diff --git a/config/alfresco/cmis-ws-context.xml b/config/alfresco/cmis-ws-context.xml
index 19435d3d8d..7db644b6dd 100644
--- a/config/alfresco/cmis-ws-context.xml
+++ b/config/alfresco/cmis-ws-context.xml
@@ -351,6 +351,7 @@
+
diff --git a/config/alfresco/templates/webscripts/org/alfresco/cmis/changes.get.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/cmis/changes.get.desc.xml
index 4fe2a65ab2..78a639397a 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/cmis/changes.get.desc.xml
+++ b/config/alfresco/templates/webscripts/org/alfresco/cmis/changes.get.desc.xml
@@ -33,7 +33,7 @@
- guest
+ admin
CMIS
public_api
diff --git a/source/java/org/alfresco/repo/cmis/ws/DMAbstractServicePort.java b/source/java/org/alfresco/repo/cmis/ws/DMAbstractServicePort.java
index ba1700bafe..18593cc805 100644
--- a/source/java/org/alfresco/repo/cmis/ws/DMAbstractServicePort.java
+++ b/source/java/org/alfresco/repo/cmis/ws/DMAbstractServicePort.java
@@ -65,6 +65,7 @@ import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.search.SearchService;
+import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.version.Version;
import org.alfresco.service.descriptor.DescriptorService;
@@ -132,6 +133,7 @@ public class DMAbstractServicePort
protected SearchService searchService;
protected PropertyUtil propertiesUtil;
protected PermissionService permissionService;
+ protected AuthorityService authorityService;
public void setCmisService(CMISServices cmisService)
{
@@ -188,6 +190,11 @@ public class DMAbstractServicePort
this.permissionService = permissionService;
}
+ public void setAuthorityService(AuthorityService authorityService)
+ {
+ this.authorityService = authorityService;
+ }
+
protected PropertyFilter createPropertyFilter(String filter) throws CmisException
{
try
diff --git a/source/java/org/alfresco/repo/cmis/ws/DMDiscoveryServicePort.java b/source/java/org/alfresco/repo/cmis/ws/DMDiscoveryServicePort.java
index 6593e07f2c..41c8e7b1cb 100644
--- a/source/java/org/alfresco/repo/cmis/ws/DMDiscoveryServicePort.java
+++ b/source/java/org/alfresco/repo/cmis/ws/DMDiscoveryServicePort.java
@@ -40,6 +40,7 @@ import org.alfresco.cmis.CMISResultSetRow;
import org.alfresco.cmis.CMISServiceException;
import org.alfresco.cmis.PropertyFilter;
import org.alfresco.repo.cmis.ws.utils.ExceptionUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
/**
@@ -172,6 +173,11 @@ public class DMDiscoveryServicePort extends DMAbstractServicePort implements Dis
public void getContentChanges(String repositoryId, Holder changeLogToken, Boolean includeProperties, String filter, Boolean includePolicyIds, Boolean includeACL,
BigInteger maxItems, CmisExtensionType extension, Holder objects) throws CmisException
{
+ if (!authorityService.hasAdminAuthority())
+ {
+ throw ExceptionUtil.createCmisException("Cannot retrieve content changes", new AccessDeniedException("Requires admin authority"));
+ }
+
// TODO: includePolicyIds
checkRepositoryId(repositoryId);
String changeToken = (null != changeLogToken) ? (changeLogToken.value) : (null);