diff --git a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/node-common-SqlMap.xml b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/node-common-SqlMap.xml index 1b23e73a80..81f8739955 100644 --- a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/node-common-SqlMap.xml +++ b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/node-common-SqlMap.xml @@ -354,6 +354,13 @@ + + update alf_node set + acl_id = #aclId# + where + id = #id# + + update alf_child_assoc set child_node_name_crc = #childNodeNameCrc#, diff --git a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/patch-common-SqlMap.xml b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/patch-common-SqlMap.xml index 890a9c49bd..d79a429cc8 100644 --- a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/patch-common-SqlMap.xml +++ b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/patch-common-SqlMap.xml @@ -298,7 +298,7 @@ - select count(*) from @@ -306,7 +306,7 @@ - select count(*) from diff --git a/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java b/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java index 0eb0a335c0..b6289162cc 100644 --- a/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java +++ b/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java @@ -1417,6 +1417,17 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO updatePrimaryChildrenSharedAclId(primaryParentNodeId, optionalOldSharedAlcIdInAdditionToNull, newSharedAclId); invalidateCachesByNodeId(primaryParentNodeId, null, nodesCache); } + + @Override + public void setNodeDefiningAclId(Long nodeId, long aclId) + { + NodeUpdateEntity nodeUpdateEntity = new NodeUpdateEntity(); + nodeUpdateEntity.setId(nodeId); + nodeUpdateEntity.setAclId(aclId); + nodeUpdateEntity.setUpdateAclId(true); + updateNodePatchAcl(nodeUpdateEntity); + invalidateCachesByNodeId(null, nodeId, nodesCache); + } public void deleteNode(Long nodeId) { @@ -3161,6 +3172,7 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO protected abstract int updateStoreRoot(StoreEntity store); protected abstract Long insertNode(NodeEntity node); protected abstract int updateNode(NodeUpdateEntity nodeUpdate); + protected abstract int updateNodePatchAcl(NodeUpdateEntity nodeUpdate); protected abstract void updatePrimaryChildrenSharedAclId( Long primaryParentNodeId, Long optionalOldSharedAlcIdInAdditionToNull, diff --git a/source/java/org/alfresco/repo/domain/node/NodeDAO.java b/source/java/org/alfresco/repo/domain/node/NodeDAO.java index 3d12544946..8f7644731a 100644 --- a/source/java/org/alfresco/repo/domain/node/NodeDAO.java +++ b/source/java/org/alfresco/repo/domain/node/NodeDAO.java @@ -629,5 +629,13 @@ public interface NodeDAO extends NodeBulkLoader QName propertyQName, Serializable nodeValue, ChildAssocRefQueryCallback resultsCallback); + + /** + * Used in ACL upgrade only to set the acl id with mimimal overhead + * + * @param nodeId + * @param id + */ + public void setNodeDefiningAclId(Long nodeId, long id); } diff --git a/source/java/org/alfresco/repo/domain/node/ibatis/NodeDAOImpl.java b/source/java/org/alfresco/repo/domain/node/ibatis/NodeDAOImpl.java index fb0aebeaed..de937be054 100644 --- a/source/java/org/alfresco/repo/domain/node/ibatis/NodeDAOImpl.java +++ b/source/java/org/alfresco/repo/domain/node/ibatis/NodeDAOImpl.java @@ -85,6 +85,7 @@ public class NodeDAOImpl extends AbstractNodeDAOImpl private static final String SELECT_STORE_ROOT_NODE_BY_REF = "alfresco.node.select_StoreRootNodeByRef"; private static final String INSERT_NODE = "alfresco.node.insert_Node"; private static final String UPDATE_NODE = "alfresco.node.update_Node"; + private static final String UPDATE_NODE_PATCH_ACL = "alfresco.node.update_NodePatchAcl"; private static final String DELETE_NODE_BY_ID = "alfresco.node.delete_NodeById"; private static final String SELECT_NODE_BY_ID = "alfresco.node.select_NodeById"; private static final String SELECT_NODE_BY_NODEREF = "alfresco.node.select_NodeByNodeRef"; @@ -283,6 +284,12 @@ public class NodeDAOImpl extends AbstractNodeDAOImpl nodeUpdate.incrementVersion(); return template.update(UPDATE_NODE, nodeUpdate); } + + @Override + protected int updateNodePatchAcl(NodeUpdateEntity nodeUpdate) + { + return template.update(UPDATE_NODE_PATCH_ACL, nodeUpdate); + } @Override protected void updatePrimaryChildrenSharedAclId( diff --git a/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java b/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java index a299843a6a..6ee5b776cf 100644 --- a/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java +++ b/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java @@ -133,7 +133,8 @@ public class ADMAccessControlListDAO implements AccessControlListDAO if (!pair.getSecond().getProtocol().equals(StoreRef.PROTOCOL_AVM)) { CounterSet update; - update = fixOldDmAcls(nodeDAO.getRootNode(pair.getSecond()).getFirst(), (Long)null, true); + Long rootNodeId = nodeDAO.getRootNode(pair.getSecond()).getFirst(); + update = fixOldDmAcls(rootNodeId, nodeDAO.getNodeAclId(rootNodeId), (Long)null, true); result.add(update); } } @@ -148,95 +149,96 @@ public class ADMAccessControlListDAO implements AccessControlListDAO return toReturn; } - private CounterSet fixOldDmAcls(Long nodeId, Long inherited, boolean isRoot) - { - return fixOldDmAclsImpl(nodeId, inherited, isRoot); - } - - private CounterSet fixOldDmAclsImpl(Long nodeId, Long inherited, boolean isRoot) + private CounterSet fixOldDmAcls(Long nodeId, Long existingNodeAclId, Long inheritedAclId, boolean isRoot) { CounterSet result = new CounterSet(); - // Do the children first - - Acl existingAcl = null; - Long aclId = nodeDAO.getNodeAclId(nodeId); - if (aclId != null) - { - existingAcl = aclDaoComponent.getAcl(aclId); - } - Long toInherit = null; - Long idToInheritFrom = null; - - if (existingAcl != null) + // If existingNodeAclId is not null and equal to inheritedAclId then we know we have hit a shared ACL we have bulk set + // - just carry on in this case - we do not need to get the acl + + Long newDefiningAcl = null; + + if((existingNodeAclId != null) && (existingNodeAclId == inheritedAclId)) { - if (existingAcl.getAclType() == ACLType.OLD) - { - result.increment(ACLType.DEFINING); - SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties()); - properties.setInherits(existingAcl.getInherits()); - AccessControlList existing = aclDaoComponent.getAccessControlList(existingAcl.getId()); - Long actuallyInherited = null; - if (existingAcl.getInherits()) - { - if (inherited != null) - { - actuallyInherited = inherited; - } - } - Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited); - idToInheritFrom = newAcl.getId(); - nodeDAO.setNodeAclId(nodeId, idToInheritFrom); - } - else if (existingAcl.getAclType() == ACLType.SHARED) - { - // nothing to do just cascade into the children - we most likely did a bulk set above. - } - else - { - // Already fixed up - return result; - } + // nothing to do except move into the children } else { - // Set default ACL on roots with no settings - if (isRoot) + AccessControlList existing = null; + if (existingNodeAclId != null) { - result.increment(ACLType.DEFINING); + existing = aclDaoComponent.getAccessControlList(existingNodeAclId); + } - AccessControlListProperties properties = aclDaoComponent.getDefaultProperties(); - Acl newAcl = aclDaoComponent.createAccessControlList(properties); - long id = newAcl.getId(); - - idToInheritFrom = id; - nodeDAO.setNodeAclId(nodeId, id); + if (existing != null) + { + if (existing.getProperties().getAclType() == ACLType.OLD) + { + result.increment(ACLType.DEFINING); + SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties()); + properties.setInherits(existing.getProperties().getInherits()); + + Long actuallyInherited = null; + if (existing.getProperties().getInherits()) + { + if (inheritedAclId != null) + { + actuallyInherited = inheritedAclId; + } + } + Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited); + newDefiningAcl = newAcl.getId(); + nodeDAO.setNodeDefiningAclId(nodeId, newDefiningAcl); + } + else if (existing.getProperties().getAclType() == ACLType.SHARED) + { + // nothing to do just cascade into the children - we most likely did a bulk set above. + // TODO: Check shared ACL set is correct + } + else + { + // Already fixed up + // TODO: Keep going to check + // Check inheritance is correct + return result; + } } else { - // Unset - simple inherit - nodeDAO.setNodeAclId(nodeId, inherited); + // Set default ACL on roots with no settings + if (isRoot) + { + result.increment(ACLType.DEFINING); + + AccessControlListProperties properties = aclDaoComponent.getDefaultProperties(); + Acl newAcl = aclDaoComponent.createAccessControlList(properties); + newDefiningAcl = newAcl.getId(); + nodeDAO.setNodeDefiningAclId(nodeId, newDefiningAcl); + } + else + { + // Unset - simple inherit + nodeDAO.setNodeDefiningAclId(nodeId, inheritedAclId); + } } } + Long toInherit = null; List children = nodeDAO.getPrimaryChildrenAcls(nodeId); if (children.size() > 0) { // Only make inherited if required - if (toInherit == null) + if (newDefiningAcl == null) { - if (idToInheritFrom == null) - { - toInherit = inherited; - } - else - { - toInherit = aclDaoComponent.getInheritedAccessControlList(idToInheritFrom); - } + toInherit = inheritedAclId; + } + else + { + toInherit = aclDaoComponent.getInheritedAccessControlList(newDefiningAcl); } } - + if(children.size() > 0) { nodeDAO.setPrimaryChildrenSharedAclId(nodeId, null, toInherit); @@ -244,7 +246,7 @@ public class ADMAccessControlListDAO implements AccessControlListDAO for (NodeIdAndAclId child : children) { - CounterSet update = fixOldDmAcls(child.getId(), toInherit, false); + CounterSet update = fixOldDmAcls(child.getId(), child.getAclId(), toInherit, false); result.add(update); }