mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-669: Patch required to update records as they should no longer inherit permissions from their parent record folders
RM-671: Patch to add new inplace roles. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49622 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -58,10 +58,10 @@
|
||||
<property name="description" value="Patches the existing RM data for the RM v2.1 InPlace features."/>
|
||||
<property name="sinceVersion" value="2.1"/>
|
||||
<property name="appliesFromVersion" value="2.1"/>
|
||||
<property name="permissionService" ref="PermissionService" />
|
||||
<property name="recordsManagementService" ref="RecordsManagementService"/>
|
||||
<property name="filePlanRoleService" ref="FilePlanRoleService"/>
|
||||
<property name="filePlanPermissionService" ref="FilePlanPermissionService"/>
|
||||
<property name="filePlanService" ref="FilePlanService"/>
|
||||
<property name="capabilityService" ref="CapabilityService"/>
|
||||
</bean>
|
||||
|
||||
<bean id="org_alfresco_module_rm_RMv21CapabilityPatch"
|
||||
@@ -72,7 +72,7 @@
|
||||
<property name="description" value="Patches the existing RM data for the RM v2.1 updated capabilities."/>
|
||||
<property name="sinceVersion" value="2.1"/>
|
||||
<property name="appliesFromVersion" value="2.1"/>
|
||||
<property name="recordsManagementService" ref="RecordsManagementService"/>
|
||||
<property name="filePlanService" ref="FilePlanService"/>
|
||||
<property name="filePlanRoleService" ref="FilePlanRoleService"/>
|
||||
<property name="capabilityService" ref="CapabilityService"/>
|
||||
</bean>
|
||||
@@ -85,7 +85,7 @@
|
||||
<property name="description" value="Adds the global RM admin user to all existing file plans."/>
|
||||
<property name="sinceVersion" value="2.1"/>
|
||||
<property name="appliesFromVersion" value="2.1"/>
|
||||
<property name="recordsManagementService" ref="RecordsManagementService"/>
|
||||
<property name="filePlanService" ref="FilePlanService"/>
|
||||
<property name="filePlanRoleService" ref="FilePlanRoleService"/>
|
||||
<property name="authenticationService" ref="AuthenticationService" />
|
||||
<property name="personService" ref="PersonService" />
|
||||
@@ -93,4 +93,19 @@
|
||||
<property name="password" value="${bootstrap.rmadmin.pwd}" />
|
||||
</bean>
|
||||
|
||||
<bean id="org_alfresco_module_rm_RMv21RecordInheritancePatch"
|
||||
parent="module.baseComponent"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.patch.RMv21RecordInheritancePatch">
|
||||
<property name="moduleId" value="org_alfresco_module_rm"/>
|
||||
<property name="name" value="org_alfresco_module_rm_RMv21RecordInheritancePatch"/>
|
||||
<property name="description" value="Adjust record permission inheritance."/>
|
||||
<property name="sinceVersion" value="2.1"/>
|
||||
<property name="appliesFromVersion" value="2.1"/>
|
||||
<property name="patchDAO" ref="patchDAO"/>
|
||||
<property name="nodeDAO" ref="nodeDAO" />
|
||||
<property name="qnameDAO" ref="qnameDAO"/>
|
||||
<property name="nodeService" ref="nodeService"/>
|
||||
<property name="filePlanPermissionServiceImpl" ref="filePlanPermissionService"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
@@ -237,7 +237,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Unable to get unfiled conatiner.");
|
||||
}
|
||||
else
|
||||
else if (assocs.size() == 1)
|
||||
{
|
||||
result = assocs.get(0).getChildRef();
|
||||
}
|
||||
|
||||
@@ -18,14 +18,13 @@
|
||||
*/
|
||||
package org.alfresco.module.org_alfresco_module_rm.patch;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.role.Role;
|
||||
@@ -47,8 +46,8 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(RMv21CapabilityPatch.class);
|
||||
|
||||
/** Records management service */
|
||||
private RecordsManagementService recordsManagementService;
|
||||
/** file plan service */
|
||||
private FilePlanService filePlanService;
|
||||
|
||||
/** File plan role service */
|
||||
private FilePlanRoleService filePlanRoleService;
|
||||
@@ -57,11 +56,11 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
|
||||
private CapabilityService capabilityService;
|
||||
|
||||
/**
|
||||
* @param recordsManagementService records management service
|
||||
* @param filePlanService file plan service
|
||||
*/
|
||||
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
|
||||
public void setFilePlanService(FilePlanService filePlanService)
|
||||
{
|
||||
this.recordsManagementService = recordsManagementService;
|
||||
this.filePlanService = filePlanService;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -91,7 +90,7 @@ public class RMv21CapabilityPatch extends AbstractModuleComponent
|
||||
logger.debug("RM module: RMv21CapabilityPatch executing ...");
|
||||
}
|
||||
|
||||
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
|
||||
Set<NodeRef> filePlans = filePlanService.getFilePlans();
|
||||
|
||||
if (logger.isDebugEnabled() == true)
|
||||
{
|
||||
|
||||
@@ -18,19 +18,21 @@
|
||||
*/
|
||||
package org.alfresco.module.org_alfresco_module_rm.patch;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
|
||||
import org.alfresco.repo.module.AbstractModuleComponent;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.BeanNameAware;
|
||||
@@ -44,35 +46,42 @@ import org.springframework.beans.factory.BeanNameAware;
|
||||
public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
implements BeanNameAware, RecordsManagementModel, DOD5015Model
|
||||
{
|
||||
/** Extended reader and writer role details */
|
||||
private static final String ROLE_READERS = "ExtendedReaders";
|
||||
private static final String ROLE_READERS_LABEL = "In-Place Readers";
|
||||
private static final String[] ROLE_READERS_CAPABILITIES = new String[]
|
||||
{
|
||||
"ViewRecords"
|
||||
};
|
||||
private static final String ROLE_WRITERS = "ExtendedWriters";
|
||||
private static final String ROLE_WRITERS_LABEL = "In-Place Writers";
|
||||
private static final String[] ROLE_WRITERS_CAPABILITIES = new String[]
|
||||
{
|
||||
"ViewRecords",
|
||||
"EditNonRecordMetadata"
|
||||
};
|
||||
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(RMv21InPlacePatch.class);
|
||||
|
||||
/** Permission service */
|
||||
private PermissionService permissionService;
|
||||
/** file plan role service */
|
||||
private FilePlanRoleService filePlanRoleService;
|
||||
|
||||
/** Records management service */
|
||||
private RecordsManagementService recordsManagementService;
|
||||
/** file plan service */
|
||||
private FilePlanService filePlanService;
|
||||
|
||||
/** File plan permission service */
|
||||
private FilePlanPermissionService filePlanPermissionService;
|
||||
|
||||
/** File plan service */
|
||||
private FilePlanService filePlanService;
|
||||
/** capability service */
|
||||
private CapabilityService capabilityService;
|
||||
|
||||
/**
|
||||
* @param permissionService permission service
|
||||
* @param filePlanRoleService file plan role service
|
||||
*/
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
|
||||
{
|
||||
this.permissionService = permissionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param recordsManagementService records management service
|
||||
*/
|
||||
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
|
||||
{
|
||||
this.recordsManagementService = recordsManagementService;
|
||||
this.filePlanRoleService = filePlanRoleService;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -91,6 +100,14 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
this.filePlanService = filePlanService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param capabilityService capability service
|
||||
*/
|
||||
public void setCapabilityService(CapabilityService capabilityService)
|
||||
{
|
||||
this.capabilityService = capabilityService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
|
||||
*/
|
||||
@@ -102,7 +119,7 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
logger.debug("RM module: RMv21InPlacePatch executing ...");
|
||||
}
|
||||
|
||||
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
|
||||
Set<NodeRef> filePlans = filePlanService.getFilePlans();
|
||||
|
||||
if (logger.isDebugEnabled() == true)
|
||||
{
|
||||
@@ -110,6 +127,8 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
}
|
||||
|
||||
for (NodeRef filePlan : filePlans)
|
||||
{
|
||||
if (filePlanService.getUnfiledContainer(filePlan) == null)
|
||||
{
|
||||
if (logger.isDebugEnabled() == true)
|
||||
{
|
||||
@@ -120,12 +139,13 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
filePlanPermissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS);
|
||||
filePlanPermissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING);
|
||||
|
||||
// set capabilities
|
||||
//permissionService.setPermission(filePlan, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true);
|
||||
// permissionService.setPermission(filePlan, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.EDIT_NON_RECORD_METADATA, true);
|
||||
|
||||
// create unfiled container
|
||||
filePlanService.createUnfiledContainer(filePlan);
|
||||
|
||||
// add the inplace roles
|
||||
filePlanRoleService.createRole(filePlan, ROLE_READERS, ROLE_READERS_LABEL, getCapabilities(ROLE_READERS_CAPABILITIES));
|
||||
filePlanRoleService.createRole(filePlan, ROLE_WRITERS, ROLE_WRITERS_LABEL, getCapabilities(ROLE_WRITERS_CAPABILITIES));
|
||||
}
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled() == true)
|
||||
@@ -134,5 +154,13 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private Set<Capability> getCapabilities(String[] capabilityNames)
|
||||
{
|
||||
Set<Capability> capabilities = new HashSet<Capability>(3);
|
||||
for (String capabilityName : capabilityNames)
|
||||
{
|
||||
capabilities.add(capabilityService.getCapability(capabilityName));
|
||||
}
|
||||
return capabilities;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,11 +20,11 @@ package org.alfresco.module.org_alfresco_module_rm.patch;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
|
||||
@@ -47,43 +47,67 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
|
||||
|
||||
/** default rm admin password */
|
||||
private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
|
||||
|
||||
/** mutable authenticaiton service */
|
||||
private MutableAuthenticationService authenticationService;
|
||||
|
||||
/** person service */
|
||||
private PersonService personService;
|
||||
|
||||
private RecordsManagementService recordsManagementService;
|
||||
/** file plan service */
|
||||
private FilePlanService filePlanService;
|
||||
|
||||
/** file plan role service */
|
||||
private FilePlanRoleService filePlanRoleService;
|
||||
|
||||
/** file plan authentication service */
|
||||
private FilePlanAuthenticationService filePlanAuthenticationService;
|
||||
|
||||
/**
|
||||
* @param password rm admin password
|
||||
*/
|
||||
public void setPassword(String password)
|
||||
{
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param personService person service
|
||||
*/
|
||||
public void setPersonService(PersonService personService)
|
||||
{
|
||||
this.personService = personService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param authenticationService mutable authentication service
|
||||
*/
|
||||
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
||||
{
|
||||
this.authenticationService = authenticationService;
|
||||
}
|
||||
|
||||
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
|
||||
/**
|
||||
* @param filePlanService file plan service
|
||||
*/
|
||||
public void setFilePlanService(FilePlanService filePlanService)
|
||||
{
|
||||
this.recordsManagementService = recordsManagementService;
|
||||
this.filePlanService = filePlanService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param filePlanRoleService file plan role service
|
||||
*/
|
||||
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
|
||||
{
|
||||
this.filePlanRoleService = filePlanRoleService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param filePlanAuthenticationService file plan authentication service
|
||||
*/
|
||||
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
|
||||
{
|
||||
this.filePlanAuthenticationService = filePlanAuthenticationService;
|
||||
@@ -118,7 +142,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
|
||||
logger.debug(" ... assigning RM Admin user to file plans");
|
||||
}
|
||||
|
||||
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
|
||||
Set<NodeRef> filePlans = filePlanService.getFilePlans();
|
||||
for (NodeRef filePlan : filePlans)
|
||||
{
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
|
||||
|
||||
@@ -265,16 +265,18 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialise the record permissions for the given record folder.
|
||||
* Initialise the record permissions for the given parent.
|
||||
*
|
||||
* NOTE: method is public so it can be accessed via the associated patch bean.
|
||||
*
|
||||
* @param record record
|
||||
* @param recordFolder record folder
|
||||
* @param parent records permission parent
|
||||
*/
|
||||
private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder)
|
||||
public void initialiseRecordPermissions(NodeRef record, NodeRef parent)
|
||||
{
|
||||
setUpPermissions(record);
|
||||
|
||||
Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder);
|
||||
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
|
||||
for (AccessPermission perm : perms)
|
||||
{
|
||||
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
|
||||
|
||||
Reference in New Issue
Block a user