Merged V3.1 to HEAD

13171: Fix for ETHREEOH-1239: User needs to have owner on their person ___________________________________________________________________ Modified: svn:mergeinfo Merged /alfresco/BRANCHES/V3.1:r13171 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-03-12 19:45:13 +00:00
parent c3d81195d5
commit 39bc2536d5
9 changed files with 618 additions and 250 deletions
--- a/config/alfresco/authentication-services-context.xml
+++ b/config/alfresco/authentication-services-context.xml
@@ -208,17 +208,17 @@
        </property>    
    </bean>
    -->
-	<bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
+    <bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
-		<property name="sessionFactory">
+        <property name="sessionFactory">
         <ref bean="sessionFactory" />
        </property>
-		<property name="localeDAO">
+        <property name="localeDAO">
            <ref bean="localeDAO" />
        </property>
-		<property name="qnameDAO">
+        <property name="qnameDAO">
            <ref bean="qnameDAO" />
        </property>
-		<property name="dictionaryService">
+        <property name="dictionaryService">
            <ref bean="dictionaryService" />
        </property>
        <property name="tenantService">
@@ -228,23 +228,23 @@
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
-	</bean>
+    </bean>
-	<!-- support to match user names -->
+    <!-- support to match user names -->
-	
+    
-	<bean id="userNameMatcher" class="org.alfresco.repo.security.person.UserNameMatcherImpl">
+    <bean id="userNameMatcher" class="org.alfresco.repo.security.person.UserNameMatcherImpl">
-		<property name="userNamesAreCaseSensitive">
+        <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
        </property>
-		<property name="domainNamesAreCaseSensitive">
+        <property name="domainNamesAreCaseSensitive">
          <value>${domain.name.caseSensitive}</value>
        </property>
        <property name="domainSeparator">
          <value>${domain.separator}</value>
        </property>  
-	</bean>
+    </bean>
-	
+    
    <!-- The person service.                                                -->
    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
@@ -278,9 +278,12 @@
        <property name="personCache">
            <ref bean="personCache" />
        </property>
-		<property name="personDao">
+        <property name="personDao">
            <ref bean="personDaoImpl" />
        </property>
        <property name="permissionsManager">
            <ref bean="personServicePermissionsManager" />
        </property>
        <!-- Configurable properties.                                 -->
        <!--                                                          -->
        <!-- TODO:                                                    -->
@@ -319,11 +322,30 @@
        <property name="includeAutoCreated">
            <value>false</value>
        </property>
-		<property name="homeFolderManager">
+        <property name="homeFolderManager">
             <ref bean="homeFolderManager" />
        </property>
    </bean>
    <bean name="personServicePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
        <property name="permissionService">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="ownableService">
            <ref bean="ownableService" />
        </property>
        <property name="ownerPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
            <ref bean="nodeService" />
@@ -334,9 +356,9 @@
        <property name="defaultProvider">
            <ref bean="userHomesHomeFolderProvider" />
        </property>
-		<property name="enableHomeFolderCreationAsPeopleAreCreated">
+        <property name="enableHomeFolderCreationAsPeopleAreCreated">
           <!--<value>false</value> -->
-			<value>${home.folder.creation.eager}</value>
+            <value>${home.folder.creation.eager}</value>
        </property>
    </bean>
@@ -361,41 +383,92 @@
        </property>
    </bean>
    <bean name="guestHomeFolderProviderPermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl">
        <property name="permissionService">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="ownableService">
            <ref bean="ownableService" />
        </property>
         <property name="userPermissions">
            <set>
                <value>Consumer</value>
            </set>
        </property>
    </bean>
    <bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider" parent="baseHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
-        <property name="userPermissions">
+        <property name="onCreatePermissionsManager">
-            <set>
+            <ref bean="guestHomeFolderProviderPermissionsManager" />
-                <value>Consumer</value>
+        </property>
-            </set>
+        <property name="onReferencePermissionsManager">
            <ref bean="guestHomeFolderProviderPermissionsManager" />
        </property>
    </bean>
    <bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider" parent="baseHomeFolderProvider" />
-    <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider" parent="baseHomeFolderProvider">
+    <bean name="defaultOnCreatePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
        <property name="permissionService">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="ownableService">
            <ref bean="ownableService" />
        </property>
        <property name="inheritPermissions">
            <value>false</value>
        </property>
        <property name="ownerPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
    <bean name="defaultOnReferencePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
        <property name="permissionService">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="ownableService">
            <ref bean="ownableService" />
        </property>
        <property name="userPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
    <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider"  parent="baseHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
-        <property name="inheritsPermissionsOnCreate">
+        <property name="onCreatePermissionsManager">
-            <value>false</value>
+            <ref bean="defaultOnCreatePermissionsManager" />
        </property>
-        <property name="ownerPermissionsToSetOnCreate">
+        <property name="onReferencePermissionsManager">
-            <set>
+            <ref bean="defaultOnReferencePermissionsManager" />
                <value>All</value>
            </set>
        </property>
        <property name="userPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
@@ -406,18 +479,11 @@
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
-        <property name="inheritsPermissionsOnCreate">
+        <property name="onCreatePermissionsManager">
-            <value>false</value>
+            <ref bean="defaultOnCreatePermissionsManager" />
        </property>
-        <property name="ownerPermissionsToSetOnCreate">
+        <property name="onReferencePermissionsManager">
-            <set>
+            <ref bean="defaultOnReferencePermissionsManager" />
                <value>All</value>
            </set>
        </property>
        <property name="userPermissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
@@ -441,10 +507,10 @@
        <property name="oneOff">
            <value>false</value>
        </property>
-		<!-- If ticketsEpire is true then how they should expire -->
+        <!-- If ticketsEpire is true then how they should expire -->
-		<!-- AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE  -->
+        <!-- AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE  -->
-		<!-- The default is AFTER_FIXED_TIME -->
+        <!-- The default is AFTER_FIXED_TIME -->
-		<property name="expiryMode">
+        <property name="expiryMode">
            <value>AFTER_FIXED_TIME</value>
        </property>
    </bean>
--- a/config/alfresco/bootstrap-context.xml
+++ b/config/alfresco/bootstrap-context.xml
@@ -438,8 +438,14 @@
        <property name="repositoryWorkflowDefsLocations" ref="customWorkflowDefsRepositoryLocation"/>
    </bean>
    <bean id="personDaoBootstrap" class="org.alfresco.repo.security.person.PersonDaoBootstrap" >
       <property name="personDaoImpl">
         <ref bean="personDaoImpl"/>
       </property>
    </bean>
    <!-- Bootstrap any extensions -->
-
+	
    <import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />
    <!-- Perform index recovery before applying any patches -->
@@ -457,12 +463,6 @@
       </property>
    </bean>
   <bean id="personDaoBootstrap" class="org.alfresco.repo.security.person.PersonDaoBootstrap" >
      <property name="personDaoImpl">
         <ref bean="personDaoImpl"/>
      </property>
   </bean>
    <!-- Descriptor Service -->
    <bean id="descriptorComponent" class="org.alfresco.repo.descriptor.DescriptorServiceImpl">
       <property name="serverDescriptorDAO">
--- a/config/alfresco/bootstrap/system.xml
+++ b/config/alfresco/bootstrap/system.xml
@@ -27,11 +27,25 @@
                <view:authority>GROUP_EVERYONE</view:authority>
                <view:permission>Read</view:permission>
            </view:ace>
-		  </view:acl>
+        </view:acl>
        <sys:children>
            <sys:container view:childName="${system.people_container.childname}">
                <sys:children>
                    <cm:person view:childName="cm:${alfresco_user_store.adminusername}">
                        <view:acl>
                           <view:ace view:access="ALLOWED">
                              <view:authority>${alfresco_user_store.adminusername}</view:authority>
                              <view:permission>All</view:permission>
                           </view:ace>
                           <view:ace view:access="ALLOWED">
                              <view:authority>ROLE_OWNER</view:authority>
                              <view:permission>All</view:permission>
                           </view:ace>
                        </view:acl>
                        <view:aspects>
                            <cm:ownable></cm:ownable>
                        </view:aspects>
                        <cm:owner>${alfresco_user_store.adminusername}</cm:owner>
                        <cm:userName>${alfresco_user_store.adminusername}</cm:userName>
                        <cm:firstName>Administrator</cm:firstName>
                        <cm:lastName></cm:lastName>
--- a/source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
+++ b/source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
@@ -218,27 +218,6 @@ public class LDAPPersonExportSource implements ExportSource
                    writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
                            .getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
                    // permissions
                    // owner
                    writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
                            .getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
                            new AttributesImpl());
                    writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
                            .getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
                    writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
                            .getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
                            new AttributesImpl());
                    writer.characters(uid.toCharArray(), 0, uid.length());
                    writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
                            ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
                                    .toPrefixString(namespaceService));
                    for (String key : attributeMapping.keySet())
                    {
                        QName keyQName = QName.createQName(key, namespaceService);
--- a/source/java/org/alfresco/repo/security/person/AbstractHomeFolderProvider.java
+++ b/source/java/org/alfresco/repo/security/person/AbstractHomeFolderProvider.java
@@ -26,7 +26,6 @@ package org.alfresco.repo.security.person;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import org.alfresco.model.ContentModel;
@@ -37,13 +36,13 @@ import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
-import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.util.PropertyCheck;
 import org.springframework.beans.factory.BeanNameAware;
 import org.springframework.beans.factory.InitializingBean;
 /**
- * Common support for creating home folders This is hooked into node creation events from Person type objects via the homeFolderManager. Provider must all be wired up to the
+ * Common support for creating home folders This is hooked into node creation events from Person type objects via the
- * homeFolderManager.
+ * homeFolderManager. Provider must all be wired up to the homeFolderManager.
 * 
 * @author Andy Hind
 */
@@ -89,30 +88,9 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
     */
    private String ownerOnCreate;
-    /**
+    private PermissionsManager onCreatePermissionsManager;
     * Set if permissions are inherited when nodes are created.
     */
    private boolean inheritsPermissionsOnCreate = false;
-    /**
+    private PermissionsManager onReferencePermissionsManager;
     * A set of permissions to set for the owner when a home folder is created
     */
    private Set<String> ownerPermissionsToSetOnCreate;
    /**
     * General permissions to set on the node Map<(String)uid, Set<(String)permission>>.
     */
    private Map<String, Set<String>> permissionsToSetOnCreate;
    /**
     * Permissions to set for the user - on create and reference.
     */
    private Set<String> userPermissions;
    /**
     * Clear existing permissions on new home folders (useful of created from a template.
     */
    private boolean clearExistingPermissionsOnCreate = false;
    public AbstractHomeFolderProvider()
    {
@@ -126,6 +104,7 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
     */
    public void afterPropertiesSet() throws Exception
    {
        PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
        homeFolderManager.addProvider(this);
    }
@@ -169,8 +148,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Get the path
     * 
     * @return
     */
    protected String getPath()
    {
@@ -179,8 +156,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Set the path
     * 
     * @param path
     */
    public void setPath(String path)
    {
@@ -189,8 +164,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Get the store ref
     * 
     * @return
     */
    protected StoreRef getStoreRef()
    {
@@ -199,8 +172,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Set the store ref
     * 
     * @param storeRef
     */
    public void setStoreRef(StoreRef storeRef)
    {
@@ -209,8 +180,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Set the store from the string url.
     * 
     * @param storeUrl
     */
    public void setStoreUrl(String storeUrl)
    {
@@ -219,8 +188,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Get the service registry.
     * 
     * @return
     */
    protected ServiceRegistry getServiceRegistry()
    {
@@ -229,8 +196,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Set the service registry.
     * 
     * @param serviceRegistry
     */
    public void setServiceRegistry(ServiceRegistry serviceRegistry)
    {
@@ -239,8 +204,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Set the tenant service
     * 
     * @param tenantService
     */
    public void setTenantService(TenantService tenantService)
    {
@@ -248,69 +211,28 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    }
    /**
-     * Inherit permissions when home folder are created?
+     * Set the permission manager
     * 
     * @param inheritsPermissionsOnCreate
     */
-    public void setInheritsPermissionsOnCreate(boolean inheritsPermissionsOnCreate)
+    public void setOnCreatePermissionsManager(PermissionsManager onCreatePermissionsManager)
    {
-        this.inheritsPermissionsOnCreate = inheritsPermissionsOnCreate;
+        this.onCreatePermissionsManager = onCreatePermissionsManager;
    }
    public void setOnReferencePermissionsManager(PermissionsManager onReferencePermissionsManager)
    {
        this.onReferencePermissionsManager = onReferencePermissionsManager;
    }
    /**
-     * The owner to set on create.
+     * Set the authority to use as the owner of all home folder nodes.
     * 
     * @param ownerOnCreate
     */
    public void setOwnerOnCreate(String ownerOnCreate)
    {
        this.ownerOnCreate = ownerOnCreate;
    }
    /**
     * The owner permissions to set on create.
     * 
     * @param ownerPermissionsToSetOnCreate
     */
    public void setOwnerPermissionsToSetOnCreate(Set<String> ownerPermissionsToSetOnCreate)
    {
        this.ownerPermissionsToSetOnCreate = ownerPermissionsToSetOnCreate;
    }
    /**
     * General permissions to set on create.
     * 
     * @param permissionsToSetOnCreate
     */
    public void setPermissionsToSetOnCreate(Map<String, Set<String>> permissionsToSetOnCreate)
    {
        this.permissionsToSetOnCreate = permissionsToSetOnCreate;
    }
    /**
     * User permissions to set on create and on reference.
     * 
     * @param userPermissions
     */
    public void setUserPermissions(Set<String> userPermissions)
    {
        this.userPermissions = userPermissions;
    }
    /**
     * Clear exising permissions on create. Useful to clear permissions from a template.
     * 
     * @param clearExistingPermissionsOnCreate
     */
    public void setClearExistingPermissionsOnCreate(boolean clearExistingPermissionsOnCreate)
    {
        this.clearExistingPermissionsOnCreate = clearExistingPermissionsOnCreate;
    }
    /**
     * Cache path to node resolution
     * 
     * @return
     */
    protected NodeRef getPathNodeRef()
    {
@@ -327,14 +249,10 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Utility metho to resolve paths to nodes.
     * 
     * @param pathToResolve
     * @return
     */
    protected NodeRef resolvePath(String pathToResolve)
    {
-        List<NodeRef> refs = serviceRegistry.getSearchService().selectNodes(
+        List<NodeRef> refs = serviceRegistry.getSearchService().selectNodes(serviceRegistry.getNodeService().getRootNode(storeRef), pathToResolve, null,
                serviceRegistry.getNodeService().getRootNode(storeRef), pathToResolve, null,
                serviceRegistry.getNamespaceService(), false);
        if (refs.size() != 1)
        {
@@ -354,9 +272,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
    /**
     * Abstract implementation to find/create the approriate home space.
     * 
     * @param person
     * @return
     */
    protected abstract HomeSpaceNodeRef getHomeFolder(NodeRef person);
@@ -385,82 +300,31 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
            if (homeFolder.getNodeRef() != null)
            {
                // Get uid and keep
-                String uid = DefaultTypeConverter.INSTANCE.convert(String.class, serviceRegistry.getNodeService()
+                String uid = DefaultTypeConverter.INSTANCE.convert(String.class, serviceRegistry.getNodeService().getProperty(personNodeRef, ContentModel.PROP_USERNAME));
                        .getProperty(personNodeRef, ContentModel.PROP_USERNAME));
                // If created or found then set (other wise it was already set correctly)
                if (homeFolder.getStatus() != HomeSpaceNodeRef.Status.VALID)
                {
-                    serviceRegistry.getNodeService().setProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER,
+                    serviceRegistry.getNodeService().setProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER, homeFolder.getNodeRef());
                            homeFolder.getNodeRef());
                }
                String ownerToSet = ownerOnCreate == null ? uid : ownerOnCreate;
                // If created..
                if (homeFolder.getStatus() == HomeSpaceNodeRef.Status.CREATED)
                {
-                    // Set to a specified owner or make owned by the person.
+                    if (onCreatePermissionsManager != null)
                    if (ownerOnCreate != null)
                    {
-                        serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), ownerOnCreate);
+                        onCreatePermissionsManager.setPermissions(homeFolder.getNodeRef(), ownerToSet, uid);
                    }
                    else
                    {
                        serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), uid);
                    }
                    // clear permissions - useful of not required from a template
                    if (clearExistingPermissionsOnCreate)
                    {
                        serviceRegistry.getPermissionService().deletePermissions(homeFolder.getNodeRef());
                    }
                    // inherit permissions
                    serviceRegistry.getPermissionService().setInheritParentPermissions(homeFolder.getNodeRef(),
                            inheritsPermissionsOnCreate);
                    // Set owner permissions
                    if (ownerPermissionsToSetOnCreate != null)
                    {
                        for (String permission : ownerPermissionsToSetOnCreate)
                        {
                            serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(),
                                    PermissionService.OWNER_AUTHORITY, permission, true);
                        }
                    }
                    // Add other permissions
                    if (permissionsToSetOnCreate != null)
                    {
                        for (String user : permissionsToSetOnCreate.keySet())
                        {
                            Set<String> set = permissionsToSetOnCreate.get(user);
                            if (set != null)
                            {
                                for (String permission : set)
                                {
                                    serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), user,
                                            permission, true);
                                }
                            }
                        }
                    }
                }
-
+                else
                // Add user permissions on create and reference
                if (userPermissions != null)
                {
-                    for (String permission : userPermissions)
+                    if (onReferencePermissionsManager != null)
                    {
-                        serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), uid, permission,
+                        onReferencePermissionsManager.setPermissions(homeFolder.getNodeRef(), ownerToSet, uid);
                                true);
                    }
                }
            }
            return homeFolder.getNodeRef();
--- a/source/java/org/alfresco/repo/security/person/CheckAndFixPersonPermissionsBootstrapBean.java
+++ b/source/java/org/alfresco/repo/security/person/CheckAndFixPersonPermissionsBootstrapBean.java
@@ -0,0 +1,120 @@
 /*
 * Copyright (C) 2005-2007 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * As a special exception to the terms and conditions of version 2.0 of 
 * the GPL, you may redistribute this Program in connection with Free/Libre 
 * and Open Source Software ("FLOSS") applications as described in Alfresco's 
 * FLOSS exception.  You should have recieved a copy of the text describing 
 * the FLOSS exception, and it is also available here: 
 * http://www.alfresco.com/legal/licensing"
 */
 package org.alfresco.repo.security.person;
 import java.util.Set;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.AbstractLifecycleBean;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.context.ApplicationEvent;
 /**
 * Check and fix permission for people. For each person check the permission config matches that configured for the
 * person service.
 * 
 * @author andyh
 */
 public class CheckAndFixPersonPermissionsBootstrapBean extends AbstractLifecycleBean
 {
    protected final static Log log = LogFactory.getLog(CheckAndFixPersonPermissionsBootstrapBean.class);  
    private NodeService nodeService;
    private PersonService personService;
    private TransactionService transactionService;
    private PermissionsManager permissionsManager;
    public void setNodeService(NodeService nodeService)
    {
        this.nodeService = nodeService;
    }
    public void setPersonService(PersonService personService)
    {
        this.personService = personService;
    }
    public void setTransactionService(TransactionService transactionService)
    {
        this.transactionService = transactionService;
    }
    public void setPermissionsManager(PermissionsManager permissionsManager)
    {
        this.permissionsManager = permissionsManager;
    }
    @Override
    protected void onBootstrap(ApplicationEvent event)
    {
        log.info("Checking person permissions ...");
        int count = checkandFixPermissions();
        log.info("... updated " + count);
    }
    private int checkandFixPermissions()
    {
        Integer count = transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Integer>()
        {
            public Integer execute() throws Exception
            {
                int count = 0;
                Set<NodeRef> people = personService.getAllPeople();
                for (NodeRef person : people)
                {
                    String uid = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(person, ContentModel.PROP_USERNAME));
                    if(!permissionsManager.validatePermissions(person, uid, uid))
                    {
                        permissionsManager.setPermissions(person, uid, uid);
                        count++;
                    }
                }
                return count;
            }
        });
        return count.intValue();
    }
    @Override
    protected void onShutdown(ApplicationEvent event)
    {
        // TODO Auto-generated method stub
    }
 }
--- a/source/java/org/alfresco/repo/security/person/PermissionsManager.java
+++ b/source/java/org/alfresco/repo/security/person/PermissionsManager.java
@@ -0,0 +1,52 @@
 /*
 * Copyright (C) 2005-2007 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * As a special exception to the terms and conditions of version 2.0 of 
 * the GPL, you may redistribute this Program in connection with Free/Libre 
 * and Open Source Software ("FLOSS") applications as described in Alfresco's 
 * FLOSS exception.  You should have recieved a copy of the text describing 
 * the FLOSS exception, and it is also available here: 
 * http://www.alfresco.com/legal/licensing"
 */
 package org.alfresco.repo.security.person;
 import org.alfresco.service.cmr.repository.NodeRef;
 /**
 * Utility bean to set/check permissions on a node
 * @author andyh
 *
 */
 public interface PermissionsManager
 {
    /**
     * Set the permission as defined on the given node
     * 
     * @param nodeRef - the nodeRef 
     * @param owner - which should be set as the owner of the node (if configured to be set)
     */
    public void setPermissions(NodeRef nodeRef, String owner, String user);
    /**
     * Validate that permissions are set on a node as defined.
     * 
     * @param nodeRef
     * @param owner
     * @return - true if correct, false if they are not set as defined.
     */
    public boolean validatePermissions(NodeRef nodeRef, String owner, String user);
 }
--- a/source/java/org/alfresco/repo/security/person/PermissionsManagerImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PermissionsManagerImpl.java
@@ -0,0 +1,264 @@
 /*
 * Copyright (C) 2005-2007 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * As a special exception to the terms and conditions of version 2.0 of 
 * the GPL, you may redistribute this Program in connection with Free/Libre 
 * and Open Source Software ("FLOSS") applications as described in Alfresco's 
 * FLOSS exception.  You should have recieved a copy of the text describing 
 * the FLOSS exception, and it is also available here: 
 * http://www.alfresco.com/legal/licensing"
 */
 package org.alfresco.repo.security.person;
 import java.util.Map;
 import java.util.Set;
 import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.cmr.security.OwnableService;
 import org.alfresco.service.cmr.security.PermissionService;
 public class PermissionsManagerImpl implements PermissionsManager
 {
    /**
     * Set if permissions are inherited when nodes are created.
     */
    private Boolean inheritPermissions = false;
    /**
     * A set of permissions to set for the owner when a home folder is created
     */
    private Set<String> ownerPermissions;
    /**
     * General permissions to set on the node Map<(String)uid, Set<(String)permission>>.
     */
    private Map<String, Set<String>> permissions;
    /**
     * Permissions to set for the user - on create and reference.
     */
    private Set<String> userPermissions;
    /**
     * Clear existing permissions on new home folders (useful of created from a template.
     */
    private Boolean clearExistingPermissions = false;
    private OwnableService ownableService;
    private PermissionService permissionService;
    public boolean getInheritPermissions()
    {
        return inheritPermissions;
    }
    public void setInheritPermissions(boolean inheritPermissions)
    {
        this.inheritPermissions = inheritPermissions;
    }
    public Set<String> getOwnerPermissions()
    {
        return ownerPermissions;
    }
    public void setOwnerPermissions(Set<String> ownerPermissions)
    {
        this.ownerPermissions = ownerPermissions;
    }
    public Map<String, Set<String>> getPermissions()
    {
        return permissions;
    }
    public void setPermissions(Map<String, Set<String>> permissions)
    {
        this.permissions = permissions;
    }
    public Set<String> getUserPermissions()
    {
        return userPermissions;
    }
    public void setUserPermissions(Set<String> userPermissions)
    {
        this.userPermissions = userPermissions;
    }
    public boolean getClearExistingPermissions()
    {
        return clearExistingPermissions;
    }
    public void setClearExistingPermissions(boolean clearExistingPermissions)
    {
        this.clearExistingPermissions = clearExistingPermissions;
    }
    public void setOwnableService(OwnableService ownableService)
    {
        this.ownableService = ownableService;
    }
    public void setPermissionService(PermissionService permissionService)
    {
        this.permissionService = permissionService;
    }
    public void setPermissions(NodeRef nodeRef, String owner, String user)
    {
        // Set to a specified owner
        if (owner != null)
        {
            ownableService.setOwner(nodeRef, owner);
        }
        // clear permissions - useful of not required from a template
        if ((clearExistingPermissions != null) && clearExistingPermissions.booleanValue())
        {
            permissionService.deletePermissions(nodeRef);
        }
        // inherit permissions
        if (inheritPermissions != null)
        {
            permissionService.setInheritParentPermissions(nodeRef, inheritPermissions.booleanValue());
        }
        // Set owner permissions
        if (ownerPermissions != null)
        {
            for (String permission : ownerPermissions)
            {
                permissionService.setPermission(nodeRef, PermissionService.OWNER_AUTHORITY, permission, true);
            }
        }
        // Add other permissions
        if (permissions != null)
        {
            for (String userForPermission : permissions.keySet())
            {
                Set<String> set = permissions.get(user);
                if (set != null)
                {
                    for (String permission : set)
                    {
                        permissionService.setPermission(nodeRef, userForPermission, permission, true);
                    }
                }
            }
        }
        // Add user permissions on create and reference
        if (userPermissions != null)
        {
            for (String permission : userPermissions)
            {
                permissionService.setPermission(nodeRef, user, permission, true);
            }
        }
    }
    public boolean validatePermissions(NodeRef nodeRef, String owner, String user)
    {
        if (owner != null)
        {
            String setOwner = ownableService.getOwner(nodeRef);
            if (!owner.equals(setOwner))
            {
                return false;
            }
        }
        // inherit permissions
        if (inheritPermissions != null)
        {
            if (inheritPermissions != permissionService.getInheritParentPermissions(nodeRef))
            {
                return false;
            }
        }
        Set<AccessPermission> setPermissions = permissionService.getAllSetPermissions(nodeRef);
        if (ownerPermissions != null)
        {
            for (String permission : ownerPermissions)
            {
                AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, PermissionService.OWNER_AUTHORITY, 0);
                if (!setPermissions.contains(required))
                {
                    return false;
                }
            }
        }
        // Add other permissions
        if (permissions != null)
        {
            for (String userForPermission : permissions.keySet())
            {
                Set<String> set = permissions.get(user);
                if (set != null)
                {
                    for (String permission : set)
                    {
                        AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, userForPermission, 0);
                        if (!setPermissions.contains(required))
                        {
                            return false;
                        }
                    }
                }
            }
        }
        if (userPermissions != null)
        {
            for (String permission : userPermissions)
            {
                AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, user, 0);
                if (!setPermissions.contains(required))
                {
                    return false;
                }
            }
        }
        // TODO: Check we have no extras if we should have cleared permissions ... ??
        return true;
    }
 }
--- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
@@ -105,7 +105,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
    private PermissionServiceSPI permissionServiceSPI;
    private NamespacePrefixResolver namespacePrefixResolver;
-    
+
    private HomeFolderManager homeFolderManager;
    private PolicyComponent policyComponent;
@@ -113,7 +113,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
    private boolean createMissingPeople;
    private static Set<QName> mutableProperties;
-    
+
    private String defaultHomeFolderProvider;
    private boolean processDuplicates = true;
@@ -126,6 +126,8 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
    private PersonDao personDao;
    private PermissionsManager permissionsManager;
    /** a transactionally-safe cache to be injected */
    private SimpleCache<String, NodeRef> personCache;
@@ -171,11 +173,12 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
        PropertyCheck.mandatory(this, "personCache", personCache);
        PropertyCheck.mandatory(this, "personDao", personDao);
-        // Avoid clash with home folder registration
+     
-        //this.policyComponent
+        this.policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode"));
        //        .bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode"));
        this.policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "beforeDeleteNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this,
                "beforeDeleteNode"));
    }
    public UserNameMatcher getUserNameMatcher()
@@ -217,12 +220,17 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
    {
        this.homeFolderManager = homeFolderManager;
    }
-    
+
    public void setPersonDao(PersonDao personDao)
    {
        this.personDao = personDao;
    }
    public void setPermissionsManager(PermissionsManager permissionsManager)
    {
        this.permissionsManager = permissionsManager;
    }
    /**
     * Set the username to person cache.
     * 
@@ -326,13 +334,13 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
        }
        else
        {
-            String userNameSensitivity  = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
+            String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
            String domainNameSensitivity = "";
-            if (! userNameMatcher.getDomainSeparator().equals(""))
+            if (!userNameMatcher.getDomainSeparator().equals(""))
            {
                domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
            }
-            
+
            throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName + userNameSensitivity + domainNameSensitivity);
        }
    }
@@ -556,7 +564,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
            }
        }
    }
-    
+
    private HashMap<QName, Serializable> getDefaultProperties(String userName)
    {
        HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
@@ -582,8 +590,9 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
        properties.put(ContentModel.PROP_USERNAME, userName);
        properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
-        return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, QName.createQName("cm", userName, namespacePrefixResolver), ContentModel.TYPE_PERSON,
+        NodeRef personRef =  nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, QName.createQName("cm", userName, namespacePrefixResolver), ContentModel.TYPE_PERSON,
                properties).getChildRef();
        return personRef;
    }
    public NodeRef getPeopleContainer()
@@ -695,6 +704,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
        NodeRef personRef = childAssocRef.getChildRef();
        String username = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
        this.personCache.put(username, personRef);
        permissionsManager.setPermissions(personRef, username, username);
    }
    /*
@@ -824,5 +834,4 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
        return userNameMatcher.getUserNamesAreCaseSensitive();
    }
 }