RM-678: Can't create non-electronic record

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49913 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml

@@ -235,6 +235,19 @@
 				org.alfresco.service.cmr.rule.RuleService.*=ACL_DENY
             </value>
         </property>
-    </bean>    
+    </bean>   
+    
+    <bean id="FormService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
+        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
+        <property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
+        <property name="objectDefinitionSource">
+        	<value>
+        	org.alfresco.repo.forms.FormService.getForm=ACL_ALLOW
+        	org.alfresco.repo.forms.FormService.saveForm=ACL_ALLOW
+        	org.alfresco.repo.forms.FormService.*=ACL_DENY
+        	</value>
+        </property>
+    </bean>
 	
 </beans>    

rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties

@@ -226,4 +226,10 @@ rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.listSites=RM_ALLOW,A
 rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.removeMembership=RM_ALLOW
 rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.setMembership=RM_ALLOW
 rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.updateSite=RM_ALLOW
-rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.*=ACL_DENY
+rm.methodsecurity.org.alfresco.service.cmr.site.SiteService.*=RM_DENY
+
+## Form Service
+
+rm.methodsecurity.org.alfresco.repo.forms.FormService.getForm=RM_ALLOW
+rm.methodsecurity.org.alfresco.repo.forms.FormService.saveForm=RM_ALLOW
+rm.methodsecurity.org.alfresco.repo.forms.FormService.*=RM_DENY

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementAdminServiceImpl.java

@@ -54,10 +54,12 @@ import org.alfresco.repo.dictionary.M2Model;
 import org.alfresco.repo.dictionary.M2Namespace;
 import org.alfresco.repo.dictionary.M2Property;
 import org.alfresco.repo.node.NodeServicePolicies;
-import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.ClassPolicyDelegate;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
+import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.dictionary.AspectDefinition;
 import org.alfresco.service.cmr.dictionary.AssociationDefinition;
 import org.alfresco.service.cmr.dictionary.Constraint;
@@ -245,6 +247,12 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
         policy.beforeRemoveReference(fromNodeRef, toNodeRef, reference);
     }
     
+    /**
+     * 
+     * @param fromNodeRef
+     * @param toNodeRef
+     * @param reference
+     */
     protected void invokeOnRemoveReference(NodeRef fromNodeRef, NodeRef toNodeRef, QName reference)
     {
         // get qnames to invoke against
@@ -254,51 +262,89 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
         policy.onRemoveReference(fromNodeRef, toNodeRef, reference);
     }
 
+    /**
+     * @see org.alfresco.repo.node.NodeServicePolicies.OnAddAspectPolicy#onAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
+     */
     @Override
-    public void onAddAspect(NodeRef nodeRef, QName aspectTypeQName)
+    public void onAddAspect(final NodeRef nodeRef, final QName aspectTypeQName)
     {
-        if (nodeService.exists(nodeRef) == true &&
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
-            isCustomisable(aspectTypeQName) == true)
         {
-            QName customPropertyAspect = getCustomAspect(aspectTypeQName);
+            @Override
-            nodeService.addAspect(nodeRef, customPropertyAspect, null);
+            public Void doWork() throws Exception
-        }
+            {
+                if (nodeService.exists(nodeRef) == true &&
+                    isCustomisable(aspectTypeQName) == true)
+                {
+                    QName customPropertyAspect = getCustomAspect(aspectTypeQName);
+                    nodeService.addAspect(nodeRef, customPropertyAspect, null);
+                }
+                
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
     }
 
+    /**
+     * @see org.alfresco.repo.node.NodeServicePolicies.OnRemoveAspectPolicy#onRemoveAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
+     */
     @Override
-    public void onRemoveAspect(NodeRef nodeRef, QName aspectTypeQName)
+    public void onRemoveAspect(final NodeRef nodeRef, final QName aspectTypeQName)
     {
-        if (nodeService.exists(nodeRef) == true &&
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
-            isCustomisable(aspectTypeQName) == true)
         {
-            QName customPropertyAspect = getCustomAspect(aspectTypeQName);
+            @Override
-            nodeService.removeAspect(nodeRef, customPropertyAspect);  
+            public Void doWork() throws Exception
-        }
+            {
+                if (nodeService.exists(nodeRef) == true &&
+                    isCustomisable(aspectTypeQName) == true)
+                {
+                    QName customPropertyAspect = getCustomAspect(aspectTypeQName);
+                    nodeService.removeAspect(nodeRef, customPropertyAspect);  
+                }
+                
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
     }
 
+    /**
+     * Make sure any custom property aspects are applied to newly created nodes.
+     * 
+     * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef)
+     */
     @Override
-    public void onCreateNode(ChildAssociationRef childAssocRef)
+    public void onCreateNode(final ChildAssociationRef childAssocRef)
     {
-        NodeRef nodeRef = childAssocRef.getChildRef();
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
-        QName type = nodeService.getType(nodeRef);
-        while (type != null && ContentModel.TYPE_CMOBJECT.equals(type) == false)
         {
-            if (isCustomisable(type) == true)
+            @Override
+            public Void doWork() throws Exception
             {
-                QName customPropertyAspect = getCustomAspect(type);
+                NodeRef nodeRef = childAssocRef.getChildRef();
-                nodeService.addAspect(nodeRef, customPropertyAspect, null);  
+                QName type = nodeService.getType(nodeRef);
-            }
+                while (type != null && ContentModel.TYPE_CMOBJECT.equals(type) == false)
-            
+                {
-            TypeDefinition def = dictionaryService.getType(type);
+                    if (isCustomisable(type) == true)
-            if (def != null)
+                    {
-            {
+                        QName customPropertyAspect = getCustomAspect(type);
-                type = def.getParentName();
+                        nodeService.addAspect(nodeRef, customPropertyAspect, null);  
-            }
+                    }
-            else
+                    
-            {
+                    TypeDefinition def = dictionaryService.getType(type);
-                type = null;
+                    if (def != null)
-            }
+                    {
-        }        
+                        type = def.getParentName();
+                    }
+                    else
+                    {
+                        type = null;
+                    }
+                }    
+                
+                return null;
+            }           
+        }, AuthenticationUtil.getSystemUserName());           
     }
     
     /**

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java

@@ -319,14 +319,24 @@ public class RecordServiceImpl implements RecordService,
      * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateChildAssociationPolicy#onCreateChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef, boolean)
      */
     @Override
-    public void onCreateChildAssociation(ChildAssociationRef childAssocRef, boolean bNew)
+    public void onCreateChildAssociation(final ChildAssociationRef childAssocRef, final boolean bNew)
     {
-        NodeRef nodeRef = childAssocRef.getChildRef();
+
-        if (nodeService.exists(nodeRef) == true)
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
         {
-            // create and file the content as a record
+            @Override
-            file(nodeRef);
+            public Void doWork() throws Exception
-        }
+            {
+                NodeRef nodeRef = childAssocRef.getChildRef();
+                if (nodeService.exists(nodeRef) == true)
+                {
+                    // create and file the content as a record
+                    file(nodeRef);
+                }
+                
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
     }
     
     /**