From 035556c8c3b13364f77e130b19f17c746625e31b Mon Sep 17 00:00:00 2001
From: Roy Wetherall <roy.wetherall@alfresco.com>
Date: Wed, 23 Jan 2013 05:03:52 +0000
Subject: [PATCH] RM:  Remove the extended security when 'hiding' a record
 withing a collaboration site.

 * relates to RM-583 ... ensures the records that have been hidden no longer appear in the document search results.



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@45746 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../org_alfresco_module_rm/action-context.xml |  1 +
 .../action/dm/HideRecordAction.java           | 17 ++++++++-
 .../security/ExtendedSecurityService.java     | 37 +++++++++++++------
 3 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml
index 3403de833c..6c42372145 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml
@@ -28,6 +28,7 @@
    <bean id="hide-record" parent="action-executer" class="org.alfresco.module.org_alfresco_module_rm.action.dm.HideRecordAction">
       <property name="permissionService" ref="PermissionService"/>
       <property name="nodeService" ref="NodeService" />
+      <property name="extendedSecurityService" ref="ExtendedSecurityService" />
    </bean>
 
 </beans>
\ No newline at end of file
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/HideRecordAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/HideRecordAction.java
index cc528cfccb..86b1b075b4 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/HideRecordAction.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/HideRecordAction.java
@@ -22,6 +22,7 @@ import java.util.List;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
 import org.alfresco.repo.action.executer.ActionExecuterAbstractBase;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
@@ -57,6 +58,9 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
 
     /** Permission service */
     private PermissionService permissionService;
+    
+    /** Extended security service */
+    private ExtendedSecurityService extendedSecurityService;
 
     /**
      * @param nodeService node service
@@ -73,6 +77,14 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
     {
         this.permissionService = permissionService;
     }
+    
+    /**
+     * @param extendedSecurityService   extended security service
+     */
+    public void setExtendedSecurityService(ExtendedSecurityService extendedSecurityService)
+    {
+        this.extendedSecurityService = extendedSecurityService;
+    }
 
     /**
      * @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef)
@@ -103,6 +115,7 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
         }
         else
         {
+            // remove the child association
             NodeRef originalLocation = (NodeRef) nodeService.getProperty(actionedUponNodeRef, PROP_ORIGINAL_LOCATION);
             List<ChildAssociationRef> parentAssocs = nodeService.getParentAssocs(actionedUponNodeRef);
             for (ChildAssociationRef childAssociationRef : parentAssocs)
@@ -112,6 +125,9 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
                     nodeService.removeChildAssociation(childAssociationRef);
                 }
             }
+            
+            // remove the extended security from the node ... this prevents the users from continuing to see the record in searchs and other linked locations
+            extendedSecurityService.removeAllExtendedReaders(actionedUponNodeRef);
         }
     }
 
@@ -123,5 +139,4 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
     {
         // Intentionally empty
     }
-
 }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java
index 1fd0e3a64f..dbcfa88e1b 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java
@@ -56,38 +56,53 @@ public interface ExtendedSecurityService
     void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
     
     /**
+     * Set the authorities that have extended reading permissions on the node.
+     * <p>
+     * Optionally applies the extended readers to the file plan hierarchy.
      * 
-     * @param nodeRef
-     * @param readers
-     * @param applyToParents
+     * @param nodeRef           node reference
+     * @param readers           extended readers 
+     * @param applyToParents    true if applied to file plan hierarchy, false otherwise
      */
     void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
     
     /**
+     * Removes the given authorities from the extended readers set for this node.
+     * <p>
+     * Applies to file plan hierarchy.
      * 
-     * @param nodeRef
-     * @param readers
+     * @param nodeRef   node reference
+     * @param readers   extended readers
      */
     void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
     
     /**
+     * Removes the given authorities from the extended readers set for this node.
+     * <p>
+     * Optionally applies the removal to the file plan hierarchy.
      * 
-     * @param nodeRef
-     * @param readers
-     * @param applyToParents
+     * @param nodeRef           node reference
+     * @param readers           extended readers
+     * @param applyToParents    true if applied to the file plan hierarchy, false otherwise
      */
     void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
     
     /**
+     * Removes all extended readers from this node.
+     * <p>
+     * Applies removal to the file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef   node reference
      */
     void removeAllExtendedReaders(NodeRef nodeRef);
     
     /**
+     * Removes all extended readers from this node.
+     * <p>
+     * Optionally applies the removal to the file plan hierarchy.
      * 
-     * @param nodeRef
-     * @param applyToParents
+     * @param nodeRef           node reference
+     * @param applyToParents    true if applied to the file plan hierarchy, false otherwise
      */
     void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents);