diff --git a/config/alfresco/public-services-context.xml b/config/alfresco/public-services-context.xml
index 8759cb4f50..e056cd87ed 100644
--- a/config/alfresco/public-services-context.xml
+++ b/config/alfresco/public-services-context.xml
@@ -1077,7 +1077,10 @@
getLock
getUserLocks
- getWebProjectLocks
+ getWebProjectLocks
+ getWebProjects
+ getStoreLocks
+ hasAccess
@@ -1091,7 +1094,9 @@
addWebProject
lockPath
removeLock
- removeWebProject
+ removeWebProject
+ modifyLock
+ removeStoreLocks
diff --git a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java
index 907b0c0b47..49e6b1c843 100644
--- a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java
+++ b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceImpl.java
@@ -209,8 +209,8 @@ public class AVMLockingServiceImpl implements AVMLockingService
{
for (String authority : lock.getOwners())
{
- if (fPersonService.getPerson(authority) == null &&
- !fAuthorityService.authorityExists(authority))
+ if (!fAuthorityService.authorityExists(authority) &&
+ !fPersonService.personExists(authority))
{
throw new AVMBadArgumentException("Not an Authority: " + authority);
}
@@ -466,8 +466,8 @@ public class AVMLockingServiceImpl implements AVMLockingService
{
for (String user : usersToAdd)
{
- if (fPersonService.getPerson(user) == null &&
- !fAuthorityService.authorityExists(user))
+ if (!fAuthorityService.authorityExists(user) &&
+ !fPersonService.personExists(user))
{
throw new AVMBadArgumentException("Not an authority: " + user);
}
@@ -512,6 +512,10 @@ public class AVMLockingServiceImpl implements AVMLockingService
{
return false;
}
+ if (fAuthorityService.isAdminAuthority(user))
+ {
+ return true;
+ }
String[] storePath = avmPath.split(":");
if (storePath.length != 2)
{
@@ -527,11 +531,6 @@ public class AVMLockingServiceImpl implements AVMLockingService
{
return false;
}
- // TODO is this meaningful? I don't think so.
- if (AuthorityType.getAuthorityType(user) == AuthorityType.ADMIN)
- {
- return true;
- }
List owners = lock.getOwners();
for (String owner : owners)
{
@@ -569,4 +568,15 @@ public class AVMLockingServiceImpl implements AVMLockingService
}
return false;
}
+
+ /* (non-Javadoc)
+ * @see org.alfresco.service.cmr.avm.locking.AVMLockingService#getWebProjects()
+ */
+ public List getWebProjects()
+ {
+ List keys = new ArrayList();
+ keys.add(LOCK_TABLE);
+ keys.add(WEB_PROJECTS);
+ return fAttributeService.getKeys(keys);
+ }
}
diff --git a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java
index 3036d09554..24d5810e2c 100644
--- a/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java
+++ b/source/java/org/alfresco/repo/avm/locking/AVMLockingServiceTest.java
@@ -25,16 +25,10 @@
package org.alfresco.repo.avm.locking;
-import java.io.Serializable;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
-import org.alfresco.repo.security.authentication.AuthenticationComponentImpl;
import org.alfresco.service.cmr.attributes.AttributeService;
import org.alfresco.service.cmr.avm.locking.AVMLock;
import org.alfresco.service.cmr.avm.locking.AVMLockingService;
@@ -42,7 +36,6 @@ import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
-import org.alfresco.service.namespace.QName;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import junit.framework.TestCase;
@@ -112,10 +105,10 @@ public class AVMLockingServiceTest extends TestCase
@Override
protected void tearDown() throws Exception
{
- List keys = fAttributeService.getKeys("");
- for (String key : keys)
+ List webProjects = fService.getWebProjects();
+ for (String webProject : webProjects)
{
- fAttributeService.removeAttribute("", key);
+ fService.removeWebProject(webProject);
}
fAuthenticationService.deleteAuthentication("Buffy");
fAuthenticationService.deleteAuthentication("Willow");
@@ -180,4 +173,134 @@ public class AVMLockingServiceTest extends TestCase
fail();
}
}
+
+ public void testRoleBasedLocking()
+ {
+ try
+ {
+ fService.addWebProject("alfresco");
+ List owners = new ArrayList();
+ owners.add("ROLE_SUPER_POWERED");
+ owners.add("Tara");
+ AVMLock lock = new AVMLock("alfresco",
+ "Sunnydale",
+ "TheInitiative/Adam/plans.txt",
+ AVMLockingService.Type.DISCRETIONARY,
+ owners);
+ fService.lockPath(lock);
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander"));
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testGroupBasedLocking()
+ {
+ try
+ {
+ fService.addWebProject("alfresco");
+ List owners = new ArrayList();
+ owners.add("GROUP_Scoobies");
+ owners.add("Tara");
+ AVMLock lock = new AVMLock("alfresco",
+ "Sunnydale",
+ "TheInitiative/Adam/plans.txt",
+ AVMLockingService.Type.DISCRETIONARY,
+ owners);
+ fService.lockPath(lock);
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander"));
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testLockModification()
+ {
+ try
+ {
+ fService.addWebProject("alfresco");
+ List owners = new ArrayList();
+ owners.add("GROUP_Scoobies");
+ owners.add("Tara");
+ AVMLock lock = new AVMLock("alfresco",
+ "Sunnydale",
+ "TheInitiative/Adam/plans.txt",
+ AVMLockingService.Type.DISCRETIONARY,
+ owners);
+ fService.lockPath(lock);
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/TheInitiative/Adam/plans.txt", "Xander"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Willow"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/TheInitiative/Adam/plans.txt", "Xander"));
+ fService.modifyLock("alfresco", "TheInitiative/Adam/plans.txt", "ScrapHeap/Adam/plans.txt", null, null, null);
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Spike"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Tara"));
+ assertTrue(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Xander"));
+ fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, "LA", null, null);
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Buffy"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Willow"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "Sunnydale:/ScrapHeap/Adam/plans.txt", "Xander"));
+ List usersToAdd = new ArrayList();
+ usersToAdd.add("Spike");
+ fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, null, null, usersToAdd);
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander"));
+ List usersToRemove = new ArrayList();
+ usersToRemove.add("GROUP_Scoobies");
+ fService.modifyLock("alfresco", "ScrapHeap/Adam/plans.txt", null, null, usersToRemove, null);
+ assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Buffy"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Spike"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Willow"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Tara"));
+ assertFalse(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "Xander"));
+ assertTrue(fService.hasAccess("alfresco", "LA:/ScrapHeap/Adam/plans.txt", "admin"));
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ fail();
+ }
+ }
}
diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
index 7041e73798..24dc88a4cd 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
@@ -99,6 +99,19 @@ public class AuthorityServiceImpl implements AuthorityService
return ((currentUserName != null) && adminUsers.contains(currentUserName));
}
+ /* (non-Javadoc)
+ * @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String)
+ */
+ public boolean isAdminAuthority(String authorityName)
+ {
+ String canonicalName = personService.getUserIdentifier(authorityName);
+ if (canonicalName == null)
+ {
+ canonicalName = authorityName;
+ }
+ return adminUsers.contains(canonicalName);
+ }
+
// IOC
public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
diff --git a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
index e4b4e6f2db..076984340d 100644
--- a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java
@@ -84,6 +84,19 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
return ((currentUserName != null) && adminUsers.contains(currentUserName));
}
+ /* (non-Javadoc)
+ * @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String)
+ */
+ public boolean isAdminAuthority(String authorityName)
+ {
+ String canonicalName = personService.getUserIdentifier(authorityName);
+ if (canonicalName == null)
+ {
+ canonicalName = authorityName;
+ }
+ return adminUsers.contains(canonicalName);
+ }
+
// IOC
public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
diff --git a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java
index 6661a16de2..37c7ae2636 100644
--- a/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java
+++ b/source/java/org/alfresco/service/cmr/avm/locking/AVMLockingService.java
@@ -122,4 +122,10 @@ public interface AVMLockingService
* @return Whether the user has access.
*/
public boolean hasAccess(String webProject, String avmPath, String user);
+
+ /**
+ * Get the names of all the web projects the service knows about.
+ * @return The list of web project names.
+ */
+ public List getWebProjects();
}
diff --git a/source/java/org/alfresco/service/cmr/security/AuthorityService.java b/source/java/org/alfresco/service/cmr/security/AuthorityService.java
index d093d836e7..1679cefc10 100644
--- a/source/java/org/alfresco/service/cmr/security/AuthorityService.java
+++ b/source/java/org/alfresco/service/cmr/security/AuthorityService.java
@@ -57,6 +57,15 @@ public interface AuthorityService
*/
@Auditable
public boolean hasAdminAuthority();
+
+ /**
+ * Does the given authority have admin authority.
+ *
+ * @param authorityName The name of the authority.
+ * @return Whether the authority is an admin.
+ */
+ @Auditable(parameters = {"authorityName"})
+ public boolean isAdminAuthority(String authorityName);
/**
* Get the authorities for the current user