From 3333908c0e71aa9d8992b3ab732cf623a6a3d132 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Tue, 30 Apr 2013 01:27:33 +0000 Subject: [PATCH] RM-669: Patch required to update records as they should no longer inherit permissions from their parent record folders RM-671: Patch to add new inplace roles. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49622 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-patch-context.xml | 23 ++++- .../fileplan/FilePlanServiceImpl.java | 2 +- .../patch/RMv21CapabilityPatch.java | 15 ++- .../patch/RMv21InPlacePatch.java | 98 ++++++++++++------- .../patch/RMv2RMAdminUserPatch.java | 36 +++++-- .../FilePlanPermissionServiceImpl.java | 10 +- 6 files changed, 126 insertions(+), 58 deletions(-) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml index 0b8b340d7a..eaad20fc4d 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml @@ -58,10 +58,10 @@ - - + + - + @@ -85,12 +85,27 @@ - + + + + + + + + + + + + + + \ No newline at end of file diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java index 68d2437b7e..cfcc1aca8d 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java @@ -237,7 +237,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl { throw new AlfrescoRuntimeException("Unable to get unfiled conatiner."); } - else + else if (assocs.size() == 1) { result = assocs.get(0).getChildRef(); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java index 2cb9322df4..149fbc6be3 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java @@ -18,14 +18,13 @@ */ package org.alfresco.module.org_alfresco_module_rm.patch; -import java.util.List; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model; +import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.role.Role; @@ -47,8 +46,8 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent /** Logger */ private static Log logger = LogFactory.getLog(RMv21CapabilityPatch.class); - /** Records management service */ - private RecordsManagementService recordsManagementService; + /** file plan service */ + private FilePlanService filePlanService; /** File plan role service */ private FilePlanRoleService filePlanRoleService; @@ -57,11 +56,11 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent private CapabilityService capabilityService; /** - * @param recordsManagementService records management service + * @param filePlanService file plan service */ - public void setRecordsManagementService(RecordsManagementService recordsManagementService) + public void setFilePlanService(FilePlanService filePlanService) { - this.recordsManagementService = recordsManagementService; + this.filePlanService = filePlanService; } /** @@ -91,7 +90,7 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent logger.debug("RM module: RMv21CapabilityPatch executing ..."); } - List filePlans = recordsManagementService.getFilePlans(); + Set filePlans = filePlanService.getFilePlans(); if (logger.isDebugEnabled() == true) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java index 7837a576d5..f08d6ede9a 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java @@ -18,19 +18,21 @@ */ package org.alfresco.module.org_alfresco_module_rm.patch; -import java.util.List; +import java.util.HashSet; +import java.util.Set; -import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService; import org.alfresco.repo.module.AbstractModuleComponent; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.PermissionService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.BeanNameAware; @@ -44,35 +46,42 @@ import org.springframework.beans.factory.BeanNameAware; public class RMv21InPlacePatch extends AbstractModuleComponent implements BeanNameAware, RecordsManagementModel, DOD5015Model { + /** Extended reader and writer role details */ + private static final String ROLE_READERS = "ExtendedReaders"; + private static final String ROLE_READERS_LABEL = "In-Place Readers"; + private static final String[] ROLE_READERS_CAPABILITIES = new String[] + { + "ViewRecords" + }; + private static final String ROLE_WRITERS = "ExtendedWriters"; + private static final String ROLE_WRITERS_LABEL = "In-Place Writers"; + private static final String[] ROLE_WRITERS_CAPABILITIES = new String[] + { + "ViewRecords", + "EditNonRecordMetadata" + }; + /** Logger */ private static Log logger = LogFactory.getLog(RMv21InPlacePatch.class); - /** Permission service */ - private PermissionService permissionService; + /** file plan role service */ + private FilePlanRoleService filePlanRoleService; - /** Records management service */ - private RecordsManagementService recordsManagementService; + /** file plan service */ + private FilePlanService filePlanService; /** File plan permission service */ private FilePlanPermissionService filePlanPermissionService; - /** File plan service */ - private FilePlanService filePlanService; + /** capability service */ + private CapabilityService capabilityService; /** - * @param permissionService permission service + * @param filePlanRoleService file plan role service */ - public void setPermissionService(PermissionService permissionService) + public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService) { - this.permissionService = permissionService; - } - - /** - * @param recordsManagementService records management service - */ - public void setRecordsManagementService(RecordsManagementService recordsManagementService) - { - this.recordsManagementService = recordsManagementService; + this.filePlanRoleService = filePlanRoleService; } /** @@ -91,6 +100,14 @@ public class RMv21InPlacePatch extends AbstractModuleComponent this.filePlanService = filePlanService; } + /** + * @param capabilityService capability service + */ + public void setCapabilityService(CapabilityService capabilityService) + { + this.capabilityService = capabilityService; + } + /** * @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal() */ @@ -102,7 +119,7 @@ public class RMv21InPlacePatch extends AbstractModuleComponent logger.debug("RM module: RMv21InPlacePatch executing ..."); } - List filePlans = recordsManagementService.getFilePlans(); + Set filePlans = filePlanService.getFilePlans(); if (logger.isDebugEnabled() == true) { @@ -111,21 +128,24 @@ public class RMv21InPlacePatch extends AbstractModuleComponent for (NodeRef filePlan : filePlans) { - if (logger.isDebugEnabled() == true) + if (filePlanService.getUnfiledContainer(filePlan) == null) { - logger.debug(" ... updating file plan " + filePlan.toString()); + if (logger.isDebugEnabled() == true) + { + logger.debug(" ... updating file plan " + filePlan.toString()); + } + + // set permissions + filePlanPermissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS); + filePlanPermissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING); + + // create unfiled container + filePlanService.createUnfiledContainer(filePlan); + + // add the inplace roles + filePlanRoleService.createRole(filePlan, ROLE_READERS, ROLE_READERS_LABEL, getCapabilities(ROLE_READERS_CAPABILITIES)); + filePlanRoleService.createRole(filePlan, ROLE_WRITERS, ROLE_WRITERS_LABEL, getCapabilities(ROLE_WRITERS_CAPABILITIES)); } - - // set permissions - filePlanPermissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS); - filePlanPermissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING); - - // set capabilities - //permissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true); - // permissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.EDIT_NON_RECORD_METADATA, true); - - // create unfiled container - filePlanService.createUnfiledContainer(filePlan); } if (logger.isDebugEnabled() == true) @@ -134,5 +154,13 @@ public class RMv21InPlacePatch extends AbstractModuleComponent } } - + private Set getCapabilities(String[] capabilityNames) + { + Set capabilities = new HashSet(3); + for (String capabilityName : capabilityNames) + { + capabilities.add(capabilityService.getCapability(capabilityName)); + } + return capabilities; + } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java index a333c8cffc..f80238f0af 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java @@ -20,11 +20,11 @@ package org.alfresco.module.org_alfresco_module_rm.patch; import java.io.Serializable; import java.util.HashMap; -import java.util.List; import java.util.Map; +import java.util.Set; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; +import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl; @@ -47,43 +47,67 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea /** Logger */ private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class); + /** default rm admin password */ private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD; + /** mutable authenticaiton service */ private MutableAuthenticationService authenticationService; + /** person service */ private PersonService personService; - private RecordsManagementService recordsManagementService; + /** file plan service */ + private FilePlanService filePlanService; + /** file plan role service */ private FilePlanRoleService filePlanRoleService; + /** file plan authentication service */ private FilePlanAuthenticationService filePlanAuthenticationService; + /** + * @param password rm admin password + */ public void setPassword(String password) { this.password = password; } + /** + * @param personService person service + */ public void setPersonService(PersonService personService) { this.personService = personService; } + /** + * @param authenticationService mutable authentication service + */ public void setAuthenticationService(MutableAuthenticationService authenticationService) { this.authenticationService = authenticationService; } - public void setRecordsManagementService(RecordsManagementService recordsManagementService) + /** + * @param filePlanService file plan service + */ + public void setFilePlanService(FilePlanService filePlanService) { - this.recordsManagementService = recordsManagementService; + this.filePlanService = filePlanService; } + /** + * @param filePlanRoleService file plan role service + */ public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService) { this.filePlanRoleService = filePlanRoleService; } + /** + * @param filePlanAuthenticationService file plan authentication service + */ public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService) { this.filePlanAuthenticationService = filePlanAuthenticationService; @@ -118,7 +142,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea logger.debug(" ... assigning RM Admin user to file plans"); } - List filePlans = recordsManagementService.getFilePlans(); + Set filePlans = filePlanService.getFilePlans(); for (NodeRef filePlan : filePlans) { filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java index 267c6fc918..7007844c83 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java @@ -265,16 +265,18 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService, } /** - * Initialise the record permissions for the given record folder. + * Initialise the record permissions for the given parent. + * + * NOTE: method is public so it can be accessed via the associated patch bean. * * @param record record - * @param recordFolder record folder + * @param parent records permission parent */ - private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder) + public void initialiseRecordPermissions(NodeRef record, NodeRef parent) { setUpPermissions(record); - Set perms = permissionService.getAllSetPermissions(recordFolder); + Set perms = permissionService.getAllSetPermissions(parent); for (AccessPermission perm : perms) { if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&