inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix ALF-2287: getChangeLog should only be available to admins

Browse Source 
- lock down AtomPub and Web Service getContentChanges()

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19697 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
David Caruana
2010-03-31 14:07:50 +00:00
parent 681676236f
commit 28b9fab6aa
4 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/cmis-ws-context.xml
View File

@@ -351,6 +351,7 @@
<property name="fileFolderService" ref="FileFolderService" />
<property name="searchService" ref="SearchService" />
<property name="permissionService" ref="PermissionService" />
<property name="authorityService" ref="AuthorityService" />
<property name="propertiesUtil" ref="propertiesUtils" />
</bean>

2
config/alfresco/templates/webscripts/org/alfresco/cmis/changes.get.desc.xml
View File

@@ -33,7 +33,7 @@
<response type="cmis.atomfeed"/>
</responses>
<authentication>guest</authentication>
<authentication>admin</authentication>
<transaction allow="readonly"/>
<family>CMIS</family>
<lifecycle>public_api</lifecycle>

7
source/java/org/alfresco/repo/cmis/ws/DMAbstractServicePort.java
View File

@@ -65,6 +65,7 @@ import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.version.Version;
import org.alfresco.service.descriptor.DescriptorService;
@@ -132,6 +133,7 @@ public class DMAbstractServicePort
protected SearchService searchService;
protected PropertyUtil propertiesUtil;
protected PermissionService permissionService;
protected AuthorityService authorityService;
public void setCmisService(CMISServices cmisService)
{
@@ -188,6 +190,11 @@ public class DMAbstractServicePort
this.permissionService = permissionService;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
protected PropertyFilter createPropertyFilter(String filter) throws CmisException
{
try

6
source/java/org/alfresco/repo/cmis/ws/DMDiscoveryServicePort.java
View File

@@ -40,6 +40,7 @@ import org.alfresco.cmis.CMISResultSetRow;
import org.alfresco.cmis.CMISServiceException;
import org.alfresco.cmis.PropertyFilter;
import org.alfresco.repo.cmis.ws.utils.ExceptionUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
/**
@@ -172,6 +173,11 @@ public class DMDiscoveryServicePort extends DMAbstractServicePort implements Dis
public void getContentChanges(String repositoryId, Holder<String> changeLogToken, Boolean includeProperties, String filter, Boolean includePolicyIds, Boolean includeACL,
BigInteger maxItems, CmisExtensionType extension, Holder<CmisObjectListType> objects) throws CmisException
{
if (!authorityService.hasAdminAuthority())
{
throw ExceptionUtil.createCmisException("Cannot retrieve content changes", new AccessDeniedException("Requires admin authority"));
}
// TODO: includePolicyIds
checkRepositoryId(repositoryId);
String changeToken = (null != changeLogToken) ? (changeLogToken.value) : (null);