inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1182 from Alfresco/hotfix-3.2/MNT-21585_fix_ipr_group_match

Browse Source 
MNT-21585 - Having EVERYONE in original ACL causes IPR duplication (#…
This commit is contained in:
evasques
2020-08-10 11:10:21 +01:00
committed by GitHub
parent 1c04993e4d 61da55e289
commit 312ec2f4c3
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
View File

@@ -407,13 +407,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
// if exists and matches we have found our group // if exists and matches we have found our group
if (isIPRGroupTrueMatch(group, authorities)) if (isIPRGroupTrueMatch(group, authorities))
{ {
iprGroup = group; return new Pair<String, Integer>(group, nextGroupIndex);
break;
} }
} }
// determine if there are any more pages to inspect // determine if there are any more pages to inspect
hasMoreItems = results.hasMoreItems(); hasMoreItems = hasMoreItems ? results.hasMoreItems() : false;
pageCount ++; pageCount ++;
} }
@@ -429,8 +428,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
*/ */
private boolean isIPRGroupTrueMatch(String group, Set<String> authorities) private boolean isIPRGroupTrueMatch(String group, Set<String> authorities)
{ {
//Remove GROUP_EVERYONE for proper comparison as GROUP_EVERYONE is never included in an IPR group
Set<String> plainAuthorities = new HashSet<String>();
if (authorities != null)
{
plainAuthorities.addAll(authorities);
plainAuthorities.remove(PermissionService.ALL_AUTHORITIES);
}
Set<String> contained = authorityService.getContainedAuthorities(null, group, true); Set<String> contained = authorityService.getContainedAuthorities(null, group, true);
return contained.equals(authorities); return contained.equals(plainAuthorities);
} }
/** /**