inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.1 to HEAD

Browse Source 
13171: Fix for ETHREEOH-1239: User needs to have owner on their person
   ___________________________________________________________________
   Modified: svn:mergeinfo
      Merged /alfresco/BRANCHES/V3.1:r13171


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2009-03-12 19:45:13 +00:00
parent c3d81195d5
commit 39bc2536d5
9 changed files with 618 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
config/alfresco/authentication-services-context.xml
View File

@@ -281,6 +281,9 @@
<property name="personDao">
<ref bean="personDaoImpl" />
</property>
<property name="permissionsManager">
<ref bean="personServicePermissionsManager" />
</property>
<!-- Configurable properties. -->
<!-- -->
<!-- TODO: -->
@@ -324,6 +327,25 @@
</property>
</bean>
<bean name="personServicePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
<property name="permissionService">
<ref bean="permissionServiceImpl" />
</property>
<property name="ownableService">
<ref bean="ownableService" />
</property>
<property name="ownerPermissions">
<set>
<value>All</value>
</set>
</property>
<property name="userPermissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService">
<ref bean="nodeService" />
@@ -361,12 +383,12 @@
</property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider" parent="baseHomeFolderProvider">
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
<bean name="guestHomeFolderProviderPermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl">
<property name="permissionService">
<ref bean="permissionServiceImpl" />
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
<property name="ownableService">
<ref bean="ownableService" />
</property>
<property name="userPermissions">
<set>
@@ -375,19 +397,38 @@
</property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider" parent="baseHomeFolderProvider" />
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider" parent="baseHomeFolderProvider">
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider" parent="baseHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}</value>
<value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="inheritsPermissionsOnCreate">
<property name="onCreatePermissionsManager">
<ref bean="guestHomeFolderProviderPermissionsManager" />
</property>
<property name="onReferencePermissionsManager">
<ref bean="guestHomeFolderProviderPermissionsManager" />
</property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider" parent="baseHomeFolderProvider" />
<bean name="defaultOnCreatePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
<property name="permissionService">
<ref bean="permissionServiceImpl" />
</property>
<property name="ownableService">
<ref bean="ownableService" />
</property>
<property name="inheritPermissions">
<value>false</value>
</property>
<property name="ownerPermissionsToSetOnCreate">
<property name="ownerPermissions">
<set>
<value>All</value>
</set>
@@ -399,6 +440,38 @@
</property>
</bean>
<bean name="defaultOnReferencePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
<property name="permissionService">
<ref bean="permissionServiceImpl" />
</property>
<property name="ownableService">
<ref bean="ownableService" />
</property>
<property name="userPermissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider" parent="baseHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="onCreatePermissionsManager">
<ref bean="defaultOnCreatePermissionsManager" />
</property>
<property name="onReferencePermissionsManager">
<ref bean="defaultOnReferencePermissionsManager" />
</property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider" parent="baseHomeFolderProvider">
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
@@ -406,18 +479,11 @@
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
<property name="onCreatePermissionsManager">
<ref bean="defaultOnCreatePermissionsManager" />
</property>
<property name="ownerPermissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPermissions">
<set>
<value>All</value>
</set>
<property name="onReferencePermissionsManager">
<ref bean="defaultOnReferencePermissionsManager" />
</property>
</bean>

12
config/alfresco/bootstrap-context.xml
View File

@@ -438,6 +438,12 @@
<property name="repositoryWorkflowDefsLocations" ref="customWorkflowDefsRepositoryLocation"/>
</bean>
<bean id="personDaoBootstrap" class="org.alfresco.repo.security.person.PersonDaoBootstrap" >
<property name="personDaoImpl">
<ref bean="personDaoImpl"/>
</property>
</bean>
<!-- Bootstrap any extensions -->
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />
@@ -457,12 +463,6 @@
</property>
</bean>
<bean id="personDaoBootstrap" class="org.alfresco.repo.security.person.PersonDaoBootstrap" >
<property name="personDaoImpl">
<ref bean="personDaoImpl"/>
</property>
</bean>
<!-- Descriptor Service -->
<bean id="descriptorComponent" class="org.alfresco.repo.descriptor.DescriptorServiceImpl">
<property name="serverDescriptorDAO">

14
config/alfresco/bootstrap/system.xml
View File

@@ -32,6 +32,20 @@
<sys:container view:childName="${system.people_container.childname}">
<sys:children>
<cm:person view:childName="cm:${alfresco_user_store.adminusername}">
<view:acl>
<view:ace view:access="ALLOWED">
<view:authority>${alfresco_user_store.adminusername}</view:authority>
<view:permission>All</view:permission>
</view:ace>
<view:ace view:access="ALLOWED">
<view:authority>ROLE_OWNER</view:authority>
<view:permission>All</view:permission>
</view:ace>
</view:acl>
<view:aspects>
<cm:ownable></cm:ownable>
</view:aspects>
<cm:owner>${alfresco_user_store.adminusername}</cm:owner>
<cm:userName>${alfresco_user_store.adminusername}</cm:userName>
<cm:firstName>Administrator</cm:firstName>
<cm:lastName></cm:lastName>

21
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -218,27 +218,6 @@ public class LDAPPersonExportSource implements ExportSource
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);

184
source/java/org/alfresco/repo/security/person/AbstractHomeFolderProvider.java
View File

@@ -26,7 +26,6 @@ package org.alfresco.repo.security.person;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.alfresco.model.ContentModel;
@@ -37,13 +36,13 @@ import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.PropertyCheck;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.beans.factory.InitializingBean;
/**
* Common support for creating home folders This is hooked into node creation events from Person type objects via the homeFolderManager. Provider must all be wired up to the
* homeFolderManager.
* Common support for creating home folders This is hooked into node creation events from Person type objects via the
* homeFolderManager. Provider must all be wired up to the homeFolderManager.
*
* @author Andy Hind
*/
@@ -89,30 +88,9 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
*/
private String ownerOnCreate;
/**
* Set if permissions are inherited when nodes are created.
*/
private boolean inheritsPermissionsOnCreate = false;
private PermissionsManager onCreatePermissionsManager;
/**
* A set of permissions to set for the owner when a home folder is created
*/
private Set<String> ownerPermissionsToSetOnCreate;
/**
* General permissions to set on the node Map<(String)uid, Set<(String)permission>>.
*/
private Map<String, Set<String>> permissionsToSetOnCreate;
/**
* Permissions to set for the user - on create and reference.
*/
private Set<String> userPermissions;
/**
* Clear existing permissions on new home folders (useful of created from a template.
*/
private boolean clearExistingPermissionsOnCreate = false;
private PermissionsManager onReferencePermissionsManager;
public AbstractHomeFolderProvider()
{
@@ -126,6 +104,7 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
*/
public void afterPropertiesSet() throws Exception
{
PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
homeFolderManager.addProvider(this);
}
@@ -169,8 +148,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Get the path
*
* @return
*/
protected String getPath()
{
@@ -179,8 +156,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Set the path
*
* @param path
*/
public void setPath(String path)
{
@@ -189,8 +164,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Get the store ref
*
* @return
*/
protected StoreRef getStoreRef()
{
@@ -199,8 +172,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Set the store ref
*
* @param storeRef
*/
public void setStoreRef(StoreRef storeRef)
{
@@ -209,8 +180,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Set the store from the string url.
*
* @param storeUrl
*/
public void setStoreUrl(String storeUrl)
{
@@ -219,8 +188,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Get the service registry.
*
* @return
*/
protected ServiceRegistry getServiceRegistry()
{
@@ -229,8 +196,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Set the service registry.
*
* @param serviceRegistry
*/
public void setServiceRegistry(ServiceRegistry serviceRegistry)
{
@@ -239,8 +204,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Set the tenant service
*
* @param tenantService
*/
public void setTenantService(TenantService tenantService)
{
@@ -248,69 +211,28 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
}
/**
* Inherit permissions when home folder are created?
*
* @param inheritsPermissionsOnCreate
* Set the permission manager
*/
public void setInheritsPermissionsOnCreate(boolean inheritsPermissionsOnCreate)
public void setOnCreatePermissionsManager(PermissionsManager onCreatePermissionsManager)
{
this.inheritsPermissionsOnCreate = inheritsPermissionsOnCreate;
this.onCreatePermissionsManager = onCreatePermissionsManager;
}
public void setOnReferencePermissionsManager(PermissionsManager onReferencePermissionsManager)
{
this.onReferencePermissionsManager = onReferencePermissionsManager;
}
/**
* The owner to set on create.
*
* @param ownerOnCreate
* Set the authority to use as the owner of all home folder nodes.
*/
public void setOwnerOnCreate(String ownerOnCreate)
{
this.ownerOnCreate = ownerOnCreate;
}
/**
* The owner permissions to set on create.
*
* @param ownerPermissionsToSetOnCreate
*/
public void setOwnerPermissionsToSetOnCreate(Set<String> ownerPermissionsToSetOnCreate)
{
this.ownerPermissionsToSetOnCreate = ownerPermissionsToSetOnCreate;
}
/**
* General permissions to set on create.
*
* @param permissionsToSetOnCreate
*/
public void setPermissionsToSetOnCreate(Map<String, Set<String>> permissionsToSetOnCreate)
{
this.permissionsToSetOnCreate = permissionsToSetOnCreate;
}
/**
* User permissions to set on create and on reference.
*
* @param userPermissions
*/
public void setUserPermissions(Set<String> userPermissions)
{
this.userPermissions = userPermissions;
}
/**
* Clear exising permissions on create. Useful to clear permissions from a template.
*
* @param clearExistingPermissionsOnCreate
*/
public void setClearExistingPermissionsOnCreate(boolean clearExistingPermissionsOnCreate)
{
this.clearExistingPermissionsOnCreate = clearExistingPermissionsOnCreate;
}
/**
* Cache path to node resolution
*
* @return
*/
protected NodeRef getPathNodeRef()
{
@@ -327,14 +249,10 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Utility metho to resolve paths to nodes.
*
* @param pathToResolve
* @return
*/
protected NodeRef resolvePath(String pathToResolve)
{
List<NodeRef> refs = serviceRegistry.getSearchService().selectNodes(
serviceRegistry.getNodeService().getRootNode(storeRef), pathToResolve, null,
List<NodeRef> refs = serviceRegistry.getSearchService().selectNodes(serviceRegistry.getNodeService().getRootNode(storeRef), pathToResolve, null,
serviceRegistry.getNamespaceService(), false);
if (refs.size() != 1)
{
@@ -354,9 +272,6 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
/**
* Abstract implementation to find/create the approriate home space.
*
* @param person
* @return
*/
protected abstract HomeSpaceNodeRef getHomeFolder(NodeRef person);
@@ -385,82 +300,31 @@ public abstract class AbstractHomeFolderProvider implements HomeFolderProvider,
if (homeFolder.getNodeRef() != null)
{
// Get uid and keep
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, serviceRegistry.getNodeService()
.getProperty(personNodeRef, ContentModel.PROP_USERNAME));
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, serviceRegistry.getNodeService().getProperty(personNodeRef, ContentModel.PROP_USERNAME));
// If created or found then set (other wise it was already set correctly)
if (homeFolder.getStatus() != HomeSpaceNodeRef.Status.VALID)
{
serviceRegistry.getNodeService().setProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER,
homeFolder.getNodeRef());
serviceRegistry.getNodeService().setProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER, homeFolder.getNodeRef());
}
String ownerToSet = ownerOnCreate == null ? uid : ownerOnCreate;
// If created..
if (homeFolder.getStatus() == HomeSpaceNodeRef.Status.CREATED)
{
// Set to a specified owner or make owned by the person.
if (ownerOnCreate != null)
if (onCreatePermissionsManager != null)
{
serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), ownerOnCreate);
onCreatePermissionsManager.setPermissions(homeFolder.getNodeRef(), ownerToSet, uid);
}
}
else
{
serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), uid);
}
// clear permissions - useful of not required from a template
if (clearExistingPermissionsOnCreate)
if (onReferencePermissionsManager != null)
{
serviceRegistry.getPermissionService().deletePermissions(homeFolder.getNodeRef());
}
// inherit permissions
serviceRegistry.getPermissionService().setInheritParentPermissions(homeFolder.getNodeRef(),
inheritsPermissionsOnCreate);
// Set owner permissions
if (ownerPermissionsToSetOnCreate != null)
{
for (String permission : ownerPermissionsToSetOnCreate)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(),
PermissionService.OWNER_AUTHORITY, permission, true);
onReferencePermissionsManager.setPermissions(homeFolder.getNodeRef(), ownerToSet, uid);
}
}
// Add other permissions
if (permissionsToSetOnCreate != null)
{
for (String user : permissionsToSetOnCreate.keySet())
{
Set<String> set = permissionsToSetOnCreate.get(user);
if (set != null)
{
for (String permission : set)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), user,
permission, true);
}
}
}
}
}
// Add user permissions on create and reference
if (userPermissions != null)
{
for (String permission : userPermissions)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), uid, permission,
true);
}
}
}
return homeFolder.getNodeRef();

120
source/java/org/alfresco/repo/security/person/CheckAndFixPersonPermissionsBootstrapBean.java Normal file
View File

@@ -0,0 +1,120 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.person;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.AbstractLifecycleBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationEvent;
/**
* Check and fix permission for people. For each person check the permission config matches that configured for the
* person service.
*
* @author andyh
*/
public class CheckAndFixPersonPermissionsBootstrapBean extends AbstractLifecycleBean
{
protected final static Log log = LogFactory.getLog(CheckAndFixPersonPermissionsBootstrapBean.class);
private NodeService nodeService;
private PersonService personService;
private TransactionService transactionService;
private PermissionsManager permissionsManager;
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setTransactionService(TransactionService transactionService)
{
this.transactionService = transactionService;
}
public void setPermissionsManager(PermissionsManager permissionsManager)
{
this.permissionsManager = permissionsManager;
}
@Override
protected void onBootstrap(ApplicationEvent event)
{
log.info("Checking person permissions ...");
int count = checkandFixPermissions();
log.info("... updated " + count);
}
private int checkandFixPermissions()
{
Integer count = transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Integer>()
{
public Integer execute() throws Exception
{
int count = 0;
Set<NodeRef> people = personService.getAllPeople();
for (NodeRef person : people)
{
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(person, ContentModel.PROP_USERNAME));
if(!permissionsManager.validatePermissions(person, uid, uid))
{
permissionsManager.setPermissions(person, uid, uid);
count++;
}
}
return count;
}
});
return count.intValue();
}
@Override
protected void onShutdown(ApplicationEvent event)
{
// TODO Auto-generated method stub
}
}

52
source/java/org/alfresco/repo/security/person/PermissionsManager.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.person;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Utility bean to set/check permissions on a node
* @author andyh
*
*/
public interface PermissionsManager
{
/**
* Set the permission as defined on the given node
*
* @param nodeRef - the nodeRef
* @param owner - which should be set as the owner of the node (if configured to be set)
*/
public void setPermissions(NodeRef nodeRef, String owner, String user);
/**
* Validate that permissions are set on a node as defined.
*
* @param nodeRef
* @param owner
* @return - true if correct, false if they are not set as defined.
*/
public boolean validatePermissions(NodeRef nodeRef, String owner, String user);
}

264
source/java/org/alfresco/repo/security/person/PermissionsManagerImpl.java Normal file
View File

@@ -0,0 +1,264 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.person;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
public class PermissionsManagerImpl implements PermissionsManager
{
/**
* Set if permissions are inherited when nodes are created.
*/
private Boolean inheritPermissions = false;
/**
* A set of permissions to set for the owner when a home folder is created
*/
private Set<String> ownerPermissions;
/**
* General permissions to set on the node Map<(String)uid, Set<(String)permission>>.
*/
private Map<String, Set<String>> permissions;
/**
* Permissions to set for the user - on create and reference.
*/
private Set<String> userPermissions;
/**
* Clear existing permissions on new home folders (useful of created from a template.
*/
private Boolean clearExistingPermissions = false;
private OwnableService ownableService;
private PermissionService permissionService;
public boolean getInheritPermissions()
{
return inheritPermissions;
}
public void setInheritPermissions(boolean inheritPermissions)
{
this.inheritPermissions = inheritPermissions;
}
public Set<String> getOwnerPermissions()
{
return ownerPermissions;
}
public void setOwnerPermissions(Set<String> ownerPermissions)
{
this.ownerPermissions = ownerPermissions;
}
public Map<String, Set<String>> getPermissions()
{
return permissions;
}
public void setPermissions(Map<String, Set<String>> permissions)
{
this.permissions = permissions;
}
public Set<String> getUserPermissions()
{
return userPermissions;
}
public void setUserPermissions(Set<String> userPermissions)
{
this.userPermissions = userPermissions;
}
public boolean getClearExistingPermissions()
{
return clearExistingPermissions;
}
public void setClearExistingPermissions(boolean clearExistingPermissions)
{
this.clearExistingPermissions = clearExistingPermissions;
}
public void setOwnableService(OwnableService ownableService)
{
this.ownableService = ownableService;
}
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
public void setPermissions(NodeRef nodeRef, String owner, String user)
{
// Set to a specified owner
if (owner != null)
{
ownableService.setOwner(nodeRef, owner);
}
// clear permissions - useful of not required from a template
if ((clearExistingPermissions != null) && clearExistingPermissions.booleanValue())
{
permissionService.deletePermissions(nodeRef);
}
// inherit permissions
if (inheritPermissions != null)
{
permissionService.setInheritParentPermissions(nodeRef, inheritPermissions.booleanValue());
}
// Set owner permissions
if (ownerPermissions != null)
{
for (String permission : ownerPermissions)
{
permissionService.setPermission(nodeRef, PermissionService.OWNER_AUTHORITY, permission, true);
}
}
// Add other permissions
if (permissions != null)
{
for (String userForPermission : permissions.keySet())
{
Set<String> set = permissions.get(user);
if (set != null)
{
for (String permission : set)
{
permissionService.setPermission(nodeRef, userForPermission, permission, true);
}
}
}
}
// Add user permissions on create and reference
if (userPermissions != null)
{
for (String permission : userPermissions)
{
permissionService.setPermission(nodeRef, user, permission, true);
}
}
}
public boolean validatePermissions(NodeRef nodeRef, String owner, String user)
{
if (owner != null)
{
String setOwner = ownableService.getOwner(nodeRef);
if (!owner.equals(setOwner))
{
return false;
}
}
// inherit permissions
if (inheritPermissions != null)
{
if (inheritPermissions != permissionService.getInheritParentPermissions(nodeRef))
{
return false;
}
}
Set<AccessPermission> setPermissions = permissionService.getAllSetPermissions(nodeRef);
if (ownerPermissions != null)
{
for (String permission : ownerPermissions)
{
AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, PermissionService.OWNER_AUTHORITY, 0);
if (!setPermissions.contains(required))
{
return false;
}
}
}
// Add other permissions
if (permissions != null)
{
for (String userForPermission : permissions.keySet())
{
Set<String> set = permissions.get(user);
if (set != null)
{
for (String permission : set)
{
AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, userForPermission, 0);
if (!setPermissions.contains(required))
{
return false;
}
}
}
}
}
if (userPermissions != null)
{
for (String permission : userPermissions)
{
AccessPermission required = new AccessPermissionImpl(permission, AccessStatus.ALLOWED, user, 0);
if (!setPermissions.contains(required))
{
return false;
}
}
}
// TODO: Check we have no extras if we should have cleared permissions ... ??
return true;
}
}

21
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -126,6 +126,8 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
private PersonDao personDao;
private PermissionsManager permissionsManager;
/** a transactionally-safe cache to be injected */
private SimpleCache<String, NodeRef> personCache;
@@ -171,11 +173,12 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
PropertyCheck.mandatory(this, "personCache", personCache);
PropertyCheck.mandatory(this, "personDao", personDao);
// Avoid clash with home folder registration
//this.policyComponent
// .bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode"));
this.policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode"));
this.policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "beforeDeleteNode"), ContentModel.TYPE_PERSON, new JavaBehaviour(this,
"beforeDeleteNode"));
}
public UserNameMatcher getUserNameMatcher()
@@ -223,6 +226,11 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
this.personDao = personDao;
}
public void setPermissionsManager(PermissionsManager permissionsManager)
{
this.permissionsManager = permissionsManager;
}
/**
* Set the username to person cache.
*
@@ -328,7 +336,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
{
String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
String domainNameSensitivity = "";
if (! userNameMatcher.getDomainSeparator().equals(""))
if (!userNameMatcher.getDomainSeparator().equals(""))
{
domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
}
@@ -582,8 +590,9 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, QName.createQName("cm", userName, namespacePrefixResolver), ContentModel.TYPE_PERSON,
NodeRef personRef = nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, QName.createQName("cm", userName, namespacePrefixResolver), ContentModel.TYPE_PERSON,
properties).getChildRef();
return personRef;
}
public NodeRef getPeopleContainer()
@@ -695,6 +704,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
NodeRef personRef = childAssocRef.getChildRef();
String username = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
this.personCache.put(username, personRef);
permissionsManager.setPermissions(personRef, username, username);
}
/*
@@ -824,5 +834,4 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
return userNameMatcher.getUserNamesAreCaseSensitive();
}
}