Skip to content

Commit

Permalink
fix: Make space manager and super spaces managers allowed to publish …
Browse files Browse the repository at this point in the history 
…news - MEED-7471 - Meeds-io/meeds#2385 (#227)

Prior to this change, the space administrator and the super space
manager wasn't able to publish news in a space. This rule was specific
to News management. This change will align the ACL rules to be the same
as other CMS applications and tools.
  • Loading branch information
@boubaker
boubaker authored Sep 16, 2024
1 parent f9fab7f commit 3fd7400
Show file tree
Hide file tree
Showing 5 changed files with 185 additions and 88 deletions.
2 changes: 1 addition & 1 deletion content-service/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<rest.api.doc.version>1.0</rest.api.doc.version>
<rest.api.doc.description>Content addon used Rest endpoints</rest.api.doc.description>

<exo.test.coverage.ratio>0.43</exo.test.coverage.ratio>
<exo.test.coverage.ratio>0.53</exo.test.coverage.ratio>
</properties>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions content-service/src/main/java/io/meeds/news/service/impl/NewsTargetingServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ public List<NewsTargetingEntity> getAllowedTargets(org.exoplatform.services.secu
Space targetPermissionSpace =
spaceService.getSpaceById(targetMetadataPermission.split(SPACE_TARGET_PERMISSION_PREFIX)[1]);
return targetPermissionSpace != null
&& spaceService.isPublisher(targetPermissionSpace, userIdentity.getUserId());
&& NewsUtils.canPublishNews(targetPermissionSpace.getId(), userIdentity);
}
return false;
}
Expand Down Expand Up @@ -268,7 +268,7 @@ private NewsTargetingEntity toEntity(Metadata metadata) {
permissionEntity.setRemoteId(space.getPrettyName());
permissionEntity.setAvatar(space.getAvatarUrl());
if (!isSpacePublisher) {
isSpacePublisher = spaceService.isPublisher(space, currentIdentity.getUserId());
isSpacePublisher = NewsUtils.canPublishNews(space.getId(), currentIdentity);
}
}
}
Expand Down
16 changes: 9 additions & 7 deletions content-service/src/main/java/io/meeds/news/utils/NewsUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,14 +85,13 @@ public class NewsUtils {

public static final String ALL_NEWS_AUDIENCE = "all";

private static final String PUBLISHER_MEMBERSHIP_NAME = "publisher";
public static final String PUBLISHER_MEMBERSHIP_NAME = "publisher";

private static final String MANAGER_MEMBERSHIP_NAME = "manager";
public static final String MANAGER_MEMBERSHIP_NAME = "manager";

private static final String PLATFORM_WEB_CONTRIBUTORS_GROUP = "/platform/web-contributors";

public static final String SHARE_CONTENT_ATTACHMENTS = "content.share.attachments";
public static final String PLATFORM_WEB_CONTRIBUTORS_GROUP = "/platform/web-contributors";

public static final String SHARE_CONTENT_ATTACHMENTS = "content.share.attachments";

public enum NewsObjectType {
DRAFT, LATEST_DRAFT, ARTICLE;
Expand Down Expand Up @@ -190,9 +189,12 @@ public static boolean canPublishNews(String spaceId, org.exoplatform.services.se
if (!StringUtils.isBlank(spaceId)) {
SpaceService spaceService = CommonsUtils.getService(SpaceService.class);
Space space = spaceService.getSpaceById(spaceId);
return currentIdentity != null && space != null && spaceService.isMember(space, currentIdentity.getUserId())
return currentIdentity != null
&& space != null
&& (currentIdentity.isMemberOf(PLATFORM_WEB_CONTRIBUTORS_GROUP, PUBLISHER_MEMBERSHIP_NAME)
|| spaceService.isPublisher(space, currentIdentity.getUserId()));
|| spaceService.isPublisher(space, currentIdentity.getUserId())
|| spaceService.isManager(space, currentIdentity.getUserId())
|| spaceService.isSuperManager(currentIdentity.getUserId()));
}
return currentIdentity != null && currentIdentity.isMemberOf(PLATFORM_WEB_CONTRIBUTORS_GROUP, PUBLISHER_MEMBERSHIP_NAME);
}
Expand Down
155 changes: 77 additions & 78 deletions content-service/src/test/java/io/meeds/news/service/impl/NewsTargetingImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@
package io.meeds.news.service.impl;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.atLeastOnce;
Expand Down Expand Up @@ -182,11 +182,9 @@ public void testGetAllowedTargets() throws Exception {
identityManager,
spaceService,
organizationService);
IdentityRegistry identityRegistry = mock(IdentityRegistry.class);
EXO_CONTAINER_CONTEXT.when(() -> ExoContainerContext.getService(IdentityRegistry.class)).thenReturn(identityRegistry);
org.exoplatform.services.security.Identity identity = mock(org.exoplatform.services.security.Identity.class);
REST_UTILS.when(() -> RestUtils.getCurrentUser()).thenReturn("user");
when(identityRegistry.getIdentity("user")).thenReturn(identity);
REST_UTILS.when(RestUtils::getCurrentUser).thenReturn("user");
MetadataType metadataType = new MetadataType(4, "newsTarget");
List<Metadata> newsTargets = new LinkedList<>();
Metadata sliderNews = new Metadata();
Expand Down Expand Up @@ -226,87 +224,89 @@ public void testGetAllowedTargets() throws Exception {

when(metadataService.getMetadatas(metadataType.getName(), 0)).thenReturn(newsTargets);
when(spaceService.getSpaceById("1")).thenReturn(space);
when(spaceService.isPublisher(space, identity.getUserId())).thenReturn(false);

// When
COMMONS_UTILS.when(() -> CommonsUtils.getService(SpaceService.class)).thenReturn(spaceService);
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(0, allowedTargets.size());

// Given
when(spaceService.isPublisher(space, identity.getUserId())).thenReturn(true);

// When
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());
assertTrue(allowedTargets.get(0).isRestrictedAudience());

// Given
Metadata testNews = new Metadata();
testNews.setName("testNews");
testNews.setCreatedDate(200);
HashMap<String, String> testNewsProperties = new HashMap<>();
testNewsProperties.put("label", "test news");
testNewsProperties.put(NewsUtils.TARGET_PERMISSIONS, "/platform/administrators");
testNews.setProperties(testNewsProperties);
testNews.setId(3);
newsTargets.add(testNews);

when(organizationService.getGroupHandler()).thenReturn(groupHandler);
Group group = new GroupImpl();
group.setId("/platform/administrators");
group.setGroupName("Administrators");

when(groupHandler.findGroupById("/platform/administrators")).thenReturn(group);
when(identity.isMemberOf("/platform/administrators", "publisher")).thenReturn(false);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());

// Given
when(identity.isMemberOf("/platform/administrators", "publisher")).thenReturn(true);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(2, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());
assertEquals("testNews", allowedTargets.get(1).getName());
assertTrue(allowedTargets.get(0).isRestrictedAudience());

// Given
when(spaceService.getSpaceById("1")).thenReturn(null);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("testNews", allowedTargets.get(0).getName());

// Given
when(groupHandler.findGroupById("/platform/administrators")).thenReturn(null);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(0, allowedTargets.size());
try (MockedStatic<NewsUtils> newsUtils = mockStatic(NewsUtils.class)) {
// Given
newsUtils.when(() -> NewsUtils.canPublishNews(space.getId(), identity)).thenReturn(true);

// When
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());
assertFalse(allowedTargets.get(0).isRestrictedAudience());

// Given
Metadata testNews = new Metadata();
testNews.setName("testNews");
testNews.setCreatedDate(200);
HashMap<String, String> testNewsProperties = new HashMap<>();
testNewsProperties.put("label", "test news");
testNewsProperties.put(NewsUtils.TARGET_PERMISSIONS, "/platform/administrators");
testNews.setProperties(testNewsProperties);
testNews.setId(3);
newsTargets.add(testNews);

when(organizationService.getGroupHandler()).thenReturn(groupHandler);
Group group = new GroupImpl();
group.setId("/platform/administrators");
group.setGroupName("Administrators");

when(groupHandler.findGroupById("/platform/administrators")).thenReturn(group);
when(identity.isMemberOf("/platform/administrators", "publisher")).thenReturn(false);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());

// Given
when(identity.isMemberOf("/platform/administrators", "publisher")).thenReturn(true);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(2, allowedTargets.size());
assertEquals("latestNews", allowedTargets.get(0).getName());
assertEquals("testNews", allowedTargets.get(1).getName());
assertFalse(allowedTargets.get(0).isRestrictedAudience());

// Given
when(spaceService.getSpaceById("1")).thenReturn(null);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(1, allowedTargets.size());
assertEquals("testNews", allowedTargets.get(0).getName());

// Given
when(groupHandler.findGroupById("/platform/administrators")).thenReturn(null);

// when
allowedTargets = newsTargetingService.getAllowedTargets(identity);

// Then
assertNotNull(allowedTargets);
assertEquals(0, allowedTargets.size());
}
}

@Test
Expand Down Expand Up @@ -386,7 +386,6 @@ public void testSaveNewsTargets() throws Exception {
EXO_CONTAINER_CONTEXT.when(() -> ExoContainerContext.getService(IdentityRegistry.class)).thenReturn(identityRegistry);
EXO_CONTAINER_CONTEXT.when(() -> ExoContainerContext.getCurrentContainer()).thenReturn(container);
when(spaceService.getSpaceById("1")).thenReturn(space);
when(spaceService.isMember(space, identity.getUserId())).thenReturn(true);
EXO_CONTAINER_CONTEXT.when(() -> ExoContainerContext.getService(Authenticator.class)).thenReturn(authenticator);
when(authenticator.createIdentity("root")).thenReturn(identity);
List<MembershipEntry> memberships = new LinkedList<>();
Expand Down
96 changes: 96 additions & 0 deletions content-service/src/test/java/io/meeds/news/utils/NewsUtilsTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
/**
* This file is part of the Meeds project (https://meeds.io/).
*
* Copyright (C) 2020 - 2024 Meeds Association [email protected]
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package io.meeds.news.utils;

import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;

import org.junit.AfterClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.junit.MockitoJUnitRunner;

import org.exoplatform.commons.utils.CommonsUtils;
import org.exoplatform.services.security.Identity;
import org.exoplatform.social.core.space.model.Space;
import org.exoplatform.social.core.space.spi.SpaceService;

@RunWith(MockitoJUnitRunner.class)
public class NewsUtilsTest {

private static final MockedStatic<CommonsUtils> COMMONS_UTILS = mockStatic(CommonsUtils.class);

@Mock
private SpaceService spaceService;

@Mock
private Space space;

@Mock
private Identity userAclIdentity;

@Mock
private Identity adminAclIdentity;

@AfterClass
public static void afterRunBare() throws Exception { // NOSONAR
COMMONS_UTILS.close();
}

@Test
public void testCanPublishNews() {
when(userAclIdentity.getUserId()).thenReturn("user");
when(space.getId()).thenReturn("2");

assertFalse(NewsUtils.canPublishNews(null, null));
COMMONS_UTILS.when(() -> CommonsUtils.getService(SpaceService.class)).thenReturn(spaceService);
assertFalse(NewsUtils.canPublishNews(space.getId(), null));
assertFalse(NewsUtils.canPublishNews(space.getId(), userAclIdentity));

when(spaceService.getSpaceById(space.getId())).thenReturn(space);

assertFalse(NewsUtils.canPublishNews(space.getId(), null));
assertFalse(NewsUtils.canPublishNews(space.getId(), userAclIdentity));

when(adminAclIdentity.isMemberOf(NewsUtils.PLATFORM_WEB_CONTRIBUTORS_GROUP, NewsUtils.PUBLISHER_MEMBERSHIP_NAME)).thenReturn(true);
assertTrue(NewsUtils.canPublishNews(space.getId(), adminAclIdentity));
assertFalse(NewsUtils.canPublishNews(space.getId(), userAclIdentity));

lenient().when(spaceService.isMember(space, userAclIdentity.getUserId())).thenReturn(true);
assertFalse(NewsUtils.canPublishNews(space.getId(), userAclIdentity));
lenient().when(spaceService.isMember(space, userAclIdentity.getUserId())).thenReturn(false);

when(spaceService.isPublisher(space, userAclIdentity.getUserId())).thenReturn(true);
assertTrue(NewsUtils.canPublishNews(space.getId(), userAclIdentity));
when(spaceService.isPublisher(space, userAclIdentity.getUserId())).thenReturn(false);

when(spaceService.isManager(space, userAclIdentity.getUserId())).thenReturn(true);
assertTrue(NewsUtils.canPublishNews(space.getId(), userAclIdentity));
when(spaceService.isManager(space, userAclIdentity.getUserId())).thenReturn(false);

when(spaceService.isSuperManager(userAclIdentity.getUserId())).thenReturn(true);
assertTrue(NewsUtils.canPublishNews(space.getId(), userAclIdentity));
}

}

0 comments on commit 3fd7400

Please sign in to comment.