Fix for ALF-15257. Unable to delete sites if you are not the manager that created the site.

The problem here was that the deleteSite() method was deleting the group authorities associated with the site, before deleting the site itself. THerefore, site creators had permission to delete, but site managers who were not creators had their manager group membership deleted before the site delete was attempted and it therefore always failed. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@39796 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2012-07-26 11:07:00 +00:00
parent 7ba6470483
commit 05bcd40a17
2 changed files with 59 additions and 19 deletions
--- a/source/java/org/alfresco/repo/site/SiteServiceImpl.java
+++ b/source/java/org/alfresco/repo/site/SiteServiceImpl.java
@@ -1405,6 +1405,23 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
        // Collection for recording the group memberships present on the site 
        final Map<String, Set<String>> groupsMemberships = new HashMap<String, Set<String>>();
        
+        // Save the group memberships so we can use them later
+        this.nodeService.setProperty(siteNodeRef, QName.createQName(null, "memberships"), (Serializable)groupsMemberships);
+        
+        // The default behaviour is that sites cannot be deleted. But we disable that behaviour here
+        // in order to allow site deletion only via this service. Share calls this service for deletion.
+        //
+        // See ALF-7888 for some background on this issue
+        this.behaviourFilter.disableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
+        try
+        {
+            this.nodeService.deleteNode(siteNodeRef);
+        }
+        finally
+        {
+            this.behaviourFilter.enableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
+        }
+        
        // Delete the associated groups
        AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
        {
@@ -1435,23 +1452,6 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
            }
        }, AuthenticationUtil.getSystemUserName());
        
-        // Save the group memberships so we can use them later
-        this.nodeService.setProperty(siteNodeRef, QName.createQName(null, "memberships"), (Serializable)groupsMemberships);
-        
-        // The default behaviour is that sites cannot be deleted. But we disable that behaviour here
-        // in order to allow site deletion only via this service. Share calls this service for deletion.
-        //
-        // See ALF-7888 for some background on this issue
-        this.behaviourFilter.disableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
-        try
-        {
-            this.nodeService.deleteNode(siteNodeRef);
-        }
-        finally
-        {
-            this.behaviourFilter.enableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
-        }
-        
        logger.debug("site deleted :" + shortName);
    }