RM: Remove the extended security when 'hiding' a record withing a collaboration site.

* relates to RM-583 ... ensures the records that have been hidden no longer appear in the document search results.



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@45746 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/action-context.xml

@@ -28,6 +28,7 @@
    <bean id="hide-record" parent="action-executer" class="org.alfresco.module.org_alfresco_module_rm.action.dm.HideRecordAction">
       <property name="permissionService" ref="PermissionService"/>
       <property name="nodeService" ref="NodeService" />
+      <property name="extendedSecurityService" ref="ExtendedSecurityService" />
    </bean>
 
 </beans>

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/HideRecordAction.java

@@ -22,6 +22,7 @@ import java.util.List;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
 import org.alfresco.repo.action.executer.ActionExecuterAbstractBase;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
@@ -57,6 +58,9 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
 
     /** Permission service */
     private PermissionService permissionService;
+    
+    /** Extended security service */
+    private ExtendedSecurityService extendedSecurityService;
 
     /**
      * @param nodeService node service
@@ -73,6 +77,14 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
     {
         this.permissionService = permissionService;
     }
+    
+    /**
+     * @param extendedSecurityService   extended security service
+     */
+    public void setExtendedSecurityService(ExtendedSecurityService extendedSecurityService)
+    {
+        this.extendedSecurityService = extendedSecurityService;
+    }
 
     /**
      * @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef)
@@ -103,6 +115,7 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
         }
         else
         {
+            // remove the child association
             NodeRef originalLocation = (NodeRef) nodeService.getProperty(actionedUponNodeRef, PROP_ORIGINAL_LOCATION);
             List<ChildAssociationRef> parentAssocs = nodeService.getParentAssocs(actionedUponNodeRef);
             for (ChildAssociationRef childAssociationRef : parentAssocs)
@@ -112,6 +125,9 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
                     nodeService.removeChildAssociation(childAssociationRef);
                 }
             }
+            
+            // remove the extended security from the node ... this prevents the users from continuing to see the record in searchs and other linked locations
+            extendedSecurityService.removeAllExtendedReaders(actionedUponNodeRef);
         }
     }
 
@@ -123,5 +139,4 @@ public class HideRecordAction extends ActionExecuterAbstractBase implements Reco
     {
         // Intentionally empty
     }
-
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java

@@ -56,38 +56,53 @@ public interface ExtendedSecurityService
     void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
     
     /**
+     * Set the authorities that have extended reading permissions on the node.
+     * <p>
+     * Optionally applies the extended readers to the file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef           node reference
-     * @param readers
+     * @param readers           extended readers 
-     * @param applyToParents
+     * @param applyToParents    true if applied to file plan hierarchy, false otherwise
      */
     void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
     
     /**
+     * Removes the given authorities from the extended readers set for this node.
+     * <p>
+     * Applies to file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef   node reference
-     * @param readers
+     * @param readers   extended readers
      */
     void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
     
     /**
+     * Removes the given authorities from the extended readers set for this node.
+     * <p>
+     * Optionally applies the removal to the file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef           node reference
-     * @param readers
+     * @param readers           extended readers
-     * @param applyToParents
+     * @param applyToParents    true if applied to the file plan hierarchy, false otherwise
      */
     void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
     
     /**
+     * Removes all extended readers from this node.
+     * <p>
+     * Applies removal to the file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef   node reference
      */
     void removeAllExtendedReaders(NodeRef nodeRef);
     
     /**
+     * Removes all extended readers from this node.
+     * <p>
+     * Optionally applies the removal to the file plan hierarchy.
      * 
-     * @param nodeRef
+     * @param nodeRef           node reference
-     * @param applyToParents
+     * @param applyToParents    true if applied to the file plan hierarchy, false otherwise
      */
     void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents);