From bc7caea25cd8a430b8cf38e1ab6e6da665692a6b Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Thu, 21 Nov 2019 14:11:57 +0200 Subject: [PATCH 1/8] RM-7047: Link to held item from audit entry - consider Delete Hold as deleteObject --- .../audit/RecordsManagementAuditServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 4321ac0c09..fa660a11c6 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -1522,7 +1522,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean setNodeName(entry, json); // TODO: Find another way for checking the event - if (entry.getEvent().equals("Delete RM Object")) + if (entry.getEvent().equals("Delete RM Object") || entry.getEvent().equals("Delete Hold")) { json.put("deleteObject", true); } From cc1a6f19719d00fec2eb6246b9a53a52658b9ebd Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Fri, 22 Nov 2019 11:27:08 +0200 Subject: [PATCH 2/8] RM-7047: Link to held item from audit entry - changes after review --- .../audit/RecordsManagementAuditServiceImpl.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index fa660a11c6..6ca49c210b 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -1521,12 +1521,6 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean setNodeName(entry, json); - // TODO: Find another way for checking the event - if (entry.getEvent().equals("Delete RM Object") || entry.getEvent().equals("Delete Hold")) - { - json.put("deleteObject", true); - } - json.put("nodeType", entry.getNodeType() == null ? "": entry.getNodeType()); json.put("event", entry.getEvent() == null ? "": getAuditEventLabel(entry.getEvent())); json.put("identifier", entry.getIdentifier() == null ? "": entry.getIdentifier()); @@ -1625,6 +1619,16 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean nodeName = getNodeName(entry.getBeforeProperties(), PARENT_GROUP); break; + case "Delete RM Object": + nodeName = entry.getNodeName(); + json.put("deleteObject", true); + break; + + case "Delete Hold": + nodeName = entry.getNodeName(); + json.put("deleteObject", true); + break; + default: nodeName = entry.getNodeName(); break; From 7f89f150e7650a3f1d9267013fe139dcdd1cb495 Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Fri, 22 Nov 2019 14:39:19 +0200 Subject: [PATCH 3/8] RM-7047: Link to held item from audit entry - addressed review suggestions --- .../audit/RecordsManagementAuditServiceImpl.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 6ca49c210b..692b63ffe6 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -1620,10 +1620,6 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean break; case "Delete RM Object": - nodeName = entry.getNodeName(); - json.put("deleteObject", true); - break; - case "Delete Hold": nodeName = entry.getNodeName(); json.put("deleteObject", true); From 58280bc3237a38031851e922dd26c839df5bbff0 Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Tue, 26 Nov 2019 07:00:28 +0000 Subject: [PATCH 4/8] RM-7047: Link to held item from audit entry - added support for link to held items in audit - changed style class for existing links in audit entry --- .../audit/RecordsManagementAuditServiceImpl.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 4321ac0c09..692b63ffe6 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -1521,12 +1521,6 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean setNodeName(entry, json); - // TODO: Find another way for checking the event - if (entry.getEvent().equals("Delete RM Object")) - { - json.put("deleteObject", true); - } - json.put("nodeType", entry.getNodeType() == null ? "": entry.getNodeType()); json.put("event", entry.getEvent() == null ? "": getAuditEventLabel(entry.getEvent())); json.put("identifier", entry.getIdentifier() == null ? "": entry.getIdentifier()); @@ -1625,6 +1619,12 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean nodeName = getNodeName(entry.getBeforeProperties(), PARENT_GROUP); break; + case "Delete RM Object": + case "Delete Hold": + nodeName = entry.getNodeName(); + json.put("deleteObject", true); + break; + default: nodeName = entry.getNodeName(); break; From e8f67c8b75e8012ec5e322692a1f036e06c20e2b Mon Sep 17 00:00:00 2001 From: Sara Aspery Date: Wed, 27 Nov 2019 05:55:29 +0000 Subject: [PATCH 5/8] RM-7068 restrict items in delete hold error msg --- .../org_alfresco_module_rm/hold/HoldServiceImpl.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java index 258d3124b6..0fa8527d1a 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java @@ -39,6 +39,7 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.stream.Stream; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; @@ -104,6 +105,9 @@ public class HoldServiceImpl extends ServiceBaseImpl private static final String MSG_ERR_HOLD_PERMISSION_GENERIC_ERROR = "rm.hold.generic-permission-error"; private static final String MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR = "rm.hold.detailed-permission-error"; + /** Maximum number of held items to display in error message */ + private static final int MAX_HELD_ITEMS_LIST_SIZE = 5; + /** File Plan Service */ private FilePlanService filePlanService; @@ -570,13 +574,13 @@ public class HoldServiceImpl extends ServiceBaseImpl if (heldNames.size() > 0) { StringBuilder sb = new StringBuilder(); - for (String name : heldNames) - { + Stream stream1 = heldNames.stream(); + stream1.limit(MAX_HELD_ITEMS_LIST_SIZE).forEach((name) -> { sb.append("\n "); sb.append("'"); sb.append(name); sb.append("'"); - } + }); throw new AccessDeniedException(I18NUtil.getMessage(MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR) + sb.toString()); } From 3c95f9c4f827e59d5ac28295066eb29a559ec193 Mon Sep 17 00:00:00 2001 From: Sara Aspery Date: Wed, 27 Nov 2019 05:58:00 +0000 Subject: [PATCH 6/8] RM-7068 remove unused import statement --- .../module/org_alfresco_module_rm/hold/HoldServiceImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java index 0fa8527d1a..6b7d774e3f 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java @@ -44,7 +44,6 @@ import java.util.stream.Stream; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; -import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; From a0868776d55bf3a1fea5845b025c21fee8308b2e Mon Sep 17 00:00:00 2001 From: Sara Aspery Date: Thu, 28 Nov 2019 01:45:40 +0000 Subject: [PATCH 7/8] RM-7068 updates from review --- .../org_alfresco_module_rm/messages/hold-service.properties | 2 +- .../module/org_alfresco_module_rm/hold/HoldServiceImpl.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/hold-service.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/hold-service.properties index 35662dcd2c..0c8921f747 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/hold-service.properties +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/hold-service.properties @@ -7,4 +7,4 @@ rm.hold.delete-node-frozen-children=Can't delete folder because it contains froz rm.hold.move-frozen-node=Frozen content can't be moved. rm.hold.update-frozen-node=Frozen content can't be updated. rm.hold.generic-permission-error=Can't delete hold, because you don't have the correct permissions for all the items within the hold. -rm.hold.detailed-permission-error=Can't delete hold, because filing permissions for the following items are needed: \ No newline at end of file +rm.hold.detailed-permission-error=Can't delete hold, because filing permissions for at least the following items are needed: \ No newline at end of file diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java index 6b7d774e3f..756dda7b85 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java @@ -574,7 +574,7 @@ public class HoldServiceImpl extends ServiceBaseImpl { StringBuilder sb = new StringBuilder(); Stream stream1 = heldNames.stream(); - stream1.limit(MAX_HELD_ITEMS_LIST_SIZE).forEach((name) -> { + stream1.limit(MAX_HELD_ITEMS_LIST_SIZE).forEach(name -> { sb.append("\n "); sb.append("'"); sb.append(name); From 26ed36d3127568640d452f38433ed668f8ae4715 Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Thu, 28 Nov 2019 11:04:15 +0000 Subject: [PATCH 8/8] RM-7063: User with no Read on active content can see Add To Hold/Remove From Hold audit entries - filter entries based on READ permissions too --- .../rm-service-context.xml | 1 + .../RecordsManagementAuditServiceImpl.java | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index a6bb75c2c1..ccaba88ffc 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -940,6 +940,7 @@ + cm:lastThumbnailModification diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 692b63ffe6..770d05d3b1 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -81,6 +81,7 @@ import org.alfresco.service.cmr.repository.MLText; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.site.SiteInfo; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.namespace.NamespaceService; @@ -205,6 +206,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean private FilePlanService filePlanService; private NamespaceService namespaceService; protected CapabilityService capabilityService; + protected PermissionService permissionService; private boolean shutdown = false; @@ -321,6 +323,15 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean this.ignoredAuditProperties = ignoredAuditProperties; } + /** + * + * @param permissionService + */ + public void setPermissionService(PermissionService permissionService) + { + this.permissionService = permissionService; + } + /** * @see org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService#registerAuditEvent(java.lang.String, java.lang.String) */ @@ -987,9 +998,10 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean } if (nodeRef != null && nodeService.exists(nodeRef) && - filePlanService.isFilePlanComponent(nodeRef) && - !AccessStatus.ALLOWED.equals( - capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) + ((filePlanService.isFilePlanComponent(nodeRef) && + !AccessStatus.ALLOWED.equals( + capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) + || (!AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.READ))))) { return true; }