From 3fb62201497eba89ec80e5c1a359ef0b7179dbf8 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Tue, 27 Nov 2012 06:34:49 +0000 Subject: [PATCH] RM-555: Add extended reader permissions for records. * service added (moved out of RM security service) * remove code added * move behaviuor extended * unit tests git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44016 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-service-context.xml | 68 +++- .../RecordsManagementServiceImpl.java | 40 +- .../RecordsManagementServiceRegistry.java | 8 + .../RecordsManagementServiceRegistryImpl.java | 10 + .../record/RecordServiceImpl.java | 327 ++++++++--------- .../ExtendedReaderDynamicAuthority.java | 18 +- .../security/ExtendedSecurityService.java | 94 +++++ .../security/ExtendedSecurityServiceImpl.java | 347 ++++++++++++++++++ .../RecordsManagementSecurityService.java | 52 --- .../RecordsManagementSecurityServiceImpl.java | 194 +--------- ...a => ExtendedSecurityServiceImplTest.java} | 95 ++--- 11 files changed, 768 insertions(+), 485 deletions(-) create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java rename rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/{RecordsManagementSecurityServiceImplTest.java => ExtendedSecurityServiceImplTest.java} (60%) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 8c7d307a1c..21520bf36d 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -481,18 +481,71 @@ org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.createRole=RM_ALLOW org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.updateRole=RM_ALLOW org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.deleteRole=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.hasExtendedReaders=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getExtendedReaders=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.setExtendedReaders=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeExtendedReaders=RM_ALLOW - org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeAllExtendedReaders=RM_ALLOW + org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.*=RM_DENY ]]> + + + + + + + + + + + + org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService + + + + + + + + + + + + + + + + + + + + ${server.transaction.mode.default} + + + + + + + + + + + + + + + + + + + + + + @@ -858,11 +911,10 @@ - - + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java index 892c99d5df..0869148a72 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java @@ -33,11 +33,13 @@ import org.alfresco.model.RenditionModel; import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; +import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; import org.alfresco.repo.domain.node.NodeDAO; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; @@ -280,23 +282,33 @@ public class RecordsManagementServiceImpl implements RecordsManagementService, * @param childAssocRef * @param bNew */ - public void onAddRecordThumbnail(ChildAssociationRef childAssocRef, boolean bNew) + public void onAddRecordThumbnail(final ChildAssociationRef childAssocRef, final boolean bNew) { - NodeRef thumbnail = childAssocRef.getChildRef(); - if (nodeService.exists(thumbnail) == true) + AuthenticationUtil.runAsSystem(new RunAsWork() { - // apply file plan component aspect to thumbnail - nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null); - - // manage any extended readers - RecordsManagementSecurityService securityService = serviceRegistry.getRecordsManagementSecurityService(); - NodeRef parent = childAssocRef.getParentRef(); - Set readers = securityService.getExtendedReaders(parent); - if (readers != null && readers.size() != 0) + @Override + public Void doWork() throws Exception { - securityService.setExtendedReaders(thumbnail, readers, false); + NodeRef thumbnail = childAssocRef.getChildRef(); + + if (nodeService.exists(thumbnail) == true) + { + // apply file plan component aspect to thumbnail + nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null); + + // manage any extended readers + ExtendedSecurityService extendedSecurityService = serviceRegistry.getExtendedSecurityService(); + NodeRef parent = childAssocRef.getParentRef(); + Set readers = extendedSecurityService.getExtendedReaders(parent); + if (readers != null && readers.size() != 0) + { + extendedSecurityService.setExtendedReaders(thumbnail, readers, false); + } + } + + return null; } - } + }); } /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java index 7e5deb7c53..e7fcd80989 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java @@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService; import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; +import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; import org.alfresco.service.NotAuditable; import org.alfresco.service.ServiceRegistry; @@ -49,6 +50,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService"); static final QName RECORD_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordService"); static final QName FREEZE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FreezeService"); + static final QName EXTENDED_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "ExtendedSecurityService"); /** * @return records management service @@ -109,4 +111,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry */ @NotAuditable FreezeService getFreezeService(); + + /** + * @return extended security service + */ + @NotAuditable + ExtendedSecurityService getExtendedSecurityService(); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java index 20714b8d54..b6d7d256b6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java @@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService; import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService; import org.alfresco.module.org_alfresco_module_rm.record.RecordService; +import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; import org.alfresco.repo.service.ServiceDescriptorRegistry; @@ -124,4 +125,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis { return (FreezeService)getService(FREEZE_SERVICE); } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getExtendedSecurityService() + */ + @Override + public ExtendedSecurityService getExtendedSecurityService() + { + return (ExtendedSecurityService)getService(EXTENDED_SECURITY_SERVICE); + } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java index 2dfba59757..f05a9951d9 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java @@ -27,7 +27,7 @@ import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.identifier.IdentifierService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService; +import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; import org.alfresco.service.cmr.dictionary.AspectDefinition; import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.ChildAssociationRef; @@ -46,211 +46,188 @@ import org.alfresco.util.ParameterCheck; */ public class RecordServiceImpl implements RecordService, RecordsManagementModel { - /** Node service **/ - private NodeService nodeService; + /** Node service **/ + private NodeService nodeService; - /** Indentiy service */ - private IdentifierService identifierService; + /** Indentiy service */ + private IdentifierService identifierService; - /** Dictionary service */ - private DictionaryService dictionaryService; + /** Dictionary service */ + private DictionaryService dictionaryService; -// /** Policy component */ -// private PolicyComponent policyComponent; + /** Permission service */ + private PermissionService permissionService; - /** Permission service */ - private PermissionService permissionService; + /** Extended security service */ + private ExtendedSecurityService extendedSecurityService; - /** Records management security service */ - private RecordsManagementSecurityService recordsManagementSecurityService; + /** List of available record meta-data aspects */ + private Set recordMetaDataAspects; - /** List of available record meta-data aspects */ - private Set recordMetaDataAspects; + /** + * @param nodeService node service + */ + public void setNodeService(NodeService nodeService) + { + this.nodeService = nodeService; + } - public void setNodeService(NodeService nodeService) - { - this.nodeService = nodeService; - } + /** + * @param identifierService identifier service + */ + public void setIdentifierService(IdentifierService identifierService) + { + this.identifierService = identifierService; + } - public void setIdentifierService(IdentifierService identifierService) - { - this.identifierService = identifierService; - } + /** + * @param dictionaryService dictionary service + */ + public void setDictionaryService(DictionaryService dictionaryService) + { + this.dictionaryService = dictionaryService; + } - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } + /** + * @param permissionService permission service + */ + public void setPermissionService(PermissionService permissionService) + { + this.permissionService = permissionService; + } -// public void setPolicyComponent(PolicyComponent policyComponent) -// { -// this.policyComponent = policyComponent; -// } + /** + * @param extendedSecurityService extended security service + */ + public void setExtendedSecurityService(ExtendedSecurityService extendedSecurityService) + { + this.extendedSecurityService = extendedSecurityService; + } - public void setPermissionService(PermissionService permissionService) - { - this.permissionService = permissionService; - } + public void init() + { - public void setRecordsManagementSecurityService(RecordsManagementSecurityService recordsManagementSecurityService) - { - this.recordsManagementSecurityService = recordsManagementSecurityService; - } + } - public void init() - { -// policyComponent.bindAssociationBehaviour( -// QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateChildAssociation"), -// TYPE_UNFILED_RECORD_CONTAINER, -// ContentModel.ASSOC_CONTAINS, -// new JavaBehaviour(this, "onCreateNewRecord", NotificationFrequency.TRANSACTION_COMMIT)); - } - -// public void onCreateNewRecord(final ChildAssociationRef childAssocRef, boolean bNew) -// { -// AuthenticationUtil.runAsSystem(new RunAsWork() -// { -// @Override -// public Void doWork() throws Exception -// { -// NodeRef nodeRef = childAssocRef.getChildRef(); -// if (nodeService.exists(nodeRef) == true) -// { -// QName type = nodeService.getType(nodeRef); -// if (ContentModel.TYPE_CONTENT.equals(type) == true || -// dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT) == true) -// { -// makeRecord(nodeRef); -// } -// else -// { -// throw new AlfrescoRuntimeException("Only content can be created as a record."); -// } -// } -// return null; -// } -// }); -// } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects() - */ - @Override - public Set getRecordMetaDataAspects() - { - if (recordMetaDataAspects == null) - { - recordMetaDataAspects = new HashSet(7); - Collection aspects = dictionaryService.getAllAspects(); - for (QName aspect : aspects) - { - AspectDefinition def = dictionaryService.getAspect(aspect); - if (def != null) + /** + * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects() + */ + @Override + public Set getRecordMetaDataAspects() + { + if (recordMetaDataAspects == null) + { + recordMetaDataAspects = new HashSet(7); + Collection aspects = dictionaryService.getAllAspects(); + for (QName aspect : aspects) { - QName parent = def.getParentName(); - if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true) - { - recordMetaDataAspects.add(aspect); - } + AspectDefinition def = dictionaryService.getAspect(aspect); + if (def != null) + { + QName parent = def.getParentName(); + if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true) + { + recordMetaDataAspects.add(aspect); + } + } } - } - } - return recordMetaDataAspects; - } + } + return recordMetaDataAspects; + } - /** - * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public boolean isRecord(NodeRef nodeRef) - { - ParameterCheck.mandatory("nodeRef", nodeRef); + /** + * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public boolean isRecord(NodeRef nodeRef) + { + ParameterCheck.mandatory("nodeRef", nodeRef); - return nodeService.hasAspect(nodeRef, ASPECT_RECORD); - } + return nodeService.hasAspect(nodeRef, ASPECT_RECORD); + } - /** - * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public boolean isDeclared(NodeRef record) - { - ParameterCheck.mandatory("record", record); + /** + * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public boolean isDeclared(NodeRef record) + { + ParameterCheck.mandatory("record", record); - return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD); - } + return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD); + } - /** - * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public void createRecordFromDocument(NodeRef filePlan, NodeRef document) - { - ParameterCheck.mandatory("filePlan", filePlan); - ParameterCheck.mandatory("document", document); + /** + * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef, + * org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public void createRecordFromDocument(NodeRef filePlan, NodeRef document) + { + ParameterCheck.mandatory("filePlan", filePlan); + ParameterCheck.mandatory("document", document); - // skip everything if the document is already a record - if (nodeService.hasAspect(document, ASPECT_RECORD) == false) - { - // get the new record container for the file plan - NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan); - if (newRecordContainer == null) - { - throw new AlfrescoRuntimeException("Unable to create record, because new record container could not be found."); - } + // skip everything if the document is already a record + if (nodeService.hasAspect(document, ASPECT_RECORD) == false) + { + // get the new record container for the file plan + NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan); + if (newRecordContainer == null) { throw new AlfrescoRuntimeException( + "Unable to create record, because new record container could not be found."); } - // get the documents primary parent assoc - ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document); + // get the documents primary parent assoc + ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document); - // move the document into the file plan - nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName()); + // move the document into the file plan + nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName()); - // maintain the original primary location - nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc.getQName()); + // maintain the original primary location + nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc + .getQName()); - // make the document a record - makeRecord(document); + // make the document a record + makeRecord(document); - // get the documents readers - Long aclId = nodeService.getNodeAclId(document); - Set readers = permissionService.getReaders(aclId); + // get the documents readers + Long aclId = nodeService.getNodeAclId(document); + Set readers = permissionService.getReaders(aclId); - // set the readers - recordsManagementSecurityService.setExtendedReaders(document, readers); - } - } + // set the readers + extendedSecurityService.setExtendedReaders(document, readers); + } + } - /** - * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public NodeRef getUnfiledRecordContainer(NodeRef filePlan) - { - ParameterCheck.mandatory("filePlan", filePlan); + /** + * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public NodeRef getUnfiledRecordContainer(NodeRef filePlan) + { + ParameterCheck.mandatory("filePlan", filePlan); - List assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS, RegexQNamePattern.MATCH_ALL); - if (assocs.size() != 1) - { - throw new AlfrescoRuntimeException("Error getting the unfiled container, because the container cannot be indentified."); - } + List assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS, + RegexQNamePattern.MATCH_ALL); + if (assocs.size() != 1) { throw new AlfrescoRuntimeException( + "Error getting the unfiled container, because the container cannot be indentified."); } - return assocs.get(0).getChildRef(); - } + return assocs.get(0).getChildRef(); + } - /** - * Helper Methods - */ + /** + * Helper Methods + */ - /** - * Creates a record from the given document - * - * @param document the document from which a record will be created - */ - private void makeRecord(NodeRef document) - { - nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null); + /** + * Creates a record from the given document + * + * @param document the document from which a record will be created + */ + private void makeRecord(NodeRef document) + { + nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null); - String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document).getParentRef()); - nodeService.setProperty(document, PROP_IDENTIFIER, recordId); - } + String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document) + .getParentRef()); + nodeService.setProperty(document, PROP_IDENTIFIER, recordId); + } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java index 291e7e9ff5..3089c41aaf 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java @@ -47,8 +47,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority, /** Authority service */ private AuthorityService authorityService; - /** Records management security service */ - private RecordsManagementSecurityService recordsManagementSecurityService; + /** Extended security service */ + private ExtendedSecurityService extendedSecurityService; /** Node service */ private NodeService nodeService; @@ -72,15 +72,15 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority, } /** - * @return records management security service + * @return extended security service */ - public RecordsManagementSecurityService getRecordsManagementSecurityService() + public ExtendedSecurityService getExtendedSecurityService() { - if (recordsManagementSecurityService == null) + if (extendedSecurityService == null) { - recordsManagementSecurityService = (RecordsManagementSecurityService)applicationContext.getBean("recordsManagementSecurityService"); + extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("extendedSecurityService"); } - return recordsManagementSecurityService; + return extendedSecurityService; } /** @@ -123,7 +123,7 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority, if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == true) { - Set readers = getRecordsManagementSecurityService().getExtendedReaders(nodeRef); + Set readers = getExtendedSecurityService().getExtendedReaders(nodeRef); if (readers != null) { for (String reader : readers) @@ -167,6 +167,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority, @Override public Set requiredFor() { + // TODO ... should we set something here? ReadRecord? + return null; } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java new file mode 100644 index 0000000000..1fd0e3a64f --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityService.java @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.security; + +import java.util.Set; + +import org.alfresco.service.cmr.repository.NodeRef; + +/** + * Extended security service. + * + * @author Roy Wetherall + * @since 2.1 + */ +public interface ExtendedSecurityService +{ + /** + * Indicates whether the node has any extended readers set or not. + * + * @param nodeRef node reference + * @return boolean true if the node has extended readers set, false otherwise + */ + boolean hasExtendedReaders(NodeRef nodeRef); + + /** + * Gets the set authorities that are extended readers for the given node. + * + * @param nodeRef node reference + * @return {@link Set}<{@link String}> extended readers + */ + Set getExtendedReaders(NodeRef nodeRef); + + /** + * Set the authorities that are extended readers on the node. Applies extended readers to + * file plan parent hierarchy. + * + * @param nodeRef node reference + * @param readers extended readers + */ + void setExtendedReaders(NodeRef nodeRef, Set readers); + + /** + * + * @param nodeRef + * @param readers + * @param applyToParents + */ + void setExtendedReaders(NodeRef nodeRef, Set readers, boolean applyToParents); + + /** + * + * @param nodeRef + * @param readers + */ + void removeExtendedReaders(NodeRef nodeRef, Set readers); + + /** + * + * @param nodeRef + * @param readers + * @param applyToParents + */ + void removeExtendedReaders(NodeRef nodeRef, Set readers, boolean applyToParents); + + /** + * + * @param nodeRef + */ + void removeAllExtendedReaders(NodeRef nodeRef); + + /** + * + * @param nodeRef + * @param applyToParents + */ + void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents); + +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java new file mode 100644 index 0000000000..c0fd3620e4 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java @@ -0,0 +1,347 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.security; + +import java.io.Serializable; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.model.RenditionModel; +import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.module.org_alfresco_module_rm.record.RecordService; +import org.alfresco.repo.node.NodeServicePolicies; +import org.alfresco.repo.policy.JavaBehaviour; +import org.alfresco.repo.policy.PolicyComponent; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.namespace.RegexQNamePattern; +import org.alfresco.util.ParameterCheck; + +/** + * Extended security service implementation. + * + * @author Roy Wetherall + * @since 2.1 + */ +public class ExtendedSecurityServiceImpl implements ExtendedSecurityService, + RecordsManagementModel, + NodeServicePolicies.OnMoveNodePolicy +{ + /** Policy component */ + private PolicyComponent policyComponent; + + /** Node service */ + private NodeService nodeService; + + /** Records management service */ + private RecordsManagementService recordsManagementService; + + /** Record service */ + private RecordService recordService; + + /** + * @param policyComponent policy component + */ + public void setPolicyComponent(PolicyComponent policyComponent) + { + this.policyComponent = policyComponent; + } + + /** + * @param recordService record service + */ + public void setRecordService(RecordService recordService) + { + this.recordService = recordService; + } + + /** + * @param recordsManagementService records management service + */ + public void setRecordsManagementService(RecordsManagementService recordsManagementService) + { + this.recordsManagementService = recordsManagementService; + } + + /** + * @param nodeService node service + */ + public void setNodeService(NodeService nodeService) + { + this.nodeService = nodeService; + } + + /** + * Init method + */ + public void init() + { + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnMoveNodePolicy.QNAME, + ASPECT_EXTENDED_READERS, + new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT)); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public boolean hasExtendedReaders(NodeRef nodeRef) + { + boolean result = false; + Set extendedReaders = getExtendedReaders(nodeRef); + if (extendedReaders != null && extendedReaders.size() != 0) + { + result = true; + } + return result; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) + */ + @SuppressWarnings("unchecked") + @Override + public Set getExtendedReaders(NodeRef nodeRef) + { + Set result = null; + + Map readerMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS); + if (readerMap != null) + { + result = readerMap.keySet(); + } + + return result; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set) + */ + @Override + public void setExtendedReaders(NodeRef nodeRef, Set readers) + { + setExtendedReaders(nodeRef, readers, true); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean) + */ + @SuppressWarnings("unchecked") + @Override + public void setExtendedReaders(NodeRef nodeRef, java.util.Set readers, boolean applyToParents) + { + ParameterCheck.mandatory("nodeRef", nodeRef); + ParameterCheck.mandatory("readers", readers); + ParameterCheck.mandatory("applyToParents", applyToParents); + + if (nodeRef != null && readers.isEmpty() == false) + { + // add the aspect if missing + if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false) + { + nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null); + } + + // get reader map + Map readersMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS); + if (readersMap == null) + { + // create reader map + readersMap = new HashMap(7); + } + + for (String reader : readers) + { + if (readersMap.containsKey(reader) == true) + { + // increment reference count + Integer count = readersMap.get(reader); + readersMap.put(reader, Integer.valueOf(count.intValue()+1)); + } + else + { + // add reader with initial count + readersMap.put(reader, Integer.valueOf(1)); + } + } + + // set the readers property (this will in turn apply the aspect if required) + nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap); + + // apply the readers to any renditions of the content + if (recordService.isRecord(nodeRef) == true) + { + List assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef assoc : assocs) + { + NodeRef child = assoc.getChildRef(); + setExtendedReaders(child, readers, false); + } + } + + if (applyToParents == true) + { + // apply the extended readers up the file plan primary hierarchy + NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); + if (parent != null && + recordsManagementService.isFilePlanComponent(parent) == true) + { + setExtendedReaders(parent, readers); + } + } + } + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set) + */ + @Override + public void removeExtendedReaders(NodeRef nodeRef, Set readers) + { + removeExtendedReaders(nodeRef, readers, true); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean) + */ + @Override + public void removeExtendedReaders(NodeRef nodeRef, Set readers, boolean applyToParents) + { + if (hasExtendedReaders(nodeRef) == true) + { + removeExtendedReadersImpl(nodeRef, readers); + + // remove the readers from any renditions of the content + if (recordService.isRecord(nodeRef) == true) + { + List assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef assoc : assocs) + { + NodeRef child = assoc.getChildRef(); + removeExtendedReadersImpl(child, readers); + } + } + + if (applyToParents == true) + { + // apply the extended readers up the file plan primary hierarchy + NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); + if (parent != null && + recordsManagementService.isFilePlanComponent(parent) == true) + { + removeExtendedReaders(parent, readers, applyToParents); + } + } + } + } + + /** + * + * @param nodeRef + * @param readers + */ + @SuppressWarnings("unchecked") + private void removeExtendedReadersImpl(NodeRef nodeRef, Set readers) + { + Map readersMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS); + + for (String reader : readers) + { + Integer readerCount = readersMap.get(reader); + if (readerCount != null) + { + if (readerCount == 1) + { + readersMap.remove(reader); + } + else + { + readersMap.put(reader, Integer.valueOf(readerCount.intValue()-1)); + } + } + } + + if (readersMap.isEmpty() == true) + { + readersMap = null; + } + + nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + public void removeAllExtendedReaders(NodeRef nodeRef) + { + removeAllExtendedReaders(nodeRef, true); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, boolean) + */ + @Override + public void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents) + { + if (hasExtendedReaders(nodeRef) == true) + { + Set readers = getExtendedReaders(nodeRef); + if (readers != null && readers.isEmpty() == false) + { + removeExtendedReaders(nodeRef, readers); + } + } + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnMoveNodePolicy#onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef, org.alfresco.service.cmr.repository.ChildAssociationRef) + */ + @Override + public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc) + { + AuthenticationUtil.runAsSystem(new RunAsWork() + { + @Override + public Void doWork() throws Exception + { + NodeRef record = newAssoc.getChildRef(); + NodeRef newParent = newAssoc.getParentRef(); + NodeRef oldParent = origAssoc.getParentRef(); + + Set readers = getExtendedReaders(record); + if (readers != null && readers.size() != 0) + { + setExtendedReaders(newParent, readers); + removeExtendedReadersImpl(oldParent, readers); + } + + return null; + } + }); + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java index 3eba852122..7cb8b18895 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java @@ -152,56 +152,4 @@ public interface RecordsManagementSecurityService * @param permission permission */ void deletePermission(NodeRef nodeRef, String authority, String permission); - - /** - * Indicates whether the node has any extended readers set or not. - * - * @param nodeRef node reference - * @return boolean true if the node has extended readers set, false otherwise - * @since 2.1 - */ - boolean hasExtendedReaders(NodeRef nodeRef); - - /** - * Gets the set authorities that are extended readers for the given node. - * - * @param nodeRef node reference - * @return {@link Set}<{@link String}> extended readers - * @since 2.1 - */ - Set getExtendedReaders(NodeRef nodeRef); - - /** - * Set the authorities that are extended readers on the node. Applies extended readers to - * file plan parent hierarchy. - * - * @param nodeRef node reference - * @param readers extended readers - * @since 2.1 - */ - void setExtendedReaders(NodeRef nodeRef, Set readers); - - /** - * - * @param nodeRef - * @param readers - * @param applyToParents - * @since 2.1 - */ - void setExtendedReaders(NodeRef nodeRef, Set readers, boolean applyToParents); - - /** - * - * @param nodeRef - * @param readers - * @since 2.1 - */ - void removeExtendedReaders(NodeRef nodeRef, Set readers); - - /** - * - * @param nodeRef - * @since 2.1 - */ - void removeAllExtendedReaders(NodeRef nodeRef); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java index 362595feec..24afefad39 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java @@ -31,7 +31,6 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; -import org.alfresco.model.RenditionModel; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; @@ -43,7 +42,6 @@ import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; @@ -61,9 +59,6 @@ import org.apache.commons.logging.LogFactory; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; -import org.springframework.beans.BeansException; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; /** * Records management permission service implementation @@ -71,9 +66,7 @@ import org.springframework.context.ApplicationContextAware; * @author Roy Wetherall */ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService, - RecordsManagementModel, - ApplicationContextAware, - NodeServicePolicies.OnMoveNodePolicy + RecordsManagementModel { /** Capability service */ @@ -106,18 +99,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe /** Logger */ private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class); - /** Application context */ - private ApplicationContext applicationContext; - - /** - * @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext) - */ - @Override - public void setApplicationContext(ApplicationContext applicationContext) throws BeansException - { - this.applicationContext = applicationContext; - } - /** * Set the capability service * @@ -209,11 +190,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe NodeServicePolicies.OnCreateNodePolicy.QNAME, TYPE_RECORD_FOLDER, new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT)); - - policyComponent.bindClassBehaviour( - NodeServicePolicies.OnMoveNodePolicy.QNAME, - ASPECT_RECORD, - new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT)); } /** @@ -570,6 +546,13 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe }, AuthenticationUtil.getSystemUserName()); } + /** + * Helper method to convert a stream to a string. + * + * @param is input stream + * @return {@link String} string + * @throws IOException + */ public String convertStreamToString(InputStream is) throws IOException { /* @@ -762,6 +745,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe /** * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) + * + * TODO .. change this to check a property of the role its self */ public boolean hasRMAdminRole(NodeRef rmRootNode, String user) { @@ -1031,163 +1016,4 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe } }, AuthenticationUtil.getSystemUserName()); } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public boolean hasExtendedReaders(NodeRef nodeRef) - { - boolean result = false; - Set extendedReaders = getExtendedReaders(nodeRef); - if (extendedReaders != null && extendedReaders.size() != 0) - { - result = true; - } - return result; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) - */ - @SuppressWarnings("unchecked") - @Override - public Set getExtendedReaders(NodeRef nodeRef) - { - NodeService nodeService = (NodeService)applicationContext.getBean("nodeService"); - Set result = null; - - Map readerMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS); - if (readerMap != null) - { - result = readerMap.keySet(); - } - - return result; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set) - */ - @Override - public void setExtendedReaders(NodeRef nodeRef, Set readers) - { - setExtendedReaders(nodeRef, readers, true); - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean) - */ - @SuppressWarnings("unchecked") - @Override - public void setExtendedReaders(NodeRef nodeRef, java.util.Set readers, boolean applyToParents) - { - ParameterCheck.mandatory("nodeRef", nodeRef); - ParameterCheck.mandatory("readers", readers); - - NodeService nodeService = (NodeService)applicationContext.getBean("nodeService"); - RecordsManagementService recordsManagementService = (RecordsManagementService)applicationContext.getBean("recordsManagementService"); - - if (nodeRef != null && - readers.isEmpty() == false) - { - // add the aspect if missing - if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false) - { - nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null); - } - - // get reader map - Map readersMap = (Map)nodeService.getProperty(nodeRef, PROP_READERS); - if (readersMap == null) - { - // create reader map - readersMap = new HashMap(7); - } - - for (String reader : readers) - { - if (readersMap.containsKey(reader) == true) - { - // increment reference count - Integer count = readersMap.get(reader); - readersMap.put(reader, Integer.valueOf(count.intValue()+1)); - } - else - { - // add reader with initial count - readersMap.put(reader, Integer.valueOf(1)); - } - } - - // set the readers property (this will in turn apply the aspect if required) - nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap); - - // apply the readers to any renditions of the content - if (recordsManagementService.isRecord(nodeRef) == true) - { - List assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef assoc : assocs) - { - NodeRef child = assoc.getChildRef(); - setExtendedReaders(child, readers, false); - } - } - - if (applyToParents == true) - { - // apply the extended readers up the file plan primary hierarchy - NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); - if (parent != null && - recordsManagementService.isFilePlanComponent(parent) == true) - { - setExtendedReaders(parent, readers); - } - } - } - } - - @Override - public void removeExtendedReaders(NodeRef nodeRef, Set readers) - { - // TODO Auto-generated method stub - - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - public void removeAllExtendedReaders(NodeRef nodeRef) - { - // TODO Auto-generated method stub - - } - - @Override - public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc) - { - // TODO temp solution for demo - - AuthenticationUtil.runAsSystem(new RunAsWork() - { - - @Override - public Void doWork() throws Exception - { - NodeRef record = newAssoc.getChildRef(); - NodeRef parent = newAssoc.getParentRef(); - - Set readers = getExtendedReaders(record); - if (readers != null && readers.size() != 0) - { - setExtendedReaders(parent, readers); - } - - return null; - }}); - - - - } } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java similarity index 60% rename from rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java rename to rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java index 1268d30d11..ef22afda5a 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordsManagementSecurityServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java @@ -6,6 +6,7 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; +import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; import org.alfresco.service.cmr.repository.NodeRef; @@ -14,8 +15,10 @@ import org.alfresco.service.cmr.repository.NodeRef; * * @author Roy Wetherall */ -public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase +public class ExtendedSecurityServiceImplTest extends BaseRMTestCase { + private ExtendedSecurityService extendedSecurityService; + private NodeRef record; private NodeRef recordToo; @@ -25,6 +28,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase return true; } + @Override + protected void initServices() + { + super.initServices(); + + extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("ExtendedSecurityService"); + } + @Override protected void setupTestDataImpl() { @@ -33,35 +44,6 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase record = utils.createRecord(rmFolder, "record.txt"); recordToo = utils.createRecord(rmFolder, "recordToo.txt"); } - - - // TODO testGetProtectedAspects - - // TODO getProtectedProperties - - // TODO bootstrapDefaultRoles - - // TODO getRoles - - // TODO getRolesByUser - - // TODO getRole - - // TODO existsRole - - // TODO hasRMAdminRole - - // TODO createRole - - // TODO updateRole - - // TODO deleteRole - - // TODO assignRoleToAuthority - - // TODO setPermission - - // TODO deletePermission public void testExtendedReaders() { @@ -74,13 +56,13 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase assertFalse(hasExtendedReadersAspect(rmFolder)); assertFalse(hasExtendedReadersAspect(record)); - assertNull(securityService.getExtendedReaders(record)); + assertNull(extendedSecurityService.getExtendedReaders(record)); Set extendedReaders = new HashSet(2); extendedReaders.add("monkey"); extendedReaders.add("elephant"); - securityService.setExtendedReaders(record, extendedReaders); + extendedSecurityService.setExtendedReaders(record, extendedReaders); Map testMap = new HashMap(2); testMap.put("monkey", Integer.valueOf(1)); @@ -95,7 +77,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase extendedReadersToo.add("monkey"); extendedReadersToo.add("snake"); - securityService.setExtendedReaders(recordToo, extendedReadersToo); + extendedSecurityService.setExtendedReaders(recordToo, extendedReadersToo); Map testMapToo = new HashMap(2); testMapToo.put("monkey", Integer.valueOf(1)); @@ -111,6 +93,39 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase test(rmFolder, testMapThree); test(recordToo, testMapToo); + // test remove (with no parent inheritance) + + Set removeMap1 = new HashSet(2); + removeMap1.add("elephant"); + removeMap1.add("monkey"); + + extendedSecurityService.removeExtendedReaders(rmFolder, removeMap1, false); + + Map testMapFour = new HashMap(2); + testMapFour.put("monkey", Integer.valueOf(1)); + testMapFour.put("snake", Integer.valueOf(1)); + + test(filePlan, testMapThree); + test(rmContainer, testMapThree); + test(rmFolder, testMapFour); + test(recordToo, testMapToo); + + // test remove (apply to parents) + + Set removeMap2 = new HashSet(1); + removeMap2.add("snake"); + + extendedSecurityService.removeExtendedReaders(recordToo, removeMap2, true); + + testMapThree.remove("snake"); + testMapFour.remove("snake"); + testMapToo.remove("snake"); + + test(filePlan, testMapThree); + test(rmContainer, testMapThree); + test(rmFolder, testMapFour); + test(recordToo, testMapToo); + return null; } @@ -131,22 +146,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase for (Map.Entry entry: testMap.entrySet()) { assertTrue(readersMap.containsKey(entry.getKey())); - assertEquals(entry.getValue(), readersMap.get(entry.getKey())); + assertEquals(entry.getKey(), entry.getValue(), readersMap.get(entry.getKey())); } - Set readers = securityService.getExtendedReaders(nodeRef); + Set readers = extendedSecurityService.getExtendedReaders(nodeRef); assertNotNull(readers); assertEquals(testMap.size(), readers.size()); } }); - } - - // TODO getExtendedReaders - - // TODO setExtendedReaders - - // TODO removeExtendedReaders - - // TODO removeAllExtendedReaders + } }