From 275406472cf4e6768fc2837f0e7dba75fcc5dc22 Mon Sep 17 00:00:00 2001 From: Tuna Aksoy Date: Wed, 11 Feb 2015 13:38:10 +0000 Subject: [PATCH] RM-1903 (Can't manage permissions without "Manage Access Controls" capability) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@96823 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../messages/capability-service.properties | 4 +- .../security/rm-method-security.properties | 10 ++-- .../security/rm-policy-context.xml | 24 ++++------ .../capability/policy/CapabilityPolicy.java | 46 ------------------- 4 files changed, 17 insertions(+), 67 deletions(-) delete mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties index 52e96cc45d..6ad06364f6 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties @@ -85,8 +85,8 @@ capability.CreateModifyDestroyRoles.title=Create Modify Destroy Roles capability.CreateModifyDestroyUsersAndGroups.title=Create Modify Destroy Users and Groups capability.PasswordControl.title=Password Control capability.DisplayRightsReport.title=Display Rights Report -capability.ManageAccessControls.title=Manage Access Controls -capability.ManageAccessRights.title=Manage Access Rights +capability.ManageAccessControls.title=Group and User Role Assignment +capability.ManageAccessRights.title=Manage Permissions # Configuration capability.group.config.title=Configuration diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties index 916a69ca45..385b0d397e 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties @@ -174,12 +174,12 @@ rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getPermiss rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=RM.Read.0 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.hasPermission=RM_ALLOW -rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM.Capability.0 -rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM.Capability.0 -rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM.Capability.0 -rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0 +rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights +rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights +rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights +rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW -rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0 +rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY ## Site service diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-policy-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-policy-context.xml index 212c8c2fc2..83cc7a7417 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-policy-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-policy-context.xml @@ -5,9 +5,9 @@ - - - + + + @@ -15,35 +15,31 @@ - + - + - + - + - + - + - - - - - + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java deleted file mode 100644 index 6f60fd7f67..0000000000 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (C) 2005-2014 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.module.org_alfresco_module_rm.capability.policy; - -import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.service.cmr.repository.NodeRef; -import org.aopalliance.intercept.MethodInvocation; - -/** - * - * @author Roy Wetherall - * @since 2.1 - */ -public class CapabilityPolicy extends AbstractBasePolicy -{ - /** - * @see org.alfresco.module.org_alfresco_module_rm.capability.policy.Policy#evaluate(org.aopalliance.intercept.MethodInvocation, java.lang.Class[], org.alfresco.module.org_alfresco_module_rm.capability.policy.ConfigAttributeDefinition) - */ - @Override - @SuppressWarnings("rawtypes") - public int evaluate( - MethodInvocation invocation, - Class[] params, - ConfigAttributeDefinition cad) - { - NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent()); - return getCapabilityService().getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).evaluate(testNodeRef); - } - -} \ No newline at end of file