diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml index ff052efe17..0f97f65c24 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml @@ -235,6 +235,19 @@ org.alfresco.service.cmr.rule.RuleService.*=ACL_DENY - + + + + + + + + + org.alfresco.repo.forms.FormService.getForm=ACL_ALLOW + org.alfresco.repo.forms.FormService.saveForm=ACL_ALLOW + org.alfresco.repo.forms.FormService.*=ACL_DENY + + + \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties index 98bc4928e2..6c31c3c9f2 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties @@ -226,4 +226,10 @@ rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.listSites=RM_ALLOW,A rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.removeMembership=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.setMembership=RM_ALLOW rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.updateSite=RM_ALLOW -rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.*=ACL_DENY \ No newline at end of file +rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.*=RM_DENY + +## Form Service + +rm.methodsecurity.org.alfresco.repo.forms.FormService.getForm=RM_ALLOW +rm.methodsecurity.org.alfresco.repo.forms.FormService.saveForm=RM_ALLOW +rm.methodsecurity.org.alfresco.repo.forms.FormService.*=RM_DENY \ No newline at end of file diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementAdminServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementAdminServiceImpl.java index e7c116d913..f786cb9ff5 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementAdminServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementAdminServiceImpl.java @@ -54,10 +54,12 @@ import org.alfresco.repo.dictionary.M2Model; import org.alfresco.repo.dictionary.M2Namespace; import org.alfresco.repo.dictionary.M2Property; import org.alfresco.repo.node.NodeServicePolicies; -import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.policy.ClassPolicyDelegate; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.dictionary.AspectDefinition; import org.alfresco.service.cmr.dictionary.AssociationDefinition; import org.alfresco.service.cmr.dictionary.Constraint; @@ -245,6 +247,12 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin policy.beforeRemoveReference(fromNodeRef, toNodeRef, reference); } + /** + * + * @param fromNodeRef + * @param toNodeRef + * @param reference + */ protected void invokeOnRemoveReference(NodeRef fromNodeRef, NodeRef toNodeRef, QName reference) { // get qnames to invoke against @@ -254,51 +262,89 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin policy.onRemoveReference(fromNodeRef, toNodeRef, reference); } + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnAddAspectPolicy#onAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ @Override - public void onAddAspect(NodeRef nodeRef, QName aspectTypeQName) + public void onAddAspect(final NodeRef nodeRef, final QName aspectTypeQName) { - if (nodeService.exists(nodeRef) == true && - isCustomisable(aspectTypeQName) == true) + AuthenticationUtil.runAs(new RunAsWork() { - QName customPropertyAspect = getCustomAspect(aspectTypeQName); - nodeService.addAspect(nodeRef, customPropertyAspect, null); - } + @Override + public Void doWork() throws Exception + { + if (nodeService.exists(nodeRef) == true && + isCustomisable(aspectTypeQName) == true) + { + QName customPropertyAspect = getCustomAspect(aspectTypeQName); + nodeService.addAspect(nodeRef, customPropertyAspect, null); + } + + return null; + } + }, AuthenticationUtil.getSystemUserName()); } + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnRemoveAspectPolicy#onRemoveAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ @Override - public void onRemoveAspect(NodeRef nodeRef, QName aspectTypeQName) + public void onRemoveAspect(final NodeRef nodeRef, final QName aspectTypeQName) { - if (nodeService.exists(nodeRef) == true && - isCustomisable(aspectTypeQName) == true) + AuthenticationUtil.runAs(new RunAsWork() { - QName customPropertyAspect = getCustomAspect(aspectTypeQName); - nodeService.removeAspect(nodeRef, customPropertyAspect); - } + @Override + public Void doWork() throws Exception + { + if (nodeService.exists(nodeRef) == true && + isCustomisable(aspectTypeQName) == true) + { + QName customPropertyAspect = getCustomAspect(aspectTypeQName); + nodeService.removeAspect(nodeRef, customPropertyAspect); + } + + return null; + } + }, AuthenticationUtil.getSystemUserName()); } + /** + * Make sure any custom property aspects are applied to newly created nodes. + * + * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) + */ @Override - public void onCreateNode(ChildAssociationRef childAssocRef) + public void onCreateNode(final ChildAssociationRef childAssocRef) { - NodeRef nodeRef = childAssocRef.getChildRef(); - QName type = nodeService.getType(nodeRef); - while (type != null && ContentModel.TYPE_CMOBJECT.equals(type) == false) + AuthenticationUtil.runAs(new RunAsWork() { - if (isCustomisable(type) == true) + @Override + public Void doWork() throws Exception { - QName customPropertyAspect = getCustomAspect(type); - nodeService.addAspect(nodeRef, customPropertyAspect, null); - } - - TypeDefinition def = dictionaryService.getType(type); - if (def != null) - { - type = def.getParentName(); - } - else - { - type = null; - } - } + NodeRef nodeRef = childAssocRef.getChildRef(); + QName type = nodeService.getType(nodeRef); + while (type != null && ContentModel.TYPE_CMOBJECT.equals(type) == false) + { + if (isCustomisable(type) == true) + { + QName customPropertyAspect = getCustomAspect(type); + nodeService.addAspect(nodeRef, customPropertyAspect, null); + } + + TypeDefinition def = dictionaryService.getType(type); + if (def != null) + { + type = def.getParentName(); + } + else + { + type = null; + } + } + + return null; + } + }, AuthenticationUtil.getSystemUserName()); } /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java index 4bfa86c528..314e639e0d 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java @@ -319,14 +319,24 @@ public class RecordServiceImpl implements RecordService, * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateChildAssociationPolicy#onCreateChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef, boolean) */ @Override - public void onCreateChildAssociation(ChildAssociationRef childAssocRef, boolean bNew) + public void onCreateChildAssociation(final ChildAssociationRef childAssocRef, final boolean bNew) { - NodeRef nodeRef = childAssocRef.getChildRef(); - if (nodeService.exists(nodeRef) == true) + + AuthenticationUtil.runAs(new RunAsWork() { - // create and file the content as a record - file(nodeRef); - } + @Override + public Void doWork() throws Exception + { + NodeRef nodeRef = childAssocRef.getChildRef(); + if (nodeService.exists(nodeRef) == true) + { + // create and file the content as a record + file(nodeRef); + } + + return null; + } + }, AuthenticationUtil.getSystemUserName()); } /**