diff --git a/config/alfresco/avm-services-context.xml b/config/alfresco/avm-services-context.xml index c9507dbac1..a383498990 100644 --- a/config/alfresco/avm-services-context.xml +++ b/config/alfresco/avm-services-context.xml @@ -339,9 +339,9 @@ + + workspace://SpacesStore + - - - - + \ No newline at end of file diff --git a/config/alfresco/messages/avm-messages.properties b/config/alfresco/messages/avm-messages.properties index 1b0603fcd9..9ba915b862 100644 --- a/config/alfresco/messages/avm-messages.properties +++ b/config/alfresco/messages/avm-messages.properties @@ -1,3 +1,4 @@ # AVM related messages -expiredcontent.workflow.title=Expired Content In ''{0}'' \ No newline at end of file +expiredcontent.workflow.title=Expired Content In ''{0}'' +avmlockservice.locked=You do not have access to the item at path {0} it is currently locked by another user. \ No newline at end of file diff --git a/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java b/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java index 738f40319c..53cf50dcf4 100644 --- a/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java +++ b/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java @@ -823,12 +823,12 @@ public class AVMLockingAwareService implements AVMService String userName = fAuthenticationService.getCurrentUserName(); if (!fLockingService.hasAccess(webProject, path, userName)) { - throw new AVMLockingException(userName + " does not have access to " + path); + throw new AVMLockingException("avmlockservice.locked", new Object[]{path}); } fLockingService.addWebProject(webProject); if (fLockingService.getLock(webProject, storePath[1]) == null) { - List owners = new ArrayList(); + List owners = new ArrayList(1); owners.add(userName); AVMLock lock = new AVMLock(webProject, storePath[0], storePath[1], AVMLockingService.Type.DISCRETIONARY, owners); fLockingService.lockPath(lock); diff --git a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java index e11d63e108..7e7246ff96 100644 --- a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java +++ b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java @@ -35,7 +35,6 @@ import org.alfresco.repo.attributes.Attribute; import org.alfresco.repo.attributes.ListAttributeValue; import org.alfresco.repo.attributes.MapAttributeValue; import org.alfresco.repo.attributes.StringAttributeValue; -import org.alfresco.repo.node.db.DbNodeServiceImpl; import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.service.cmr.attributes.AttrQueryEquals; import org.alfresco.service.cmr.attributes.AttributeService; @@ -53,6 +52,7 @@ import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.util.MD5; import org.alfresco.util.Pair; @@ -67,6 +67,13 @@ public class AVMLockingServiceImpl implements AVMLockingService public static final String USERS = "users"; public static final String STORES = "stores"; + private static final String ROLE_CONTENT_MANAGER = "ContentManager"; + + /** + * Store name containing the web project nodes. + */ + private String webProjectStore; + /** * SearchService for access to web project properties. */ @@ -97,8 +104,13 @@ public class AVMLockingServiceImpl implements AVMLockingService */ private RetryingTransactionHelper fRetryingTransactionHelper; - public AVMLockingServiceImpl() + + /** + * @param webProjectStore The webProjectStore to set + */ + public void setWebProjectStore(String webProjectStore) { + this.webProjectStore = webProjectStore; } /** @@ -175,7 +187,7 @@ public class AVMLockingServiceImpl implements AVMLockingService public AVMLock getLock(String webProject, String path) { path = normalizePath(path); - List keys = new ArrayList(); + List keys = new ArrayList(3); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); keys.add(webProject); @@ -211,7 +223,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public List getUsersLocks(String user) { - List keys = new ArrayList(); + List keys = new ArrayList(3); keys.add(LOCK_TABLE); keys.add(USERS); keys.add(user); @@ -294,7 +306,7 @@ public class AVMLockingServiceImpl implements AVMLockingService { path = normalizePath(path); String pathKey = MD5.Digest(path.getBytes()); - List keys = new ArrayList(); + List keys = new ArrayList(4); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); keys.add(webProject); @@ -326,7 +338,7 @@ public class AVMLockingServiceImpl implements AVMLockingService } userKeys.remove(2); } - List storeKeys = new ArrayList(); + List storeKeys = new ArrayList(3); storeKeys.add(LOCK_TABLE); storeKeys.add(STORES); String store = lock.getStore(); @@ -349,7 +361,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public void addWebProject(String webProject) { - List keys = new ArrayList(); + List keys = new ArrayList(3); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); keys.add(webProject); @@ -366,7 +378,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public List getWebProjectLocks(String webProject) { - List keys = new ArrayList(); + List keys = new ArrayList(3); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); keys.add(webProject); @@ -387,7 +399,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public void removeWebProject(String webProject) { - List userKeys = new ArrayList(); + List userKeys = new ArrayList(2); userKeys.add(LOCK_TABLE); userKeys.add(USERS); List users = fAttributeService.getKeys(userKeys); @@ -430,7 +442,7 @@ public class AVMLockingServiceImpl implements AVMLockingService storeKeys.remove(2); fAttributeService.setAttribute(storeKeys, store, storeLocks); } - List keys = new ArrayList(); + List keys = new ArrayList(2); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); fAttributeService.removeAttribute(keys, webProject); @@ -441,7 +453,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public List getStoreLocks(String store) { - List locks = new ArrayList(); + List locks = new ArrayList(3); List keys = new ArrayList(); keys.add(LOCK_TABLE); keys.add(STORES); @@ -514,7 +526,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public void removeStoreLocks(String store) { - List storeKeys = new ArrayList(); + List storeKeys = new ArrayList(3); storeKeys.add(LOCK_TABLE); storeKeys.add(STORES); storeKeys.add(store); @@ -544,21 +556,47 @@ public class AVMLockingServiceImpl implements AVMLockingService { return true; } - StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); - ResultSet results = fSearchService.query(storeRef, "lucene", "@wca\\:avmstore:\"" + webProject + "\" +TYPE:\"wca:webfolder\""); - System.out.println(results.getNodeRefs()); + StoreRef storeRef = new StoreRef(this.webProjectStore); + ResultSet results = fSearchService.query( + storeRef, + SearchService.LANGUAGE_LUCENE, + "@wca\\:avmstore:\"" + webProject + "\" +TYPE:\"wca:webfolder\""); if (results.getNodeRefs().size() == 1) { - List children = fNodeService.getChildAssocs(results.getNodeRefs().get(0)); - for (ChildAssociationRef child : children) + return hasAccess(webProject, results.getNodeRefs().get(0), avmPath, user); + } + return false; + } + + /* (non-Javadoc) + * @see org.alfresco.service.cmr.avm.locking.AVMLockingService#hasAccess(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String) + */ + public boolean hasAccess(NodeRef webProjectRef, String avmPath, String user) + { + if (fPersonService.getPerson(user) == null && + !fAuthorityService.authorityExists(user)) + { + return false; + } + if (fAuthorityService.isAdminAuthority(user)) + { + return true; + } + String webProject = (String)fNodeService.getProperty(webProjectRef, WCMAppModel.PROP_AVMSTORE); + return hasAccess(webProject, webProjectRef, avmPath, user); + } + + private boolean hasAccess(String webProject, NodeRef webProjectRef, String avmPath, String user) + { + List children = fNodeService.getChildAssocs( + webProjectRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef child : children) + { + NodeRef childRef = child.getChildRef(); + if (fNodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME).equals(user) && + fNodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE).equals(ROLE_CONTENT_MANAGER)) { - NodeRef childRef = child.getChildRef(); - if (fNodeService.getType(childRef).equals(WCMAppModel.TYPE_WEBUSER) && - fNodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME).equals(user) && - fNodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE).equals("ContentManager")) - { - return true; - } + return true; } } String[] storePath = avmPath.split(":"); @@ -619,7 +657,7 @@ public class AVMLockingServiceImpl implements AVMLockingService */ public List getWebProjects() { - List keys = new ArrayList(); + List keys = new ArrayList(2); keys.add(LOCK_TABLE); keys.add(WEB_PROJECTS); return fAttributeService.getKeys(keys); diff --git a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java index 16b0801dce..0adaee9339 100644 --- a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java +++ b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java @@ -28,6 +28,8 @@ package org.alfresco.service.cmr.avm.locking; import java.io.Serializable; import java.util.List; +import org.alfresco.service.cmr.repository.NodeRef; + /** * Service to handle AVM locking. * @author britt @@ -123,6 +125,15 @@ public interface AVMLockingService */ public boolean hasAccess(String webProject, String avmPath, String user); + /** + * Is the user allowed to do anything to the given asset, other than read? + * @param webProjectRef The NodeRef to the web project that this path is being checked in. + * @param avmPath A full avmPath + * @param user The name of the user, group, role to check on. + * @return Whether the user has access. + */ + public boolean hasAccess(NodeRef webProjectRef, String avmPath, String user); + /** * Get the names of all the web projects the service knows about. * @return The list of web project names.