From 348128ef58c689b3056495be1eb7233745980cbb Mon Sep 17 00:00:00 2001 From: David Webster Date: Mon, 24 Oct 2016 17:32:37 +0100 Subject: [PATCH] Merge 7289572a5dc380bab5dc53e09b802ad413869a58 from V2.3 to V2.4 w/ refactor for permissions post processor --- .../alfresco-global.properties | 6 +++ .../extended-repository-context.xml | 15 +++++--- ...ordsManagementPermissionPostProcessor.java | 9 +++-- .../impl/ExtendedPermissionServiceImpl.java | 37 ++++++++++++++++++- .../processor/PermissionPostProcessor.java | 6 ++- 5 files changed, 63 insertions(+), 10 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties index f83d14dc47..4520306a4e 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties @@ -81,6 +81,12 @@ rm.completerecord.mandatorypropertiescheck.enabled=true # rm.patch.v22.convertToStandardFilePlan=false +# Permission mapping +# these take a comma separated string of permissions from org.alfresco.service.cmr.security.PermissionService +# read maps to ReadRecords and write to FileRecords +rm.haspermissionmap.read=ReadProperties,ReadChildren +rm.haspermissionmap.write=WriteProperties,AddChildren + # # Extended auto-version behaviour. If true and other auto-version properties are satisfied, then # a document will be auto-versioned when its type is changed. diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml index ea70bd391d..98c60525e9 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml @@ -114,10 +114,15 @@ - - - - + + + + + ${rm.haspermissionmap.read} + + + ${rm.haspermissionmap.write} + @@ -262,4 +267,4 @@ - \ No newline at end of file + diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java index 5b31bdf651..47ca2a4b3e 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java @@ -27,6 +27,8 @@ package org.alfresco.module.org_alfresco_module_rm.permission; +import java.util.List; + import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.repo.security.permissions.processor.impl.PermissionPostProcessorBaseImpl; @@ -55,20 +57,21 @@ public class RecordsManagementPermissionPostProcessor extends PermissionPostProc * @see org.alfresco.repo.security.permissions.processor.PermissionPostProcessor#process(org.alfresco.service.cmr.security.AccessStatus, org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @Override - public AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm) + public AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm, + List configuredReadPermissions, List configuredFilePermissions) { AccessStatus result = accessStatus; if (AccessStatus.DENIED.equals(accessStatus) && nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)) { // if read denied on rm artifact - if (PermissionService.READ.equals(perm)) + if (PermissionService.READ.equals(perm) || configuredReadPermissions.contains(perm)) { // check for read record result = permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS); } // if write deinied on rm artificat - else if (PermissionService.WRITE.equals(perm) || PermissionService.ADD_CHILDREN.equals(perm)) + else if (PermissionService.WRITE.equals(perm) || configuredFilePermissions.contains(perm)) { // check for file record result = permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS); diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java index fb4e89c460..9d45eaafa2 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java @@ -30,6 +30,7 @@ package org.alfresco.repo.security.permissions.impl; import static org.apache.commons.lang.StringUtils.isNotBlank; import java.io.Serializable; +import java.util.Arrays; import java.util.Collections; import java.util.HashSet; import java.util.List; @@ -40,6 +41,7 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.repo.cache.SimpleCache; + import org.alfresco.repo.security.permissions.AccessControlEntry; import org.alfresco.repo.security.permissions.AccessControlList; import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor; @@ -55,6 +57,7 @@ import org.alfresco.util.PropertyCheck; import org.apache.commons.lang.StringUtils; import org.springframework.context.ApplicationEvent; + /** * Extends the core permission service implementation allowing the consideration of the read records * permission. @@ -69,6 +72,16 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl /** Writers simple cache */ protected SimpleCache> writersCache; + /** + * Configured Permission mapping. + * + * These strings come from alfresco-global.properties and allow fine tuning of the how permissions are mapped. + * This was added as a fix for MNT-16852 to enhance compatibility with our Outlook Integration. + * + **/ + protected List configuredReadPermissions; + protected List configuredFilePermissions; + /** File plan service */ private FilePlanService filePlanService; @@ -126,6 +139,28 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl this.writersCache = writersCache; } + /** + * Maps the string from the properties file (rm.haspermissionmap.read) + * to the list used in the hasPermission method + * + * @param readMapping the mapping of permissions to ReadRecord + */ + public void setConfiguredReadPermissions(String readMapping) + { + this.configuredReadPermissions = Arrays.asList(readMapping.split(",")); + } + + /** + * Maps the string set in the properties file (rm.haspermissionmap.write) + * to the list used in the hasPermission method + * + * @param fileMapping the mapping of permissions to FileRecord + */ + public void setConfiguredFilePermissions(String fileMapping) + { + this.configuredFilePermissions = Arrays.asList(fileMapping.split(",")); + } + /** * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent) */ @@ -170,7 +205,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl for (PermissionPostProcessor postProcessor : postProcessors) { // post process permission - result = postProcessor.process(result, nodeRef, perm); + result = postProcessor.process(result, nodeRef, perm, this.configuredReadPermissions, this.configuredReadPermissions); } return result; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java index 5740594975..175c5f1392 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java @@ -27,6 +27,8 @@ package org.alfresco.repo.security.permissions.processor; +import java.util.List; + import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; @@ -46,7 +48,9 @@ public interface PermissionPostProcessor * @param accessStatus current access status * @param nodeRef node reference * @param perm permission + * * @return {@link AccessStatus} */ - AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm); + AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm, + List configuredReadPermissions, List configuredFilePermissions); }