From 35bbdb09b0488d9e430fa9b27b07b62b290e7ced Mon Sep 17 00:00:00 2001
From: Roy Wetherall <roy.wetherall@alfresco.com>
Date: Mon, 28 May 2012 07:53:10 +0000
Subject: [PATCH] RM Console Capabilities:

 * added web script to retrieve the capabilities of the current user, either based on a provided node or the file plan otherwise.
 * updated RM console to use new webscript, was using role webscript which doesn't accurately show what a user can do, nor include unassignable capabilites that can be used for convenience.
 * added unassignable, composite capability 'AuditAdmin'
 * protected audit console with new capability, this means users with only DeleteAudit (for example) can now see the management console.
 * related to RM-186



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@37057 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../rm-capabilities-audit-context.xml         |  62 ++++++++++
 .../rm-capabilities-context.xml               |  41 +------
 .../rm-webscript-context.xml                  |   9 ++
 .../rma/capability/capabilities.get.desc.xml  |  10 ++
 .../rma/capability/capabilities.get.json.ftl  |  11 ++
 .../script/capability/CapabilitiesGet.java    | 111 ++++++++++++++++++
 6 files changed, 207 insertions(+), 37 deletions(-)
 create mode 100644 rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-audit-context.xml
 create mode 100644 rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.desc.xml
 create mode 100644 rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.json.ftl
 create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/capability/CapabilitiesGet.java

diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-audit-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-audit-context.xml
new file mode 100644
index 0000000000..d96c8fbe13
--- /dev/null
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-audit-context.xml
@@ -0,0 +1,62 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+
+<beans>
+    
+    <!--  Assignable Capabilities -->
+            
+    <bean id="rmAccessAuditCapability" 
+          parent="declarativeCapability">
+   		<property name="name" value="AccessAudit"/>
+   		<property name="permission" value="AccessAudit"/>
+    </bean>
+        
+    <bean id="rmDeclareAuditAsRecordCapability" 
+		  parent="declarativeCapability">
+		<property name="name" value="DeclareAuditAsRecord" />
+		<property name="permission" value="DeclareAuditAsRecord" />
+	</bean>
+    
+    <bean id="rmDeleteAuditCapability" 
+		  parent="declarativeCapability">
+		<property name="name" value="DeleteAudit" />
+		<property name="permission" value="DeleteAudit" />
+	</bean>	
+	
+    <bean id="rmEnableDisableAuditByTypesCapability" 
+		  parent="declarativeCapability">
+		<property name="name" value="EnableDisableAuditByTypes" />
+		<property name="permission" value="EnableDisableAuditByTypes" />
+	</bean>
+
+    <bean id="rmExportAuditCapability" 
+		  parent="declarativeCapability">
+		<property name="name" value="ExportAudit" />
+		<property name="permission" value="ExportAudit" />
+	</bean>  
+	
+    <bean id="rmSelectAuditMetadataCapability" 
+		  parent="declarativeCapability">
+		<property name="name" value="SelectAuditMetadata" />
+		<property name="permission" value="SelectAuditMetadata" />
+	</bean>
+
+    <!--  Non-Assignable Capabilities -->
+    
+    <bean id="rmAuditAdmin" 
+    	  parent="compositeCapability">
+        <property name="name" value="AuditAdmin"/>
+    	<property name="private" value="true"/>    	
+    	<property name="capabilities">
+    		<list>
+    			<ref bean="rmAccessAuditCapability"/>
+    			<ref bean="rmDeclareAuditAsRecordCapability"/>
+    			<ref bean="rmDeleteAuditCapability"/>
+    			<ref bean="rmEnableDisableAuditByTypesCapability"/>
+    			<ref bean="rmExportAuditCapability"/>
+    			<ref bean="rmSelectAuditMetadataCapability"/>    			   			
+    		</list>
+    	</property>
+    </bean>
+
+</beans>
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
index c9da125e11..47d20b61d5 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
@@ -28,12 +28,6 @@
           parent="rmBaseCapability"
           class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability" />
     
-    <bean id="rmAccessAuditCapability" 
-          parent="declarativeCapability">
-   		<property name="name" value="AccessAudit"/>
-   		<property name="permission" value="AccessAudit"/>
-    </bean>
-    
     <bean id="rmAddModifyEventDatesCapability" 
     	  parent="declarativeCapability">
    		<property name="name" value="AddModifyEventDates"/>
@@ -148,18 +142,6 @@
    		</property>
     </bean>
     
-    <bean id="rmDeclareAuditAsRecordCapability" 
-		  parent="declarativeCapability">
-		<property name="name" value="DeclareAuditAsRecord" />
-		<property name="permission" value="DeclareAuditAsRecord" />
-	</bean>
-    
-    <bean id="rmDeleteAuditCapability" 
-		  parent="declarativeCapability">
-		<property name="name" value="DeleteAudit" />
-		<property name="permission" value="DeleteAudit" />
-	</bean>
-    
     <bean id="rmDeleteLinksCapability" 
           parent="rmBaseCapability" 
           class="org.alfresco.module.org_alfresco_module_rm.capability.impl.DeleteLinksCapability">
@@ -184,19 +166,7 @@
 		  parent="declarativeCapability">
 		<property name="name" value="EditSelectionLists" />
 		<property name="permission" value="EditSelectionLists" />
-	</bean>
-	
-    <bean id="rmEnableDisableAuditByTypesCapability" 
-		  parent="declarativeCapability">
-		<property name="name" value="EnableDisableAuditByTypes" />
-		<property name="permission" value="EnableDisableAuditByTypes" />
-	</bean>
-
-    <bean id="rmExportAuditCapability" 
-		  parent="declarativeCapability">
-		<property name="name" value="ExportAudit" />
-		<property name="permission" value="ExportAudit" />
-	</bean>    
+	</bean>	 
     
     <bean id="rmMakeOptionalPropertiesMandatoryCapability" 
 		  parent="declarativeCapability">
@@ -253,12 +223,6 @@
    		</property>
     </bean>
     
-    <bean id="rmSelectAuditMetadataCapability" 
-		  parent="declarativeCapability">
-		<property name="name" value="SelectAuditMetadata" />
-		<property name="permission" value="SelectAuditMetadata" />
-	</bean>
-    
     <bean id="rmTriggerAnEventCapability" 
     	  parent="declarativeCapability">
    		<property name="name" value="TriggerAnEvent"/>
@@ -327,6 +291,9 @@
     <!-- Disposition capabilities -->
     <import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml"/>
     
+    <!-- Audit capabilities -->
+    <import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-audit-context.xml"/>
+    
     <!-- Group capabilities -->
     <import resource="classpath:alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-group-context.xml"/>  
 
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
index db218e3027..1c4208ccef 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
@@ -225,6 +225,15 @@
        <property name="recordsManagementSecurityService" ref="RecordsManagementSecurityService"/>
     </bean>
     
+    <!--  Capability API -->
+    
+    <bean id="webscript.org.alfresco.rma.capability.capabilities.get" 
+          class="org.alfresco.module.org_alfresco_module_rm.script.capability.CapabilitiesGet" 
+          parent="webscript">
+       <property name="recordsManagementService" ref="RecordsManagementService"/>
+       <property name="capabilityService" ref="CapabilityService" />
+    </bean>
+    
     <!-- RM Event API-->
     
     <bean id="webscript.org.alfresco.rma.admin.rmevent.rmeventtypes.get" class="org.alfresco.module.org_alfresco_module_rm.script.admin.RmEventTypesGet" parent="webscript">
diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.desc.xml b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.desc.xml
new file mode 100644
index 0000000000..cfd9beacc4
--- /dev/null
+++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.desc.xml
@@ -0,0 +1,10 @@
+<webscript>
+  <shortname>Records Management Capabilities</shortname>
+  <description>Get the list of capabilities available to the current user on the given node.</description>
+  <url>/api/node/{store_type}/{store_id}/{id}/capabilities?includeAll={includeAll?}</url>
+  <url>/api/capabilities?includeAll={includeAll?}</url>
+  <format default="json">argument</format>
+  <authentication>user</authentication>
+  <transaction allow="readonly">required</transaction>
+  <lifecycle>internal</lifecycle>
+</webscript>
\ No newline at end of file
diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.json.ftl b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.json.ftl
new file mode 100644
index 0000000000..857485dfce
--- /dev/null
+++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/capability/capabilities.get.json.ftl
@@ -0,0 +1,11 @@
+{
+	"data" : 
+	{
+		"capabilities" :
+		[
+		<#list capabilities as capability>
+			"${capability}"<#if capability_has_next>,</#if>
+		</#list>
+		]
+	}
+}
\ No newline at end of file
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/capability/CapabilitiesGet.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/capability/CapabilitiesGet.java
new file mode 100644
index 0000000000..86612fb061
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/capability/CapabilitiesGet.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.script.capability;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.DeclarativeWebScript;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptException;
+import org.springframework.extensions.webscripts.WebScriptRequest;
+
+public class CapabilitiesGet extends DeclarativeWebScript
+{
+    private RecordsManagementService recordsManagementService;
+    
+    private CapabilityService capabilityService;
+    
+    public void setRecordsManagementService(RecordsManagementService recordsManagementService)
+    {
+        this.recordsManagementService = recordsManagementService;
+    }
+    
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
+    
+    /**
+     * @see org.alfresco.repo.web.scripts.content.StreamContent#executeImpl(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.Status, org.springframework.extensions.webscripts.Cache)
+     */
+    @Override
+    protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
+    {
+        Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
+        String storeType = templateVars.get("store_type");
+        String storeId = templateVars.get("store_id");
+        String nodeId = templateVars.get("id");
+        
+        boolean includePrivate = false;
+        String includePrivateString = req.getParameter("includeAll");
+        if (includePrivateString != null)
+        {
+            includePrivate = Boolean.parseBoolean(includePrivateString);
+        }
+        
+        NodeRef nodeRef = null;
+        if (storeType != null && storeId != null && nodeId != null)
+        {
+            nodeRef = new NodeRef(new StoreRef(storeType, storeId), nodeId);
+        }
+        else
+        {
+            // we are talking about the file plan node 
+            // TODO we are making the assumption there is only one file plan here!
+            List<NodeRef> filePlans = recordsManagementService.getFilePlans();
+            if (filePlans.isEmpty() == true)
+            {
+                throw new WebScriptException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "No file plan node has been found.");
+            }
+            else if (filePlans.size() != 1)
+            {
+                throw new WebScriptException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "More than one file plan has been found.");
+            }
+            nodeRef = filePlans.get(0);
+        }
+        
+        Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, includePrivate);
+        List<String> list = new ArrayList<String>(map.size());
+        for (Map.Entry<Capability, AccessStatus> entry : map.entrySet())
+        {
+            AccessStatus accessStatus = entry.getValue();
+            if (AccessStatus.DENIED.equals(accessStatus) == false)
+            {
+                Capability capability = entry.getKey();
+                list.add(capability.getName());
+            }            
+        }
+        
+        Map<String, Object> model = new HashMap<String, Object>(1);
+        model.put("capabilities", list);
+        return model;
+    }
+}
\ No newline at end of file