From 7bb51b152289be5a11edcdc45107f082fa672550 Mon Sep 17 00:00:00 2001 From: Mihai Cozma Date: Mon, 19 Dec 2016 15:52:26 +0200 Subject: [PATCH 1/2] MNT-16971 Unable to set read only using property server.allowWrite=false -fix transactions permission -fix document library view --- .../rm-doclist.get.desc.xml | 2 +- .../documentlibrary/rm-treenode.get.desc.xml | 2 +- .../RecordsManagementAdminServiceImpl.java | 38 ++++++++++++++++--- .../model/rma/type/RmSiteType.java | 2 +- .../security/ExtendedSecurityServiceImpl.java | 30 ++++++++++----- 5 files changed, 56 insertions(+), 18 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/rm-doclist.get.desc.xml b/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/rm-doclist.get.desc.xml index 8b8441f74d..61b91c6544 100644 --- a/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/rm-doclist.get.desc.xml +++ b/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/rm-doclist.get.desc.xml @@ -7,6 +7,6 @@ /slingshot/doclib2/rm/doclist/{type}/node/{store_type}/{store_id}/{id} argument user - required + required internal \ No newline at end of file diff --git a/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.desc.xml b/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.desc.xml index e7345e5692..435570705e 100644 --- a/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.desc.xml +++ b/rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.desc.xml @@ -7,6 +7,6 @@ /slingshot/doclib/rm/treenode/node/{store_type}/{store_id}/{id} argument user - required + required internal \ No newline at end of file diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java index 0375590153..9d11902b3f 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java @@ -32,6 +32,7 @@ import static org.springframework.extensions.surf.util.ParameterCheck.mandatoryS import java.text.MessageFormat; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -60,6 +61,7 @@ import org.alfresco.repo.policy.annotation.BehaviourBean; import org.alfresco.repo.policy.annotation.BehaviourKind; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.security.authority.RMAuthority; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.service.cmr.dictionary.AspectDefinition; import org.alfresco.service.cmr.dictionary.AssociationDefinition; @@ -71,6 +73,7 @@ import org.alfresco.service.cmr.dictionary.TypeDefinition; import org.alfresco.service.cmr.repository.AssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.transaction.TransactionService; @@ -172,16 +175,39 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas @Override public void onApplicationEvent(ContextRefreshedEvent event) { - transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() + + // run as System on bootstrap + AuthenticationUtil.runAs(new RunAsWork() { - public Void execute() throws Throwable + public Object doWork() { - // initialise custom properties - initCustomMap(); - + RetryingTransactionCallback callback = new RetryingTransactionCallback() + { + public Void execute() + { + // initialise custom properties + initCustomMap(); + return null; + } + }; + transactionService.getRetryingTransactionHelper().doInTransaction(callback); + return null; } - }); + }, AuthenticationUtil.getSystemUserName()); + + + +// transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() +// { +// public Void execute() throws Throwable +// { +// // initialise custom properties +// initCustomMap(); +// +// return null; +// } +// }); } /** diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/rma/type/RmSiteType.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/rma/type/RmSiteType.java index 0a6c839818..ec07661380 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/rma/type/RmSiteType.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/rma/type/RmSiteType.java @@ -190,7 +190,7 @@ public class RmSiteType extends BaseBehaviourBean } return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } } diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java index 1d1525c4ef..4b3a4217c9 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java @@ -43,7 +43,6 @@ import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl; import org.alfresco.query.PagingRequest; import org.alfresco.query.PagingResults; import org.alfresco.repo.security.authority.RMAuthority; -import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessPermission; @@ -57,6 +56,9 @@ import org.alfresco.util.ParameterCheck; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; import org.springframework.extensions.webscripts.ui.common.StringUtils; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; /** * Extended security service implementation. @@ -138,19 +140,29 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl @Override public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) { - transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback() + // run as System on bootstrap + AuthenticationUtil.runAs(new RunAsWork() { - public Void execute() throws Throwable + public Object doWork() { - // if the root group doesn't exist then create it - if (!authorityService.authorityExists(getRootIRPGroup())) + RetryingTransactionCallback callback = new RetryingTransactionCallback() { - authorityService.createAuthority(AuthorityType.GROUP, ROOT_IPR_GROUP, ROOT_IPR_GROUP, Collections.singleton(RMAuthority.ZONE_APP_RM)); - } - + public Void execute() + { + // if the root group doesn't exist then create it + if (!authorityService.authorityExists(getRootIRPGroup())) + { + authorityService.createAuthority(AuthorityType.GROUP, ROOT_IPR_GROUP, ROOT_IPR_GROUP, + Collections.singleton(RMAuthority.ZONE_APP_RM)); + } + return null; + } + }; + transactionService.getRetryingTransactionHelper().doInTransaction(callback); + return null; } - }); + }, AuthenticationUtil.getSystemUserName()); } /** From 0a1812ef4f4849eb069d20a6622f694eea820ecc Mon Sep 17 00:00:00 2001 From: Mihai Cozma Date: Mon, 19 Dec 2016 16:01:52 +0200 Subject: [PATCH 2/2] MNT 16971 Unable to set an read only alfresco rm - remove commented code --- .../admin/RecordsManagementAdminServiceImpl.java | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java index 9d11902b3f..352efa169d 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java @@ -195,19 +195,7 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas return null; } }, AuthenticationUtil.getSystemUserName()); - - - -// transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() -// { -// public Void execute() throws Throwable -// { -// // initialise custom properties -// initCustomMap(); -// -// return null; -// } -// }); + } /**