ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE,
+ null, MINUS_ONE, MINUS_ONE, null);
+ }
+
+ @Test
+ public void checkAclServiceGeneralAccess()
+ {
+ List<Ace> initialACEs = new ArrayList<Ace>(4);
+ initialACEs.addAll(standardACEs);
+ initialACEs.add(createAce("Admin2", EnumBasicPermissions.CMIS_ALL));
+ Acl initialAcl = fFactory.createAccessControlList(initialACEs);
+
+ List<Ace> expectedACEs = new ArrayList<Ace>(5);
+ expectedACEs.addAll(initialACEs);
+ expectedACEs.addAll(testUserACEs);
+ Acl expectedAcl = fFactory.createAccessControlList(expectedACEs);
+
+ List<Ace> removeACEs = new ArrayList<Ace>(1);
+ removeACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ Acl removeAcl = fFactory.createAccessControlList(removeACEs);
+
+ List<Ace> removeACEs2 = new ArrayList<Ace>(2);
+ removeACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+ removeACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+ Acl removeAcl2 = fFactory.createAccessControlList(removeACEs2);
+
+ List<Ace> testUserACEs = new ArrayList<Ace>(1);
+ testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+ Acl testUserAcl = fFactory.createAccessControlList(testUserACEs);
+
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, "ComplexType",
+ initialAcl, null);
+ String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", initialAcl, null);
+ String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", initialAcl, null);
+
+ // getAcl of a folder
+ switchCallContext("TestUser");
+ boolean exceptionThrown = false;
+ try
+ {
+ Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get acl of folder");
+
+ switchCallContext("Reader");
+ Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null);
+
+ // getAcl of a document
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get acl of doc)");
+
+ switchCallContext("Reader");
+ Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null);
+
+ // applyAcl
+ switchCallContext("Reader");
+ exceptionThrown = false;
+ try
+ {
+ Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions)");
+
+// switchCallContext("Writer");
+ switchCallContext("TestAdmin");
+ Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
+
+ // applyAcl when not allowed to subItem
+ switchCallContext("TestAdmin");
+ Acl docAcl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, null, removeAcl, AclPropagation.OBJECTONLY, null);
+
+// switchCallContext("Writer");
+ switchCallContext("TestAdmin");
+ // apply an ACL where the current user has permission to modify ACL on folder but not on sub-folder:
+ Acl docAcl5 = fAclSvc.applyAcl(fRepositoryId, folderId, testUserAcl, null, AclPropagation.PROPAGATE, null);
+ switchCallContext("Admin");
+ Acl docAcl6 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
+ assertTrue(aclEquals(expectedAcl, docAcl6));
+ Acl docAcl7 = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
+ assertTrue(aclEquals(standardAcl, docAcl7));
+ }
+
+ @Test
+ public void checkObjectServiceGeneralAccess()
+ {
+
+ // starts with call context TestUser
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, "ComplexType",
+ standardAcl, null);
+ String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, null);
+// fTestCallContext = new DummyCallContext("Writer");
+ String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
+ String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder", null, readAcl);
+ String adminFolderId = createFolderWithAcls("adminFolder", folderId, "cmis:folder", null, readWriteAcl);
+
+ // TestUser has no permission at all
+ switchCallContext("TestUser");
+ boolean exceptionThrown = false;
+ try
+ {
+ Properties properties = createDocumentProperties("doc", "ComplexType");
+ String id = fObjSvc.createDocument(fRepositoryId, properties, folderId, null, null, null, null,
+ null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to create a document");
+
+ exceptionThrown = false;
+ try
+ {
+ String id = fObjSvc.createFolder(fRepositoryId, null, folderId, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to create a folder");
+
+ /*
+ exceptionThrown = false;
+ try
+ {
+ Properties properties = createRelationshipProperties(folderId, fRootFolderId);
+ String id1 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to create a relationship: missing read permission for source id");
+
+ exceptionThrown = false;
+ Properties properties = createRelationshipProperties( fRootFolderId, folderId);
+ try
+ {
+ String id2 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to create a relationship: missing read permission for destination");
+ */
+
+ exceptionThrown = false;
+ try
+ {
+ Properties props = fObjSvc.getProperties(fRepositoryId, folderId, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get properties of the folder");
+
+ exceptionThrown = false;
+ try
+ {
+ Properties props = fObjSvc.getProperties(fRepositoryId, docId, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get properties of the document");
+
+ exceptionThrown = false;
+ try
+ {
+ List<RenditionData> renditions = fObjSvc.getRenditions(fRepositoryId, docId, null, BigInteger.valueOf(-1),
+ BigInteger.valueOf(-1), null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get renditions of the document");
+
+ exceptionThrown = false;
+ try
+ {
+ ContentStream contentStream = fObjSvc.getContentStream(fRepositoryId, docId, null, BigInteger.valueOf(-1),
+ BigInteger.valueOf(-1), null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions to get contentStream of the document");
+
+ switchCallContext("Reader");
+ exceptionThrown = false;
+ Properties properties = createDocumentProperties( "name", "typeId");
+ try
+ {
+ fObjSvc.updateProperties(fRepositoryId,
+ new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to update properties of the document");
+
+ exceptionThrown = false;
+ properties = createDocumentProperties( "name", "typeId");
+ try
+ {
+ fObjSvc.updateProperties(fRepositoryId,
+ new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to update properties of the document");
+
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.moveObject(fRepositoryId, new Holder<String>(docId), subFolderId,
+ fRootFolderId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to move document");
+
+ switchCallContext("Writer");
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.moveObject(fRepositoryId,new Holder<String>(docId), adminFolderId,
+ fRootFolderId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Writer has no permissions to move document to admin folder");
+
+ switchCallContext("Reader");
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.deleteObject(fRepositoryId, docId, true, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to delete document ");
+
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.deleteObject(fRepositoryId, adminFolderId, true, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to delete admin folder ");
+
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.setContentStream(fRepositoryId, new Holder<String> (docId), true,
+ new Holder<String>("changeToken"), null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to set content ");
+
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.deleteContentStream(fRepositoryId, new Holder<String> (docId),
+ new Holder<String>("changeToken"), null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to delete content ");
+
+ exceptionThrown = false;
+ try
+ {
+ fObjSvc.deleteTree(fRepositoryId, folderId, true,
+ null, false, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permissions to delete tree ");
+ }
+
+ @Test
+ public void checkMultiFilingServiceGeneralAccess()
+ {
+ // starts with call context TestUser
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, "ComplexType",
+ standardAcl, null);
+ String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder",
+ addAcl, null);
+ String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder",
+ null, readAcl);
+
+ // TestUser has no permission at the document
+ switchCallContext("TestUser");
+ boolean exceptionThrown = false;
+ try
+ {
+
+ fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permissions at the document to add a parent");
+
+ exceptionThrown = false;
+ switchCallContext("Reader"); // has no permission at the folder
+ try
+ {
+
+ fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permission at the folder to add a parent");
+
+ switchCallContext("TestAdmin");
+ fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
+ fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
+
+ switchCallContext("Reader");
+ try
+ {
+
+ fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, noReadFolderId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has no permission at the folder to remove a parent");
+
+ switchCallContext("TestUser");
+ try
+ {
+
+ fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, folderId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permission at the object to remove a parent");
+ }
+
+ @Test
+ public void checkVersioningServiceGeneralAccess()
+ {
+ // starts with call context TestUser
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID,
+ VersioningState.MAJOR, standardAcl, null);
+
+ // TestUser has no permission at all
+ switchCallContext("TestUser");
+ boolean exceptionThrown = false;
+ try
+ {
+ Holder<String> docIdHolder = new Holder<String>(docId);
+ fVerSvc.checkOut(fRepositoryId, docIdHolder, null,
+ new Holder<Boolean>(false));
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permission to checkout)");
+
+ // Reader has only read permission
+ switchCallContext("Reader");
+ exceptionThrown = false;
+ try
+ {
+ fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null,
+ new Holder<Boolean>(false));
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has not enough permission to checkout)");
+
+ // checkout
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("TestUser");
+ Holder<String> docIdHolder = new Holder<String>(docId);
+ fVerSvc.checkOut(fRepositoryId, docIdHolder, null,
+ new Holder<Boolean>(false));
+
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+
+ // TestUser has no permission at all, only checkout user can checkin
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permission to cancelCheckOut)");
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("TestUser");
+ fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+
+ // writer looses write permission
+ switchCallContext("Writer");
+ fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null,
+ new Holder<Boolean>(false));
+
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
+
+ switchCallContext("Writer");
+ exceptionThrown = false;
+ try
+ {
+ fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Reader has not enough permission to cancelCheckOut)");
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("Writer");
+ fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+
+
+ // TestUser has no permission at all
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("TestUser");
+ fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null,
+ new Holder<Boolean>(false));
+
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true, null, null, null, null,
+ null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has no permission to checkIn)");
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("TestUser");
+ fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true, null, null, null, null,
+ null, null, null);
+
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+
+ // writer looses write permission
+ switchCallContext("Writer");
+ fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null,
+ new Holder<Boolean>(false));
+
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
+
+ switchCallContext("Writer");
+ exceptionThrown = false;
+ try
+ {
+ fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true, null, null, null, null,
+ null, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("Writer has not enough permission to checkIn)");
+ switchCallContext("TestAdmin");
+ fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
+ switchCallContext("Writer");
+ fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true, null, null, null, null,
+ null, null, null);
+
+ // TestUser has no permission at all
+ switchCallContext("TestUser");
+ exceptionThrown = false;
+ try
+ {
+ ObjectData objectData = fVerSvc.getObjectOfLatestVersion(fRepositoryId, docId, null, true,
+ null, false, IncludeRelationships.NONE,
+ null, false, false, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has not enough permission to getObjectOfLatestVersion)");
+
+ exceptionThrown = false;
+ try
+ {
+ List<ObjectData> objectDataList = fVerSvc.getAllVersions(fRepositoryId, docId, docId, null,
+ false, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has not enough permission to getAllVersions)");
+
+
+ exceptionThrown = false;
+ try
+ {
+ Properties properties = fVerSvc.getPropertiesOfLatestVersion(fRepositoryId, docId, null,
+ false, null, null);
+ }
+ catch (CmisPermissionDeniedException e)
+ {
+ exceptionThrown = true;
+ }
+ if (!exceptionThrown)
+ Assert.fail("TestUser has not enough permission to getAllVersions)");
+ }
+
+
+ @Test
+ public void checkVisibleObjects()
+ {
+ LOG.debug("start test checkVisibleObjects()...");
+ switchCallContext("TestAdmin");
+ String docId = createDocumentWithAcls("doc", fRootFolderId, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID,
+ VersioningState.MAJOR, standardAcl, null);
+ String docId2 = createDocumentWithAcls("doc2", fRootFolderId, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID,
+ VersioningState.MAJOR, addAcl, null);
+ String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder",
+ standardAcl, null);
+ String folderId2 = createFolderWithAcls("folder2", fRootFolderId, "cmis:folder",
+ addAcl, null);
+ LOG.debug("checkVisibleObjects(): folderId2 is: " + folderId2);
+ String subFolderId = createFolderWithAcls("subFolder", folderId2, "cmis:folder",
+ null, testUserAcl);
+ LOG.debug("checkVisibleObjects(): subFolderId is: " + subFolderId);
+ String subFolderId2 = createFolderWithAcls("subFolder2", folderId2, "cmis:folder",
+ addAcl, null);
+ LOG.debug("checkVisibleObjects(): subFolderId2 is: " + subFolderId2);
+ String subDocId = createDocumentWithAcls("subDoc", folderId2, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID,
+ VersioningState.MAJOR, null, testUserAcl);
+ LOG.debug("checkVisibleObjects(): subDocId is: " + subDocId);
+ String subDocId2 = createDocumentWithAcls("subDoc2", folderId2, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID,
+ VersioningState.MAJOR, addAcl, null);
+ LOG.debug("checkVisibleObjects(): subDocId2 is: " + subDocId2);
+ String noAclDocId2 = createDocumentWithAcls("noAclDoc2", fRootFolderId, "ComplexType",
+ null, null);
+ LOG.debug("checkVisibleObjects(): noAclDocId2 is: " + noAclDocId2);
+
+ // TestUser has no permission in standardAcl
+ switchCallContext("TestUser");
+
+ ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId2, null, null, false, IncludeRelationships.NONE, null, null,
+ null, null, null);
+ List<ObjectInFolderData> objects = list.getObjects();
+ assertObjectDataListIds(objects, subDocId2);
+ assertObjectDataListIds(objects, subFolderId2);
+
+ list = fNavSvc.getChildren(fRepositoryId, fRootFolderId, null, null, false, IncludeRelationships.NONE, null, null,
+ null, null, null);
+ objects = list.getObjects();
+ assertObjectDataListIds(objects, docId2);
+ assertObjectDataListIds(objects, folderId2);
+ assertObjectDataListIds(objects, noAclDocId2);
+
+ List<ObjectInFolderContainer> descList = fNavSvc.getDescendants(fRepositoryId, fRootFolderId, MINUS_ONE,
+ null, false, IncludeRelationships.NONE, null, false, null);
+ assertObjectInFolderContainerIds(descList, docId2);
+ assertObjectInFolderContainerIds(descList, folderId2);
+ assertObjectInFolderContainerIds(descList, noAclDocId2);
+
+ List<ObjectInFolderContainer> folderList = fNavSvc.getFolderTree(fRepositoryId, fRootFolderId, MINUS_ONE,
+ null, false, IncludeRelationships.NONE, null, false, null);
+ assertObjectInFolderContainerIds(folderList, folderId2);
+ assertObjectInFolderContainerIds(folderList, subFolderId2);
+
+ // check out
+ switchCallContext("TestAdmin");
+ Holder<String> holderDocId = new Holder<String>(docId);
+ Holder<String> holderDocId2 = new Holder<String>(docId2);
+ Holder<String> holderSubDocId = new Holder<String>(subDocId);
+ Holder<String> holderSubDocId2 = new Holder<String>(subDocId2);
+ fVerSvc.checkOut(fRepositoryId, holderDocId, null, null);
+ fVerSvc.checkOut(fRepositoryId, holderDocId2, null, null);
+ fVerSvc.checkOut(fRepositoryId, holderSubDocId, null, null);
+ fVerSvc.checkOut(fRepositoryId, holderSubDocId2, null, null);
+
+ switchCallContext("TestUser");
+ ObjectList objectList = fNavSvc.getCheckedOutDocs(fRepositoryId, null, null, null, false,
+ IncludeRelationships.NONE, null, MINUS_ONE, MINUS_ONE, null);
+ assertObjectInObjectListIds(objectList, holderDocId2.getValue());
+ assertObjectInObjectListIds(objectList, holderSubDocId2.getValue());
+
+ // only direct children are returned
+ ObjectList objectList2 = fNavSvc.getCheckedOutDocs(fRepositoryId, fRootFolderId, null, null, false,
+ IncludeRelationships.NONE, null, MINUS_ONE, MINUS_ONE, null);
+ List<String> docIds2 = new ArrayList<String>(1);
+ docIds2.add(docId2);
+ Assert.assertEquals(BigInteger.valueOf(1L), objectList2.getNumItems());
+
+ // multi filing, get object parents
+ switchCallContext("TestAdmin");
+ String secFolderId = createFolderWithAcls("secondFolder", fRootFolderId, "cmis:folder",
+ standardAcl, null);
+ String docId3 = createDocumentWithAcls("thirdDoc", folderId2, "ComplexType",
+ addAcl, null);
+ fMultiSvc.addObjectToFolder(fRepositoryId, docId3, secFolderId, true, null);
+
+ switchCallContext("TestUser"); // second parent is not visible
+ List<ObjectParentData> objectParentData = fNavSvc.getObjectParents(fRepositoryId, docId3, null, null, null, null, true, null);
+ Assert.assertEquals(1, objectParentData.size());
+ Assert.assertEquals(folderId2, objectParentData.get(0).getObject().getId());
+ LOG.debug("...stop test checkVisibleObjects()");
+ }
+
+ @Test
+ public void checkQueryAccess()
+ {
+ createCustomPropertyDocuments();
+
+ String queryStatement;
+ List<ObjectData> objectDataList;
+ ObjectList objectList;
+ ObjectData first;
+
+ switchCallContext("TestUser"); // Testuser has no permissions to view a document
+ queryStatement = "select * from cmis:document";
+ objectList = fDiscSvc.query(fRepositoryId, queryStatement, null, null, null,
+ null, MINUS_ONE, MINUS_ONE, null);
+ assertTrue ( 0L == objectList.getNumItems().longValue());
+
+ // add a permission for a document
+ switchCallContext("TestAdmin");
+ String docId20 = idMap.get("customDocId20");
+ fAclSvc.applyAcl(fRepositoryId, idMap.get("customDocId20"), testUserAcl, null, AclPropagation.OBJECTONLY, null);
+
+ switchCallContext("TestUser"); // Testuser has has only permissions for customDocId20
+ queryStatement = "select * from ComplexType where IntProp <= 20";
+
+ objectList = fDiscSvc.query(fRepositoryId, queryStatement, null, null, null,
+ null, MINUS_ONE, MINUS_ONE, null);
+ assertTrue ( 1L == objectList.getNumItems().longValue());
+ objectDataList = objectList.getObjects();
+ first = objectDataList.get(0);
+ assertTrue(first.getBaseTypeId().equals(BaseTypeId.CMIS_DOCUMENT ));
+ }
+
+ protected String createDocumentWithAcls(String name, String folderId, String typeId,
+ Acl addACEs, Acl removeACEs)
+ {
+ return createDocumentWithAcls(name, folderId, typeId, VersioningState.NONE, addACEs, removeACEs);
+ }
+
+ protected String createDocumentWithAcls(String name, String folderId, String typeId, VersioningState versioningState,
+ Acl addACEs, Acl removeACEs)
+ {
+ ContentStream contentStream = null;
+ List<String> policies = null;
+ ExtensionsData extension = null;
+
+ Properties props = createDocumentProperties(name, typeId);
+
+ String id = fObjSvc.createDocument(fRepositoryId, props, folderId, contentStream, versioningState , policies,
+ addACEs, removeACEs, extension);
+ return id;
+ }
+
+ protected String createFolderWithAcls(String name, String folderId, String typeId,
+ Acl addACEs, Acl removeACEs)
+ {
+ List<String> policies = null;
+ ExtensionsData extension = null;
+
+ Properties props = createFolderProperties(name, typeId);
+
+
+ String id = fObjSvc.createFolder(fRepositoryId, props, folderId, policies,
+ addACEs, removeACEs, extension);
+ return id;
+ }
+
+ protected Properties createRelationshipProperties(String sourceId, String targetId) {
+ List<PropertyData<?>> properties = new ArrayList<PropertyData<?>>();
+ properties.add(fFactory.createPropertyIdData(PropertyIds.SOURCE_ID, sourceId));
+ properties.add(fFactory.createPropertyIdData(PropertyIds.TARGET_ID, targetId));
+ properties.add(fFactory.createPropertyIdData(PropertyIds.OBJECT_TYPE_ID,
+ EnumBaseObjectTypeIds.CMIS_RELATIONSHIP.value()));
+ Properties props = fFactory.createPropertiesData(properties);
+ return props;
+ }
+
+ private void switchCallContext(String user) {
+ ((DummyCallContext) fTestCallContext).put(CallContext.USERNAME, user);
+ }
+
+ protected void createCustomPropertyDocuments()
+ {
+ switchCallContext("TestAdmin");
+ // create folder
+ String folderId = createFolderWithAcls("customFolder", fRootFolderId, "cmis:folder", standardAcl, null);
+ idMap.put("customFolder", folderId);
+
+ // create documents
+ List<PropertyData<?>> properties10 = new ArrayList<PropertyData<?>>();
+ properties10.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(10)));
+ properties10.add(fFactory.createPropertyStringData("StringProp", "10 string"));
+ properties10.add(fFactory.createPropertyBooleanData("BooleanProp", true));
+ GregorianCalendar gregorianCalendar = CalendarHelper.fromString("2010-07-10T12:00:00.000-01:00");
+ properties10.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
+ String customDocId10 = createDocumentWithProperties("customDocument10", folderId, "ComplexType",
+ properties10, false);
+ idMap.put("customDocId10", customDocId10);
+
+ List<PropertyData<?>> properties20 = new ArrayList<PropertyData<?>>();
+ properties20.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(20)));
+ properties20.add(fFactory.createPropertyStringData("StringProp", "20 string"));
+ properties20.add(fFactory.createPropertyBooleanData("BooleanProp", false));
+ gregorianCalendar = CalendarHelper.fromString("2010-07-20T12:00:00.000-01:00");
+ properties20.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
+ String customDocId20 = createDocumentWithProperties("customDocument20", folderId, "ComplexType",
+ properties20,false);
+ idMap.put("customDocId20", customDocId20);
+
+ List<PropertyData<?>> properties30 = new ArrayList<PropertyData<?>>();
+ properties30.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(30)));
+ properties30.add(fFactory.createPropertyStringData("StringProp", "30 string"));
+ properties30.add(fFactory.createPropertyBooleanData("BooleanProp", true));
+ gregorianCalendar = CalendarHelper.fromString("2010-07-30T12:00:00.000-01:00");
+ properties30.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
+ String customDocId30 = createDocumentWithProperties("customDocument30", folderId, "ComplexType",
+ properties30, false);
+ idMap.put("customDocId30", customDocId30);
+
+ }
+
+ protected String createDocumentWithProperties(String name, String folderId, String typeId, List<PropertyData<?>> properties,
+ boolean withContent) {
+ ContentStream contentStream = null;
+
+ // add document properties
+ properties.add(fFactory.createPropertyIdData(PropertyIds.NAME, name));
+ properties.add(fFactory.createPropertyIdData(PropertyIds.OBJECT_TYPE_ID, typeId));
+ Properties props = fFactory.createPropertiesData(properties);
+
+ if (withContent)
+ contentStream = createContent();
+
+ String id = null;
+ try {
+ id = fObjSvc.createDocument(fRepositoryId, props, folderId, contentStream, VersioningState.NONE, null,
+ null, null, null);
+ if (null == id)
+ fail("createDocument failed.");
+ } catch (Exception e) {
+ fail("createDocument() failed with exception: " + e);
+ }
+ return id;
+
+ }
+
+ private Acl createAcl(String principalId, EnumBasicPermissions permission) {
+ List<Ace> acesAdd = Arrays.asList(new Ace[] {
+ createAce(principalId, permission),
+ });
+ return fFactory.createAccessControlList(acesAdd);
+ }
+
+ private Ace createAce(String principalId, EnumBasicPermissions permission) {
+ return fFactory.createAccessControlEntry(principalId, Collections.singletonList( permission.value() ));
+ }
+
+ private static boolean aclEquals(Acl acl1, Acl acl2) {
+ if (acl1 == acl2)
+ return true;
+ if (acl1 == null || acl2 == null)
+ return false;
+ if (acl1.getClass() != acl2.getClass())
+ return false;
+ if (acl1.getAces().size() != acl2.getAces().size())
+ return false;
+ for (int i=0; i<acl1.getAces().size(); i++) {
+ aclHasAce(acl1.getAces(), acl2.getAces().get(i));
+ }
+ return true;
+ }
+
+ private static boolean aclHasAce( List<Ace> aces, Ace ace) {
+ for (Ace ace2 : aces) {
+ if (!ace.getPrincipalId().equals(ace2.getPrincipalId()))
+ continue;
+ if (ace.getPermissions().size() != ace2.getPermissions().size())
+ continue;
+ for (int i=0; i<ace2.getPermissions().size(); i++)
+ if (!aceHasPermission(ace.getPermissions(), ace2.getPermissions().get(i)))
+ continue;
+
+ return true;
+ }
+ return false;
+ }
+
+ private static boolean aceHasPermission( List<String> permissions, String permission) {
+ for (String permission2 : permissions)
+ if (permission2.equals(permission))
+ return true;
+ return false;
+ }
+
+ private String createVersionedDocument(String name, String folderId) {
+
+ VersioningState versioningState = VersioningState.MAJOR;
+ String id = null;
+ Map<String, String> properties = new HashMap<String, String>();
+ id = fCreator.createDocument(name, UnitTestTypeSystemCreator.VERSION_DOCUMENT_TYPE_ID, folderId,
+ versioningState, properties);
+
+ return id;
+ }
+
+ private void assertObjectDataListIds(List<ObjectInFolderData> folderData, String id) {
+ boolean found = false;
+ for (ObjectInFolderData folder : folderData) {
+ LOG.info(" found folder id " + folder.getObject().getId());
+ if (id.equals(folder.getObject().getId()))
+ found = true;
+ }
+ assertTrue("Failed to find folder id " + id, found);
+ }
+
+ private void assertObjectInFolderContainerIds(List<ObjectInFolderContainer> folderList, String id) {
+ boolean found = objectInFolderContainerHasId(folderList, id);
+ assertTrue("Failed to find folder id " + id, found);
+ }
+
+ private boolean objectInFolderContainerHasId(List<ObjectInFolderContainer> folderList, String id) {
+ for (ObjectInFolderContainer fc : folderList) {
+ if (id.equals(fc.getObject().getObject().getId()))
+ return true;
+ List<ObjectInFolderContainer> children = fc.getChildren();
+ if (children != null && objectInFolderContainerHasId(children, id))
+ return true;
+ }
+ return false;
+ }
+
+ private void assertObjectInObjectListIds(ObjectList objList, String id) {
+ boolean found = false;
+ for (ObjectData od : objList.getObjects()) {
+ LOG.info(" found object id " + od.getId());
+ if (id.equals(od.getId()))
+ found = true;
+
+ }
+ assertTrue("Failed to find object id " + id, found);
+ }
+
+}