This changes PermissionsDaoComponentImpl to work with NodeRefs instead

of Nodes so that Permissions can be used with AVM nodes. It needs to be factored a little bit differently, so consider this a WIP. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3698 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-06-16 17:55:15 +00:00 · 2006-09-05 14:17:34 +00:00 · 2006-09-05 14:17:34 +00:00 · 1fd96d13d5
commit 1fd96d13d5
parent 8c2ad19b2f
12 changed files with 308 additions and 77 deletions
--- a/config/alfresco/hibernate-context.xml
+++ b/config/alfresco/hibernate-context.xml
@ -206,8 +206,12 @@
      <property name="sessionFactory">
         <ref bean="sessionFactory" />
      </property>
-      <property name="nodeDaoService">
+      <property name="protocolToNodeService">
-         <ref bean="nodeDaoService" />
+         <map>
            <entry key="workspace"><ref bean="dbNodeService"></ref></entry>
            <entry key="versionStore"><ref bean="versionNodeService"></ref></entry>
            <entry key="avm"><ref bean="avmNodeService"/></entry>
         </map>
      </property>
   </bean>
--- a/source/java/org/alfresco/repo/avm/AVMNodeService.java
+++ b/source/java/org/alfresco/repo/avm/AVMNodeService.java
@ -29,6 +29,7 @@ import java.util.Set;
 import java.util.SortedMap;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.repo.node.AbstractNodeServiceImpl;
 import org.alfresco.service.cmr.avm.AVMException;
@ -1427,4 +1428,46 @@ public class AVMNodeService extends AbstractNodeServiceImpl implements NodeServi
    {
        throw new UnsupportedOperationException("AVM does not support this operation.");
    }
    /**
     * Set the ACL on a node.
     * @param nodeRef The reference to the node.
     * @param acl The list to set.
     */
    public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
    {
        Object [] avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
        int version = (Integer)avmVersionPath[0];
        if (version >= 0)
        {
            throw new InvalidNodeRefException("Read Only Node.", nodeRef);
        }
        try
        {
            fAVMService.setACL((String)avmVersionPath[1], acl);
        }
        catch (AVMNotFoundException e)
        {
            throw new InvalidNodeRefException("Not Found.", nodeRef);
        }
    }
    /**
     * Get the ACL on a node.
     * @param nodeRef The reference to the node.
     * @return The ACL.
     */
    public DbAccessControlList getAccessControlList(NodeRef nodeRef)
    {
        Object [] avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
        try
        {
            return fAVMService.getACL((Integer)avmVersionPath[0],
                                      (String)avmVersionPath[1]);
        }
        catch (AVMNotFoundException e)
        {
            throw new InvalidNodeRefException("Not Found.", nodeRef);
        }
    }
 }
--- a/source/java/org/alfresco/repo/avm/AVMRepository.java
+++ b/source/java/org/alfresco/repo/avm/AVMRepository.java
@ -26,6 +26,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.SortedMap;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.service.cmr.avm.AVMCycleException;
 import org.alfresco.service.cmr.avm.AVMException;
@ -1139,4 +1140,31 @@ public class AVMRepository
        AVMStore store = getAVMStoreByName(pathParts[0]);
        return store.hasAspect(version, pathParts[1], aspectName);
    }
    /**
     * Set the ACL on a node.
     * @param path The path to the node.
     * @param acl The ACL to set.
     */
    public void setACL(String path, DbAccessControlList acl)
    {
        fLookupCount.set(1);
        String [] pathParts = SplitPath(path);
        AVMStore store = getAVMStoreByName(pathParts[0]);
        store.setACL(pathParts[1], acl);
    }
    /**
     * Get the ACL on a node.
     * @param version The version to look under.
     * @param path The path to the node.
     * @return The ACL.
     */
    public DbAccessControlList getACL(int version, String path)
    {
        fLookupCount.set(1);
        String [] pathParts = SplitPath(path);
        AVMStore store = getAVMStoreByName(pathParts[0]);
        return store.getACL(version, pathParts[1]);
    }
 }
--- a/source/java/org/alfresco/repo/avm/AVMServiceImpl.java
+++ b/source/java/org/alfresco/repo/avm/AVMServiceImpl.java
@ -28,6 +28,7 @@ import java.util.Map;
 import java.util.SortedMap;
 import org.alfresco.repo.avm.AVMRepository;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.service.cmr.avm.AVMBadArgumentException;
 import org.alfresco.service.cmr.avm.AVMException;
@ -890,4 +891,33 @@ public class AVMServiceImpl implements AVMService
        }
        return fAVMRepository.hasAspect(version, path, aspectName);
    }
    /**
     * Set ACL on a node.
     * @param path The path to the node.
     * @param acl The ACL to set.
     */
    public void setACL(String path, DbAccessControlList acl)
    {
        if (path == null)
        {
            throw new AVMBadArgumentException("Null path.");
        }
        fAVMRepository.setACL(path, acl);
    }
    /**
     * Get the ACL on a node.
     * @param version The version to look under.
     * @param path The path to the node.
     * @return The ACL.
     */
    public DbAccessControlList getACL(int version, String path)
    {
        if (path == null)
        {
            throw new AVMBadArgumentException("Null path.");
        }
        return fAVMRepository.getACL(version, path);
    }
 }
--- a/source/java/org/alfresco/repo/avm/AVMStore.java
+++ b/source/java/org/alfresco/repo/avm/AVMStore.java
@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.SortedMap;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
 import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
@ -383,4 +384,19 @@ public interface AVMStore
     * @return Whether the node has the aspect.
     */
    public boolean hasAspect(int version, String path, QName aspectName);
    /**
     * Set the ACL on a node.
     * @param path The path to the node.
     * @param acl The ACL to set.
     */
    public void setACL(String path, DbAccessControlList acl);
    /**
     * Get the ACL on a node.
     * @param version The version to look under.
     * @param path The path to the node.
     * @return The ACL.
     */
    public DbAccessControlList getACL(int version, String path);
 }
--- a/source/java/org/alfresco/repo/avm/AVMStoreImpl.java
+++ b/source/java/org/alfresco/repo/avm/AVMStoreImpl.java
@ -30,6 +30,7 @@ import java.util.SortedMap;
 import java.util.TreeMap;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.service.cmr.avm.AVMBadArgumentException;
 import org.alfresco.service.cmr.avm.AVMException;
@ -1106,4 +1107,28 @@ public class AVMStoreImpl implements AVMStore, Serializable
        AVMNode node = lPath.getCurrentNode();
        return AVMContext.fgInstance.fAVMAspectNameDAO.exists(node, aspectName);
    }
    /**
     * Set the ACL on a node.
     * @param path The path to the node.
     * @param acl The ACL to set.
     */
    public void setACL(String path, DbAccessControlList acl)
    {
        Lookup lPath = lookup(-1, path, true);
        AVMNode node = lPath.getCurrentNode();
        node.setAcl(acl);
    }
    /**
     * Get the ACL on a node.
     * @param version The version to look under.
     * @param path The path to the node.
     * @return The ACL.
     */
    public DbAccessControlList getACL(int version, String path)
    {
        Lookup lPath = lookup(version, path, false);
        return lPath.getCurrentNode().getAcl();
    }
 }
--- a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
@ -19,6 +19,7 @@ package org.alfresco.repo.domain.hibernate;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import org.alfresco.repo.domain.DbAccessControlEntry;
@ -26,8 +27,6 @@ import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.DbAuthority;
 import org.alfresco.repo.domain.DbPermission;
 import org.alfresco.repo.domain.DbPermissionKey;
 import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.node.db.NodeDaoService;
 import org.alfresco.repo.security.permissions.NodePermissionEntry;
 import org.alfresco.repo.security.permissions.PermissionEntry;
 import org.alfresco.repo.security.permissions.PermissionReference;
@ -36,8 +35,8 @@ import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
 import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
 import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
 import org.alfresco.repo.transaction.TransactionalDao;
 import org.alfresco.service.cmr.repository.InvalidNodeRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.GUID;
@ -61,7 +60,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority";
    public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission";
-    private NodeDaoService nodeDaoService;
+    private Map<String, NodeService> protocolToNodeService;
    private NodeService defaultNodeService;
    /** a uuid identifying this unique instance */
    private String uuid;
@ -127,9 +128,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        getSession().flush();
    }
-    public void setNodeDaoService(NodeDaoService nodeDaoService)
+    public void setProtocolToNodeService(Map<String, NodeService> map)
    {
-        this.nodeDaoService = nodeDaoService;
+        protocolToNodeService = map;
    }
    public void setDefaultNodeService(NodeService defaultNodeService)
    {
        this.defaultNodeService = defaultNodeService;
    }
    public NodePermissionEntry getPermissions(NodeRef nodeRef)
@ -141,11 +147,10 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        NodePermissionEntry npe = null;
        DbAccessControlList acl = null;
-        Node node = getNode(nodeRef, false);
+        if (nodeExists(nodeRef))
        if (node != null)
        {
            // get the persisted version
-            acl = getAccessControlList(node, false);
+            acl = getAccessControlList(nodeRef, false);
        }
        if (acl == null)
        {
@ -158,7 +163,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        }
        else
        {
-            npe = createSimpleNodePermissionEntry(node);
+            npe = createSimpleNodePermissionEntry(nodeRef);
        }
        // done
        if (logger.isDebugEnabled())
@ -178,18 +183,19 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
     * @param create - create the object if it is missing
     * @return Returns the current access control list or null if not found
     */
-    private DbAccessControlList getAccessControlList(Node node, boolean create)
+    private DbAccessControlList getAccessControlList(NodeRef nodeRef, boolean create)
    {
-        DbAccessControlList acl = node.getAccessControlList();
+        DbAccessControlList acl = 
            getNodeService(nodeRef).getAccessControlList(nodeRef);
        if (acl == null && create)
        {
-            acl = createAccessControlList(node);
+            acl = createAccessControlList(nodeRef);
        }
        // done
        if (logger.isDebugEnabled())
        {
            logger.debug("Retrieved access control list: \n" +
-                    "   node: " + node.getNodeRef() + "\n" +
+                    "   node: " + nodeRef + "\n" +
                    "   list: " + acl);
        }
        return acl;
@ -199,16 +205,14 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
     * Creates an access control list for the node and removes the entry from
     * the nullPermsionCache.
     */
-    private DbAccessControlList createAccessControlList(Node node)
+    private DbAccessControlList createAccessControlList(NodeRef nodeRef)
    {
        DbAccessControlList acl = new DbAccessControlListImpl();
        acl.setInherits(INHERIT_PERMISSIONS_DEFAULT);
        getHibernateTemplate().save(acl);
        // maintain inverse
-        node.setAccessControlList(acl);
+        getNodeService(nodeRef).setAccessControlList(nodeRef, acl);
        NodeRef nodeRef = node.getNodeRef();
        // done
        if (logger.isDebugEnabled())
@ -220,34 +224,17 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        return acl;
    }
    /**
     * @param nodeRef the node reference
     * @param mustExist true if an exception must be thrown if the node does not exist
     * @return Returns the node for the given reference, or null if <code>mustExist == false</code>
     * @throws InvalidNodeRefException if the node must exist but doesn't
     */
    private Node getNode(NodeRef nodeRef, boolean mustExist)
    {
        Node node = nodeDaoService.getNode(nodeRef);
        if (node == null && mustExist)
        {
            throw new InvalidNodeRefException(nodeRef);
        }
        return node;
    }
    public void deletePermissions(NodeRef nodeRef)
    {
-        Node node = getNode(nodeRef, false);
+        if (!nodeExists(nodeRef))
        if (node == null)
        {
            return;
        }
-        DbAccessControlList acl = getAccessControlList(node, false);
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
        if (acl != null)
        {
            // maintain referencial integrity
-            node.setAccessControlList(null);
+            getNodeService(nodeRef).setAccessControlList(nodeRef, null);
            // delete the access control list - it will cascade to the entries
            getHibernateTemplate().delete(acl);
        }
@ -277,12 +264,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public void deletePermissions(final NodeRef nodeRef, final String authority)
    {
-        Node node = getNode(nodeRef, false);
+        if (!nodeExists(nodeRef))
        if (node == null)
        {
            return;
        }
-        DbAccessControlList acl = node.getAccessControlList();
+        DbAccessControlList acl = 
            getNodeService(nodeRef).getAccessControlList(nodeRef);
        int deletedCount = 0;
        if (acl != null)
        {
@ -304,12 +291,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
     */
    public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission)
    {
-        Node node = getNode(nodeRef, false);
+        if (!nodeExists(nodeRef))
        if (node == null)
        {
            return;
        }
-        DbAccessControlList acl = node.getAccessControlList();
+        DbAccessControlList acl = 
            getNodeService(nodeRef).getAccessControlList(nodeRef);
        int deletedCount = 0;
        if (acl != null)
        {
@ -328,13 +315,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public void setPermission(NodeRef nodeRef, String authority, PermissionReference permission, boolean allow)
    {
        Node node = getNode(nodeRef, true);
        // get the entry
-        DbAccessControlEntry entry = getAccessControlEntry(node, authority, permission);
+        DbAccessControlEntry entry = getAccessControlEntry(nodeRef, authority, permission);
        if (entry == null)
        {
            // need to create it
-            DbAccessControlList dbAccessControlList = getAccessControlList(node, true);
+            DbAccessControlList dbAccessControlList = getAccessControlList(nodeRef, true);
            DbPermission dbPermission = getPermission(permission, true);
            DbAuthority dbAuthority = getAuthority(authority, true);
            // set persistent objects
@ -363,11 +349,11 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
     * @return Returns all access control entries that match the criteria
     */
    private DbAccessControlEntry getAccessControlEntry(
-            Node node,
+            NodeRef nodeRef,
            String authority,
            PermissionReference permission)
    {
-        DbAccessControlList acl = getAccessControlList(node, false);
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
        DbAccessControlEntry entry = null;
        if (acl != null)
        {
@ -378,7 +364,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        if (logger.isDebugEnabled())
        {
            logger.debug("" + (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" +
-                    "   node: " + node.getId() + "\n" +
+                    "   node: " + nodeRef + "\n" +
                    "   authority: " + authority + "\n" +
                    "   permission: " + permission);
        }
@ -438,20 +424,19 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public void setPermission(NodePermissionEntry nodePermissionEntry)
    {
        NodeRef nodeRef = nodePermissionEntry.getNodeRef();
        Node node = getNode(nodeRef, true);
        // Get the access control list
        //   Note the logic here requires to know whether it was created or not
-        DbAccessControlList acl = getAccessControlList(node, false);
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
        if (acl != null)
        {
            // maintain referencial integrity
-            node.setAccessControlList(null);
+            getNodeService(nodeRef).setAccessControlList(nodeRef, null);
            // drop the list
            getHibernateTemplate().delete(acl);
        }
        // create the access control list
-        acl = createAccessControlList(node);
+        acl = createAccessControlList(nodeRef);
        // set attributes
        acl.setInherits(nodePermissionEntry.inheritPermissions());
@ -473,18 +458,16 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
    {
        Node node = getNode(nodeRef, true);
        DbAccessControlList acl = null;
        if (!inheritParentPermissions)
        {
            // Inheritance == true is the default, so only force a create of the ACL if the value false
-            acl = getAccessControlList(node, true);
+            acl = getAccessControlList(nodeRef, true);
            acl.setInherits(false);
        }
        else
        {
-            acl = getAccessControlList(node, false);
+            acl = getAccessControlList(nodeRef, false);
            if (acl != null)
            {
                acl.setInherits(true);
@ -494,13 +477,12 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    public boolean getInheritParentPermissions(NodeRef nodeRef)
    {
-        Node node = getNode(nodeRef, false);
+        if (!nodeExists(nodeRef))
        if (node == null)
        {
            return INHERIT_PERMISSIONS_DEFAULT;
        }
-        DbAccessControlList acl = getAccessControlList(node, false);
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
        if (acl == null)
        {
            return true;
@ -514,14 +496,15 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
    // Utility methods to create simple detached objects for the outside world
    // We do not pass out the hibernate objects
-    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(Node node)
+    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef)
    {
-        DbAccessControlList acl = node.getAccessControlList();
+        DbAccessControlList acl = 
            getNodeService(nodeRef).getAccessControlList(nodeRef);
        if (acl == null)
        {
            // there isn't an access control list for the node - spoof a null one
            SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
-                    node.getNodeRef(),
+                    nodeRef,
                    true,
                    Collections.<SimplePermissionEntry> emptySet());
            return snpe;
@ -530,9 +513,9 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        {
            Set<DbAccessControlEntry> entries = acl.getEntries();
            SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
-                    node.getNodeRef(),
+                    nodeRef,
                    acl.getInherits(),
-                    createSimplePermissionEntries(node, entries));
+                    createSimplePermissionEntries(nodeRef, entries));
            return snpe;
        }
    }
@ -541,7 +524,8 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
     * @param entries access control entries
     * @return Returns a unique set of entries that can be given back to the outside world
     */
-    private Set<SimplePermissionEntry> createSimplePermissionEntries(Node node, Collection<DbAccessControlEntry> entries)
+    private Set<SimplePermissionEntry> createSimplePermissionEntries(NodeRef nodeRef, 
            Collection<DbAccessControlEntry> entries)
    {
        if (entries == null)
        {
@ -552,20 +536,21 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
        {
            for (DbAccessControlEntry entry : entries)
            {
-                spes.add(createSimplePermissionEntry(node, entry));
+                spes.add(createSimplePermissionEntry(nodeRef, entry));
            }
        }
        return spes;
    }
-    private static SimplePermissionEntry createSimplePermissionEntry(Node node, DbAccessControlEntry ace)
+    private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, 
            DbAccessControlEntry ace)
    {
        if (ace == null)
        {
            return null;
        }
        return new SimplePermissionEntry(
-                node.getNodeRef(),
+                nodeRef,
                createSimplePermissionReference(ace.getPermission()),
                ace.getAuthority().getRecipient(),
                ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
@ -581,4 +566,29 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
                perm.getTypeQname(),
                perm.getName());
    }
    /**
     * Helper to check node existence.
     * @param nodeRef The node ref to check.
     * @return Whether the node exists.
     */
    private boolean nodeExists(NodeRef nodeRef)
    {
        return getNodeService(nodeRef).exists(nodeRef);
    }
    /**
     * Helper to choose appropriate NodeService for the given NodeRef
     * @param nodeRef The NodeRef to dispatch from.
     * @return The appropriate NodeService.
     */
    private NodeService getNodeService(NodeRef nodeRef)
    {
        NodeService ret = protocolToNodeService.get(nodeRef.getStoreRef().getProtocol());
        if (ret == null)
        {
            return defaultNodeService;
        }
        return ret;
    }
 }
--- a/source/java/org/alfresco/repo/node/archive/ArchiveAndRestoreTest.java
+++ b/source/java/org/alfresco/repo/node/archive/ArchiveAndRestoreTest.java
@ -120,7 +120,7 @@ public class ArchiveAndRestoreTest extends TestCase
            // Create the work store
            workStoreRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, getName() + System.currentTimeMillis());
            workStoreRootNodeRef = nodeService.getRootNode(workStoreRef);
-            archiveStoreRef = nodeService.createStore("archive", getName() + System.currentTimeMillis());
+            archiveStoreRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "archive" + getName() + System.currentTimeMillis());
            archiveStoreRootNodeRef = nodeService.getRootNode(archiveStoreRef);
            // Map the work store to the archive store.  This will already be wired into the NodeService.
--- a/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java
+++ b/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java
@ -33,6 +33,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.avm.AVMContext;
 import org.alfresco.repo.domain.ChildAssoc;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.NodeAssoc;
 import org.alfresco.repo.domain.NodeStatus;
@ -1794,7 +1795,6 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
     * 
     * @param assocTypeQName the type of the child association
     * @param childNode the child node being added.  The name will be extracted from it, if necessary.
     * @return Returns the value to be put on the child association for uniqueness, or null if
     */
    private void setChildUniqueName(Node childNode)
    {
@ -1840,4 +1840,26 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
                    "   name: " + useName);
        }
    }
    /**
     * Set the ACL on a node.
     * @param nodeRef The reference to the node.
     * @param acl The ACL to set.
     */
    public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
    {
        Node node = getNodeNotNull(nodeRef);
        node.setAccessControlList(acl);
    }
    /**
     * Get the ACL on a node.
     * @param nodeRef The reference to the node.
     * @return The ACL.
     */
    public DbAccessControlList getAccessControlList(NodeRef nodeRef)
    {
        Node node = getNodeNotNull(nodeRef);
        return node.getAccessControlList();
    }
 }
--- a/source/java/org/alfresco/repo/version/NodeServiceImpl.java
+++ b/source/java/org/alfresco/repo/version/NodeServiceImpl.java
@ -27,6 +27,7 @@ import java.util.Map;
 import java.util.Set;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.dictionary.InvalidAspectException;
 import org.alfresco.service.cmr.repository.AssociationExistsException;
@ -556,4 +557,24 @@ public class NodeServiceImpl implements NodeService, VersionModel
    {
        throw new UnsupportedOperationException(MSG_UNSUPPORTED);
    }
    /**
     * Set the access control list on a node. Defer to DbNodeService.
     * @param nodeRef The reference to the node.
     * @param acl The list to set.
     */
    public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
    {
        dbNodeService.setAccessControlList(nodeRef, acl);
    }
    /**
     * Get the access control list on a node. Defer to DbNodeService.
     * @param nodeRef The reference to the node.
     * @return The list.
     */
    public DbAccessControlList getAccessControlList(NodeRef nodeRef)
    {
        return dbNodeService.getAccessControlList(nodeRef);
    }
 }
--- a/source/java/org/alfresco/service/cmr/avm/AVMService.java
+++ b/source/java/org/alfresco/service/cmr/avm/AVMService.java
@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.SortedMap;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.service.cmr.repository.ContentData;
 import org.alfresco.service.namespace.QName;
@ -587,4 +588,19 @@ public interface AVMService
     * @return Whether the given node has the given aspect.
     */
    public boolean hasAspect(int version, String path, QName aspectName);
    /**
     * Get the ACL on a given node.
     * @param version The version to look under.
     * @param path The path to the node.
     * @return The ACL.
     */
    public DbAccessControlList getACL(int version, String path);
    /**
     * Set the ACL on a given node.
     * @param path The path to the node.
     * @param acl The ACL to set.
     */
    public void setACL(String path, DbAccessControlList acl);
 }
--- a/source/java/org/alfresco/service/cmr/repository/NodeService.java
+++ b/source/java/org/alfresco/service/cmr/repository/NodeService.java
@ -21,6 +21,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.service.Auditable;
 import org.alfresco.service.PublicService;
 import org.alfresco.service.cmr.dictionary.InvalidAspectException;
@ -296,7 +297,6 @@ public interface NodeService
     * 
     * @param parentRef the parent end of the association
     * @param childRef the child end of the association
     * @return Returns a collection of deleted entities - both associations and node references.
     * @throws InvalidNodeRefException if the parent or child nodes could not be found
     */
    @Auditable(key = Auditable.Key.ARG_0 ,parameters = {"parentRef", "childRef"})
@ -561,4 +561,20 @@ public interface NodeService
            NodeRef destinationParentNodeRef,
            QName assocTypeQName,
            QName assocQName);
    /**
     * Get the access control list associated with a Node.
     * @param nodeRef The reference to the Node.
     * @return The access control list.
     */
    @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
    public DbAccessControlList getAccessControlList(NodeRef nodeRef);
    /**
     * Set the access control list on a node.
     * @param nodeRef The node reference.
     * @param acl The list to set.
     */
    @Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "acl"})
    public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl);
 }