inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
132406 cturlica: REPO-1506: Update Person - implement
      - restrict rest api update person password for no authorization


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132664 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-11-10 16:57:57 +00:00
parent 7f755fce06
commit 24a4547b3b
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/public-rest-context.xml
View File

@@ -627,6 +627,7 @@
<property name="nodeService" ref="NodeService" />
<property name="personService" ref="PersonService" />
<property name="authenticationService" ref="AuthenticationService" />
<property name="authorityService" ref="AuthorityService" />
<property name="contentUsageService" ref="contentUsageImpl" />
<property name="contentService" ref="ContentService" />
<property name="thumbnailService" ref="ThumbnailService" />

16
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -45,6 +45,7 @@ import org.alfresco.rest.api.model.Person;
import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
import org.alfresco.rest.framework.resource.parameters.Paging;
import org.alfresco.rest.framework.resource.parameters.Parameters;
@@ -57,6 +58,7 @@ import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
@@ -81,6 +83,7 @@ public class PeopleImpl implements People
protected NodeService nodeService;
protected PersonService personService;
protected AuthenticationService authenticationService;
protected AuthorityService authorityService;
protected ContentUsageService contentUsageService;
protected ContentService contentService;
protected ThumbnailService thumbnailService;
@@ -125,7 +128,12 @@ public class PeopleImpl implements People
this.authenticationService = authenticationService;
}
public void setContentUsageService(ContentUsageService contentUsageService)
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setContentUsageService(ContentUsageService contentUsageService)
{
this.contentUsageService = contentUsageService;
}
@@ -444,6 +452,12 @@ public class PeopleImpl implements People
{
MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;
boolean isAdmin = authorityService.hasAdminAuthority();
if (!isAdmin)
{
throw new PermissionDeniedException();
}
final String personIdToUpdate = validatePerson(personId);
final Map<QName, Serializable> properties = person.toProperties();