DM permissions

http://issues.alfresco.com/browse/SLNG-202 http://issues.alfresco.com/browse/SLNG-203 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9090 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2008-05-13 11:54:55 +00:00
parent 344b703a61
commit 1b807e3e77
42 changed files with 2243 additions and 233 deletions
--- a/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.security.permissions.ACLType;
+import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
+import org.alfresco.repo.security.permissions.impl.AclChange;
+import org.alfresco.service.cmr.repository.InvalidNodeRefException;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * Manage creation and deletion of ACL entries for the new DM ACL implementation
+ * 
+ * @author andyh
+ *
+ */
+public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
+{
+    @SuppressWarnings("unused")
+    private static Log logger = LogFactory.getLog(DMPermissionsDaoComponentImpl.class);
+
+    @Override
+    protected CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, DbAccessControlList existing)
+    {
+        if (existing == null)
+        {
+            SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
+            properties.setAclType(ACLType.DEFINING);
+            properties.setInherits(inherit);
+            properties.setVersioned(false);
+            // Accept default versioning
+            Long id = aclDaoComponent.createAccessControlList(properties);
+            List<AclChange> changes = new ArrayList<AclChange>();
+            DbAccessControlList acl = aclDaoComponent.getDbAccessControlList(id);
+            changes.add(new AclDaoComponentImpl.AclChangeImpl(null, id, null, acl.getAclType()));
+            changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
+            getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
+            return new CreationReport(acl, changes);
+        }
+        SimpleAccessControlListProperties properties;
+        Long id;
+        List<AclChange> changes;
+        DbAccessControlList acl;
+        switch (existing.getAclType())
+        {
+        case OLD:
+            throw new IllegalStateException("Can not mix old and new style permissions");
+        case DEFINING:
+            return new CreationReport(existing, Collections.<AclChange> emptyList());
+        case FIXED:
+        case GLOBAL:
+        case SHARED:
+            // create new defining, wire up and report changes to acl required.
+            properties = new SimpleAccessControlListProperties();
+            properties.setAclType(ACLType.DEFINING);
+            properties.setInherits(existing.getInherits());
+            properties.setVersioned(false);
+            id = aclDaoComponent.createAccessControlList(properties);
+            changes = new ArrayList<AclChange>();
+            acl = aclDaoComponent.getDbAccessControlList(id);
+            changes.add(new AclDaoComponentImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
+            changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id));
+            // set this to inherit to children
+            changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
+
+            getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
+            return new CreationReport(acl, changes);
+        case LAYERED:
+            throw new IllegalStateException("Layering is not supported for DM permissions");
+        default:
+            throw new IllegalStateException("Unknown type " + existing.getAclType());
+        }
+
+    }
+
+    public void deletePermissions(NodeRef nodeRef)
+    {
+        DbAccessControlList acl = null;
+        try
+        {
+            acl = getAccessControlList(nodeRef);
+        }
+        catch (InvalidNodeRefException e)
+        {
+            return;
+        }
+        System.out.println("Deleting "+acl+" on "+nodeRef);
+        if (acl != null)
+        {
+            if (acl.getInheritsFrom() != null)
+            {
+                @SuppressWarnings("unused")
+                Long deleted = acl.getId();
+                Long inheritsFrom = acl.getInheritsFrom();
+                getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
+                List<AclChange> changes = new ArrayList<AclChange>();
+                changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
+                getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
+                aclDaoComponent.deleteAccessControlList(acl.getId());
+            }
+            else
+            {
+                // TODO: could just cear out existing
+                @SuppressWarnings("unused")
+                Long deleted = acl.getId();
+                SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
+                properties = new SimpleAccessControlListProperties();
+                properties.setAclType(ACLType.DEFINING);
+                properties.setInherits(Boolean.FALSE);
+                properties.setVersioned(false);
+
+                Long id = aclDaoComponent.createAccessControlList(properties);
+                getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
+                List<AclChange> changes = new ArrayList<AclChange>();
+                changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
+                getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
+                aclDaoComponent.deleteAccessControlList(acl.getId());
+            }
+        }
+
+    }
+
+    
+    /**
+     * Get the default ACL properties 
+     * 
+     * @return the default properties
+     */
+    public static SimpleAccessControlListProperties getDefaultProperties()
+    {
+        SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
+        properties.setAclType(ACLType.DEFINING);
+        properties.setInherits(true);
+        properties.setVersioned(false);
+        return properties;
+    }
+
+}