diff --git a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java index 78907fd8b9..726e34474e 100644 --- a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java +++ b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java @@ -31,7 +31,6 @@ import java.util.HashMap; import java.util.Map; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService; @@ -76,7 +75,7 @@ public class CreateCapability extends DeclarativeCapability @Override public int evaluate(NodeRef nodeRef) { - return evaluate(nodeRef, null, null); + return evaluate(nodeRef, null, null, null); } /** @@ -85,9 +84,10 @@ public class CreateCapability extends DeclarativeCapability * @param destination destination node reference * @param linkee linkee node reference, can be null * @param assocType association type, can be null + * @param recordType record type, can be null * @return */ - public int evaluate(NodeRef destination, NodeRef linkee, QName assocType) + public int evaluate(NodeRef destination, NodeRef linkee, QName assocType, QName recordType) { if (linkee != null) { @@ -105,7 +105,7 @@ public class CreateCapability extends DeclarativeCapability { if (recordService.isRecord(destination) && !recordService.isDeclared(destination) && - permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) + permissionService.hasPermission(destination, FILE_RECORDS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } @@ -115,7 +115,7 @@ public class CreateCapability extends DeclarativeCapability if (recordService.isRecord(linkee) && recordService.isRecord(destination) && !recordService.isDeclared(destination) && - permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) + permissionService.hasPermission(destination, FILE_RECORDS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } @@ -132,14 +132,15 @@ public class CreateCapability extends DeclarativeCapability // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record if (checkConditions(destination, conditions) && - !recordFolderService.isRecordFolder(destination) ) + !recordFolderService.isRecordFolder(destination) && + permissionService.hasPermission(destination, CREATE_MODIFY_DESTROY_FILEPLAN_METADATA) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && - permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) + permissionService.hasPermission(destination, FILE_RECORDS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } @@ -147,7 +148,7 @@ public class CreateCapability extends DeclarativeCapability conditions.put("capabilityCondition.closed", Boolean.TRUE); if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && - permissionService.hasPermission(getFilePlanService().getFilePlan(destination), RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS) == AccessStatus.ALLOWED) + permissionService.hasPermission(getFilePlanService().getFilePlan(destination), DECLARE_RECORDS_IN_CLOSED_FOLDERS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } @@ -156,32 +157,32 @@ public class CreateCapability extends DeclarativeCapability conditions.put("capabilityCondition.cutoff", Boolean.TRUE); if (checkConditions(destination, conditions) && recordFolderService.isRecordFolder(destination) && - permissionService.hasPermission(getFilePlanService().getFilePlan(destination), RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == AccessStatus.ALLOWED) + permissionService.hasPermission(getFilePlanService().getFilePlan(destination), CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == AccessStatus.ALLOWED) { return AccessDecisionVoter.ACCESS_GRANTED; } } - if (capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) + if (null != recordType && recordType.equals(TYPE_RECORD_FOLDER) && capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } - if (capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) + if (capabilityService.getCapability(DECLARE_RECORDS_IN_CLOSED_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } - if (capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) + if (capabilityService.getCapability(CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } - if (capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) + if (capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } - if (capabilityService.getCapability(RMPermissionModel.CREATE_HOLD).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) + if (capabilityService.getCapability(CREATE_HOLD).evaluate(destination) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } - if (((ChangeOrDeleteReferencesCapability)capabilityService.getCapability(RMPermissionModel.CHANGE_OR_DELETE_REFERENCES)).evaluate(destination, linkee) == AccessDecisionVoter.ACCESS_GRANTED) + if (((ChangeOrDeleteReferencesCapability)capabilityService.getCapability(CHANGE_OR_DELETE_REFERENCES)).evaluate(destination, linkee) == AccessDecisionVoter.ACCESS_GRANTED) { return AccessDecisionVoter.ACCESS_GRANTED; } diff --git a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CreatePolicy.java b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CreatePolicy.java index a36ccd79ff..c3f47d3312 100644 --- a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CreatePolicy.java +++ b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CreatePolicy.java @@ -28,6 +28,7 @@ package org.alfresco.module.org_alfresco_module_rm.capability.policy; import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; import org.aopalliance.intercept.MethodInvocation; @@ -42,10 +43,18 @@ public class CreatePolicy extends AbstractBasePolicy { NodeRef linkee = null; QName assocType = null; + QName recordType = null; // get the destination node NodeRef destination = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent()); + //get the recordType + for (Object qname : invocation.getArguments()) { + if (qname != null && (qname.equals(RecordsManagementModel.TYPE_RECORD_FOLDER) || qname.equals(RecordsManagementModel.TYPE_RECORD_CATEGORY))) { + recordType = (QName) qname; + } + } + if (cad.getParameters().size() > 1) { // get the linkee when present @@ -58,7 +67,7 @@ public class CreatePolicy extends AbstractBasePolicy } } - return ((CreateCapability) getCapabilityService().getCapability("Create")).evaluate(destination, linkee, assocType); + return ((CreateCapability) getCapabilityService().getCapability("Create")).evaluate(destination, linkee, assocType, recordType); } } diff --git a/amps/ags/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java b/amps/ags/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java index 727e7156ec..2cc3d33873 100644 --- a/amps/ags/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java +++ b/amps/ags/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java @@ -180,6 +180,7 @@ public class CreateRecordTest extends BaseRMTestCase Set capabilities = new HashSet<>(2); capabilities.add(capabilityService.getCapability("ViewRecords")); capabilities.add(capabilityService.getCapability("CreateRecords")); + capabilities.add(capabilityService.getCapability("CreateModifyDestroyFileplanMetadata")); filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities); @@ -189,6 +190,7 @@ public class CreateRecordTest extends BaseRMTestCase //give read and file permission to user on unfiled records container filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING); + filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA); } public void when()