inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM Bugs:

Browse Source 
* Edit details Ui action now reflects user's capabilites correctly
 * Fixed up a couple of behaviours that don't execute when non-admin user (run as system user since admin may not be rm admin)
 * Transfers not appear in docLib filter correcetly
 * File UI action now reflects the user's capability correctly.
 * Renamed 'group' capabilities to 'private' as this more accurately reflects what it means.
 * Added composite capability implementation ... allows us to futher consolidate some of the edge cases and will allow us to break down further some of the existing capabilities .. this makes is much easier to see and understand exactlly what each capability is doing
 * Refactored current 'group' capabilities .. replacing with pure spring config where appropriate .. much clearer what they are doing (and fixed up where they wheren't doing exactlly the right thing)
 * Moved the remaining group capabilities impl's with the other capability impl's .. we are now down to 8 custom capability implementations .. down from 50+ .. and these havily borrow from the base classes where they can ... makes maintenance MUCH easier!
 * more unit tests
 * used new 'private' capability technique to break up FileRecord capability ... it's now clear what it is doing and could be corrected easily



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@35350 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-04-18 04:58:51 +00:00
parent 9d7fe7fd4a
commit 09a0f50882
28 changed files with 482 additions and 691 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
View File

@@ -101,16 +101,24 @@
<property name="capabilityService" ref="CapabilityService"/>
</bean>
<bean id="rmAccessAuditCapability"
<bean id="declarativeCapability"
abstract="true"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability"/>
<bean id="compositeCapability"
abstract="true"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability" />
<bean id="rmAccessAuditCapability"
parent="declarativeCapability">
<property name="name" value="AccessAudit"/>
<property name="permission" value="AccessAudit"/>
</bean>
<bean id="rmAddModifyEventDatesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="AddModifyEventDates"/>
<property name="permission" value="AddModifyEventDates"/>
<property name="kinds">
@@ -129,8 +137,7 @@
</bean>
<bean id="rmApproveRecordsScheduledForCutoffCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ApproveRecordsScheduledForCutoff"/>
<property name="permission" value="ApproveRecordsScheduledForCutoff"/>
<property name="kinds">
@@ -148,15 +155,13 @@
</bean>
<bean id="rmAttachRulesToMetadataPropertiesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="AttachRulesToMetadataProperties"/>
<property name="permission" value="AttachRulesToMetadataProperties"/>
</bean>
<bean id="rmAuthorizeAllTransfersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="AuthorizeAllTransfers"/>
<property name="permission" value="AuthorizeAllTransfers"/>
<property name="conditions">
@@ -167,8 +172,7 @@
</bean>
<bean id="rmAuthorizeNominatedTransfersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="AuthorizeNominatedTransfers"/>
<property name="permission" value="AuthorizeNominatedTransfers"/>
<property name="conditions">
@@ -192,8 +196,7 @@
</bean>
<bean id="rmCloseFoldersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CloseFolders"/>
<property name="permission" value="CloseFolders"/>
<property name="kinds">
@@ -212,29 +215,25 @@
</bean>
<bean id="rmCreateAndAssociateSelectionListsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateAndAssociateSelectionLists"/>
<property name="permission" value="CreateAndAssociateSelectionLists"/>
</bean>
<bean id="rmCreateModifyDestroyClassificationGuidesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyClassificationGuides"/>
<property name="permission" value="CreateModifyDestroyClassificationGuides"/>
</bean>
<bean id="rmCreateModifyDestroyEventsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyEvents" />
<property name="permission" value="CreateModifyDestroyEvents" />
</bean>
<bean id="rmCreateModifyDestroyFileplanMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFileplanMetadata"/>
<property name="permission" value="CreateModifyDestroyFileplanMetadata"/>
<property name="kinds">
@@ -252,22 +251,20 @@
</bean>
<bean id="rmCreateModifyDestroyFileplanTypesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFileplanTypes" />
<property name="permission" value="CreateModifyDestroyFileplanTypes" />
</bean>
<bean id="rmCreateModifyDestroyFoldersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFolders"/>
<property name="permission" value="CreateModifyDestroyFolders"/>
<property name="kinds">
<list>
<value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
<!-- <value>RECORD</value> -->
</list>
</property>
<property name="conditions">
@@ -281,43 +278,37 @@
</bean>
<bean id="rmCreateModifyDestroyRecordTypesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyRecordTypes" />
<property name="permission" value="CreateModifyDestroyRecordTypes" />
</bean>
<bean id="rmCreateModifyDestroyReferenceTypesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyReferenceTypes" />
<property name="permission" value="CreateModifyDestroyReferenceTypes" />
</bean>
<bean id="rmCreateModifyDestroyRolesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyRoles" />
<property name="permission" value="CreateModifyDestroyRoles" />
</bean>
<bean id="rmCreateModifyDestroyTimeframesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyTimeframes" />
<property name="permission" value="CreateModifyDestroyTimeframes" />
</bean>
<bean id="rmCreateModifyDestroyUsersAndGroupsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyUsersAndGroups" />
<property name="permission" value="CreateModifyDestroyUsersAndGroups" />
</bean>
<bean id="rmCreateModifyRecordsInCuttoffFoldersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CreateModifyRecordsInCutoffFolders"/>
<property name="permission" value="CreateModifyRecordsInCutoffFolders"/>
<property name="kinds">
@@ -337,8 +328,7 @@
</bean>
<bean id="rmCycleVitalRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="CycleVitalRecords"/>
<property name="permission" value="CycleVitalRecords"/>
<property name="kinds">
@@ -359,15 +349,13 @@
</bean>
<bean id="rmDeclareAuditAsRecordCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DeclareAuditAsRecord" />
<property name="permission" value="DeclareAuditAsRecord" />
</bean>
<bean id="rmDeclareRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DeclareRecords"/>
<property name="permission" value="DeclareRecords"/>
<property name="kinds">
@@ -387,8 +375,7 @@
</bean>
<bean id="rmDeclareRecordsInClosedFoldersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DeclareRecordsInClosedFolders"/>
<property name="permission" value="DeclareRecordsInClosedFolders"/>
<property name="kinds">
@@ -408,8 +395,7 @@
</bean>
<bean id="rmDeleteAuditCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DeleteAudit" />
<property name="permission" value="DeleteAudit" />
</bean>
@@ -429,12 +415,12 @@
</bean>
<bean id="rmDeleteRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DeleteRecords"/>
<property name="permission" value="DeleteRecords"/>
<property name="kinds">
<list>
<!-- <value>RECORD_FOLDER</value> -->
<value>RECORD</value>
</list>
</property>
@@ -446,8 +432,7 @@
</bean>
<bean id="rmDestroyRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DestroyRecords"/>
<property name="permission" value="DestroyRecords"/>
<property name="kinds">
@@ -465,8 +450,7 @@
</bean>
<bean id="rmDestroyRecordsScheduledForDestructionCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DestroyRecordsScheduledForDestruction"/>
<property name="permission" value="DestroyRecordsScheduledForDestruction"/>
<property name="conditions">
@@ -478,15 +462,13 @@
</bean>
<bean id="rmDisplayRightsReportCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="DisplayRightsReport" />
<property name="permission" value="DisplayRightsReport" />
</bean>
<bean id="rmEditDeclaredRecordMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="EditDeclaredRecordMetadata"/>
<property name="permission" value="EditDeclaredRecordMetadata"/>
<property name="kinds">
@@ -506,8 +488,7 @@
</bean>
<bean id="rmEditNonRecordMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="EditNonRecordMetadata"/>
<property name="permission" value="EditNonRecordMetadata"/>
<property name="conditions">
@@ -539,29 +520,25 @@
</bean>
<bean id="rmEditSelectionListsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="EditSelectionLists" />
<property name="permission" value="EditSelectionLists" />
</bean>
<bean id="rmEnableDisableAuditByTypesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="EnableDisableAuditByTypes" />
<property name="permission" value="EnableDisableAuditByTypes" />
</bean>
<bean id="rmExportAuditCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ExportAudit" />
<property name="permission" value="ExportAudit" />
</bean>
<bean id="rmExtendRetentionPeriodOrFreezeCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ExtendRetentionPeriodOrFreeze"/>
<property name="permission" value="ExtendRetentionPeriodOrFreeze"/>
<property name="kinds">
@@ -578,30 +555,46 @@
</property>
</bean>
<bean id="rmFileCapability"
parent="declarativeCapability">
<property name="name" value="File"/>
<property name="private" value="true"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmFileRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.FileRecordsCapability">
parent="compositeCapability">
<property name="name" value="FileRecords" />
<property name="dictionaryService" ref="DictionaryService"/>
<property name="capabilities">
<list>
<ref bean="rmFileCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmMakeOptionalPropertiesMandatoryCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="MakeOptionalParametersMandatory" />
<property name="permission" value="MakeOptionalParametersMandatory" />
</bean>
<bean id="rmManageAccessControlsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ManageAccessControls" />
<property name="permission" value="ManageAccessControls" />
</bean>
<bean id="rmManageAccessRightsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ManageAccessRights"/>
<property name="permission" value="ManageAccessRights"/>
<property name="conditions">
@@ -612,8 +605,7 @@
</bean>
<bean id="rmManuallyChangeDispositionDatesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ManuallyChangeDispositionDates"/>
<property name="permission" value="ManuallyChangeDispositionDates"/>
<property name="conditions">
@@ -625,15 +617,13 @@
</bean>
<bean id="rmMapClassificationGuideMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="MapClassificationGuideMetadata" />
<property name="permission" value="MapClassificationGuideMetadata" />
</bean>
<bean id="rmMapEmailMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="MapEmailMetadata" />
<property name="permission" value="MapEmailMetadata" />
</bean>
@@ -645,8 +635,7 @@
</bean>
<bean id="rmPasswordControlCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="PasswordControl" />
<property name="permission" value="PasswordControl" />
</bean>
@@ -667,8 +656,7 @@
</bean>
<bean id="rmReOpenFoldersCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ReOpenFolders"/>
<property name="permission" value="ReOpenFolders"/>
<property name="kinds">
@@ -687,15 +675,13 @@
</bean>
<bean id="rmSelectAuditMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="SelectAuditMetadata" />
<property name="permission" value="SelectAuditMetadata" />
</bean>
<bean id="rmTriggerAnEventCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="TriggerAnEvent"/>
<property name="permission" value="TriggerAnEvent"/>
<property name="kinds">
@@ -714,8 +700,7 @@
</bean>
<bean id="rmUndeclareRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UndeclareRecords"/>
<property name="permission" value="UndeclareRecords"/>
<property name="kinds">
@@ -733,8 +718,7 @@
</bean>
<bean id="rmUnfreezeCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="Unfreeze"/>
<property name="permission" value="Unfreeze"/>
<property name="conditions">
@@ -746,22 +730,19 @@
</bean>
<bean id="rmUpdateClassificationDatesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UpdateClassificationDates" />
<property name="permission" value="UpdateClassificationDates" />
</bean>
<bean id="rmUpdateExemptionCategoriesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UpdateExemptionCategories" />
<property name="permission" value="UpdateExemptionCategories" />
</bean>
<bean id="rmUpdateTriggerDatesCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UpdateTriggerDates"/>
<property name="permission" value="UpdateTriggerDates"/>
<property name="conditions">
@@ -772,8 +753,7 @@
</bean>
<bean id="rmUpdateVitalRecordCycleInformationCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UpdateVitalRecordCycleInformation"/>
<property name="permission" value="UpdateVitalRecordCycleInformation"/>
<property name="conditions">
@@ -784,8 +764,7 @@
</bean>
<bean id="rmUpgradeDowngradeAndDeclassifyRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="permission" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="conditions">
@@ -802,8 +781,7 @@
</bean>
<bean id="rmViewUpdateReasonsForFreezeCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
parent="declarativeCapability">
<property name="name" value="ViewUpdateReasonsForFreeze"/>
<property name="permission" value="ViewUpdateReasonsForFreeze"/>
<property name="conditions">
@@ -813,40 +791,78 @@
</property>
</bean>
<!-- Group capabilities -->
<!-- 'private' capabilities -->
<bean id="rmCreate" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability">
<bean id="rmCreate"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability">
<property name="name" value="Create"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
</bean>
<bean id="rmDelete" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.DeleteCapability">
<bean id="rmDelete"
parent="compositeCapability">
<property name="name" value="Delete"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDestroyRecordsScheduledForDestructionCapability"/>
<ref bean="rmDestroyRecordsCapability"/>
<ref bean="rmDeleteRecordsCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmUpdate" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdateCapability">
<bean id="rmUpdate"
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability">
<property name="name" value="Update"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmUpdateProperties"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability">
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability">
<property name="name" value="UpdateProperties"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmDeclare" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.DeclareCapability">
<bean id="rmDeclare"
parent="compositeCapability">
<property name="name" value="Declare"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDeclareRecordsCapability"/>
<ref bean="rmDeclareRecordsInClosedFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmWriteContent"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.group.WriteContentCapability">
parent="declarativeCapability">
<property name="name" value="WriteContent"/>
<property name="groupCapability" value="true"/>
<property name="private" value="true"/>
<property name="kinds">
<list>
<value>RECORD</value>

1
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
View File

@@ -89,6 +89,7 @@
<property name="dispositionService" ref="dispositionService"/>
<property name="recordsManagementServiceRegistry" ref="RecordsManagementServiceRegistry"/>
<property name="vitalRecordService" ref="VitalRecordService"/>
<property name="nodeService" ref="nodeService"/>
</bean>
<!-- Base bean definition for customisable types bootstrap -->

1
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -394,6 +394,7 @@
<value>RECORD_FOLDER</value>
</set>
</property>
<property name="capability" value ="FileRecords"/>
</bean>
<bean id="jsonConversionComponent.reviewedAction"

16
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
View File

@@ -52,8 +52,8 @@ public abstract class AbstractCapability extends RMSecurityCommon
/** Capability name */
protected String name;
/** Indicates whether this is a group capability or not */
protected boolean isGroupCapability = false;
/** Indicates whether this is a private capability or not */
protected boolean isPrivate = false;
/** List of actions */
protected List<RecordsManagementAction> actions = new ArrayList<RecordsManagementAction>(1);
@@ -116,19 +116,19 @@ public abstract class AbstractCapability extends RMSecurityCommon
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isGroupCapability()
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isPrivate()
*/
public boolean isGroupCapability()
public boolean isPrivate()
{
return isGroupCapability;
return isPrivate;
}
/**
* @param isGroupCapability indicates whether this is a group capability or not
* @param isPrivate indicates whether the capability is private or not
*/
public void setGroupCapability(boolean isGroupCapability)
public void setPrivate(boolean isPrivate)
{
this.isGroupCapability = isGroupCapability;
this.isPrivate = isPrivate;
}
/**

5
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
View File

@@ -62,11 +62,12 @@ public interface Capability
int evaluate(NodeRef source, NodeRef target);
/**
* Indicates whether this is a group capability or not
* Indicates whether this is a private capability or not. Private capabilities are used internally, otherwise
* they are made available to the user to assign to roles.
*
* @return
*/
boolean isGroupCapability();
boolean isPrivate();
/**
* Get the name of the capability

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
View File

@@ -26,21 +26,25 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* Capability service implementation
*
* @author Roy Wetherall
* @since 2.0
*/
public interface CapabilityService
{
/**
* Register a capability
*
* @param capability
* @param capability capability
*/
void registerCapability(Capability capability);
/**
* Get a named capability.
*
* @param name
* @return
* @param name capability name
* @return {@link Capability} capability or null if not found
*/
Capability getCapability(String name);

6
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
View File

@@ -37,10 +37,10 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability;
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;

65
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.declarative;
import java.util.List;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Generic implementation of a composite capability
*
* @author Roy Wetherall
*/
public class CompositeCapability extends DeclarativeCapability
{
/** List of capabilities */
private List<Capability> capabilities;
/**
* @param capabilites list of capabilities
*/
public void setCapabilities(List<Capability> capabilities)
{
this.capabilities = capabilities;
}
@Override
public int evaluateImpl(NodeRef nodeRef)
{
int result = AccessDecisionVoter.ACCESS_DENIED;
// Check each capability using 'OR' logic
for (Capability capability : capabilities)
{
int capabilityResult = capability.evaluate(nodeRef);
if (capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
{
result = AccessDecisionVoter.ACCESS_GRANTED;
break;
}
}
return result;
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*

8
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java
View File

@@ -18,6 +18,7 @@
*/
package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -29,6 +30,11 @@ public class DeclaredCapabilityCondition extends AbstractCapabilityCondition
@Override
public boolean evaluate(NodeRef nodeRef)
{
return rmService.isRecordDeclared(nodeRef);
boolean result = false;
if (FilePlanComponentKind.RECORD.equals(rmService.getFilePlanComponentKind(nodeRef)) == true)
{
result = rmService.isRecordDeclared(nodeRef);
}
return result;
}
}

54
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java
View File

@@ -1,54 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Composite Declare capability
*
* @author andyh
*/
public class DeclareCapability extends AbstractCapability
{
/*
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef declaree)
{
Capability recordsCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS);
Capability inClosedCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS);
if (recordsCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (inClosedCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
return AccessDecisionVoter.ACCESS_DENIED;
}
}

67
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java
View File

@@ -1,67 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* @author andyh
*/
public class DeleteCapability extends AbstractCapability
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef deletee)
{
Capability schedRec = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION);
Capability destroy = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS);
Capability delete = capabilityService.getCapability(RMPermissionModel.DELETE_RECORDS);
Capability desfileplan = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
Capability desfolder = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS);
if (schedRec.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (destroy.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (delete.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (desfileplan.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (desfolder.evaluate(deletee, null) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
return AccessDecisionVoter.ACCESS_DENIED;
}
}

95
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java
View File

@@ -1,95 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* @author andyh
*/
public class UpdateCapability extends AbstractCapability
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public int evaluate(NodeRef nodeRef)
{
return evaluate(nodeRef, null, null);
}
/**
*
* @param nodeRef
* @param aspectQName
* @param properties
* @return
*/
public int evaluate(NodeRef nodeRef, QName aspectQName, Map<QName, Serializable> properties)
{
if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
Capability destFolder = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS);
if (destFolder.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability fileplanMeta = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
if (fileplanMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability recordMeta = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA);
if (recordMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability nonRecordMetadata = capabilityService.getCapability(EDIT_NON_RECORD_METADATA);
if (nonRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability editRecordMetadata = capabilityService.getCapability(EDIT_RECORD_METADATA);
if (editRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
return AccessDecisionVoter.ACCESS_DENIED;
}
}

97
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java
View File

@@ -1,97 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* @author andyh
*/
public class UpdatePropertiesCapability extends AbstractCapability
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public int evaluate(NodeRef nodeRef)
{
return evaluate(nodeRef, (Map<QName, Serializable>)null);
}
/**
* Evaluate cabability
*
* @param nodeRef
* @param properties
* @return
*/
public int evaluate(NodeRef nodeRef, Map<QName, Serializable> properties)
{
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
Capability cap1 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS);
if (cap1.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability cap2 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
if (cap2.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability cap3 = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA);
if (cap3.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability cap4 = capabilityService.getCapability(EDIT_NON_RECORD_METADATA);
if (cap4.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability cap5 = capabilityService.getCapability(EDIT_RECORD_METADATA);
if (cap5.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
Capability cap6 = capabilityService.getCapability(CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS);
if (cap6.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
return AccessDecisionVoter.ACCESS_DENIED;
}
}

55
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java
View File

@@ -1,55 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
/**
* @author andyh
*/
public class WriteContentCapability extends DeclarativeCapability
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef nodeRef)
{
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
if (rmService.isFilePlanComponent(nodeRef))
{
result = AccessDecisionVoter.ACCESS_DENIED;
if (checkKinds(nodeRef) == true && checkConditions(nodeRef) == true)
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{
result = AccessDecisionVoter.ACCESS_GRANTED;
}
}
}
return result;
}
}

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.group;
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.util.HashMap;
import java.util.Map;
@@ -26,7 +26,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.ChangeOrDeleteReferencesCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;

115
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java
View File

@@ -1,115 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.util.HashMap;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
/**
* File records capability.
*
* @author andyh
*/
public class FileRecordsCapability extends DeclarativeCapability
{
/** Dictionary service */
private DictionaryService dictionaryService;
/**
* @param dictionaryService dictionary service
*/
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
public int evaluate(NodeRef nodeRef)
{
if (rmService.isFilePlanComponent(nodeRef))
{
// Build the conditions map
Map<String, Boolean> conditions = new HashMap<String, Boolean>(5);
conditions.put("capabilityCondition.filling", Boolean.TRUE);
conditions.put("capabilityCondition.frozen", Boolean.FALSE);
conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
conditions.put("capabilityCondition.closed", Boolean.FALSE);
conditions.put("capabilityCondition.declared", Boolean.FALSE);
if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
{
if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
}
conditions.put("capabilityCondition.closed", Boolean.TRUE);
if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
{
if (checkPermissionsImpl(nodeRef, DECLARE_RECORDS_IN_CLOSED_FOLDERS) == true)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
}
conditions.put("capabilityCondition.cutoff", Boolean.TRUE);
conditions.remove("capabilityCondition.closed");
conditions.remove("capabilityCondition.declared");
if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
{
if (checkPermissionsImpl(nodeRef, CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == true)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
}
return AccessDecisionVoter.ACCESS_DENIED;
}
else
{
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
}
/**
* Indicate whether a node if 'fileable' or not.
*
* @param nodeRef node reference
* @return boolean true if the node is filable, false otherwise
*/
public boolean isFileable(NodeRef nodeRef)
{
QName type = nodeService.getType(nodeRef);
return dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT);
}
}

1
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
View File

@@ -21,7 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;

58
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* Update capability implementation.
*
* @author andyh
*/
public class UpdateCapability extends CompositeCapability
{
/**
*
* @param nodeRef
* @param aspectQName
* @param properties
* @return
*/
public int evaluate(NodeRef nodeRef, QName aspectQName, Map<QName, Serializable> properties)
{
if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
return evaluate(nodeRef);
}
}

52
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* Update properties capability
*
* @author andyh
*/
public class UpdatePropertiesCapability extends CompositeCapability
{
/**
* Evaluate capability, taking into account the protected properties.
*
* @param nodeRef node reference
* @param properties updated properties, if no null
*/
public int evaluate(NodeRef nodeRef, Map<QName, Serializable> properties)
{
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
return evaluate(nodeRef);
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java
View File

@@ -186,6 +186,6 @@ public class RecordContainerType implements RecordsManagementModel,
}
return null;
}
}, AuthenticationUtil.getAdminUserName());
}, AuthenticationUtil.getSystemUserName());
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -354,7 +354,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
Set<Capability> result = new HashSet<Capability>(caps.size());
for (Capability cap : caps)
{
if (cap.isGroupCapability() == false)
if (cap.isPrivate() == false)
{
result.add(cap);
}

12
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java
View File

@@ -29,6 +29,8 @@ import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.Period;
@@ -122,7 +124,7 @@ public class VitalRecordServiceImpl implements VitalRecordService,
* @see org.alfresco.repo.node.NodeServicePolicies.OnAddAspectPolicy#onAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public void onAddAspect(NodeRef nodeRef, QName aspectTypeQName)
public void onAddAspect(final NodeRef nodeRef, final QName aspectTypeQName)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
ParameterCheck.mandatory("aspectTypeQName", aspectTypeQName);
@@ -131,6 +133,10 @@ public class VitalRecordServiceImpl implements VitalRecordService,
{
onUpdateProperties.disable();
try
{
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork() throws Exception
{
// get the immediate parent
NodeRef parentRef = nodeService.getPrimaryParent(nodeRef).getParentRef();
@@ -153,6 +159,10 @@ public class VitalRecordServiceImpl implements VitalRecordService,
nodeService.getProperty(parentRef, PROP_REVIEW_PERIOD));
}
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
finally
{

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java
View File

@@ -23,6 +23,7 @@ import junit.framework.TestSuite;
import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CapabilitiesTest;
import org.alfresco.module.org_alfresco_module_rm.test.capabilities.DeclarativeCapabilityTest;
import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CompositeCapabilityTest;
/**
@@ -42,6 +43,7 @@ public class CapabilitiesTestSuite extends TestSuite
TestSuite suite = new TestSuite();
suite.addTestSuite(CapabilitiesTest.class);
suite.addTestSuite(DeclarativeCapabilityTest.class);
suite.addTestSuite(CompositeCapabilityTest.class);
return suite;
}
}

73
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
View File

@@ -82,6 +82,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(filePlan, user, FILING);
securityService.setPermission(rmContainer, user, FILING);
}
}
@@ -424,7 +425,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -544,7 +545,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -666,7 +667,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -794,7 +795,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(recordsManagerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -807,7 +808,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, AUTHORIZE_NOMINATED_TRANSFERS,
AccessStatus.DENIED);
check(access, CHANGE_OR_DELETE_REFERENCES,
AccessStatus.UNDETERMINED);
AccessStatus.DENIED);
check(access, CLOSE_FOLDERS, AccessStatus.DENIED);
check(access, CREATE_AND_ASSOCIATE_SELECTION_LISTS,
AccessStatus.ALLOWED);
@@ -817,7 +818,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_EVENTS,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_METADATA,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
@@ -918,7 +919,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(securityOfficerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1037,7 +1038,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(powerUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1156,7 +1157,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1276,7 +1277,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1399,7 +1400,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1521,7 +1522,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1645,7 +1646,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// rm_records_manager, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1769,7 +1770,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// securityOfficerName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -1890,7 +1891,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// powerUserName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -2011,7 +2012,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// rmUserName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -2131,7 +2132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2260,7 +2261,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2383,7 +2384,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2504,7 +2505,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil.setFullyAuthenticatedUser(recordsManagerName);
//setFilingOnRecordFolder(rmFolder, recordsManagerName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2625,7 +2626,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil.setFullyAuthenticatedUser(securityOfficerName);
//setFilingOnRecordFolder(rmFolder, securityOfficerName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2743,7 +2744,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil.setFullyAuthenticatedUser(powerUserName);
//setFilingOnRecordFolder(rmFolder, powerUserName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.ALLOWED);
@@ -2863,7 +2864,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
//setFilingOnRecordFolder(rmFolder, rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -2980,7 +2981,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Map<Capability, AccessStatus> access = securityService.getCapabilities(record);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3007,7 +3008,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3104,7 +3105,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3131,7 +3132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3227,7 +3228,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size());
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3254,7 +3255,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3351,7 +3352,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// setFilingOnRecord(record, recordsManagerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3378,7 +3379,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.ALLOWED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3475,7 +3476,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// setFilingOnRecord(record, securityOfficerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3502,7 +3503,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3597,7 +3598,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// setFilingOnRecord(record, powerUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);
@@ -3624,7 +3625,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_FOLDERS,
AccessStatus.ALLOWED);
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
AccessStatus.DENIED);
check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3718,7 +3719,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
// setFilingOnRecord(record, rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
assertEquals(65, access.size()); // 58 + File
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
AccessStatus.DENIED);

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java → rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java
View File

@@ -31,7 +31,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
*
* @author Roy Wetherall
*/
public class GroupCapabilityTest extends BaseRMTestCase
public class CompositeCapabilityTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef declaredRecord;

52
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -51,6 +51,8 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
private NodeRef frozenRecord2;
private NodeRef frozenRecordFolder;
private NodeRef closedFolder;
@Override
protected boolean isUserTest()
{
@@ -66,9 +68,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
record = utils.createRecord(rmFolder, "record.txt");
declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
// Open folder
// Closed folder
closedFolder = rmService.createRecordFolder(rmContainer, "closedFolder");
utils.closeFolder(closedFolder);
recordFolderContainsFrozen = rmService.createRecordFolder(rmContainer, "containsFrozen");
frozenRecord = utils.createRecord(rmFolder, "frozenRecord.txt");
@@ -130,7 +132,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
for (Capability capability : capabilities)
{
if (capability instanceof DeclarativeCapability &&
capability.isGroupCapability() == false &&
capability.isPrivate() == false &&
capability.getName().equals("MoveRecords") == false &&
capability.getName().equals("DeleteLinks") == false &&
capability.getName().equals("ChangeOrDeleteReferences") == false &&
@@ -237,4 +239,48 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
return result;
}
/** Specific declarative capability tests */
public void testFileCapability()
{
final Capability capability = capabilityService.getCapability("File");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
return null;
}
}, rmUserName);
}
}

13
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java
View File

@@ -169,6 +169,19 @@ public class CommonRMTestUtils implements RecordsManagementModel
}
public void closeFolder(final NodeRef recordFolder)
{
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
actionService.executeRecordsManagementAction(recordFolder, "closeRecordFolder");
return null;
}
}, AuthenticationUtil.getAdminUserName());
}
public void freeze(final NodeRef nodeRef)
{
AuthenticationUtil.runAs(new RunAsWork<Void>()