inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM Move Capabilities:

Browse Source 
* Added Record Folder, Record Category and composite Move capabilities (all private and based on exisiting capabilities)
  * Added RM UI actions for record, folder and category move wired up to new capabilities .. this means the UI actions correctly reflect the capabilities of the user
  * Unit tests
  * Started to move the capabilitiy spring def's into logically seperate files
  * Rewrote origional RecordsMove capability (replaced with spring config)
  * Added TargetCapability configuration to declarative capability implementation .. provides a way to evaluate capability when a target node reference is being taken into consideration
  * Added title and description to declarative capability (for future use)
  * Removed unwated 'old' doclib overrides (where confussing the issue)
  * Clean up the security service which was duplicating methods now found on the capability service
  * Remove capability set support ... old work around used before updated evaluators where used
  * Fixes RM-203, RM-328, RM-165, RM-204 (and possibly some others I've yet to find!)



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@36338 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-05-14 05:57:37 +00:00
parent 4be2e83f1a
commit 1ebf14fd12
37 changed files with 1160 additions and 10658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-condition-context.xml Normal file
View File

@@ -0,0 +1,92 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!-- Capability Conditions -->
<bean id="capabilityCondition.base"
abstract="true">
<property name="recordsManagementService" ref="recordsManagementService" />
<property name="permissionService" ref="PermissionService" />
<property name="nodeService" ref="NodeService" />
</bean>
<bean id="capabilityCondition.frozen"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenCapabilityCondition">
</bean>
<bean id="capabilityCondition.frozenOrFrozenChildren"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenCapabilityCondition">
<property name="checkChildren" value="true" />
</bean>
<bean id="capabilityCondition.frozenOrHold"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenOrHoldCondition">
</bean>
<bean id="capabilityCondition.cutoff"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.CutoffCapabilityCondition">
</bean>
<bean id="capabilityCondition.closed"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.ClosedCapabilityCondition">
</bean>
<bean id="capabilityCondition.declared"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.DeclaredCapabilityCondition">
</bean>
<bean id="capabilityCondition.filling"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FillingCapabilityCondition">
</bean>
<bean id="capabilityCondition.transferred"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.TransferredCapabilityCondition">
</bean>
<bean id="capabilityCondition.destroyed"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.DestroyedCapabilityCondition">
</bean>
<bean id="capabilityCondition.vitalRecordOrFolder"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.VitalRecordOrFolderCapabilityCondition">
</bean>
<bean id="capabilityCondition.destroyMayBeScheduled"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.MayBeScheduledCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
<property name="dispositionAction" value="destroy"/>
</bean>
<bean id="capabilityCondition.destroyIsScheduled"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.IsScheduledCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
<property name="dispositionAction" value="destroy"/>
</bean>
<bean id="capabilityCondition.hasEvents"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.HasEventsCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
</bean>
<bean id="capabilityCondition.fileable"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FileableCapabilityCondition">
<property name="dictionaryService" ref="DictionaryService"/>
</bean>
</beans>

108
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-group-context.xml Normal file
View File

@@ -0,0 +1,108 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="rmCreate"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability">
<property name="name" value="Create"/>
<property name="private" value="true"/>
</bean>
<bean id="rmDelete"
parent="compositeCapability">
<property name="name" value="Delete"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDestroyRecordsScheduledForDestructionCapability"/>
<ref bean="rmDestroyRecordsCapability"/>
<ref bean="rmDeleteRecordsCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmUpdate"
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability">
<property name="name" value="Update"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
<ref bean="rmEditRecordMetadataCapability"/>
</list>
</property>
</bean>
<bean id="rmUpdateProperties"
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability">
<property name="name" value="UpdateProperties"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
<ref bean="rmEditRecordMetadataCapability"/>
</list>
</property>
</bean>
<bean id="rmDeclare"
parent="compositeCapability">
<property name="name" value="Declare"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDeclareRecordsCapability"/>
<ref bean="rmDeclareRecordsInClosedFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmWriteContent"
parent="declarativeCapability">
<property name="name" value="WriteContent"/>
<property name="private" value="true"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.cutoff" value="false"/>
</map>
</property>
</bean>
<bean id="rmMove"
parent="compositeCapability">
<property name="name" value="Move"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmMoveRecordCategoryCapability"/>
<ref bean="rmMoveRecordFolderCapability"/>
<ref bean="rmMoveRecordsCapability"/>
</list>
</property>
</bean>
</beans>

241
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml Normal file
View File

@@ -0,0 +1,241 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="rmViewRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability">
<property name="name" value="ViewRecords" />
</bean>
<bean id="rmUndeclareRecordsCapability"
parent="declarativeCapability">
<property name="name" value="UndeclareRecords"/>
<property name="permission" value="UndeclareRecords"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.declared" value="true"/>
</map>
</property>
</bean>
<bean id="rmCreateModifyRecordsInCuttoffFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyRecordsInCutoffFolders"/>
<property name="permission" value="CreateModifyRecordsInCutoffFolders"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmFileCapability"
parent="declarativeCapability">
<property name="name" value="File"/>
<property name="private" value="true"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmFileRecordsCapability"
parent="compositeCapability">
<property name="name" value="FileRecords" />
<property name="capabilities">
<list>
<ref bean="rmFileCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmDeclareRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DeclareRecords"/>
<property name="permission" value="DeclareRecords"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmDeclareRecordsInClosedFoldersCapability"
parent="declarativeCapability">
<property name="name" value="DeclareRecordsInClosedFolders"/>
<property name="permission" value="DeclareRecordsInClosedFolders"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="true"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmDeleteRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DeleteRecords"/>
<property name="permission" value="DeleteRecords"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozen" value="false"/>
</map>
</property>
</bean>
<bean id="rmDestroyRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DestroyRecords"/>
<property name="permission" value="DestroyRecords"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.destroyMayBeScheduled" value="true"/>
</map>
</property>
</bean>
<bean id="rmDestroyRecordsScheduledForDestructionCapability"
parent="declarativeCapability">
<property name="name" value="DestroyRecordsScheduledForDestruction"/>
<property name="permission" value="DestroyRecordsScheduledForDestruction"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.destroyIsScheduled" value="true"/>
</map>
</property>
</bean>
<bean id="rmEditDeclaredRecordMetadataCapability"
parent="declarativeCapability">
<property name="name" value="EditDeclaredRecordMetadata"/>
<property name="permission" value="EditDeclaredRecordMetadata"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="true"/>
</map>
</property>
</bean>
<bean id="rmEditNonRecordMetadataCapability"
parent="declarativeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.EditCapability">
<property name="name" value="EditNonRecordMetadata"/>
<property name="permission" value="EditNonRecordMetadata"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.fileable" value="true"/>
</map>
</property>
</bean>
<bean id="rmEditRecordMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.EditCapability">
<property name="name" value="EditRecordMetadata"/>
<property name="permission" value="EditRecordMetadata"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmMoveRecordsCapability"
parent="declarativeCapability" >
<property name="name" value="MoveRecords" />
<property name="permission" value="MoveRecords"/>
<property name="undetermined" value="true" />
<property name="kind" value="RECORD" />
<property name="conditions">
<map>
<entry key="capabilityCondition.frozen" value="false"/>
<!-- Do we care if it's cutoff or not? -->
</map>
</property>
<property name="targetCapability" ref="rmFileRecordsCapability"/>
</bean>
<bean id="rmUpgradeDowngradeAndDeclassifyRecordsCapability"
parent="declarativeCapability">
<property name="name" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="permission" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozen" value="false"/>
</map>
</property>
</bean>
</beans>

58
rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-recordfolder-context.xml Normal file
View File

@@ -0,0 +1,58 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="rmCloseFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CloseFolders"/>
<property name="permission" value="CloseFolders"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmCreateModifyDestroyFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFolders"/>
<property name="permission" value="CreateModifyDestroyFolders"/>
<property name="kinds">
<list>
<value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmMoveRecordFolderCapability"
parent="compositeCapability">
<property name="name" value="MoveRecordFolder"/>
<property name="private" value="true"/>
<property name="undetermined" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
</list>
</property>
<property name="targetCapability" ref="rmCreateModifyDestroyFoldersCapability"/>
</bean>
</beans>

458
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
View File

@@ -5,91 +5,8 @@
<beans>
<!-- Capability Conditions -->
<bean id="capabilityCondition.base"
abstract="true">
<property name="recordsManagementService" ref="recordsManagementService" />
<property name="permissionService" ref="PermissionService" />
<property name="nodeService" ref="NodeService" />
</bean>
<bean id="capabilityCondition.frozen"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenCapabilityCondition">
</bean>
<bean id="capabilityCondition.frozenOrFrozenChildren"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenCapabilityCondition">
<property name="checkChildren" value="true" />
</bean>
<bean id="capabilityCondition.frozenOrHold"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FrozenOrHoldCondition">
</bean>
<bean id="capabilityCondition.cutoff"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.CutoffCapabilityCondition">
</bean>
<bean id="capabilityCondition.closed"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.ClosedCapabilityCondition">
</bean>
<bean id="capabilityCondition.declared"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.DeclaredCapabilityCondition">
</bean>
<bean id="capabilityCondition.filling"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FillingCapabilityCondition">
</bean>
<bean id="capabilityCondition.transferred"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.TransferredCapabilityCondition">
</bean>
<bean id="capabilityCondition.destroyed"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.DestroyedCapabilityCondition">
</bean>
<bean id="capabilityCondition.vitalRecordOrFolder"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.VitalRecordOrFolderCapabilityCondition">
</bean>
<bean id="capabilityCondition.destroyMayBeScheduled"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.MayBeScheduledCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
<property name="dispositionAction" value="destroy"/>
</bean>
<bean id="capabilityCondition.destroyIsScheduled"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.IsScheduledCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
<property name="dispositionAction" value="destroy"/>
</bean>
<bean id="capabilityCondition.hasEvents"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.HasEventsCapabilityCondition">
<property name="dispositionService" ref="DispositionService"/>
</bean>
<bean id="capabilityCondition.fileable"
parent="capabilityCondition.base"
class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition.FileableCapabilityCondition">
<property name="dictionaryService" ref="DictionaryService"/>
</bean>
<!-- Capability Conditions -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-condition-context.xml"/>
<!-- Capability beans -->
@@ -195,25 +112,6 @@
</property>
</bean>
<bean id="rmCloseFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CloseFolders"/>
<property name="permission" value="CloseFolders"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmCreateAndAssociateSelectionListsCapability"
parent="declarativeCapability">
<property name="name" value="CreateAndAssociateSelectionLists"/>
@@ -250,33 +148,25 @@
</property>
</bean>
<bean id="rmMoveRecordCategoryCapability"
parent="compositeCapability">
<property name="name" value="MoveRecordCategory"/>
<property name="private" value="true"/>
<property name="undetermined" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
</list>
</property>
<property name="targetCapability" ref="rmCreateModifyDestroyFileplanMetadataCapability"/>
</bean>
<bean id="rmCreateModifyDestroyFileplanTypesCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFileplanTypes" />
<property name="permission" value="CreateModifyDestroyFileplanTypes" />
</bean>
<bean id="rmCreateModifyDestroyFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyFolders"/>
<property name="permission" value="CreateModifyDestroyFolders"/>
<property name="kinds">
<list>
<value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value>
<!-- <value>RECORD</value> -->
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmCreateModifyDestroyRecordTypesCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyDestroyRecordTypes" />
@@ -307,26 +197,6 @@
<property name="permission" value="CreateModifyDestroyUsersAndGroups" />
</bean>
<bean id="rmCreateModifyRecordsInCuttoffFoldersCapability"
parent="declarativeCapability">
<property name="name" value="CreateModifyRecordsInCutoffFolders"/>
<property name="permission" value="CreateModifyRecordsInCutoffFolders"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
</map>
</property>
</bean>
<bean id="rmCycleVitalRecordsCapability"
parent="declarativeCapability">
<property name="name" value="CycleVitalRecords"/>
@@ -354,46 +224,6 @@
<property name="permission" value="DeclareAuditAsRecord" />
</bean>
<bean id="rmDeclareRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DeclareRecords"/>
<property name="permission" value="DeclareRecords"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmDeclareRecordsInClosedFoldersCapability"
parent="declarativeCapability">
<property name="name" value="DeclareRecordsInClosedFolders"/>
<property name="permission" value="DeclareRecordsInClosedFolders"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="true"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmDeleteAuditCapability"
parent="declarativeCapability">
<property name="name" value="DeleteAudit" />
@@ -414,112 +244,12 @@
</property>
</bean>
<bean id="rmDeleteRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DeleteRecords"/>
<property name="permission" value="DeleteRecords"/>
<property name="kinds">
<list>
<!-- <value>RECORD_FOLDER</value> -->
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozen" value="false"/>
</map>
</property>
</bean>
<bean id="rmDestroyRecordsCapability"
parent="declarativeCapability">
<property name="name" value="DestroyRecords"/>
<property name="permission" value="DestroyRecords"/>
<property name="kinds">
<list>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.destroyMayBeScheduled" value="true"/>
</map>
</property>
</bean>
<bean id="rmDestroyRecordsScheduledForDestructionCapability"
parent="declarativeCapability">
<property name="name" value="DestroyRecordsScheduledForDestruction"/>
<property name="permission" value="DestroyRecordsScheduledForDestruction"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozenOrFrozenChildren" value="false"/>
<entry key="capabilityCondition.destroyIsScheduled" value="true"/>
</map>
</property>
</bean>
<bean id="rmDisplayRightsReportCapability"
parent="declarativeCapability">
<property name="name" value="DisplayRightsReport" />
<property name="permission" value="DisplayRightsReport" />
</bean>
<bean id="rmEditDeclaredRecordMetadataCapability"
parent="declarativeCapability">
<property name="name" value="EditDeclaredRecordMetadata"/>
<property name="permission" value="EditDeclaredRecordMetadata"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="true"/>
</map>
</property>
</bean>
<bean id="rmEditNonRecordMetadataCapability"
parent="declarativeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.EditCapability">
<property name="name" value="EditNonRecordMetadata"/>
<property name="permission" value="EditNonRecordMetadata"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.fileable" value="true"/>
</map>
</property>
</bean>
<bean id="rmEditRecordMetadataCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.EditCapability">
<property name="name" value="EditRecordMetadata"/>
<property name="permission" value="EditRecordMetadata"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmEditSelectionListsCapability"
parent="declarativeCapability">
<property name="name" value="EditSelectionLists" />
@@ -556,32 +286,6 @@
</property>
</bean>
<bean id="rmFileCapability"
parent="declarativeCapability">
<property name="name" value="File"/>
<property name="private" value="true"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.cutoff" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
</map>
</property>
</bean>
<bean id="rmFileRecordsCapability"
parent="compositeCapability">
<property name="name" value="FileRecords" />
<property name="capabilities">
<list>
<ref bean="rmFileCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmMakeOptionalPropertiesMandatoryCapability"
parent="declarativeCapability">
<property name="name" value="MakeOptionalParametersMandatory" />
@@ -629,12 +333,6 @@
<property name="permission" value="MapEmailMetadata" />
</bean>
<bean id="rmMoveRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability">
<property name="name" value="MoveRecords" />
</bean>
<bean id="rmPasswordControlCapability"
parent="declarativeCapability">
<property name="name" value="PasswordControl" />
@@ -699,24 +397,6 @@
</property>
</bean>
<bean id="rmUndeclareRecordsCapability"
parent="declarativeCapability">
<property name="name" value="UndeclareRecords"/>
<property name="permission" value="UndeclareRecords"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.declared" value="true"/>
</map>
</property>
</bean>
<bean id="rmUnfreezeCapability"
parent="declarativeCapability">
<property name="name" value="Unfreeze"/>
@@ -763,23 +443,6 @@
</property>
</bean>
<bean id="rmUpgradeDowngradeAndDeclassifyRecordsCapability"
parent="declarativeCapability">
<property name="name" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="permission" value="UpgradeDowngradeAndDeclassifyRecords"/>
<property name="conditions">
<map>
<entry key="capabilityCondition.frozen" value="false"/>
</map>
</property>
</bean>
<bean id="rmViewRecordsCapability"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability">
<property name="name" value="ViewRecords" />
</bean>
<bean id="rmViewUpdateReasonsForFreezeCapability"
parent="declarativeCapability">
<property name="name" value="ViewUpdateReasonsForFreeze"/>
@@ -791,92 +454,13 @@
</property>
</bean>
<bean id="rmCreate"
parent="rmBaseCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability">
<property name="name" value="Create"/>
<property name="private" value="true"/>
</bean>
<!-- Record Folder capabilities -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-recordfolder-context.xml"/>
<bean id="rmDelete"
parent="compositeCapability">
<property name="name" value="Delete"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDestroyRecordsScheduledForDestructionCapability"/>
<ref bean="rmDestroyRecordsCapability"/>
<ref bean="rmDeleteRecordsCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
</list>
</property>
</bean>
<!-- Record capabilities -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml"/>
<bean id="rmUpdate"
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability">
<property name="name" value="Update"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
<ref bean="rmEditRecordMetadataCapability"/>
</list>
</property>
</bean>
<bean id="rmUpdateProperties"
parent="compositeCapability"
class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability">
<property name="name" value="UpdateProperties"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmCreateModifyDestroyFoldersCapability"/>
<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>
<ref bean="rmEditDeclaredRecordMetadataCapability"/>
<ref bean="rmEditNonRecordMetadataCapability"/>
<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
<ref bean="rmEditRecordMetadataCapability"/>
</list>
</property>
</bean>
<bean id="rmDeclare"
parent="compositeCapability">
<property name="name" value="Declare"/>
<property name="private" value="true"/>
<property name="capabilities">
<list>
<ref bean="rmDeclareRecordsCapability"/>
<ref bean="rmDeclareRecordsInClosedFoldersCapability"/>
</list>
</property>
</bean>
<bean id="rmWriteContent"
parent="declarativeCapability">
<property name="name" value="WriteContent"/>
<property name="private" value="true"/>
<property name="kinds">
<list>
<value>RECORD</value>
</list>
</property>
<property name="conditions">
<map>
<entry key="capabilityCondition.filling" value="true"/>
<entry key="capabilityCondition.frozen" value="false"/>
<entry key="capabilityCondition.declared" value="false"/>
<entry key="capabilityCondition.closed" value="false"/>
<entry key="capabilityCondition.cutoff" value="false"/>
</map>
</property>
</bean>
<!-- Group capabilities -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-group-context.xml"/>
</beans>

32
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -428,37 +428,7 @@
<property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="ownableService" ref="OwnableService"/>
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="capabilitySets">
<map>
<entry key="doclibBrowse">
<list>
<value>Create</value>
<value>UpdateProperties</value>
<value>ManageAccessRights</value>
<value>Delete</value>
<value>AccessAudit</value>
<value>CycleVitalRecords</value>
<value>ApproveRecordsScheduledForCutoff</value>
<value>DestroyRecordsCapability</value>
<value>DestroyRecordsScheduledForDestruction</value>
<value>AuthorizeAllTransfers</value>
<value>AuthorizeNominatedTransfers</value>
<value>CreateModifyRecordsInCutoffFolders</value>
<value>ManuallyChangeDispositionDates</value>
<value>PlanningReviewCycles</value>
<value>UndeclareRecords</value>
<value>Declare</value>
<value>Unfreeze</value>
<value>ViewUpdateReasonsForFreeze</value>
<value>CloseFolders</value>
<value>ReOpenFolders</value>
<value>ExtendRetentionPeriodOrFreeze</value>
</list>
</entry>
</map>
</property>
</bean>
<bean id="RecordsManagementSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -503,8 +473,6 @@
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getProtectedAspects=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getProtectedProperties=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getCapabilities=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getCapability=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.setPermission=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.deletePermission=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.bootstrapDefaultRoles=RM_ALLOW

30
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -230,17 +230,37 @@
<!-- <property name="capability" value="Delete"/> -->
</bean>
<bean id="jsonConversionComponent.moveAction"
<bean id="jsonConversionComponent.moveRecordAction"
parent="jsonConversionComponent.baseAction">
<property name="name" value="move"/>
<property name="name" value="moveRecord"/>
<property name="kinds">
<set>
<value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value>
<value>RECORD</value>
</set>
</property>
<!-- <property name="capability" value="Delete"/> -->
<property name="capability" value="MoveRecords"/>
</bean>
<bean id="jsonConversionComponent.moveRecordFolderAction"
parent="jsonConversionComponent.baseAction">
<property name="name" value="moveRecordFolder"/>
<property name="kinds">
<set>
<value>RECORD_FOLDER</value>
</set>
</property>
<property name="capability" value="MoveRecordFolder"/>
</bean>
<bean id="jsonConversionComponent.moveRecordCategoryAction"
parent="jsonConversionComponent.baseAction">
<property name="name" value="moveRecordCategory"/>
<property name="kinds">
<set>
<value>RECORD_CATEGORY</value>
</set>
</property>
<property name="capability" value="MoveRecordCategory"/>
</bean>
<bean id="jsonConversionComponent.fileToAction"

2
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
View File

@@ -206,6 +206,7 @@
<bean id="webscript.org.alfresco.rma.admin.rmrole.rmroles.post" class="org.alfresco.module.org_alfresco_module_rm.script.admin.RmRolesPost" parent="webscript">
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="recordsManagementSecurityService" ref="RecordsManagementSecurityService"/>
<property name="capabilityService" ref="CapabilityService" />
</bean>
<bean id="webscript.org.alfresco.rma.admin.rmrole.rmrole.get" class="org.alfresco.module.org_alfresco_module_rm.script.admin.RmRoleGet" parent="webscript">
@@ -216,6 +217,7 @@
<bean id="webscript.org.alfresco.rma.admin.rmrole.rmrole.put" class="org.alfresco.module.org_alfresco_module_rm.script.admin.RmRolePut" parent="webscript">
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="recordsManagementSecurityService" ref="RecordsManagementSecurityService"/>
<property name="capabilityService" ref="CapabilityService" />
</bean>
<bean id="webscript.org.alfresco.rma.admin.rmrole.rmrole.delete" class="org.alfresco.module.org_alfresco_module_rm.script.admin.RmRoleDelete" parent="webscript">

178
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-doclist.lib.js
View File

@@ -1,178 +0,0 @@
function getDoclist(capabilitySet)
{
// Use helper function to get the arguments
var parsedArgs = ParseArgs.getParsedArgs("rma:filePlan");
if (parsedArgs === null)
{
return;
}
var filter = args.filter,
items = [];
// Try to find a filter query based on the passed-in arguments
var allNodes = [],
favourites = Common.getFavourites(),
filterParams = Filters.getFilterParams(filter, parsedArgs,
{
favourites: favourites
}),
query = filterParams.query;
// Ensure folders and folderlinks appear at the top of the list
var folderNodes = [],
documentNodes = [];
// Query the nodes - passing in sort and result limit parameters
if (query !== "")
{
allNodes = search.query(
{
query: query,
language: filterParams.language,
page:
{
maxItems: (filterParams.limitResults ? parseInt(filterParams.limitResults, 10) : 0)
},
sort: filterParams.sort,
templates: filterParams.templates,
namespace: (filterParams.namespace ? filterParams.namespace : null)
});
}
for each (node in allNodes)
{
try
{
if (node.isContainer || node.typeShort == "app:folderlink")
{
folderNodes.push(node);
}
else
{
documentNodes.push(node);
}
}
catch (e)
{
// Possibly an old indexed node - ignore it
}
}
// Node type counts
var folderNodesCount = folderNodes.length,
documentNodesCount = documentNodes.length,
nodes, totalRecords;
if (parsedArgs.type === "documents")
{
nodes = documentNodes;
}
else
{
nodes = folderNodes.concat(documentNodes);
}
totalRecords = nodes.length;
// Pagination
var pageSize = args.size || nodes.length,
pagePos = args.pos || "1",
startIndex = (pagePos - 1) * pageSize;
// Trim the nodes array down to the page size
nodes = nodes.slice(startIndex, pagePos * pageSize);
// Common or variable parent container?
var parent = null;
if (!filterParams.variablePath)
{
var parentEval = Evaluator.run(parsedArgs.pathNode, capabilitySet);
if (parentEval == null)
{
status.setCode(status.STATUS_BAD_REQUEST, "Not a Records Management folder: '" + parsedArgs.pathNode.nodeRef + "'");
return null;
}
// Parent node permissions (and Site role if applicable)
parent =
{
node: parsedArgs.pathNode,
type: parentEval.assetType,
userAccess: parentEval.permissions
};
}
var isThumbnailNameRegistered = thumbnailService.isThumbnailNameRegistered(THUMBNAIL_NAME),
thumbnail = null,
filePlanLocation = Common.getLocation(parsedArgs.rootNode);
// Loop through and evaluate each node in this result set
for each (node in nodes)
{
// Does this collection of nodes have potentially differering paths?
if (filterParams.variablePath)
{
location = Common.getLocation(node);
}
else
{
location =
{
site: parsedArgs.location.site,
siteTitle: parsedArgs.location.siteTitle,
container: parsedArgs.location.container,
path: parsedArgs.location.path,
file: node.name
};
}
// Is our thumbnail type registered?
if (isThumbnailNameRegistered && node.isSubType("cm:content") && item.node.properties.content.inputStream != null)
{
// Make sure we have a thumbnail.
thumbnail = node.getThumbnail(THUMBNAIL_NAME);
if (thumbnail === null)
{
// No thumbnail, so queue creation
node.createThumbnail(THUMBNAIL_NAME, true);
}
}
// Get evaluated properties
nodeEvaluator = Evaluator.run(node, capabilitySet);
if (nodeEvaluator != null)
{
items.push(
{
node: node,
isLink: false,
type: nodeEvaluator.assetType,
createdBy: nodeEvaluator.createdBy,
modifiedBy: nodeEvaluator.modifiedBy,
status: nodeEvaluator.status,
actionSet: nodeEvaluator.actionSet,
actionPermissions: nodeEvaluator.permissions,
suppressRoles: nodeEvaluator.suppressRoles,
dod5015: jsonUtils.toJSONString(nodeEvaluator.metadata),
tags: node.tags,
location: location
});
}
}
return (
{
luceneQuery: query,
paging:
{
startIndex: startIndex,
totalRecords: totalRecords
},
filePlan: filePlanLocation.containerNode,
parent: parent,
items: items
});
}

547
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-evaluator.lib.js
View File

@@ -1,547 +0,0 @@
var Evaluator =
{
/**
* Asset type evaluator
*/
getAssetType: function Evaluator_getAssetType(asset)
{
var assetType = "";
// More detailed asset type
switch (String(asset.typeShort))
{
case "rma:filePlan":
assetType = "fileplan";
break;
case "rma:recordCategory":
assetType = "record-category";
break;
case "rma:recordFolder":
assetType = "record-folder";
if (asset.hasAspect("dod:ghosted"))
{
assetType = "metadata-stub-folder";
}
break;
case "rma:nonElectronicDocument":
// Fall-through
case "cm:content":
if (asset.hasAspect("rma:record"))
{
assetType = "undeclared-record";
if (asset.hasAspect("rma:declaredRecord"))
{
assetType = "record";
if (asset.hasAspect("dod:ghosted"))
{
assetType = "metadata-stub";
}
}
}
break;
case "rma:transfer":
assetType = "transfer-container";
break;
case "rma:hold":
assetType = "hold-container";
break;
default:
assetType = asset.isContainer ? "folder" : "document";
break;
}
return assetType;
},
/**
* Records Management metadata extracter
*/
getMetadata: function Evaluator_getMetadata(asset)
{
var metadata = {};
var fnExtract = function(p_asset)
{
for (var index in p_asset.properties)
{
if (index.indexOf("{http://www.alfresco.org/model/recordsmanagement/1.0}") === 0)
{
metadata[index.replace("{http://www.alfresco.org/model/recordsmanagement/1.0}", "rma:")] = p_asset.properties[index];
}
else if (index.indexOf("{http://www.alfresco.org/model/dod5015/1.0}") === 0)
{
metadata[index.replace("{http://www.alfresco.org/model/dod5015/1.0}", "dod:")] = p_asset.properties[index];
}
}
};
// General Records Management properties
fnExtract(asset);
// Disposition Instructions, if relevant
if (asset.hasAspect("rma:scheduled"))
{
var dsArray = asset.childAssocs["rma:dispositionSchedule"];
if (dsArray != null)
{
var dsNode = dsArray[0];
if (dsNode !== null)
{
fnExtract(dsNode);
}
}
}
return metadata;
},
/**
* Previous disposition action
*/
getPreviousDispositionAction: function Evaluator_getPreviousDispositionAction(asset)
{
var history = asset.childAssocs["rma:dispositionActionHistory"],
previous = null,
fnSortByCompletionDateReverse = function sortByCompletionDateReverse(a, b)
{
// Sort the results by Disposition Action Completed At date property
return (b.properties["rma:dispositionActionCompletedAt"] > a.properties["rma:dispositionActionCompletedAt"] ? 1 : -1);
};
if (history != null)
{
history.sort(fnSortByCompletionDateReverse);
previous = history[0];
}
return previous;
},
/**
* Record and Record Folder common evaluators
*/
recordAndRecordFolder: function Evaluator_recordAndRecordFolder(asset, permissions, status)
{
var actionName = asset.properties["rma:recordSearchDispositionActionName"],
actionAsOf = asset.properties["rma:recordSearchDispositionActionAsOf"],
hasNextAction = asset.childAssocs["rma:nextDispositionAction"] != null,
recentHistory = Evaluator.getPreviousDispositionAction(asset),
previousAction = null,
now = new Date();
/* Next Disposition Action */
// Next action could become eligible based on asOf date
if (actionAsOf != null)
{
if (hasNextAction)
{
permissions["disposition-as-of"] = true;
}
// Check if action asOf date has passed
if (actionAsOf < now)
{
permissions[actionName] = true;
}
}
// Next action could also become eligible based on event completion
if (asset.properties["rma:recordSearchDispositionEventsEligible"] == true)
{
permissions[actionName] = true;
}
/* Previous Disposition Action */
if (recentHistory != null)
{
previousAction = recentHistory.properties["rma:dispositionAction"];
}
/* Cut Off status */
if (asset.hasAspect("rma:cutOff"))
{
status["cutoff"] = true;
if (asset.hasAspect("rma:dispositionLifecycle"))
{
if (previousAction == "cutoff")
{
permissions["undo-cutoff"] = true;
delete permissions["cutoff"];
}
}
}
/* Transfer or Accession Pending Completion */
// Don't show transfer or accession if either is pending completion
var assocs = asset.parentAssocs["rma:transferred"];
if (actionName == "transfer" && assocs != null && assocs.length > 0)
{
delete permissions["transfer"];
delete permissions["undo-cutoff"];
delete permissions["disposition-as-of"];
status["transfer " + assocs[0].name] = true;
}
assocs = asset.parentAssocs["rma:ascended"];
if (actionName == "accession" && assocs != null && assocs.length > 0)
{
delete permissions["accession"];
delete permissions["undo-cutoff"];
delete permissions["disposition-as-of"];
status["accession " + assocs[0].name] = true;
}
/* Transferred status */
if (asset.hasAspect("rma:transferred"))
{
var transferLocation = "";
if (previousAction == "transfer")
{
var actionId = recentHistory.properties["rma:dispositionActionId"],
actionNode = search.findNode("workspace://SpacesStore/" + actionId);
if (actionNode != null && actionNode.properties["rma:dispositionLocation"])
{
transferLocation = " " + actionNode.properties["rma:dispositionLocation"];
}
}
status["transferred" + transferLocation] = true;
}
/* Accessioned status */
if (asset.hasAspect("rma:ascended"))
{
status["accessioned NARA"] = true;
}
/* Review As Of Date */
if (asset.hasAspect("rma:vitalRecord"))
{
if (asset.properties["rma:reviewAsOf"] != null)
{
permissions["review-as-of"] = true;
}
}
/* Frozen/Unfrozen */
if (asset.hasAspect("rma:frozen"))
{
status["frozen"] = true;
if (permissions["Unfreeze"])
{
permissions["unfreeze"] = true;
}
}
else
{
if (permissions["ExtendRetentionPeriodOrFreeze"])
{
permissions["freeze"] = true;
}
}
},
/**
* Record Type evaluator
*/
recordType: function Evaluator_recordType(asset)
{
/* Supported Record Types */
var recordTypes =
[
"digitalPhotographRecord",
"pdfRecord",
"scannedRecord",
"webRecord"
],
currentRecordType = null;
for (var i = 0; i < recordTypes.length; i++)
{
if (asset.hasAspect("dod:" + recordTypes[i]))
{
currentRecordType = recordTypes[i];
break;
}
}
return currentRecordType;
},
/**
* Asset Evaluator - main entrypoint
*/
run: function Evaluator_run(asset, capabilitySet)
{
var assetType = Evaluator.getAssetType(asset),
rmNode,
recordType = null,
capabilities = {},
actions = {},
actionSet = "empty",
permissions = {},
status = {},
suppressRoles = false;
var now = new Date();
try
{
rmNode = rmService.getRecordsManagementNode(asset)
}
catch (e)
{
// Not a Records Management Node
return null;
}
/**
* Capabilities and Actions
*/
var caps, cap, act;
if (capabilitySet == "all")
{
caps = rmNode.capabilities;
}
else
{
caps = rmNode.capabilitiesSet(capabilitySet);
}
for each (cap in caps)
{
capabilities[cap.name] = true;
for each (act in cap.actions)
{
actions[act] = true;
}
}
/**
* COMMON FOR ALL TYPES
*/
/**
* Basic permissions - start from entire capabiltiies list
* TODO: Filter-out the ones not relevant to DocLib UI.
*/
permissions = capabilities;
/**
* Multiple parent assocs
*/
var parents = asset.parentAssocs["contains"];
if (parents !== null && parents.length > 1)
{
status["multi-parent " + parents.length] = true;
}
/**
* E-mail type
*/
if (asset.mimetype == "message/rfc822")
{
permissions["split-email"] = true;
}
switch (assetType)
{
/**
* SPECIFIC TO: FILE PLAN
*/
case "fileplan":
permissions["new-series"] = capabilities["Create"];
break;
/**
* SPECIFIC TO: RECORD SERIES
*/
case "record-series":
actionSet = "recordSeries";
permissions["new-category"] = capabilities["Create"];
break;
/**
* SPECIFIC TO: RECORD CATEGORY
*/
case "record-category":
actionSet = "recordCategory";
permissions["new-folder"] = capabilities["Create"];
break;
/**
* SPECIFIC TO: RECORD FOLDER
*/
case "record-folder":
actionSet = "recordFolder";
/* Record and Record Folder common evaluator */
Evaluator.recordAndRecordFolder(asset, permissions, status);
/* Update Cut Off status to folder-specific status */
if (status["cutoff"] == true)
{
delete status["cutoff"];
status["cutoff-folder"] = true;
}
/* File new Records */
permissions["file"] = capabilities["Create"];
/* Open/Closed */
if (asset.properties["rma:isClosed"])
{
// Cutoff implies closed, so no need to duplicate
if (!status["cutoff-folder"])
{
status["closed"] = true;
}
if (capabilities["ReOpenFolders"])
{
permissions["open-folder"] = true;
}
}
else
{
status["open"] = true;
if (capabilities["CloseFolders"])
{
permissions["close-folder"] = true;
}
}
break;
/**
* SPECIFIC TO: RECORD
*/
case "record":
actionSet = "record";
/* Record and Record Folder common evaluator */
Evaluator.recordAndRecordFolder(asset, permissions, status);
/* Electronic/Non-electronic documents */
if (asset.typeShort == "rma:nonElectronicDocument")
{
assetType = "record-nonelec";
}
else
{
permissions["download"] = true;
}
/* Record Type evaluator */
recordType = Evaluator.recordType(asset);
if (recordType != null)
{
status[recordType] = true;
}
/* Undeclare Record */
if (asset.hasAspect("rma:cutOff") == false)
{
permissions["undeclare"] = true;
}
break;
/**
* SPECIFIC TO: GHOSTED RECORD FOLDER (Metadata Stub Folder)
*/
case "metadata-stub-folder":
actionSet = "metadataStubFolder";
/* Destroyed status */
status["destroyed"] = true;
break;
/**
* SPECIFIC TO: GHOSTED RECORD (Metadata Stub)
*/
case "metadata-stub":
actionSet = "metadataStub";
/* Destroyed status */
status["destroyed"] = true;
/* Record Type evaluator */
recordType = Evaluator.recordType(asset);
if (recordType != null)
{
status[recordType] = true;
}
break;
/**
* SPECIFIC TO: UNDECLARED RECORD
*/
case "undeclared-record":
actionSet = "undeclaredRecord";
/* Electronic/Non-electronic documents */
if (asset.typeShort == "rma:nonElectronicDocument")
{
assetType = "undeclared-record-nonelec";
}
else
{
permissions["download"] = true;
/* Record Type evaluator */
recordType = Evaluator.recordType(asset);
if (recordType != null)
{
status[recordType] = true;
}
else
{
permissions["set-record-type"] = true;
}
}
break;
/**
* SPECIFIC TO: TRANSFER CONTAINERS
*/
case "transfer-container":
actionSet = "transferContainer";
suppressRoles = true;
break;
/**
* SPECIFIC TO: HOLD CONTAINERS
*/
case "hold-container":
actionSet = "holdContainer";
permissions["Unfreeze"] = true;
permissions["ViewUpdateReasonsForFreeze"] = true;
suppressRoles = true;
break;
/**
* SPECIFIC TO: LEGACY TYPES
*/
default:
actionSet = assetType;
break;
}
return (
{
assetType: assetType,
actionSet: actionSet,
permissions: permissions,
createdBy: Common.getPerson(asset.properties["cm:creator"]),
modifiedBy: Common.getPerson(asset.properties["cm:modifier"]),
status: status,
metadata: Evaluator.getMetadata(asset, assetType),
suppressRoles: suppressRoles
});
}
};

183
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-filters.lib.js
View File

@@ -1,183 +0,0 @@
var Filters =
{
/**
* Type map to filter required types
* NOTE: "documents" filter also returns folders to show UI hint about hidden folders.
*/
TYPE_MAP:
{
"documents": '+(TYPE:"{http://www.alfresco.org/model/content/1.0}content" OR TYPE:"{http://www.alfresco.org/model/application/1.0}filelink" OR TYPE:"{http://www.alfresco.org/model/content/1.0}folder")',
"folders": '+(TYPE:"{http://www.alfresco.org/model/content/1.0}folder" OR TYPE:"{http://www.alfresco.org/model/application/1.0}folderlink")',
"images": "-TYPE:\"{http://www.alfresco.org/model/content/1.0}thumbnail\" +@cm\\:content.mimetype:image/*"
},
/**
* Query templates for custom search
*/
QUERY_TEMPLATES:
[
{field: "keywords", template: "%(cm:name cm:title cm:description TEXT)"},
{field: "name", template: "%(cm:name)"},
{field: "title", template: "%(cm:title)"},
{field: "description", template: "%(cm:description)"},
{field: "creator", template: "%(cm:creator)"},
{field: "created", template: "%(cm:created)"},
{field: "modifier", template: "%(cm:modifier)"},
{field: "modified", template: "%(cm:modified)"},
{field: "author", template: "%(cm:author)"},
{field: "markings", template: "%(rmc:supplementalMarkingList)"},
{field: "dispositionEvents", template: "%(rma:recordSearchDispositionEvents)"},
{field: "dispositionActionName", template: "%(rma:recordSearchDispositionActionName)"},
{field: "dispositionActionAsOf", template: "%(rma:recordSearchDispositionActionAsOf)"},
{field: "dispositionEventsEligible", template: "%(rma:recordSearchDispositionEventsEligible)"},
{field: "dispositionPeriod", template: "%(rma:recordSearchDispositionPeriod)"},
{field: "hasDispositionSchedule", template: "%(rma:recordSearchHasDispositionSchedule)"},
{field: "dispositionInstructions", template: "%(rma:recordSearchDispositionInstructions)"},
{field: "dispositionAuthority", template: "%(rma:recordSearchDispositionAuthority)"},
{field: "holdReason", template: "%(rma:recordSearchHoldReason)"},
{field: "vitalRecordReviewPeriod", template: "%(rma:recordSearchVitalRecordReviewPeriod)"}
],
/**
* Create filter parameters based on input parameters
*
* @method getFilterParams
* @param filter {string} Required filter
* @param parsedArgs {object} Parsed arguments object literal
* @param optional {object} Optional arguments depending on filter type
* @return {object} Object literal containing parameters to be used in Lucene search
*/
getFilterParams: function Filter_getFilterParams(filter, parsedArgs, optional)
{
var filterParams =
{
query: "+PATH:\"" + parsedArgs.pathNode.qnamePath + "/*\"",
limitResults: null,
sort: [
{
column: "@{http://www.alfresco.org/model/content/1.0}name",
ascending: true
}],
language: "lucene",
templates: null,
variablePath: true
};
// Max returned results specified?
var argMax = args.max;
if ((argMax !== null) && !isNaN(argMax))
{
filterParams.limitResults = argMax;
}
// Create query based on passed-in arguments
var filterData = args.filterData,
filterQuery = "";
// Common types and aspects to filter from the UI
var filterQueryDefaults = " -TYPE:\"{http://www.alfresco.org/model/content/1.0}thumbnail\"" +
" -TYPE:\"{http://www.alfresco.org/model/content/1.0}systemfolder\"" +
" -TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}dispositionSchedule\"" +
" -TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}dispositionActionDefinition\"" +
" -TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}dispositionAction\"" +
" -TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}hold\"" +
" -TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}transfer\"";
// Create query based on passed-in arguments
switch (String(filter))
{
case "all":
filterQuery = "+PATH:\"" + parsedArgs.rootNode.qnamePath + "//*\"";
filterQuery += " -TYPE:\"{http://www.alfresco.org/model/content/1.0}folder\"";
filterParams.query = filterQuery + filterQueryDefaults;
break;
case "node":
parsedArgs.pathNode = parsedArgs.rootNode.parent;
filterParams.variablePath = false;
filterParams.query = "+ID:\"" + parsedArgs.rootNode.nodeRef + "\"";
break;
case "savedsearch":
var searchNode = parsedArgs.location.siteNode.getContainer("Saved Searches");
if (searchNode != null)
{
var ssNode = searchNode.childByNamePath(String(filterData));
if (ssNode != null)
{
var ssJson = eval('try{(' + ssNode.content + ')}catch(e){}');
filterQuery = ssJson.query;
// Wrap the query so that only valid items within the filePlan are returned
filterParams.query = 'PATH:"' + parsedArgs.rootNode.qnamePath + '//*" AND (' + filterQuery + ')';
filterParams.templates = Filters.QUERY_TEMPLATES;
filterParams.language = "fts-alfresco";
filterParams.namespace = "http://www.alfresco.org/model/recordsmanagement/1.0";
// gather up the sort by fields
// they are encoded as "property/dir" i.e. "cm:name/asc"
if (ssJson.sort && ssJson.sort.length !== 0)
{
var sortPairs = ssJson.sort.split(",");
var sort = [];
for (var i=0, j; i<sortPairs.length; i++)
{
if (sortPairs[i].length !== 0)
{
j = sortPairs[i].indexOf("/");
sort.push(
{
column: sortPairs[i].substring(0, j),
ascending: (sortPairs[i].substring(j+1) == "asc")
});
}
}
filterParams.sort = sort;
}
}
}
break;
case "transfers":
if (filterData == null)
{
filterParams.variablePath = false;
filterQuery = "+PATH:\"" + parsedArgs.rootNode.qnamePath + "//*\"";
filterQuery += " +TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}transfer\"";
filterParams.query = filterQuery;
}
else
{
filterParams.query = "+PARENT:\"" + filterData + "\"";
}
break;
case "holds":
if (filterData == null)
{
filterParams.variablePath = false;
filterQuery = "+PATH:\"" + parsedArgs.rootNode.qnamePath + "//*\"";
filterQuery += " +TYPE:\"{http://www.alfresco.org/model/recordsmanagement/1.0}hold\"";
filterParams.query = filterQuery;
}
else
{
filterParams.query = "+PARENT:\"" + filterData + "\"";
}
break;
default:
filterParams.variablePath = false;
filterQuery = "+PATH:\"" + parsedArgs.pathNode.qnamePath + "/*\"";
filterParams.query = filterQuery + filterQueryDefaults;
break;
}
// Specialise by passed-in type
if (filterParams.query !== "")
{
filterParams.query += " " + (Filters.TYPE_MAP[parsedArgs.type] || "");
}
return filterParams;
}
};

9
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.desc.xml
View File

@@ -1,9 +0,0 @@
<webscript>
<shortname>node</shortname>
<description>Document List Component - rm node data webscript</description>
<url>/slingshot/doclib/rm/node/{store_type}/{store_id}/{id}</url>
<format default="json">argument</format>
<authentication>user</authentication>
<transaction allow="readwrite" buffersize="0">required</transaction>
<lifecycle>internal</lifecycle>
</webscript>

6
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.js
View File

@@ -1,6 +0,0 @@
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-evaluator.lib.js">
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-filters.lib.js">
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/parse-args.lib.js">
<import resource="classpath:/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-doclist.lib.js">
model.doclist = getDoclist("all");

34
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-node.get.json.ftl
View File

@@ -1,34 +0,0 @@
<#import "item.lib.ftl" as itemLib />
<#escape x as jsonUtils.encodeJSONString(x)>
{
"totalRecords": ${doclist.paging.totalRecords?c},
"startIndex": ${doclist.paging.startIndex?c},
"metadata":
{
<#if doclist.filePlan??>"filePlan": "${doclist.filePlan.nodeRef}",</#if>
"parent":
{
<#if doclist.parent??>
"nodeRef": "${doclist.parent.node.nodeRef}",
"type": "${doclist.parent.type}",
"permissions":
{
"userAccess":
{
<#list doclist.parent.userAccess?keys as perm>
<#if doclist.parent.userAccess[perm]?is_boolean>
"${perm?string}": ${doclist.parent.userAccess[perm]?string}<#if perm_has_next>,</#if>
</#if>
</#list>
}
}
</#if>
}
},
"item":
{
<@itemLib.itemJSON item=doclist.items[0] />,
"dod5015": <#noescape>${doclist.items[0].dod5015}</#noescape>
}
}
</#escape>

17
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/rm-treenode.get.js
View File

@@ -55,12 +55,17 @@ function getTreenode()
{
if (itemIsAllowed(item) && !(item.type in ignoredTypes))
{
capabilities = {};
//capabilities = {};
rmNode = rmService.getRecordsManagementNode(item);
for each (cap in rmNode.capabilitiesSet("Create"))
{
capabilities[cap.name] = true;
}
//for each (cap in rmNode.capabilitiesSet("Create"))
//{
// capabilities[cap.name] = true;
//}
//
hasCreateCapability = rmNode.hasCapability("Create");
if (evalChildFolders)
{
@@ -73,7 +78,7 @@ function getTreenode()
hasSubfolders: hasSubfolders,
permissions:
{
create: capabilities["Create"]
create: hasCreateCapability
}
});
}

8
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -43,6 +44,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName RECORDS_MANAGEMENT_EVENT_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementEventService");
static final QName RECORDS_MANAGEMENT_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementSecurityService");
static final QName RECORDS_MANAGEMENT_AUDIT_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementAuditService");
static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService");
/**
* @return records management service
@@ -85,4 +87,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
RecordsManagementAuditService getRecordsManagementAuditService();
/**
* @return capability service
*/
@NotAuditable
CapabilityService getCapabilityService();
}

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -89,4 +90,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
{
return (DispositionService)getService(DISPOSITION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getCapabilityService()
*/
@Override
public CapabilityService getCapabilityService()
{
return (CapabilityService)getService(CAPABILITY_SERVICE);
}
}

78
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
View File

@@ -29,6 +29,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.util.I18NUtil;
/**
* Abstract capability implementation.
@@ -52,6 +53,10 @@ public abstract class AbstractCapability extends RMSecurityCommon
/** Capability name */
protected String name;
/** Capability title and description */
protected String title;
protected String description;
/** Indicates whether this is a private capability or not */
protected boolean isPrivate = false;
@@ -115,6 +120,56 @@ public abstract class AbstractCapability extends RMSecurityCommon
return name;
}
/**
* @param title capability title
*/
public void setTitle(String title)
{
this.title = title;
}
/**
* @param titleId message id
*/
public void setTitleId(String titleId)
{
this.title = I18NUtil.getMessage(titleId);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getTitle()
*/
@Override
public String getTitle()
{
return title;
}
/**
* @param description capability description
*/
public void setDescription(String description)
{
this.description = description;
}
/**
* @param descriptionId message id
*/
public void setDescriptionId(String descriptionId)
{
this.description = I18NUtil.getMessage(descriptionId);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getDescription()
*/
@Override
public String getDescription()
{
return description;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isPrivate()
*/
@@ -183,11 +238,22 @@ public abstract class AbstractCapability extends RMSecurityCommon
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#hasPermission(org.alfresco.service.cmr.repository.NodeRef)
*/
public AccessStatus hasPermission(NodeRef nodeRef)
{
return translate(hasPermissionRaw(nodeRef));
}
/**
* Determines whether the current user has permission on this capability.
* <p>
* Returns the raw permission value.
*
* @param nodeRef node reference
* @return raw permission value
*/
public int hasPermissionRaw(NodeRef nodeRef)
{
String prefix = "hasPermissionRaw" + getName();
@@ -232,16 +298,25 @@ public abstract class AbstractCapability extends RMSecurityCommon
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActionNames()
*/
public List<String> getActionNames()
{
return actionNames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActions()
*/
public List<RecordsManagementAction> getActions()
{
return actions;
}
/**
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode()
{
@@ -251,6 +326,9 @@ public abstract class AbstractCapability extends RMSecurityCommon
return result;
}
/**
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj)
{

27
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
View File

@@ -28,6 +28,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
* Capability Interface.
*
* @author andyh
* @author Roy Wetherall
*/
public interface Capability
{
@@ -54,10 +55,11 @@ public interface Capability
int evaluate(NodeRef nodeRef);
/**
* Evaluates the capability, taking into account a target.
*
* @param source
* @param target
* @return
* @param source source node reference
* @param target target node reference
* @return int permission value
*/
int evaluate(NodeRef source, NodeRef target);
@@ -65,16 +67,31 @@ public interface Capability
* Indicates whether this is a private capability or not. Private capabilities are used internally, otherwise
* they are made available to the user to assign to roles.
*
* @return
* @return boolean true if private, false otherwise
*/
boolean isPrivate();
/**
* Get the name of the capability
* @return
*
* @return String capability name
*/
String getName();
/**
* Get the title of the capability
*
* @return String capability title
*/
String getTitle();
/**
* Get the description of the capability
*
* @return String capability description
*/
String getDescription();
/**
* Get the name of optional actions tied to this capability
* @return

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
View File

@@ -54,6 +54,13 @@ public interface CapabilityService
*/
Set<Capability> getCapabilities();
/**
*
* @param includePrivate
* @return
*/
Set<Capability> getCapabilities(boolean includePrivate);
/**
*
* @param nodeRef

28
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityServiceImpl.java
View File

@@ -60,7 +60,33 @@ public class CapabilityServiceImpl implements CapabilityService
@Override
public Set<Capability> getCapabilities()
{
return new HashSet<Capability>(capabilities.values());
return getCapabilities(true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService#getCapabilities(boolean)
*/
@Override
public Set<Capability> getCapabilities(boolean includePrivate)
{
Set<Capability> result = null;
if (includePrivate == true)
{
result = new HashSet<Capability>(capabilities.values());
}
else
{
result = new HashSet<Capability>(capabilities.size());
for (Capability capability : capabilities.values())
{
if (capability.isPrivate() == false)
{
result.add(capability);
}
}
}
return result;
}
/**

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
View File

@@ -38,7 +38,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability;
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
@@ -880,7 +879,7 @@ public class RMEntryVoter extends RMSecurityCommon
if ((movee != null) && (destination != null))
{
return ((MoveRecordsCapability)capabilityService.getCapability(RMPermissionModel.MOVE_RECORDS)).evaluate(movee, destination);
return capabilityService.getCapability("Move").evaluate(movee, destination);
}
else
{

37
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
View File

@@ -52,9 +52,13 @@ public class CompositeCapability extends DeclarativeCapability
for (Capability capability : capabilities)
{
int capabilityResult = capability.evaluate(nodeRef);
if (capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
if (capabilityResult != AccessDecisionVoter.ACCESS_DENIED)
{
result = AccessDecisionVoter.ACCESS_GRANTED;
result = AccessDecisionVoter.ACCESS_ABSTAIN;
if (isUndetermined() == false && capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
{
result = AccessDecisionVoter.ACCESS_GRANTED;
}
break;
}
}
@@ -62,4 +66,33 @@ public class CompositeCapability extends DeclarativeCapability
return result;
}
@Override
public int evaluate(NodeRef source, NodeRef target)
{
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
if (targetCapability != null)
{
result = super.evaluate(source, target);
}
else
{
// Check each capability using 'OR' logic
for (Capability capability : capabilities)
{
int capabilityResult = capability.evaluate(source, target);
if (capabilityResult != AccessDecisionVoter.ACCESS_DENIED)
{
result = AccessDecisionVoter.ACCESS_ABSTAIN;
if (isUndetermined() == false && capabilityResult == AccessDecisionVoter.ACCESS_GRANTED)
{
result = AccessDecisionVoter.ACCESS_GRANTED;
}
break;
}
}
}
return result;
}
}

75
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
View File

@@ -19,6 +19,7 @@
package org.alfresco.module.org_alfresco_module_rm.capability.declarative;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@@ -27,6 +28,7 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.springframework.beans.BeansException;
@@ -38,19 +40,26 @@ import org.springframework.context.ApplicationContextAware;
*
* @author Roy Wetherall
*/
public class DeclarativeCapability extends AbstractCapability implements ApplicationContextAware
public class DeclarativeCapability extends AbstractCapability
implements ApplicationContextAware
{
/** Application Context */
protected ApplicationContext applicationContext;
/** Required permissions */
private List<String> permissions;
protected List<String> permissions;
/** Map of conditions and expected evaluation result */
private Map<String, Boolean> conditions;
protected Map<String, Boolean> conditions;
/** List of file plan component kinds one of which must be satisfied */
private List<String> kinds;
protected List<String> kinds;
/** Capability to be evaluated against the target node reference */
protected Capability targetCapability;
/** Indicates whether to return an undetermined result */
protected boolean isUndetermined = false;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
@@ -83,7 +92,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
}
/**
* @param kinds list of file plan component kinds that the
* @param kinds list of file plan component kinds
*/
public void setKinds(List<String> kinds)
{
@@ -98,6 +107,32 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
return kinds;
}
/**
* Helper method to set a single kind.
*
* @param kind file plan component kind
*/
public void setKind(String kind)
{
this.kinds = Collections.singletonList(kind);
}
/**
* Sets whether the capability will return an undetermined result when evaluating permissions
* for a single node reference or not. The default is to return grant.
*
* @param isUndetermined true if undetermined result, false otherwise
*/
public void setUndetermined(boolean isUndetermined)
{
this.isUndetermined = isUndetermined;
}
public boolean isUndetermined()
{
return isUndetermined;
}
/**
* Helper @see #setPermissions(List)
*
@@ -110,6 +145,14 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
this.permissions = permissions;
}
/**
* @param targetCapability target capability
*/
public void setTargetCapability(Capability targetCapability)
{
this.targetCapability = targetCapability;
}
/**
* Check the permissions passed.
*
@@ -261,6 +304,21 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
return result;
}
@Override
public int evaluate(NodeRef source, NodeRef target)
{
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
if (targetCapability != null)
{
result = evaluate(source);
if (result != AccessDecisionVoter.ACCESS_DENIED)
{
result = targetCapability.evaluate(target);
}
}
return result;
}
/**
* Default implementation. Given extending classes a hook point for further checks.
*
@@ -269,7 +327,12 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
*/
protected int evaluateImpl(NodeRef nodeRef)
{
return AccessDecisionVoter.ACCESS_GRANTED;
int result = AccessDecisionVoter.ACCESS_GRANTED;
if (isUndetermined == true)
{
result = AccessDecisionVoter.ACCESS_ABSTAIN;
}
return result;
}
/**

91
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
View File

@@ -1,91 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
public class MoveRecordsCapability extends DeclarativeCapability
{
@Override
public int evaluate(NodeRef nodeRef)
{
// no way to know ...
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
public int evaluate(NodeRef movee, NodeRef destination)
{
int state = AccessDecisionVoter.ACCESS_ABSTAIN;
if (rmService.isFilePlanComponent(destination))
{
state = checkRead(movee, true);
if (state != AccessDecisionVoter.ACCESS_GRANTED)
{
return AccessDecisionVoter.ACCESS_DENIED;
}
if (rmService.isFilePlanComponent(movee) == true)
{
state = capabilityService.getCapability("Delete").evaluate(movee);
}
else
{
if (checkPermissionsImpl(movee, PermissionService.DELETE) == true)
{
state = AccessDecisionVoter.ACCESS_GRANTED;
}
}
if (state == AccessDecisionVoter.ACCESS_GRANTED)
{
QName type = nodeService.getType(movee);
// now we know the node - we can abstain for certain types and aspects (eg, rm)
CreateCapability createCapability = (CreateCapability)capabilityService.getCapability("Create");
state = createCapability.evaluate(destination, movee, type, null);
if (state == AccessDecisionVoter.ACCESS_GRANTED)
{
if (rmService.isFilePlanComponent(movee) == true)
{
if (checkPermissionsImpl(movee, MOVE_RECORDS) == true)
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
}
else
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
}
}
return AccessDecisionVoter.ACCESS_DENIED;
}
else
{
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
}
}

48
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/ScriptRecordsManagmentNode.java
View File

@@ -18,20 +18,21 @@
*/
package org.alfresco.module.org_alfresco_module_rm.jscript;
import java.util.ArrayList;
import java.util.List;
import java.util.Collections;
import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.repo.jscript.ScriptNode;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.mozilla.javascript.Scriptable;
/**
* Base records managment script node
* Base records management script node
*
* NOTE: this could be removed, but is being kept as a place holder for future development
*
* @author Roy Wetherall
*/
@@ -53,38 +54,25 @@ public class ScriptRecordsManagmentNode extends ScriptNode
rmServices = services;
}
public ScriptCapability[] getCapabilities()
public boolean hasCapability(String capabilityName)
{
return capabilitiesSet(null);
}
boolean result = false;
public ScriptCapability[] capabilitiesSet(String capabilitiesSet)
{
RecordsManagementSecurityService rmSecurity = rmServices.getRecordsManagementSecurityService();
Map<Capability, AccessStatus> cMap = null;
if (capabilitiesSet == null)
CapabilityService capabilityService = (CapabilityService)rmServices.getCapabilityService();
Capability capability = capabilityService.getCapability(capabilityName);
if (capability != null)
{
// Get all capabilities
cMap = rmSecurity.getCapabilities(this.nodeRef);
}
else
{
cMap = rmSecurity.getCapabilities(this.nodeRef, capabilitiesSet);
}
List<ScriptCapability> list = new ArrayList<ScriptCapability>(cMap.size());
for (Map.Entry<Capability, AccessStatus> entry : cMap.entrySet())
{
if (AccessStatus.ALLOWED.equals(entry.getValue()) == true ||
AccessStatus.UNDETERMINED.equals(entry.getValue()) == true)
Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, Collections.singletonList(capabilityName));
if (map.containsKey(capability) == true)
{
Capability cap = entry.getKey();
String[] actions = (String[])cap.getActionNames().toArray(new String[cap.getActionNames().size()]);
ScriptCapability scriptCap = new ScriptCapability(cap.getName(), cap.getName(), actions);
list.add(scriptCap);
AccessStatus accessStatus = map.get(capability);
if (accessStatus.equals(AccessStatus.DENIED) == false)
{
result = true;
}
}
}
return (ScriptCapability[])list.toArray(new ScriptCapability[list.size()]);
return result;
}
}

19
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolePut.java
View File

@@ -27,20 +27,21 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.service.cmr.repository.NodeRef;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
*
@@ -54,6 +55,7 @@ public class RmRolePut extends DeclarativeWebScript
private RecordsManagementService rmService;
private RecordsManagementSecurityService rmSecurityService;
private CapabilityService capabilityService;
public void setRecordsManagementSecurityService(RecordsManagementSecurityService rmSecurityService)
{
@@ -65,6 +67,11 @@ public class RmRolePut extends DeclarativeWebScript
this.rmService = rmService;
}
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
@Override
public Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
@@ -90,7 +97,7 @@ public class RmRolePut extends DeclarativeWebScript
Set<Capability> capabilites = new HashSet<Capability>(capabilitiesArray.length());
for (int i = 0; i < capabilitiesArray.length(); i++)
{
Capability capability = rmSecurityService.getCapability(capabilitiesArray.getString(i));
Capability capability = capabilityService.getCapability(capabilitiesArray.getString(i));
capabilites.add(capability);
}

23
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesPost.java
View File

@@ -27,23 +27,24 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.service.cmr.repository.NodeRef;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
*
* RM Roles Post implementation
*
* @author Roy Wetherall
*/
@@ -54,6 +55,7 @@ public class RmRolesPost extends DeclarativeWebScript
private RecordsManagementService rmService;
private RecordsManagementSecurityService rmSecurityService;
private CapabilityService capabilityService;
public void setRecordsManagementSecurityService(RecordsManagementSecurityService rmSecurityService)
{
@@ -65,6 +67,11 @@ public class RmRolesPost extends DeclarativeWebScript
this.rmService = rmService;
}
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
@Override
public Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
@@ -82,7 +89,7 @@ public class RmRolesPost extends DeclarativeWebScript
Set<Capability> capabilites = new HashSet<Capability>(capabilitiesArray.length());
for (int i = 0; i < capabilitiesArray.length(); i++)
{
Capability capability = rmSecurityService.getCapability(capabilitiesArray.getString(i));
Capability capability = capabilityService.getCapability(capabilitiesArray.getString(i));
capabilites.add(capability);
}
@@ -91,7 +98,7 @@ public class RmRolesPost extends DeclarativeWebScript
Role role = rmSecurityService.createRole(root, name, displayString, capabilites);
Set<Role> roles = rmSecurityService.getRoles(root);
//Set<Role> roles = rmSecurityService.getRoles(root);
model.put("role", role);
}

29
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -33,35 +33,6 @@ import org.alfresco.service.namespace.QName;
*/
public interface RecordsManagementSecurityService
{
/**
* Get a list of the capabilities available
*
* @return List<Capability> list of capabilities available
*/
Set<Capability> getCapabilities();
/**
* Get the full set of capabilities for the current user.
* @param nodeRef
* @return
*/
Map<Capability, AccessStatus> getCapabilities(NodeRef nodeRef);
/**
*
* @param nodeRef
* @param capabilitySet
* @return
*/
Map<Capability, AccessStatus> getCapabilities(NodeRef nodeRef, String capabilitySet);
/**
* Get a capability by name
* @param name
* @return
*/
Capability getCapability(String name);
/**
* Get the set of aspect QNames which can not be added direct via the public node service;
* they must be managed via the appropriate actions.

99
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -22,11 +22,8 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
@@ -51,7 +48,6 @@ import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
@@ -83,9 +79,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Policy component */
private PolicyComponent policyComponent;
/** Owner service */
private OwnableService ownableService;
/** Records management service */
private RecordsManagementService recordsManagementService;
@@ -95,12 +88,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** RM Entry voter */
private RMEntryVoter voter;
/**
* Capability sets. Allow sub-sets of capabilities to be defined enhancing performance when
* only a sub-set need be evaluated.
*/
private Map<String, List<String>> capabilitySets;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -147,16 +134,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.policyComponent = policyComponent;
}
/**
* Set the ownable service
*
* @param ownableService ownable service
*/
public void setOwnableService(OwnableService ownableService)
{
this.ownableService = ownableService;
}
/**
* Set records management service
*
@@ -177,15 +154,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.nodeService = nodeService;
}
/**
* Set the capability sets
* @param capabilitySets map of capability sets (configured in Spring)
*/
public void setCapabilitySets(Map<String, List<String>> capabilitySets)
{
this.capabilitySets = capabilitySets;
}
/**
* Set the RM voter
*
@@ -217,7 +185,11 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
public void beforeDeleteFrozenNode(NodeRef nodeRef)
{
throw new AccessDeniedException("Frozen nodes can not be deleted");
if (nodeService.exists(nodeRef) && recordsManagementService.isFrozen(nodeRef) == true)
{
// Never allowed to delete a frozen node
throw new AccessDeniedException("Frozen nodes can not be deleted");
}
}
/**
@@ -345,63 +317,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities()
*/
public Set<Capability> getCapabilities()
{
Collection<Capability> caps = capabilityService.getCapabilities();
Set<Capability> result = new HashSet<Capability>(caps.size());
for (Capability cap : caps)
{
if (cap.isPrivate() == false)
{
result.add(cap);
}
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities(org.alfresco.service.cmr.repository.NodeRef)
*/
public Map<Capability, AccessStatus> getCapabilities(NodeRef nodeRef)
{
return capabilityService.getCapabilitiesAccessState(nodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapabilities(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Map<Capability, AccessStatus> getCapabilities(NodeRef nodeRef, String capabilitySet)
{
List<String> capabilities = capabilitySets.get(capabilitySet);
if (capabilities == null)
{
if (getCapability(capabilitySet) != null)
{
// If the capability set is the name of a capability assume we just want that single
// capability
capabilities = new ArrayList<String>(1);
capabilities.add(capabilitySet);
}
else
{
throw new AlfrescoRuntimeException("Unable to find the capability set '" + capabilitySet + "'");
}
}
return capabilityService.getCapabilitiesAccessState(nodeRef, capabilities);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getCapability(java.lang.String)
*/
public Capability getCapability(String name)
{
return capabilityService.getCapability(name);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
*/
@@ -488,7 +403,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
for (int index = 0; index < arrCaps.length(); index++)
{
String capName = arrCaps.getString(index);
Capability capability = getCapability(capName);
Capability capability = capabilityService.getCapability(capName);
if (capability == null)
{
throw new AlfrescoRuntimeException("The capability '" + capName + "' configured for the deafult boostrap role '" + name + "' is invalid.");
@@ -675,7 +590,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
if (permission.getAuthority().equals(roleAuthority) == true)
{
String capabilityName = permission.getPermission();
if (getCapability(capabilityName) != null)
if (capabilityService.getCapability(capabilityName) != null)
{
capabilities.add(permission.getPermission());
}

9
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
View File

@@ -18,15 +18,16 @@
*/
package org.alfresco.module.org_alfresco_module_rm.test;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementActionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementAdminServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementSearchServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordsManagementServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.VitalRecordServiceImplTest;
import junit.framework.Test;
import junit.framework.TestSuite;
/**
* RM test suite
@@ -45,7 +46,7 @@ public class ServicesTestSuite extends TestSuite
TestSuite suite = new TestSuite();
suite.addTestSuite(RecordsManagementServiceImplTest.class);
suite.addTestSuite(DispositionServiceImplTest.class);
//suite.addTestSuite(RecordsManagementActionServiceImplTest.class);
suite.addTestSuite(RecordsManagementActionServiceImplTest.class);
suite.addTestSuite(RecordsManagementAdminServiceImplTest.class);
//suite.addTestSuite(RecordsManagementAuditServiceImplTest.class);
//suite.addTestSuite(RecordsManagementEventServiceImplTest.class);

145
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
View File

@@ -89,7 +89,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
protected void check(Map<Capability, AccessStatus> access, String name, AccessStatus accessStatus)
{
Capability capability = securityService.getCapability(name);
Capability capability = capabilityService.getCapability(name);
assertNotNull(capability);
assertEquals(accessStatus, access.get(capability));
}
@@ -403,7 +403,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
*/
private void testCapabilityActions(int count, String capability)
{
assertEquals(count, securityService.getCapability(capability)
assertEquals(count, capabilityService.getCapability(capability)
.getActionNames().size());
}
@@ -423,8 +423,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(AuthenticationUtil
.getSystemUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -503,7 +502,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -543,8 +542,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -623,7 +621,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -665,8 +663,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -745,7 +742,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -793,8 +790,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(recordsManagerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -873,7 +869,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -917,8 +913,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(securityOfficerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -995,7 +990,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1036,8 +1031,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(powerUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1114,7 +1108,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1155,8 +1149,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(filePlan);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(filePlan);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1233,7 +1226,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1275,8 +1268,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1355,7 +1347,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1398,8 +1390,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1478,7 +1469,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1520,8 +1511,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1600,7 +1590,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1644,8 +1634,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(recordsManagerName);
// permissionService.setPermission(recordCategory_1,
// rm_records_manager, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1724,7 +1713,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1768,8 +1757,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(securityOfficerName);
// permissionService.setPermission(recordCategory_1,
// securityOfficerName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1846,7 +1835,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -1889,8 +1878,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(powerUserName);
// permissionService.setPermission(rmContainer,
// powerUserName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -1967,7 +1956,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2010,8 +1999,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
.setFullyAuthenticatedUser(rmUserName);
// permissionService.setPermission(rmContainer,
// rmUserName, FILING, true);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmContainer);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmContainer);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2088,7 +2077,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2130,8 +2119,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2215,7 +2204,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2259,8 +2248,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2339,7 +2328,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2382,8 +2371,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2462,7 +2451,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2504,7 +2493,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(recordsManagerName);
//setFilingOnRecordFolder(rmFolder, recordsManagerName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2583,7 +2572,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.ALLOWED);
check(access, MAP_EMAIL_METADATA, AccessStatus.ALLOWED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.ALLOWED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2625,7 +2614,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(securityOfficerName);
//setFilingOnRecordFolder(rmFolder, securityOfficerName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2702,7 +2691,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2743,7 +2732,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil.setFullyAuthenticatedUser(powerUserName);
//setFilingOnRecordFolder(rmFolder, powerUserName);
Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2820,7 +2809,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2862,8 +2851,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
//setFilingOnRecordFolder(rmFolder, rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(rmFolder);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(rmFolder);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -2940,7 +2929,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -2980,7 +2969,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
Map<Capability, AccessStatus> access = securityService.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService.getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3103,8 +3092,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getAdminUserName());
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3226,8 +3215,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
{
AuthenticationUtil
.setFullyAuthenticatedUser(rmAdminName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size());
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3350,8 +3339,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(recordsManagerName);
// setFilingOnRecord(record, recordsManagerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3474,8 +3463,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(securityOfficerName);
// setFilingOnRecord(record, securityOfficerName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3553,7 +3542,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -3596,8 +3585,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(powerUserName);
// setFilingOnRecord(record, powerUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3675,7 +3664,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);
@@ -3717,8 +3706,8 @@ public class CapabilitiesTest extends BaseRMTestCase implements
AuthenticationUtil
.setFullyAuthenticatedUser(rmUserName);
// setFilingOnRecord(record, rmUserName);
Map<Capability, AccessStatus> access = securityService
.getCapabilities(record);
Map<Capability, AccessStatus> access = capabilityService
.getCapabilitiesAccessState(record);
assertEquals(66, access.size()); // 58 + File
check(access, ACCESS_AUDIT, AccessStatus.DENIED);
check(access, ADD_MODIFY_EVENT_DATES,
@@ -3795,7 +3784,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
check(access, MAP_CLASSIFICATION_GUIDE_METADATA,
AccessStatus.DENIED);
check(access, MAP_EMAIL_METADATA, AccessStatus.DENIED);
check(access, MOVE_RECORDS, AccessStatus.UNDETERMINED);
check(access, MOVE_RECORDS, AccessStatus.DENIED);
check(access, PASSWORD_CONTROL, AccessStatus.DENIED);
check(access, PLANNING_REVIEW_CYCLES,
AccessStatus.DENIED);

199
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -23,6 +23,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
@@ -45,6 +47,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
{
private NodeRef record;
private NodeRef declaredRecord;
private NodeRef undeclaredRecord;
private NodeRef recordFolderContainsFrozen;
private NodeRef frozenRecord;
@@ -53,6 +56,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
private NodeRef closedFolder;
private NodeRef moveToFolder;
private NodeRef moveToCategory;
@Override
protected boolean isUserTest()
{
@@ -67,16 +73,21 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
// Pre-filed content
record = utils.createRecord(rmFolder, "record.txt");
declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
undeclaredRecord = utils.createRecord(rmFolder, "undeclaredRecord.txt");
// Closed folder
closedFolder = rmService.createRecordFolder(rmContainer, "closedFolder");
utils.closeFolder(closedFolder);
// Frozen artifacts
recordFolderContainsFrozen = rmService.createRecordFolder(rmContainer, "containsFrozen");
frozenRecord = utils.createRecord(rmFolder, "frozenRecord.txt");
frozenRecord2 = utils.createRecord(recordFolderContainsFrozen, "frozen2.txt");
frozenRecordFolder = rmService.createRecordFolder(rmContainer, "frozenRecordFolder");
// MoveTo artifacts
moveToFolder = rmService.createRecordFolder(rmContainer, "moveToFolder");
moveToCategory = rmService.createRecordCategory(rmContainer, "moveToCategory");
}
@Override
@@ -123,6 +134,8 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
for (String user : testUsers)
{
securityService.setPermission(rmFolder, user, RMPermissionModel.FILING);
securityService.setPermission(moveToFolder, user, RMPermissionModel.READ_RECORDS);
securityService.setPermission(moveToCategory, user, RMPermissionModel.READ_RECORDS);
}
}
@@ -283,4 +296,190 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
}
}, rmUserName);
}
public void testMoveRecordCapability()
{
// grab the move record capability
final Capability capability = capabilityService.getCapability("MoveRecords");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
// first take a look at just the record
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(record));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(undeclaredRecord));
// now lets take a look when we know what the destination is
// NOTE: should be denied since we do not have file permission on the destination folder
// despite having the capability!
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(record, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(declaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(undeclaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
for (String user : testUsers)
{
securityService.setPermission(moveToFolder, user, RMPermissionModel.FILING);
}
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
// first take a look at just the record
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(record));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(undeclaredRecord));
// now lets take a look when we know what the destination is
// NOTE: should be allowed now since we have filling permission on the destination folder
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(record, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(declaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(undeclaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
// first take a look at just the record
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
// now lets take a look when we know what the destination is
// NOTE: should be allowed now since we have filling permission on the destination folder
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(record, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(declaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(undeclaredRecord, moveToFolder));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(frozenRecord, moveToFolder));
return null;
}
}, rmUserName);
}
public void testMoveRecordFolderCapability()
{
// grab the move record capability
final Capability capability = capabilityService.getCapability("MoveRecordFolder");
assertNotNull(capability);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
// first take a look at just the record
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(rmFolder, moveToCategory));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
for (String user : testUsers)
{
securityService.setPermission(moveToCategory, user, RMPermissionModel.FILING);
}
return null;
}
}, rmAdminName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.UNDETERMINED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, capability.evaluate(rmFolder, moveToCategory));
return null;
}
}, recordsManagerName);
doTestInTransaction(new Test<Void>()
{
@Override
public Void run()
{
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
assertEquals(AccessStatus.DENIED, capability.hasPermission(rmFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(record));
assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder));
assertEquals(AccessStatus.DENIED, capability.hasPermission(undeclaredRecord));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, capability.evaluate(rmFolder, moveToCategory));
return null;
}
}, rmUserName);
}
}

23
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java
View File

@@ -30,6 +30,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
@@ -72,6 +73,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
private RecordsManagementSecurityService rmSecurityService;
private RecordsManagementActionService rmActionService;
private RetryingTransactionHelper transactionHelper;
private CapabilityService capabilityService;
@Override
protected void onSetUpInTransaction() throws Exception
@@ -87,6 +89,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
this.transactionHelper = (RetryingTransactionHelper)this.applicationContext.getBean("retryingTransactionHelper");
this.permissionService = (PermissionService)this.applicationContext.getBean("PermissionService");
this.rmActionService = (RecordsManagementActionService)this.applicationContext.getBean("RecordsManagementActionService");
this.capabilityService = (CapabilityService)this.applicationContext.getBean("CapabilityService");
// Set the current security context as admin
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
@@ -205,7 +208,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
private Set<Capability> getListOfCapabilities(int size, int offset)
{
Set<Capability> result = new HashSet<Capability>(size);
Set<Capability> caps = rmSecurityService.getCapabilities();
Set<Capability> caps = capabilityService.getCapabilities(false);
int count = 0;
for (Capability cap : caps)
{
@@ -362,7 +365,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nUser capabilities: ");
for (String cap : caps)
{
assertNotNull(rmSecurityService.getCapability(cap));
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -375,7 +378,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nPowerUser capabilities: ");
for (String cap : caps)
{
assertNotNull(rmSecurityService.getCapability(cap));
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -388,7 +391,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nSecurityOfficer capabilities: ");
for (String cap : caps)
{
assertNotNull(rmSecurityService.getCapability(cap));
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -401,7 +404,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nRecordsManager capabilities: ");
for (String cap : caps)
{
assertNotNull(rmSecurityService.getCapability(cap));
assertNotNull(capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -414,7 +417,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
System.out.println("\nAdministrator capabilities: ");
for (String cap : caps)
{
assertNotNull("No capability called " + cap, rmSecurityService.getCapability(cap));
assertNotNull("No capability called " + cap, capabilityService.getCapability(cap));
System.out.println(cap);
}
@@ -449,7 +452,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
{
// Create a new role
Set<Capability> caps = new HashSet<Capability>(1);
caps.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();
@@ -562,8 +565,8 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
// Add the capability to the role
Set<Capability> caps2 = new HashSet<Capability>(1);
caps2.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
caps2.add(rmSecurityService.getCapability(RMPermissionModel.CLOSE_FOLDERS));
caps2.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
caps2.add(capabilityService.getCapability(RMPermissionModel.CLOSE_FOLDERS));
rmSecurityService.updateRole(rmRootNode, "TestRole", "My Test Role", caps2);
Set<AccessPermission> aps = permissionService.getAllSetPermissions(rmRootNode);
@@ -616,7 +619,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseSpringTest
{
// Create a new role
Set<Capability> caps = new HashSet<Capability>(1);
caps.add(rmSecurityService.getCapability(RMPermissionModel.VIEW_RECORDS));
caps.add(capabilityService.getCapability(RMPermissionModel.VIEW_RECORDS));
Role role = rmSecurityService.createRole(rmRootNode, "TestRole", "My Test Role", caps);
String user = createUser();

8849
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/CapabilitiesSystemTest.java
View File

File diff suppressed because it is too large Load Diff

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/DOD5015SystemTest.java → rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/system/DOD5015SystemTest.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test;
package org.alfresco.module.org_alfresco_module_rm.test.system;
import java.io.File;
import java.io.Serializable;

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/webscript/RoleRestApiTest.java
View File

@@ -248,7 +248,7 @@ public class RoleRestApiTest extends BaseRMWebScriptTestCase implements RecordsM
private Set<Capability> getListOfCapabilities(int size, int offset)
{
Set<Capability> result = new HashSet<Capability>(size);
Set<Capability> caps = securityService.getCapabilities();
Set<Capability> caps = capabilityService.getCapabilities(false);
int count = 0;
for (Capability cap : caps)
{