Merge branch 'release/V2.5' of https://gitlab.alfresco.com/records-management/records-management into merge/upgradeTestDataFrom25

# Conflicts:
#	rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java

rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary-v2/rm-doclist.get.desc.xml

@@ -7,6 +7,6 @@
   <url>/slingshot/doclib2/rm/doclist/{type}/node/{store_type}/{store_id}/{id}</url>
   <format default="json">argument</format>
   <authentication>user</authentication>
-  <transaction allow="readwrite" buffersize="0">required</transaction>
+  <transaction allow="readonly">required</transaction>
   <lifecycle>internal</lifecycle>
 </webscript>

rm-community/rm-community-repo/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.desc.xml

@@ -7,6 +7,6 @@
   <url>/slingshot/doclib/rm/treenode/node/{store_type}/{store_id}/{id}</url>
   <format default="json">argument</format>
   <authentication>user</authentication>
-  <transaction>required</transaction>
+  <transaction allow="readonly">required</transaction>
   <lifecycle>internal</lifecycle>
 </webscript>

rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java

@@ -32,6 +32,7 @@ import static org.springframework.extensions.surf.util.ParameterCheck.mandatoryS
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -60,6 +61,7 @@ import org.alfresco.repo.policy.annotation.BehaviourBean;
 import org.alfresco.repo.policy.annotation.BehaviourKind;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.authority.RMAuthority;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.cmr.dictionary.AspectDefinition;
 import org.alfresco.service.cmr.dictionary.AssociationDefinition;
@@ -71,6 +73,7 @@ import org.alfresco.service.cmr.dictionary.TypeDefinition;
 import org.alfresco.service.cmr.repository.AssociationRef;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AuthorityType;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.RegexQNamePattern;
 import org.alfresco.service.transaction.TransactionService;
@@ -172,19 +175,28 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas
     @Override
     public void onApplicationEvent(ContextRefreshedEvent event)
     {
-
         if(!isCustomMapInit && getDictionaryService().getAllModels().contains(RM_CUSTOM_MODEL)) 
         {
-            transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>() 
+		// run as System on bootstrap
+        AuthenticationUtil.runAs(new RunAsWork<Object>()
+        {
+            public Object doWork()
             {
-                public Void execute() throws Throwable 
+                RetryingTransactionCallback<Void> callback = new RetryingTransactionCallback<Void>()
                 {
-                    // initialise custom properties
+                    public Void execute()
-                    initCustomMap();
+                    {
-                    return null;
+                      // initialise custom properties
-                }
+                      initCustomMap();
-            });
+                        return null;
-        }
+                    }
+                };
+                transactionService.getRetryingTransactionHelper().doInTransaction(callback);
+
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
+		}           
     }
     
     /**

rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/rma/type/RmSiteType.java

@@ -207,7 +207,7 @@ public class RmSiteType extends    BaseBehaviourBean
                 	}
                     return null;
                 }
-            }, AuthenticationUtil.getAdminUserName());
+            }, AuthenticationUtil.getSystemUserName());
         }
 	}
 

rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java

@@ -43,7 +43,6 @@ import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
 import org.alfresco.query.PagingRequest;
 import org.alfresco.query.PagingResults;
 import org.alfresco.repo.security.authority.RMAuthority;
-import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessPermission;
@@ -57,6 +56,9 @@ import org.alfresco.util.ParameterCheck;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.extensions.webscripts.ui.common.StringUtils;
+import org.alfresco.repo.security.authentication.AuthenticationUtil; 
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; 
+import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 
 /**
  * Extended security service implementation.
@@ -138,19 +140,29 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
     @Override
     public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent)
     {
-        transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        // run as System on bootstrap
+        AuthenticationUtil.runAs(new RunAsWork<Object>()
         {
-            public Void execute() throws Throwable
+            public Object doWork()
             {
-                // if the root group doesn't exist then create it
+                RetryingTransactionCallback<Void> callback = new RetryingTransactionCallback<Void>()
-                if (!authorityService.authorityExists(getRootIRPGroup()))
                 {
-                    authorityService.createAuthority(AuthorityType.GROUP, ROOT_IPR_GROUP, ROOT_IPR_GROUP, Collections.singleton(RMAuthority.ZONE_APP_RM));
+                    public Void execute()
-                }
+                    {
-                
+                        // if the root group doesn't exist then create it
+                        if (!authorityService.authorityExists(getRootIRPGroup()))
+                        {
+                            authorityService.createAuthority(AuthorityType.GROUP, ROOT_IPR_GROUP, ROOT_IPR_GROUP,
+                                        Collections.singleton(RMAuthority.ZONE_APP_RM));
+                        }
+                        return null;
+                    }
+                };
+                transactionService.getRetryingTransactionHelper().doInTransaction(callback);
+
                 return null;
             }
-        });
+        }, AuthenticationUtil.getSystemUserName());
     }
     
     /**