inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
132406 cturlica: REPO-1506: Update Person - implement
      - restrict rest api update person password for no authorization


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132664 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-11-10 16:57:57 +00:00
parent 7f755fce06
commit 24a4547b3b
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/public-rest-context.xml
View File

@@ -627,6 +627,7 @@
<property name="nodeService" ref="NodeService" /> <property name="nodeService" ref="NodeService" />
<property name="personService" ref="PersonService" /> <property name="personService" ref="PersonService" />
<property name="authenticationService" ref="AuthenticationService" /> <property name="authenticationService" ref="AuthenticationService" />
<property name="authorityService" ref="AuthorityService" />
<property name="contentUsageService" ref="contentUsageImpl" /> <property name="contentUsageService" ref="contentUsageImpl" />
<property name="contentService" ref="ContentService" /> <property name="contentService" ref="ContentService" />
<property name="thumbnailService" ref="ThumbnailService" /> <property name="thumbnailService" ref="ThumbnailService" />

14
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -45,6 +45,7 @@ import org.alfresco.rest.api.model.Person;
import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException; import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo; import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
import org.alfresco.rest.framework.resource.parameters.Paging; import org.alfresco.rest.framework.resource.parameters.Paging;
import org.alfresco.rest.framework.resource.parameters.Parameters; import org.alfresco.rest.framework.resource.parameters.Parameters;
@@ -57,6 +58,7 @@ import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.NoSuchPersonException; import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.security.PersonService;
@@ -81,6 +83,7 @@ public class PeopleImpl implements People
protected NodeService nodeService; protected NodeService nodeService;
protected PersonService personService; protected PersonService personService;
protected AuthenticationService authenticationService; protected AuthenticationService authenticationService;
protected AuthorityService authorityService;
protected ContentUsageService contentUsageService; protected ContentUsageService contentUsageService;
protected ContentService contentService; protected ContentService contentService;
protected ThumbnailService thumbnailService; protected ThumbnailService thumbnailService;
@@ -125,6 +128,11 @@ public class PeopleImpl implements People
this.authenticationService = authenticationService; this.authenticationService = authenticationService;
} }
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setContentUsageService(ContentUsageService contentUsageService) public void setContentUsageService(ContentUsageService contentUsageService)
{ {
this.contentUsageService = contentUsageService; this.contentUsageService = contentUsageService;
@@ -444,6 +452,12 @@ public class PeopleImpl implements People
{ {
MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService; MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;
boolean isAdmin = authorityService.hasAdminAuthority();
if (!isAdmin)
{
throw new PermissionDeniedException();
}
final String personIdToUpdate = validatePerson(personId); final String personIdToUpdate = validatePerson(personId);
final Map<QName, Serializable> properties = person.toProperties(); final Map<QName, Serializable> properties = person.toProperties();