Merge pull request #1182 from Alfresco/hotfix-3.2/MNT-21585_fix_ipr_group_match

MNT-21585 - Having EVERYONE in original ACL causes IPR duplication (#…
2025-07-31 17:39:05 +00:00 · 2020-08-10 11:10:21 +01:00
parent 1c04993e4d 61da55e289
commit 312ec2f4c3
1 changed files with 10 additions and 4 deletions
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
@@ -407,13 +407,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
                // if exists and matches we have found our group
                if (isIPRGroupTrueMatch(group, authorities))
                {
-                    iprGroup = group;
-                    break;
+                    return new Pair<String, Integer>(group, nextGroupIndex);
                }
            }

            // determine if there are any more pages to inspect
-            hasMoreItems = results.hasMoreItems();
+            hasMoreItems = hasMoreItems ? results.hasMoreItems() : false;
            pageCount ++;
        }

@@ -429,8 +428,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
     */
    private boolean isIPRGroupTrueMatch(String group, Set<String> authorities)
    {
+        //Remove GROUP_EVERYONE for proper comparison as GROUP_EVERYONE is never included in an IPR group
+        Set<String> plainAuthorities = new HashSet<String>();
+        if (authorities != null)
+        {
+            plainAuthorities.addAll(authorities);
+            plainAuthorities.remove(PermissionService.ALL_AUTHORITIES);
+        }
        Set<String> contained =  authorityService.getContainedAuthorities(null, group, true);
-        return contained.equals(authorities);
+        return contained.equals(plainAuthorities);
    }

    /**