RM-598: A records manager can assign the "Manage Rules" capability to a role.

* new capability added to Admin role by default
  * 2.1 capability patch updated



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46753 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/capability/groups/rm-capability-groups-context.xml

@@ -10,6 +10,12 @@
       <property name="capabilityService" ref="CapabilityService"/>
     </bean>
 
+   <bean id="recordsGroup"
+      parent="groupBase">
+      <property name="id" value="records"/>
+      <property name="index" value="5"/>
+   </bean>
+
    <bean id="auditGroup"
       parent="groupBase">
       <property name="id" value="audit"/>
@@ -64,12 +70,6 @@
       <property name="index" value="90"/>
    </bean>
 
-   <bean id="recordsGroup"
-      parent="groupBase">
-      <property name="id" value="records"/>
-      <property name="index" value="100"/>
-   </bean>
-
    <bean id="referencesAndLinksGroup"
       parent="groupBase">
       <property name="id" value="referencesAndLinks"/>
@@ -87,5 +87,11 @@
       <property name="id" value="vitalRecords"/>
       <property name="index" value="130"/>
    </bean>
+   
+   <bean id="rulesGroup"
+      parent="groupBase">
+      <property name="id" value="rules"/>
+      <property name="index" value="140"/>
+   </bean>
 
 </beans>

rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-rule-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+
+<beans>
+
+   <bean id="rmManageRulesCapability"
+      parent="declarativeCapability">
+      <property name="name" value="ManageRules" />
+      <property name="permission" value="ManageRules" />
+      <property name="group"><ref bean="rulesGroup"/></property>
+      <property name="index" value="10" />
+   </bean>
+
+</beans>

rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties

@@ -94,4 +94,8 @@ capability.CreateModifyDestroyClassificationGuides.title=Create Modify Destroy C
 capability.UpgradeDowngradeAndDeclassifyRecords.title=Upgrade Downgrade And Declassify Records
 capability.UpdateExemptionCategories.title=Update Exemption Categories
 capability.MapClassificationGuideMetadata.title=Map Classification Guide Metadata
-capability.CreateModifyDestroyTimeframes.title=Create Modify Destroy Time frames
+capability.CreateModifyDestroyTimeframes.title=Create Modify Destroy Time frames
+
+# Rules
+capability.group.rules.title=Rules
+capability.ManageRules.title=Manage Rules

rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml

@@ -81,6 +81,7 @@
             <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Filing"/>            
             <!--  Since V2.1 -->
             <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateRecords"/>
+            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManageRules"/>
         </permissionGroup>
         
         <permissionGroup name="Filing" allowFullControl="false" expose="true">
@@ -154,6 +155,7 @@
         <!--  Added since V2.1 -->
         
         <permissionGroup name="CreateRecords" expose="false" allowFullControl="false"/>
+        <permissionGroup name="ManageRules" expose="false" allowFullControl="false"/>
         
         <!--  End -->
         
@@ -403,6 +405,10 @@
             <grantedToGroup permissionGroup="CreateRecords"/>
         </permission>
         
+        <permission name="_ManageRules" expose="false">
+            <grantedToGroup permissionGroup="ManageRules"/>
+        </permission>
+        
     </permissionSet>
     
 </permissions>

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml

@@ -340,5 +340,8 @@
 
    <!-- Group capabilities -->
    <import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-group-context.xml"/>
+   
+   <!-- Rule capabilities -->
+   <import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-rule-context.xml"/>
 
 </beans>

rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json

@@ -184,7 +184,8 @@
           "UpgradeDowngradeAndDeclassifyRecords",
           "UpdateExemptionCategories",
           "MapClassificationGuideMetadata",
-          "ManageAccessControls"
+          "ManageAccessControls",
+          "ManageRules"
       ]
    }
 ]

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java

@@ -112,6 +112,9 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
                           FilePlanRoleService.ROLE_POWER_USER, 
                           FilePlanRoleService.ROLE_RECORDS_MANAGER,
                           FilePlanRoleService.ROLE_SECURITY_OFFICER);
+            addCapability(filePlan,
+                          "ManageRules",
+                          FilePlanRoleService.ROLE_ADMIN);
             
         }
         
@@ -139,11 +142,23 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
         for (String roleName : roles)
         {
             Role role = filePlanRoleService.getRole(filePlan, roleName);
+            
             if (role != null)
             {
+                // get the roles current capabilities
                 Set<Capability> capabilities = role.getCapabilities();
-                capabilities.add(capability);
-                filePlanRoleService.updateRole(filePlan, role.getName(), role.getDisplayLabel(), capabilities);
+                
+                // only update if the capability is missing
+                if (capabilities.contains(capability) == false)
+                {                
+                    if (logger.isDebugEnabled() == true)
+                    {
+                        logger.debug("  ... adding capability " + capabilityName + " to role " + role.getName());
+                    }
+                    
+                    capabilities.add(capability);
+                    filePlanRoleService.updateRole(filePlan, role.getName(), role.getDisplayLabel(), capabilities);
+                }
             }            
         }
     }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java

@@ -345,8 +345,11 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
                             String user = AuthenticationUtil.getFullyAuthenticatedUser();
                             authorityService.addAuthority(role.getRoleGroupName(), user);
                             
-                            // add the dynamic admin authority
-                            authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
+                            if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false)
+                            {
+                                // add the dynamic admin authority
+                                authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
+                            }
                         }
                     }
                 }