RM-669: Patch required to update records as they should no longer inherit permissions from their parent record folders

RM-671: Patch to add new inplace roles.




git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49622 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml

@@ -58,10 +58,10 @@
        <property name="description" value="Patches the existing RM data for the RM v2.1 InPlace features."/>
        <property name="sinceVersion" value="2.1"/>
        <property name="appliesFromVersion" value="2.1"/>
-       <property name="permissionService" ref="PermissionService" />
+	   <property name="filePlanRoleService" ref="FilePlanRoleService"/>
-       <property name="recordsManagementService" ref="RecordsManagementService"/>
        <property name="filePlanPermissionService" ref="FilePlanPermissionService"/>
        <property name="filePlanService" ref="FilePlanService"/>
+       <property name="capabilityService" ref="CapabilityService"/>
    </bean>
    
    <bean id="org_alfresco_module_rm_RMv21CapabilityPatch"
@@ -72,7 +72,7 @@
        <property name="description" value="Patches the existing RM data for the RM v2.1 updated capabilities."/>
        <property name="sinceVersion" value="2.1"/>
        <property name="appliesFromVersion" value="2.1"/>
-       <property name="recordsManagementService" ref="RecordsManagementService"/>
+       <property name="filePlanService" ref="FilePlanService"/>
        <property name="filePlanRoleService" ref="FilePlanRoleService"/>
        <property name="capabilityService" ref="CapabilityService"/>
    </bean>
@@ -85,12 +85,27 @@
        <property name="description" value="Adds the global RM admin user to all existing file plans."/>
        <property name="sinceVersion" value="2.1"/>
        <property name="appliesFromVersion" value="2.1"/>
-       <property name="recordsManagementService" ref="RecordsManagementService"/>
+       <property name="filePlanService" ref="FilePlanService"/>
        <property name="filePlanRoleService" ref="FilePlanRoleService"/>
        <property name="authenticationService" ref="AuthenticationService" />
        <property name="personService" ref="PersonService" />
        <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
        <property name="password" value="${bootstrap.rmadmin.pwd}" />
    </bean>
+   
+   <bean id="org_alfresco_module_rm_RMv21RecordInheritancePatch"
+         parent="module.baseComponent"
+         class="org.alfresco.module.org_alfresco_module_rm.patch.RMv21RecordInheritancePatch">
+       <property name="moduleId" value="org_alfresco_module_rm"/>
+       <property name="name" value="org_alfresco_module_rm_RMv21RecordInheritancePatch"/>
+       <property name="description" value="Adjust record permission inheritance."/>
+       <property name="sinceVersion" value="2.1"/>
+       <property name="appliesFromVersion" value="2.1"/>
+       <property name="patchDAO" ref="patchDAO"/>
+       <property name="nodeDAO" ref="nodeDAO" />
+       <property name="qnameDAO" ref="qnameDAO"/>
+       <property name="nodeService" ref="nodeService"/>
+       <property name="filePlanPermissionServiceImpl" ref="filePlanPermissionService"/>
+   </bean>
 
 </beans>

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java

@@ -237,7 +237,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
         {
             throw new AlfrescoRuntimeException("Unable to get unfiled conatiner.");
         }
-        else
+        else if (assocs.size() == 1)
         {
             result = assocs.get(0).getChildRef();
         }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21CapabilityPatch.java

@@ -18,14 +18,13 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.patch;
 
-import java.util.List;
 import java.util.Set;
 
 import org.alfresco.error.AlfrescoRuntimeException;
-import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
 import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
 import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
+import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.role.Role;
@@ -47,8 +46,8 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
     /** Logger */
     private static Log logger = LogFactory.getLog(RMv21CapabilityPatch.class);  
     
-    /** Records management service */
+    /** file plan service */
-    private RecordsManagementService recordsManagementService;
+    private FilePlanService filePlanService;
     
     /** File plan role service */
     private FilePlanRoleService filePlanRoleService;
@@ -57,11 +56,11 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
     private CapabilityService capabilityService;
     
     /**
-     * @param recordsManagementService  records management service
+     * @param filePlanService   file plan service
      */
-    public void setRecordsManagementService(RecordsManagementService recordsManagementService)
+    public void setFilePlanService(FilePlanService filePlanService)
     {
-        this.recordsManagementService = recordsManagementService;
+        this.filePlanService = filePlanService;
     }
 
     /**
@@ -91,7 +90,7 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
             logger.debug("RM module: RMv21CapabilityPatch executing ...");
         }
         
-        List<NodeRef> filePlans = recordsManagementService.getFilePlans();
+        Set<NodeRef> filePlans = filePlanService.getFilePlans();
         
         if (logger.isDebugEnabled() == true)
         {

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java

@@ -18,19 +18,21 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.patch;
 
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 
-import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
 import org.alfresco.repo.module.AbstractModuleComponent;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.PermissionService;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.BeanNameAware;
@@ -44,35 +46,42 @@ import org.springframework.beans.factory.BeanNameAware;
 public class RMv21InPlacePatch extends AbstractModuleComponent 
                                implements BeanNameAware, RecordsManagementModel, DOD5015Model
 {
+    /** Extended reader and writer role details */
+    private static final String ROLE_READERS = "ExtendedReaders";
+    private static final String ROLE_READERS_LABEL = "In-Place Readers";
+    private static final String[] ROLE_READERS_CAPABILITIES = new String[]
+    {
+       "ViewRecords"
+    };
+    private static final String ROLE_WRITERS = "ExtendedWriters";
+    private static final String ROLE_WRITERS_LABEL = "In-Place Writers";
+    private static final String[] ROLE_WRITERS_CAPABILITIES = new String[]
+    {
+       "ViewRecords",
+       "EditNonRecordMetadata"
+    };
+    
     /** Logger */
     private static Log logger = LogFactory.getLog(RMv21InPlacePatch.class);  
     
-    /** Permission service */
+    /** file plan role service */
-    private PermissionService permissionService;
+    private FilePlanRoleService filePlanRoleService;
     
-    /** Records management service */
+    /** file plan service */
-    private RecordsManagementService recordsManagementService;
+    private FilePlanService filePlanService;
     
     /** File plan permission service */
     private FilePlanPermissionService filePlanPermissionService;
     
-    /** File plan service */
+    /** capability service */
-    private FilePlanService filePlanService;
+    private CapabilityService capabilityService;
     
     /**
-     * @param permissionService permission service
+     * @param filePlanRoleService   file plan role service
      */
-    public void setPermissionService(PermissionService permissionService)
+    public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
     {
-        this.permissionService = permissionService;
+        this.filePlanRoleService = filePlanRoleService;
-    }
-    
-    /**
-     * @param recordsManagementService  records management service
-     */
-    public void setRecordsManagementService(RecordsManagementService recordsManagementService)
-    {
-        this.recordsManagementService = recordsManagementService;
     }
     
     /**
@@ -91,6 +100,14 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
         this.filePlanService = filePlanService;
     }
     
+    /**
+     * @param capabilityService capability service
+     */
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
+    
     /**
      * @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
      */
@@ -102,7 +119,7 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
             logger.debug("RM module: RMv21InPlacePatch executing ...");
         }
         
-        List<NodeRef> filePlans = recordsManagementService.getFilePlans();
+        Set<NodeRef> filePlans = filePlanService.getFilePlans();
         
         if (logger.isDebugEnabled() == true)
         {
@@ -111,21 +128,24 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
         
         for (NodeRef filePlan : filePlans)
         {
-            if (logger.isDebugEnabled() == true)
+            if (filePlanService.getUnfiledContainer(filePlan) == null)
             {
-                logger.debug("  ... updating file plan " + filePlan.toString());
+                if (logger.isDebugEnabled() == true)
+                {
+                    logger.debug("  ... updating file plan " + filePlan.toString());
+                }
+                
+                // set permissions
+                filePlanPermissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS);
+                filePlanPermissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING);
+                            
+                // create unfiled container
+                filePlanService.createUnfiledContainer(filePlan);            
+                
+                // add the inplace roles
+                filePlanRoleService.createRole(filePlan, ROLE_READERS, ROLE_READERS_LABEL, getCapabilities(ROLE_READERS_CAPABILITIES));
+                filePlanRoleService.createRole(filePlan, ROLE_WRITERS, ROLE_WRITERS_LABEL, getCapabilities(ROLE_WRITERS_CAPABILITIES));
             }
-            
-            // set permissions
-            filePlanPermissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS);
-            filePlanPermissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING);
-            
-            // set capabilities
-            //permissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true);
-           // permissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.EDIT_NON_RECORD_METADATA, true);
-            
-            // create unfiled container
-            filePlanService.createUnfiledContainer(filePlan);            
         }
         
         if (logger.isDebugEnabled() == true)
@@ -134,5 +154,13 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
         }
     }   
     
-    
+    private Set<Capability> getCapabilities(String[] capabilityNames)
+    {
+        Set<Capability> capabilities = new HashSet<Capability>(3);
+        for (String capabilityName : capabilityNames)
+        {
+            capabilities.add(capabilityService.getCapability(capabilityName));
+        }
+        return capabilities;
+    }
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java

@@ -20,11 +20,11 @@ package org.alfresco.module.org_alfresco_module_rm.patch;
 
 import java.io.Serializable;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.alfresco.model.ContentModel;
-import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
+import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
@@ -47,43 +47,67 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
     /** Logger */
     private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
 
+    /** default rm admin password */
     private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
     
+    /** mutable authenticaiton service */
     private MutableAuthenticationService authenticationService;
     
+    /** person service */
     private PersonService personService;
     
-    private RecordsManagementService recordsManagementService;
+    /** file plan service */
+    private FilePlanService filePlanService;
     
+    /** file plan role service */
     private FilePlanRoleService filePlanRoleService;
     
+    /** file plan authentication service */
     private FilePlanAuthenticationService filePlanAuthenticationService;
     
+    /**
+     * @param password  rm admin password
+     */
     public void setPassword(String password)
     {
         this.password = password;
     }
     
+    /**     
+     * @param personService person service
+     */
     public void setPersonService(PersonService personService)
     {
         this.personService = personService;
     }
     
+    /**
+     * @param authenticationService mutable authentication service
+     */
     public void setAuthenticationService(MutableAuthenticationService authenticationService)
     {
         this.authenticationService = authenticationService;
     }
     
-    public void setRecordsManagementService(RecordsManagementService recordsManagementService)
+    /**
+     * @param filePlanService   file plan service
+     */
+    public void setFilePlanService(FilePlanService filePlanService)
     {
-        this.recordsManagementService = recordsManagementService;
+        this.filePlanService = filePlanService;
     }
 
+    /**
+     * @param filePlanRoleService   file plan role service
+     */
     public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
     {
         this.filePlanRoleService = filePlanRoleService;
     }
     
+    /**
+     * @param filePlanAuthenticationService file plan authentication service
+     */
     public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
     {
         this.filePlanAuthenticationService = filePlanAuthenticationService;
@@ -118,7 +142,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
                 logger.debug("   ... assigning RM Admin user to file plans");
             }
             
-            List<NodeRef> filePlans = recordsManagementService.getFilePlans();
+            Set<NodeRef> filePlans = filePlanService.getFilePlans();
             for (NodeRef filePlan : filePlans)
             {
                 filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java

@@ -265,16 +265,18 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
     }
     
     /**
-     * Initialise the record permissions for the given record folder.
+     * Initialise the record permissions for the given parent.
+     * 
+     * NOTE: method is public so it can be accessed via the associated patch bean.
      * 
      * @param record        record 
-     * @param recordFolder  record folder
+     * @param parent        records permission parent
      */
-    private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder)
+    public void initialiseRecordPermissions(NodeRef record, NodeRef parent)
     {
         setUpPermissions(record);
         
-        Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder);
+        Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
         for (AccessPermission perm : perms)
         {
             if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&