mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Merged V1.3 to HEAD(3126:3160)
svn merge svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3126 svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3160 . git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3405 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
@@ -1748,6 +1748,8 @@ public class ServerConfiguration implements ApplicationListener
|
||||
setAuthenticator(auth, authElem, allowGuest);
|
||||
auth.setMapToGuest( mapGuest);
|
||||
}
|
||||
else
|
||||
throw new AlfrescoRuntimeException("Authenticator not specified");
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -139,16 +139,41 @@ public class OwnableServiceTest extends TestCase
|
||||
assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
|
||||
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
|
||||
|
||||
permissionService.setInheritParentPermissions(testNode, false);
|
||||
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.SET_OWNER));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
|
||||
|
||||
|
||||
|
||||
ownableService.setOwner(testNode, "woof");
|
||||
assertEquals("woof", ownableService.getOwner(testNode));
|
||||
assertTrue(dynamicAuthority.hasAuthority(testNode, "woof"));
|
||||
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
|
||||
|
||||
|
||||
ownableService.setOwner(testNode, "muppet");
|
||||
assertEquals("muppet", ownableService.getOwner(testNode));
|
||||
assertTrue(dynamicAuthority.hasAuthority(testNode, "muppet"));
|
||||
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
|
||||
|
||||
|
||||
ownableService.takeOwnership(testNode);
|
||||
assertEquals("andy", ownableService.getOwner(testNode));
|
||||
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
|
||||
assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE));
|
||||
assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE));
|
||||
assertTrue(dynamicAuthority.hasAuthority(testNode, "andy"));
|
||||
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(rootNodeRef, PermissionService.SET_OWNER));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.TAKE_OWNERSHIP));
|
||||
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(testNode, PermissionService.SET_OWNER));
|
||||
|
||||
|
||||
}
|
||||
|
||||
public void testContainer()
|
||||
|
||||
@@ -180,11 +180,14 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
*/
|
||||
private String getUserName(Authentication authentication)
|
||||
{
|
||||
String username = authentication.getPrincipal().toString();
|
||||
|
||||
String username;
|
||||
if (authentication.getPrincipal() instanceof UserDetails)
|
||||
{
|
||||
username = ((UserDetails) authentication.getPrincipal()).getUsername();
|
||||
username = ((UserDetails)authentication.getPrincipal()).getUsername();
|
||||
}
|
||||
else
|
||||
{
|
||||
username = authentication.getPrincipal().toString();
|
||||
}
|
||||
|
||||
return username;
|
||||
|
||||
@@ -37,6 +37,7 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.repository.Path;
|
||||
import org.alfresco.service.cmr.security.AccessPermission;
|
||||
import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.alfresco.service.cmr.security.AuthorityService;
|
||||
@@ -371,7 +372,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
Set<String> authorisations = getAuthorisations(auth, nodeRef);
|
||||
Serializable key = generateKey(
|
||||
authorisations,
|
||||
nodeRef,
|
||||
nodeService.getPath(nodeRef),
|
||||
perm);
|
||||
AccessStatus status = accessCache.get(key);
|
||||
if (status != null)
|
||||
@@ -426,11 +427,12 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
* dynamically so they must all be used) the NodeRef ID and the permission reference itself.
|
||||
* This gives a unique key for each permission test.
|
||||
*/
|
||||
static Serializable generateKey(Set<String> auths, NodeRef ref, PermissionReference perm)
|
||||
static Serializable generateKey(Set<String> auths, Path path, PermissionReference perm)
|
||||
{
|
||||
HashSet<Serializable> key = new HashSet<Serializable>(auths);
|
||||
key.add(ref.getId());
|
||||
LinkedHashSet<Serializable> key = new LinkedHashSet<Serializable>();
|
||||
key.add(perm.toString());
|
||||
key.addAll(auths);
|
||||
key.add(path);
|
||||
return key;
|
||||
}
|
||||
|
||||
|
||||
@@ -59,10 +59,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
Authentication auth = authenticationComponent.getCurrentAuthentication();
|
||||
for (GrantedAuthority authority : auth.getAuthorities())
|
||||
{
|
||||
if (authority.getAuthority().equals(ROLE_AUTHENTICATED))
|
||||
{
|
||||
return;
|
||||
}
|
||||
if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) { return; }
|
||||
}
|
||||
fail("Missing role ROLE_AUTHENTICATED ");
|
||||
}
|
||||
@@ -142,6 +139,32 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
|
||||
}
|
||||
|
||||
public void testPermissionCacheOnMove()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN,
|
||||
QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"),
|
||||
ContentModel.TYPE_FOLDER).getChildRef();
|
||||
|
||||
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy",
|
||||
AccessStatus.ALLOWED));
|
||||
|
||||
runAs("andy");
|
||||
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
||||
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
||||
|
||||
runAs("admin");
|
||||
nodeService.moveNode(n2, rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}oneMoved"));
|
||||
|
||||
runAs("andy");
|
||||
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
||||
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.DENIED);
|
||||
}
|
||||
|
||||
public void testSetInheritFalse()
|
||||
{
|
||||
runAs("andy");
|
||||
@@ -618,6 +641,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||
// Changed ny not enfocing READ
|
||||
// assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||
// assertFalse(permissionService.hasPermission(n1,
|
||||
// getPermission(PermissionService.READ_PROPERTIES)) ==
|
||||
// AccessStatus.ALLOWED);
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||
runAs("lemur");
|
||||
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||
|
||||
@@ -97,13 +97,16 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
private AccessStatus defaultPermission;
|
||||
|
||||
// Cache granting permissions
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions =
|
||||
new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
|
||||
// Cache grantees
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions =
|
||||
new HashMap<PermissionReference, Set<PermissionReference>>();
|
||||
|
||||
// Cache the mapping of extended groups to the base
|
||||
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<PermissionGroup, PermissionGroup>();
|
||||
private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup =
|
||||
new HashMap<PermissionGroup, PermissionGroup>();
|
||||
|
||||
private HashMap<String, PermissionReference> uniqueMap;
|
||||
|
||||
@@ -113,6 +116,12 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
|
||||
private HashMap<String, PermissionReference> permissionReferenceMap;
|
||||
|
||||
private Map<QName, Set<PermissionReference>> cachedTypePermissionsExposed =
|
||||
new HashMap<QName, Set<PermissionReference>>(128, 1.0f);
|
||||
|
||||
private Map<QName, Set<PermissionReference>> cachedTypePermissionsUnexposed =
|
||||
new HashMap<QName, Set<PermissionReference>>(128, 1.0f);
|
||||
|
||||
public PermissionModel()
|
||||
{
|
||||
super();
|
||||
@@ -207,7 +216,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
|
||||
globalPermissions.add(globalPermission);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -278,17 +286,31 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
|
||||
private Set<PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
|
||||
{
|
||||
Set<PermissionReference> permissions = new LinkedHashSet<PermissionReference>();
|
||||
if (dictionaryService.getClass(type).isAspect())
|
||||
Map<QName, Set<PermissionReference>> cache;
|
||||
if (exposedOnly)
|
||||
{
|
||||
addAspectPermissions(type, permissions, exposedOnly);
|
||||
cache = this.cachedTypePermissionsExposed;
|
||||
}
|
||||
else
|
||||
{
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
addTypePermissions(type, permissions, exposedOnly);
|
||||
cache = this.cachedTypePermissionsUnexposed;
|
||||
}
|
||||
return permissions;
|
||||
Set<PermissionReference> permissions = cache.get(type);
|
||||
if (permissions == null)
|
||||
{
|
||||
permissions = new LinkedHashSet<PermissionReference>();
|
||||
if (dictionaryService.getClass(type).isAspect())
|
||||
{
|
||||
addAspectPermissions(type, permissions, exposedOnly);
|
||||
}
|
||||
else
|
||||
{
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
addTypePermissions(type, permissions, exposedOnly);
|
||||
}
|
||||
cache.put(type, permissions);
|
||||
}
|
||||
return (Set<PermissionReference>)((LinkedHashSet)permissions).clone();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -379,7 +401,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void mergeGeneralAspectPermissions(Set<PermissionReference> target, boolean exposedOnly)
|
||||
{
|
||||
for(QName aspect : dictionaryService.getAllAspects())
|
||||
@@ -400,11 +421,15 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
|
||||
public Set<PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly)
|
||||
{
|
||||
|
||||
//
|
||||
// TODO: cache permissions based on type and exposed flag
|
||||
// create JMeter test to see before/after effect!
|
||||
//
|
||||
QName typeName = nodeService.getType(nodeRef);
|
||||
|
||||
Set<PermissionReference> permissions = getAllPermissions(typeName);
|
||||
mergeGeneralAspectPermissions(permissions, exposedOnly);
|
||||
// Add non mandatory aspects..
|
||||
// Add non mandatory aspects...
|
||||
Set<QName> defaultAspects = new HashSet<QName>();
|
||||
for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects())
|
||||
{
|
||||
@@ -418,7 +443,6 @@ public class PermissionModel implements ModelDAO, InitializingBean
|
||||
}
|
||||
}
|
||||
return permissions;
|
||||
|
||||
}
|
||||
|
||||
public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference)
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.dom4j.Element;
|
||||
* Store and read the definition of a permission set
|
||||
* @author andyh
|
||||
*/
|
||||
public class PermissionSet implements XMLModelInitialisable
|
||||
public final class PermissionSet implements XMLModelInitialisable
|
||||
{
|
||||
private static final String TYPE = "type";
|
||||
private static final String PERMISSION_GROUP = "permissionGroup";
|
||||
@@ -105,7 +105,4 @@ public class PermissionSet implements XMLModelInitialisable
|
||||
{
|
||||
return exposeAll;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user