inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V1.3 to HEAD(3126:3160)

Browse Source 
svn merge svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3126 svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3160 .


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3405 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2006-07-26 10:16:23 +00:00
parent e80158b922
commit 36f219edf1
7 changed files with 111 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/java/org/alfresco/filesys/server/config/ServerConfiguration.java
View File

@@ -1748,6 +1748,8 @@ public class ServerConfiguration implements ApplicationListener
setAuthenticator(auth, authElem, allowGuest); setAuthenticator(auth, authElem, allowGuest);
auth.setMapToGuest( mapGuest); auth.setMapToGuest( mapGuest);
} }
else
throw new AlfrescoRuntimeException("Authenticator not specified");
} }
/** /**

27
source/java/org/alfresco/repo/ownable/impl/OwnableServiceTest.java
View File

@@ -139,16 +139,41 @@ public class OwnableServiceTest extends TestCase
assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE)); assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy")); assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
permissionService.setInheritParentPermissions(testNode, false);
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.TAKE_OWNERSHIP)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.SET_OWNER)); assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.SET_OWNER));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
ownableService.setOwner(testNode, "woof");
assertEquals("woof", ownableService.getOwner(testNode));
assertTrue(dynamicAuthority.hasAuthority(testNode, "woof"));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
ownableService.setOwner(testNode, "muppet"); ownableService.setOwner(testNode, "muppet");
assertEquals("muppet", ownableService.getOwner(testNode)); assertEquals("muppet", ownableService.getOwner(testNode));
assertTrue(dynamicAuthority.hasAuthority(testNode, "muppet"));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
ownableService.takeOwnership(testNode); ownableService.takeOwnership(testNode);
assertEquals("andy", ownableService.getOwner(testNode)); assertEquals("andy", ownableService.getOwner(testNode));
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE)); assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE));
assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE)); assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.SET_OWNER));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
} }
public void testContainer() public void testContainer()

9
source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
View File

@@ -180,11 +180,14 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
*/ */
private String getUserName(Authentication authentication) private String getUserName(Authentication authentication)
{ {
String username = authentication.getPrincipal().toString(); String username;
if (authentication.getPrincipal() instanceof UserDetails) if (authentication.getPrincipal() instanceof UserDetails)
{ {
username = ((UserDetails) authentication.getPrincipal()).getUsername(); username = ((UserDetails)authentication.getPrincipal()).getUsername();
}
else
{
username = authentication.getPrincipal().toString();
} }
return username; return username;

10
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -37,6 +37,7 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.Path;
import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
@@ -371,7 +372,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
Set<String> authorisations = getAuthorisations(auth, nodeRef); Set<String> authorisations = getAuthorisations(auth, nodeRef);
Serializable key = generateKey( Serializable key = generateKey(
authorisations, authorisations,
nodeRef, nodeService.getPath(nodeRef),
perm); perm);
AccessStatus status = accessCache.get(key); AccessStatus status = accessCache.get(key);
if (status != null) if (status != null)
@@ -426,11 +427,12 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
* dynamically so they must all be used) the NodeRef ID and the permission reference itself. * dynamically so they must all be used) the NodeRef ID and the permission reference itself.
* This gives a unique key for each permission test. * This gives a unique key for each permission test.
*/ */
static Serializable generateKey(Set<String> auths, NodeRef ref, PermissionReference perm) static Serializable generateKey(Set<String> auths, Path path, PermissionReference perm)
{ {
HashSet<Serializable> key = new HashSet<Serializable>(auths); LinkedHashSet<Serializable> key = new LinkedHashSet<Serializable>();
key.add(ref.getId());
key.add(perm.toString()); key.add(perm.toString());
key.addAll(auths);
key.add(path);
return key; return key;
} }

34
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -59,10 +59,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
Authentication auth = authenticationComponent.getCurrentAuthentication(); Authentication auth = authenticationComponent.getCurrentAuthentication();
for (GrantedAuthority authority : auth.getAuthorities()) for (GrantedAuthority authority : auth.getAuthorities())
{ {
if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; }
{
return;
}
} }
fail("Missing role ROLE_AUTHENTICATED "); fail("Missing role ROLE_AUTHENTICATED ");
} }
@@ -142,6 +139,32 @@ public class PermissionServiceTest extends AbstractPermissionTest
} }
public void testPermissionCacheOnMove()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
AccessStatus.ALLOWED));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
runAs("admin");
nodeService.moveNode(n2, rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}oneMoved"));
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.DENIED);
}
public void testSetInheritFalse() public void testSetInheritFalse()
{ {
runAs("andy"); runAs("andy");
@@ -618,6 +641,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// Changed ny not enfocing READ // Changed ny not enfocing READ
// assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); // assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
// assertFalse(permissionService.hasPermission(n1,
// getPermission(PermissionService.READ_PROPERTIES)) ==
// AccessStatus.ALLOWED);
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
runAs("lemur"); runAs("lemur");
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);

52
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModel.java
View File

@@ -97,13 +97,16 @@ public class PermissionModel implements ModelDAO, InitializingBean
private AccessStatus defaultPermission; private AccessStatus defaultPermission;
// Cache granting permissions // Cache granting permissions
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<PermissionReference, Set<PermissionReference>>(); private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache grantees // Cache grantees
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<PermissionReference, Set<PermissionReference>>(); private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions =
new HashMap<PermissionReference, Set<PermissionReference>>();
// Cache the mapping of extended groups to the base // Cache the mapping of extended groups to the base
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<PermissionGroup, PermissionGroup>(); private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup =
new HashMap<PermissionGroup, PermissionGroup>();
private HashMap<String, PermissionReference> uniqueMap; private HashMap<String, PermissionReference> uniqueMap;
@@ -113,6 +116,12 @@ public class PermissionModel implements ModelDAO, InitializingBean
private HashMap<String, PermissionReference> permissionReferenceMap; private HashMap<String, PermissionReference> permissionReferenceMap;
private Map<QName, Set<PermissionReference>> cachedTypePermissionsExposed =
new HashMap<QName, Set<PermissionReference>>(128, 1.0f);
private Map<QName, Set<PermissionReference>> cachedTypePermissionsUnexposed =
new HashMap<QName, Set<PermissionReference>>(128, 1.0f);
public PermissionModel() public PermissionModel()
{ {
super(); super();
@@ -207,7 +216,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
globalPermissions.add(globalPermission); globalPermissions.add(globalPermission);
} }
} }
/* /*
@@ -278,17 +286,31 @@ public class PermissionModel implements ModelDAO, InitializingBean
private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly) private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
{ {
Set<PermissionReference> permissions = new LinkedHashSet<PermissionReference>(); Map<QName, Set<PermissionReference>> cache;
if (dictionaryService.getClass(type).isAspect()) if (exposedOnly)
{ {
addAspectPermissions(type, permissions, exposedOnly); cache = this.cachedTypePermissionsExposed;
} }
else else
{ {
mergeGeneralAspectPermissions(permissions, exposedOnly); cache = this.cachedTypePermissionsUnexposed;
addTypePermissions(type, permissions, exposedOnly);
} }
return permissions; Set<PermissionReference> permissions = cache.get(type);
if (permissions == null)
{
permissions = new LinkedHashSet<PermissionReference>();
if (dictionaryService.getClass(type).isAspect())
{
addAspectPermissions(type, permissions, exposedOnly);
}
else
{
mergeGeneralAspectPermissions(permissions, exposedOnly);
addTypePermissions(type, permissions, exposedOnly);
}
cache.put(type, permissions);
}
return (Set<PermissionReference>)((LinkedHashSet)permissions).clone();
} }
/** /**
@@ -379,7 +401,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
} }
} }
private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly) private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly)
{ {
for(QName aspect : dictionaryService.getAllAspects()) for(QName aspect : dictionaryService.getAllAspects())
@@ -400,11 +421,15 @@ public class PermissionModel implements ModelDAO, InitializingBean
public Set<PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly) public Set<PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly)
{ {
//
// TODO: cache permissions based on type and exposed flag
// create JMeter test to see before/after effect!
//
QName typeName = nodeService.getType(nodeRef); QName typeName = nodeService.getType(nodeRef);
Set<PermissionReference> permissions = getAllPermissions(typeName); Set<PermissionReference> permissions = getAllPermissions(typeName);
mergeGeneralAspectPermissions(permissions, exposedOnly); mergeGeneralAspectPermissions(permissions, exposedOnly);
// Add non mandatory aspects.. // Add non mandatory aspects...
Set<QName> defaultAspects = new HashSet<QName>(); Set<QName> defaultAspects = new HashSet<QName>();
for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects()) for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects())
{ {
@@ -418,7 +443,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
} }
} }
return permissions; return permissions;
} }
public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference) public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference)

5
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionSet.java
View File

@@ -31,7 +31,7 @@ import org.dom4j.Element;
* Store and read the definition of a permission set * Store and read the definition of a permission set
* @author andyh * @author andyh
*/ */
public class PermissionSet implements XMLModelInitialisable public final class PermissionSet implements XMLModelInitialisable
{ {
private static final String TYPE = "type"; private static final String TYPE = "type";
private static final String PERMISSION_GROUP = "permissionGroup"; private static final String PERMISSION_GROUP = "permissionGroup";
@@ -105,7 +105,4 @@ public class PermissionSet implements XMLModelInitialisable
{ {
return exposeAll; return exposeAll;
} }
} }