inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Global RM admin user added

Browse Source 
* this allows code to be 'runAsRMAdmin' .. rather than having to use System (remember 'admin' isn't nessesarily an rm admin)
  * will give us the option to run rm rules as rmAdmin (this may be the default case for the time being and later part of the configuration of the rule)
  * will also allow us to add RM admin level security to methods (for example can only create a role if you are an rm admin)
  * rmAdmin user has global RM admin rights to all file plans (when we go to multi-file plan support)
  * rm user bootstrapped via module 'patch' .. this will execute on existing V2.1 db's
  * filePlanRoleService unit test (was missing! .. my bad!)
  * relates to RM-596 (this rule needs to be executed as the rm admin)



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46749 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-02-18 23:50:21 +00:00
parent 017efecda9
commit 23206d29a3
8 changed files with 358 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2ModelPatch.java
View File

@@ -43,7 +43,7 @@ public class RMv2ModelPatch extends AbstractModuleComponent
implements BeanNameAware, RecordsManagementModel, DOD5015Model
{
/** Logger */
private static Log logger = LogFactory.getLog(NotificationTemplatePatch.class);
private static Log logger = LogFactory.getLog(RMv2ModelPatch.class);
private static long BATCH_SIZE = 100000L;

124
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.patch;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.module.AbstractModuleComponent;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.BeanNameAware;
/**
* RM v2.1: RM admin user patch
*
* @author Roy Wetherall
*/
public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements BeanNameAware
{
/** Logger */
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
private String password = "rmadmin";
private MutableAuthenticationService authenticationService;
private PersonService personService;
private RecordsManagementService recordsManagementService;
private FilePlanRoleService filePlanRoleService;
public void setPassword(String password)
{
this.password = password;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
{
this.recordsManagementService = recordsManagementService;
}
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@Override
protected void executeInternal() throws Throwable
{
if (logger.isDebugEnabled() == true)
{
logger.debug("RM Module RMv2RMAdminUserPatch ...");
}
if (authenticationService.authenticationExists(FilePlanRoleService.RM_ADMIN_USER) == false)
{
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(FilePlanRoleService.RM_ADMIN_USER, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, FilePlanRoleService.RM_ADMIN_USER);
personService.createPerson(properties);
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... assigning RM Admin user to file plans");
}
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.RM_ADMIN_USER);
}
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... RMv2RMAdminUserPatch complete");
}
}
}
}

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
View File

@@ -31,6 +31,9 @@ import org.alfresco.service.cmr.repository.NodeRef;
*/
public interface FilePlanRoleService
{
/** Default rm admin user */
public static final String RM_ADMIN_USER = "rmadmin";
/** Default role names */
public static final String ROLE_USER = "User";
public static final String ROLE_POWER_USER = "PowerUser";

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -332,6 +332,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// Add the creating user to the administration group
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), FilePlanRoleService.RM_ADMIN_USER);
}
}
}
@@ -619,6 +622,11 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
public Role doWork() throws Exception
{
if (existsRole(rmRootNode, role) == false)
{
throw new AlfrescoRuntimeException("Unable to update role " + role + ", because it does not exist.");
}
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
// Reset the role display name
@@ -646,6 +654,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
*/
public void deleteRole(final NodeRef rmRootNode, final String role)
{
// ensure that we are not trying to delete the admin role
if (ROLE_ADMIN.equals(role) == true)
{
throw new AlfrescoRuntimeException("Can not delete the records management administration role.");
}
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception