RM-1315: Manage Permissions is not working for folder inside Holds/Unfiled Records

* ensure permissions for unfile record folders are setup correctly * some more refactoring of file plan service for better code reuse and clarity git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@66103 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2014-04-02 04:25:58 +00:00
parent 09648f9829
commit 1ff3a1bb2c
2 changed files with 107 additions and 121 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RecordInheritancePatch.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RecordInheritancePatch.java
@@ -128,7 +128,7 @@ public class RMv21RecordInheritancePatch extends RMv21PatchComponent
                    NodeRef parent = assoc.getParentRef();
                    if (parent != null)
                    {
-                        filePlanPermissionServiceImpl.initialiseRecordPermissions(recordNodeRef, parent);
+                        filePlanPermissionServiceImpl.setupPermissions(parent, recordNodeRef);
                    }
                }
            }
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -30,6 +30,9 @@ import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.policy.annotation.Behaviour;
 import org.alfresco.repo.policy.annotation.BehaviourBean;
 import org.alfresco.repo.policy.annotation.BehaviourKind;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
@@ -48,6 +51,7 @@ import org.apache.commons.logging.LogFactory;
 * @author Roy Wetherall
 * @since 2.1
 */
@BehaviourBean
 public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                                           implements FilePlanPermissionService
 {
@@ -65,10 +69,6 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
     */
    public void init()
    {
        policyComponent.bindClassBehaviour(
                NodeServicePolicies.OnCreateNodePolicy.QNAME,
                TYPE_RECORD_FOLDER,
                new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
        policyComponent.bindClassBehaviour(
                NodeServicePolicies.OnAddAspectPolicy.QNAME,
                ASPECT_RECORD,
@@ -77,14 +77,6 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                NodeServicePolicies.OnMoveNodePolicy.QNAME,
                ASPECT_RECORD,
                new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
        policyComponent.bindClassBehaviour(
                NodeServicePolicies.OnCreateNodePolicy.QNAME,
                TYPE_HOLD,
                new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
        policyComponent.bindClassBehaviour(
                NodeServicePolicies.OnCreateNodePolicy.QNAME,
                TYPE_TRANSFER,
                new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
    }
    /**
@@ -158,24 +150,94 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
    }
    /**
-     * @param childAssocRef
+     * Setup permissions on new unfiled record folder
     * 
     * @param childAssocRef child association reference
     */
    @Behaviour
    (
            type = "rma:unfiledRecordFolder",
            kind = BehaviourKind.CLASS,
            policy = "alf:onCreateNode",
            notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
    )
    public void onCreateUnfiledRecordFolder(ChildAssociationRef childAssocRef)
    {
        setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
    }
    /**
     * Setup permissions on new record folder
     * 
     * @param childAssocRef child association reference
     */
    @Behaviour
    (
            type = "rma:recordFolder",
            kind = BehaviourKind.CLASS,
            policy = "alf:onCreateNode",
            notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
    )
    public void onCreateRecordFolder(ChildAssociationRef childAssocRef)
    {
-        final NodeRef folderNodeRef = childAssocRef.getChildRef();
+        setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
    }
-        // initialise the permissions
+    /**
-        initPermissions(folderNodeRef);
+     * Setup permissions on newly created hold.
-
+     * 
-        // Pull any permissions found on the parent (ie the record category)
+     * @param childAssocRef child association reference
-        final NodeRef catNodeRef = childAssocRef.getParentRef();
+     */
-        if (nodeService.exists(catNodeRef))
+    @Behaviour
    (
            type = "rma:hold",
            kind = BehaviourKind.CLASS,
            policy = "alf:onCreateNode",
            notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
    )
    public void onCreateHold(final ChildAssociationRef childAssocRef)
    {
-            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
+        setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
    }
    /**
     * Setup permissions on newly created transfer.
     * 
     * @param childAssocRef child association reference
     */
    @Behaviour
    (
            type = "rma:transfer",
            kind = BehaviourKind.CLASS,
            policy = "alf:onCreateNode",
            notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
    )
    public void onCreateTransfer(final ChildAssociationRef childAssocRef)
    {
        setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
    }
    /**
     * Helper method to setup permissions.
     * 
     * @param parent        parent node reference
     * @param nodeRef       child node reference
     */
    public void setupPermissions(final NodeRef parent, final NodeRef nodeRef)
    {
        if (nodeService.exists(nodeRef))
        {
            // initialise permissions
            initPermissions(nodeRef);
            if (nodeService.exists(parent))
            {
                AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
                {
                    public Object doWork()
                    {
-                    Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef);
+                        // setup inherited permissions
                        Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
                        for (AccessPermission perm : perms)
                        {
                            if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
@@ -188,7 +250,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                                    allow = true;
                                }
                                permissionService.setPermission(
-                                    folderNodeRef,
+                                        nodeRef,
                                        perm.getAuthority(),
                                        perm.getPermission(),
                                        allow);
@@ -197,7 +259,8 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                        return null;
                    }
-            }, AuthenticationUtil.getSystemUserName());
+                });
            }
        }
    }
@@ -218,7 +281,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                if (nodeService.exists(record) && nodeService.hasAspect(record, aspectTypeQName))
                {
                    NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
-                    initialiseRecordPermissions(record, recordFolder);
+                    setupPermissions(recordFolder, record);
                }
                return null;
@@ -226,83 +289,6 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
        }, AuthenticationUtil.getSystemUserName());
    }
    /**
     * Sets up permissions for transfer and hold objects
     *
     * @param childAssocRef
     */
    public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef)
    {
        AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
        {
            public Void doWork()
            {
                NodeRef nodeRef = childAssocRef.getChildRef();
                if (nodeService.exists(nodeRef))
                {
                    initPermissions(nodeRef);
                    NodeRef parent = childAssocRef.getParentRef();
                    Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
                    for (AccessPermission perm : perms)
                    {
                        if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
                            !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
                        {
                            AccessStatus accessStatus = perm.getAccessStatus();
                            boolean allow = false;
                            if (AccessStatus.ALLOWED.equals(accessStatus))
                            {
                                allow = true;
                            }
                            permissionService.setPermission(
                                    nodeRef,
                                    perm.getAuthority(),
                                    perm.getPermission(),
                                    allow);
                        }
                    }
                }
                return null;
            }
        });
    }
    /**
     * Initialise the record permissions for the given parent.
     *
     * NOTE: method is public so it can be accessed via the associated patch bean.
     *
     * @param record        record
     * @param parent        records permission parent
     */
    public void initialiseRecordPermissions(NodeRef record, NodeRef parent)
    {
        initPermissions(record);
        Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
        for (AccessPermission perm : perms)
        {
            if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
                !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
            {
                AccessStatus accessStatus = perm.getAccessStatus();
                boolean allow = false;
                if (AccessStatus.ALLOWED.equals(accessStatus))
                {
                    allow = true;
                }
                permissionService.setPermission(
                        record,
                        perm.getAuthority(),
                        perm.getPermission(),
                        allow);
            }
        }
    }
    /**
     * onMoveRecord behaviour
     *
@@ -342,7 +328,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                    permissionService.deletePermissions(record);
                    // re-setup the records permissions
-                    initialiseRecordPermissions(record, destinationAssocRef.getParentRef());
+                    setupPermissions(destinationAssocRef.getParentRef(), record);
                    // re-add keep'er permissions
                    for (AccessPermission keeper : keepPerms)