mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-555: Add extended reader permissions for records.
* service added (moved out of RM security service) * remove code added * move behaviuor extended * unit tests git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44016 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -481,18 +481,71 @@
|
|||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.createRole=RM_ALLOW
|
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.createRole=RM_ALLOW
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.updateRole=RM_ALLOW
|
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.updateRole=RM_ALLOW
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.deleteRole=RM_ALLOW
|
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.deleteRole=RM_ALLOW
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW
|
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.assignRoleToAuthority=RM_ALLOW
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.hasExtendedReaders=RM_ALLOW
|
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.getExtendedReaders=RM_ALLOW
|
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.setExtendedReaders=RM_ALLOW
|
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeExtendedReaders=RM_ALLOW
|
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.removeAllExtendedReaders=RM_ALLOW
|
|
||||||
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.*=RM_DENY
|
org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService.*=RM_DENY
|
||||||
]]>
|
]]>
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
|
<!-- Records Management Extended Security Service -->
|
||||||
|
|
||||||
|
<bean id="extendedSecurityService"
|
||||||
|
class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityServiceImpl"
|
||||||
|
init-method="init">
|
||||||
|
<property name="policyComponent" ref="policyComponent"/>
|
||||||
|
<property name="nodeService" ref="nodeService"/>
|
||||||
|
<property name="recordService" ref="recordService"/>
|
||||||
|
<property name="recordsManagementService" ref="recordsManagementService"/>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<bean id="ExtendedSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
|
||||||
|
<property name="proxyInterfaces">
|
||||||
|
<value>org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService</value>
|
||||||
|
</property>
|
||||||
|
<property name="target">
|
||||||
|
<ref bean="extendedSecurityService"/>
|
||||||
|
</property>
|
||||||
|
<property name="interceptorNames">
|
||||||
|
<list>
|
||||||
|
<idref local="ExtendedSecurityService_transaction"/>
|
||||||
|
<idref bean="exceptionTranslator"/>
|
||||||
|
<idref local="ExtendedSecurityService_security"/>
|
||||||
|
</list>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<bean id="ExtendedSecurityService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
|
||||||
|
<property name="transactionManager">
|
||||||
|
<ref bean="transactionManager"/>
|
||||||
|
</property>
|
||||||
|
<property name="transactionAttributes">
|
||||||
|
<props>
|
||||||
|
<prop key="*">${server.transaction.mode.default}</prop>
|
||||||
|
</props>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<bean id="ExtendedSecurityService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
|
||||||
|
<property name="authenticationManager">
|
||||||
|
<ref bean="authenticationManager"/>
|
||||||
|
</property>
|
||||||
|
<property name="accessDecisionManager">
|
||||||
|
<ref bean="accessDecisionManager"/>
|
||||||
|
</property>
|
||||||
|
<property name="afterInvocationManager">
|
||||||
|
<ref bean="afterInvocationManager"/>
|
||||||
|
</property>
|
||||||
|
<property name="objectDefinitionSource">
|
||||||
|
<value>
|
||||||
|
<![CDATA[
|
||||||
|
org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService.*=RM_ALLOW
|
||||||
|
]]>
|
||||||
|
</value>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
|
||||||
<!-- Records Management Action Service -->
|
<!-- Records Management Action Service -->
|
||||||
|
|
||||||
<bean id="recordsManagementActionService" class="org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionServiceImpl" init-method="init">
|
<bean id="recordsManagementActionService" class="org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionServiceImpl" init-method="init">
|
||||||
@@ -858,11 +911,10 @@
|
|||||||
|
|
||||||
<bean id="recordService" class="org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl" init-method="init">
|
<bean id="recordService" class="org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl" init-method="init">
|
||||||
<property name="nodeService" ref="NodeService"/>
|
<property name="nodeService" ref="NodeService"/>
|
||||||
<!--<property name="policyComponent" ref="policyComponent"/>-->
|
|
||||||
<property name="dictionaryService" ref="DictionaryService"/>
|
<property name="dictionaryService" ref="DictionaryService"/>
|
||||||
<property name="identifierService" ref="recordsManagementIdentifierService"/>
|
<property name="identifierService" ref="recordsManagementIdentifierService"/>
|
||||||
<property name="permissionService" ref="PermissionService"/>
|
<property name="permissionService" ref="PermissionService"/>
|
||||||
<property name="recordsManagementSecurityService" ref="RecordsManagementSecurityService"/>
|
<property name="extendedSecurityService" ref="ExtendedSecurityService" />
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="RecordService" class="org.springframework.aop.framework.ProxyFactoryBean">
|
<bean id="RecordService" class="org.springframework.aop.framework.ProxyFactoryBean">
|
||||||
|
|||||||
@@ -33,11 +33,13 @@ import org.alfresco.model.RenditionModel;
|
|||||||
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
|
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel;
|
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
|
||||||
import org.alfresco.repo.domain.node.NodeDAO;
|
import org.alfresco.repo.domain.node.NodeDAO;
|
||||||
import org.alfresco.repo.policy.JavaBehaviour;
|
import org.alfresco.repo.policy.JavaBehaviour;
|
||||||
import org.alfresco.repo.policy.PolicyComponent;
|
import org.alfresco.repo.policy.PolicyComponent;
|
||||||
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||||
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||||
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||||
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
||||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
@@ -280,23 +282,33 @@ public class RecordsManagementServiceImpl implements RecordsManagementService,
|
|||||||
* @param childAssocRef
|
* @param childAssocRef
|
||||||
* @param bNew
|
* @param bNew
|
||||||
*/
|
*/
|
||||||
public void onAddRecordThumbnail(ChildAssociationRef childAssocRef, boolean bNew)
|
public void onAddRecordThumbnail(final ChildAssociationRef childAssocRef, final boolean bNew)
|
||||||
{
|
{
|
||||||
NodeRef thumbnail = childAssocRef.getChildRef();
|
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||||
if (nodeService.exists(thumbnail) == true)
|
|
||||||
{
|
{
|
||||||
// apply file plan component aspect to thumbnail
|
@Override
|
||||||
nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null);
|
public Void doWork() throws Exception
|
||||||
|
|
||||||
// manage any extended readers
|
|
||||||
RecordsManagementSecurityService securityService = serviceRegistry.getRecordsManagementSecurityService();
|
|
||||||
NodeRef parent = childAssocRef.getParentRef();
|
|
||||||
Set<String> readers = securityService.getExtendedReaders(parent);
|
|
||||||
if (readers != null && readers.size() != 0)
|
|
||||||
{
|
{
|
||||||
securityService.setExtendedReaders(thumbnail, readers, false);
|
NodeRef thumbnail = childAssocRef.getChildRef();
|
||||||
|
|
||||||
|
if (nodeService.exists(thumbnail) == true)
|
||||||
|
{
|
||||||
|
// apply file plan component aspect to thumbnail
|
||||||
|
nodeService.addAspect(thumbnail, ASPECT_FILE_PLAN_COMPONENT, null);
|
||||||
|
|
||||||
|
// manage any extended readers
|
||||||
|
ExtendedSecurityService extendedSecurityService = serviceRegistry.getExtendedSecurityService();
|
||||||
|
NodeRef parent = childAssocRef.getParentRef();
|
||||||
|
Set<String> readers = extendedSecurityService.getExtendedReaders(parent);
|
||||||
|
if (readers != null && readers.size() != 0)
|
||||||
|
{
|
||||||
|
extendedSecurityService.setExtendedReaders(thumbnail, readers, false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
}
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService
|
|||||||
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
|
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
|
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
||||||
import org.alfresco.service.NotAuditable;
|
import org.alfresco.service.NotAuditable;
|
||||||
import org.alfresco.service.ServiceRegistry;
|
import org.alfresco.service.ServiceRegistry;
|
||||||
@@ -49,6 +50,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
|
|||||||
static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService");
|
static final QName CAPABILITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "CapabilityService");
|
||||||
static final QName RECORD_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordService");
|
static final QName RECORD_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordService");
|
||||||
static final QName FREEZE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FreezeService");
|
static final QName FREEZE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FreezeService");
|
||||||
|
static final QName EXTENDED_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "ExtendedSecurityService");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return records management service
|
* @return records management service
|
||||||
@@ -109,4 +111,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
|
|||||||
*/
|
*/
|
||||||
@NotAuditable
|
@NotAuditable
|
||||||
FreezeService getFreezeService();
|
FreezeService getFreezeService();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return extended security service
|
||||||
|
*/
|
||||||
|
@NotAuditable
|
||||||
|
ExtendedSecurityService getExtendedSecurityService();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService
|
|||||||
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
|
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
|
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
||||||
import org.alfresco.repo.service.ServiceDescriptorRegistry;
|
import org.alfresco.repo.service.ServiceDescriptorRegistry;
|
||||||
|
|
||||||
@@ -124,4 +125,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
|
|||||||
{
|
{
|
||||||
return (FreezeService)getService(FREEZE_SERVICE);
|
return (FreezeService)getService(FREEZE_SERVICE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getExtendedSecurityService()
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public ExtendedSecurityService getExtendedSecurityService()
|
||||||
|
{
|
||||||
|
return (ExtendedSecurityService)getService(EXTENDED_SECURITY_SERVICE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
|
|||||||
import org.alfresco.model.ContentModel;
|
import org.alfresco.model.ContentModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.identifier.IdentifierService;
|
import org.alfresco.module.org_alfresco_module_rm.identifier.IdentifierService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
|
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
|
||||||
import org.alfresco.service.cmr.dictionary.AspectDefinition;
|
import org.alfresco.service.cmr.dictionary.AspectDefinition;
|
||||||
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
||||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||||
@@ -46,211 +46,188 @@ import org.alfresco.util.ParameterCheck;
|
|||||||
*/
|
*/
|
||||||
public class RecordServiceImpl implements RecordService, RecordsManagementModel
|
public class RecordServiceImpl implements RecordService, RecordsManagementModel
|
||||||
{
|
{
|
||||||
/** Node service **/
|
/** Node service **/
|
||||||
private NodeService nodeService;
|
private NodeService nodeService;
|
||||||
|
|
||||||
/** Indentiy service */
|
/** Indentiy service */
|
||||||
private IdentifierService identifierService;
|
private IdentifierService identifierService;
|
||||||
|
|
||||||
/** Dictionary service */
|
/** Dictionary service */
|
||||||
private DictionaryService dictionaryService;
|
private DictionaryService dictionaryService;
|
||||||
|
|
||||||
// /** Policy component */
|
/** Permission service */
|
||||||
// private PolicyComponent policyComponent;
|
private PermissionService permissionService;
|
||||||
|
|
||||||
/** Permission service */
|
/** Extended security service */
|
||||||
private PermissionService permissionService;
|
private ExtendedSecurityService extendedSecurityService;
|
||||||
|
|
||||||
/** Records management security service */
|
/** List of available record meta-data aspects */
|
||||||
private RecordsManagementSecurityService recordsManagementSecurityService;
|
private Set<QName> recordMetaDataAspects;
|
||||||
|
|
||||||
/** List of available record meta-data aspects */
|
/**
|
||||||
private Set<QName> recordMetaDataAspects;
|
* @param nodeService node service
|
||||||
|
*/
|
||||||
|
public void setNodeService(NodeService nodeService)
|
||||||
|
{
|
||||||
|
this.nodeService = nodeService;
|
||||||
|
}
|
||||||
|
|
||||||
public void setNodeService(NodeService nodeService)
|
/**
|
||||||
{
|
* @param identifierService identifier service
|
||||||
this.nodeService = nodeService;
|
*/
|
||||||
}
|
public void setIdentifierService(IdentifierService identifierService)
|
||||||
|
{
|
||||||
|
this.identifierService = identifierService;
|
||||||
|
}
|
||||||
|
|
||||||
public void setIdentifierService(IdentifierService identifierService)
|
/**
|
||||||
{
|
* @param dictionaryService dictionary service
|
||||||
this.identifierService = identifierService;
|
*/
|
||||||
}
|
public void setDictionaryService(DictionaryService dictionaryService)
|
||||||
|
{
|
||||||
|
this.dictionaryService = dictionaryService;
|
||||||
|
}
|
||||||
|
|
||||||
public void setDictionaryService(DictionaryService dictionaryService)
|
/**
|
||||||
{
|
* @param permissionService permission service
|
||||||
this.dictionaryService = dictionaryService;
|
*/
|
||||||
}
|
public void setPermissionService(PermissionService permissionService)
|
||||||
|
{
|
||||||
|
this.permissionService = permissionService;
|
||||||
|
}
|
||||||
|
|
||||||
// public void setPolicyComponent(PolicyComponent policyComponent)
|
/**
|
||||||
// {
|
* @param extendedSecurityService extended security service
|
||||||
// this.policyComponent = policyComponent;
|
*/
|
||||||
// }
|
public void setExtendedSecurityService(ExtendedSecurityService extendedSecurityService)
|
||||||
|
{
|
||||||
|
this.extendedSecurityService = extendedSecurityService;
|
||||||
|
}
|
||||||
|
|
||||||
public void setPermissionService(PermissionService permissionService)
|
public void init()
|
||||||
{
|
{
|
||||||
this.permissionService = permissionService;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRecordsManagementSecurityService(RecordsManagementSecurityService recordsManagementSecurityService)
|
}
|
||||||
{
|
|
||||||
this.recordsManagementSecurityService = recordsManagementSecurityService;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init()
|
/**
|
||||||
{
|
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects()
|
||||||
// policyComponent.bindAssociationBehaviour(
|
*/
|
||||||
// QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateChildAssociation"),
|
@Override
|
||||||
// TYPE_UNFILED_RECORD_CONTAINER,
|
public Set<QName> getRecordMetaDataAspects()
|
||||||
// ContentModel.ASSOC_CONTAINS,
|
{
|
||||||
// new JavaBehaviour(this, "onCreateNewRecord", NotificationFrequency.TRANSACTION_COMMIT));
|
if (recordMetaDataAspects == null)
|
||||||
}
|
{
|
||||||
|
recordMetaDataAspects = new HashSet<QName>(7);
|
||||||
// public void onCreateNewRecord(final ChildAssociationRef childAssocRef, boolean bNew)
|
Collection<QName> aspects = dictionaryService.getAllAspects();
|
||||||
// {
|
for (QName aspect : aspects)
|
||||||
// AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
|
||||||
// {
|
|
||||||
// @Override
|
|
||||||
// public Void doWork() throws Exception
|
|
||||||
// {
|
|
||||||
// NodeRef nodeRef = childAssocRef.getChildRef();
|
|
||||||
// if (nodeService.exists(nodeRef) == true)
|
|
||||||
// {
|
|
||||||
// QName type = nodeService.getType(nodeRef);
|
|
||||||
// if (ContentModel.TYPE_CONTENT.equals(type) == true ||
|
|
||||||
// dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT) == true)
|
|
||||||
// {
|
|
||||||
// makeRecord(nodeRef);
|
|
||||||
// }
|
|
||||||
// else
|
|
||||||
// {
|
|
||||||
// throw new AlfrescoRuntimeException("Only content can be created as a record.");
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// return null;
|
|
||||||
// }
|
|
||||||
// });
|
|
||||||
// }
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects()
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public Set<QName> getRecordMetaDataAspects()
|
|
||||||
{
|
|
||||||
if (recordMetaDataAspects == null)
|
|
||||||
{
|
|
||||||
recordMetaDataAspects = new HashSet<QName>(7);
|
|
||||||
Collection<QName> aspects = dictionaryService.getAllAspects();
|
|
||||||
for (QName aspect : aspects)
|
|
||||||
{
|
|
||||||
AspectDefinition def = dictionaryService.getAspect(aspect);
|
|
||||||
if (def != null)
|
|
||||||
{
|
{
|
||||||
QName parent = def.getParentName();
|
AspectDefinition def = dictionaryService.getAspect(aspect);
|
||||||
if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true)
|
if (def != null)
|
||||||
{
|
{
|
||||||
recordMetaDataAspects.add(aspect);
|
QName parent = def.getParentName();
|
||||||
}
|
if (parent != null && ASPECT_RECORD_META_DATA.equals(parent) == true)
|
||||||
|
{
|
||||||
|
recordMetaDataAspects.add(aspect);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
return recordMetaDataAspects;
|
||||||
return recordMetaDataAspects;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef)
|
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecord(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isRecord(NodeRef nodeRef)
|
public boolean isRecord(NodeRef nodeRef)
|
||||||
{
|
{
|
||||||
ParameterCheck.mandatory("nodeRef", nodeRef);
|
ParameterCheck.mandatory("nodeRef", nodeRef);
|
||||||
|
|
||||||
return nodeService.hasAspect(nodeRef, ASPECT_RECORD);
|
return nodeService.hasAspect(nodeRef, ASPECT_RECORD);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef)
|
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isDeclared(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isDeclared(NodeRef record)
|
public boolean isDeclared(NodeRef record)
|
||||||
{
|
{
|
||||||
ParameterCheck.mandatory("record", record);
|
ParameterCheck.mandatory("record", record);
|
||||||
|
|
||||||
return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD);
|
return nodeService.hasAspect(record, ASPECT_DECLARED_RECORD);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
|
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#createRecordFromDocument(org.alfresco.service.cmr.repository.NodeRef,
|
||||||
*/
|
* org.alfresco.service.cmr.repository.NodeRef)
|
||||||
@Override
|
*/
|
||||||
public void createRecordFromDocument(NodeRef filePlan, NodeRef document)
|
@Override
|
||||||
{
|
public void createRecordFromDocument(NodeRef filePlan, NodeRef document)
|
||||||
ParameterCheck.mandatory("filePlan", filePlan);
|
{
|
||||||
ParameterCheck.mandatory("document", document);
|
ParameterCheck.mandatory("filePlan", filePlan);
|
||||||
|
ParameterCheck.mandatory("document", document);
|
||||||
|
|
||||||
// skip everything if the document is already a record
|
// skip everything if the document is already a record
|
||||||
if (nodeService.hasAspect(document, ASPECT_RECORD) == false)
|
if (nodeService.hasAspect(document, ASPECT_RECORD) == false)
|
||||||
{
|
{
|
||||||
// get the new record container for the file plan
|
// get the new record container for the file plan
|
||||||
NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan);
|
NodeRef newRecordContainer = getUnfiledRecordContainer(filePlan);
|
||||||
if (newRecordContainer == null)
|
if (newRecordContainer == null) { throw new AlfrescoRuntimeException(
|
||||||
{
|
"Unable to create record, because new record container could not be found."); }
|
||||||
throw new AlfrescoRuntimeException("Unable to create record, because new record container could not be found.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// get the documents primary parent assoc
|
// get the documents primary parent assoc
|
||||||
ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document);
|
ChildAssociationRef parentAssoc = nodeService.getPrimaryParent(document);
|
||||||
|
|
||||||
// move the document into the file plan
|
// move the document into the file plan
|
||||||
nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName());
|
nodeService.moveNode(document, newRecordContainer, ContentModel.ASSOC_CONTAINS, parentAssoc.getQName());
|
||||||
|
|
||||||
// maintain the original primary location
|
// maintain the original primary location
|
||||||
nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc.getQName());
|
nodeService.addChild(parentAssoc.getParentRef(), document, parentAssoc.getTypeQName(), parentAssoc
|
||||||
|
.getQName());
|
||||||
|
|
||||||
// make the document a record
|
// make the document a record
|
||||||
makeRecord(document);
|
makeRecord(document);
|
||||||
|
|
||||||
// get the documents readers
|
// get the documents readers
|
||||||
Long aclId = nodeService.getNodeAclId(document);
|
Long aclId = nodeService.getNodeAclId(document);
|
||||||
Set<String> readers = permissionService.getReaders(aclId);
|
Set<String> readers = permissionService.getReaders(aclId);
|
||||||
|
|
||||||
// set the readers
|
// set the readers
|
||||||
recordsManagementSecurityService.setExtendedReaders(document, readers);
|
extendedSecurityService.setExtendedReaders(document, readers);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef)
|
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getUnfiledRecordContainer(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public NodeRef getUnfiledRecordContainer(NodeRef filePlan)
|
public NodeRef getUnfiledRecordContainer(NodeRef filePlan)
|
||||||
{
|
{
|
||||||
ParameterCheck.mandatory("filePlan", filePlan);
|
ParameterCheck.mandatory("filePlan", filePlan);
|
||||||
|
|
||||||
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS, RegexQNamePattern.MATCH_ALL);
|
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(filePlan, ASSOC_UNFILED_RECORDS,
|
||||||
if (assocs.size() != 1)
|
RegexQNamePattern.MATCH_ALL);
|
||||||
{
|
if (assocs.size() != 1) { throw new AlfrescoRuntimeException(
|
||||||
throw new AlfrescoRuntimeException("Error getting the unfiled container, because the container cannot be indentified.");
|
"Error getting the unfiled container, because the container cannot be indentified."); }
|
||||||
}
|
|
||||||
|
|
||||||
return assocs.get(0).getChildRef();
|
return assocs.get(0).getChildRef();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper Methods
|
* Helper Methods
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a record from the given document
|
* Creates a record from the given document
|
||||||
*
|
*
|
||||||
* @param document the document from which a record will be created
|
* @param document the document from which a record will be created
|
||||||
*/
|
*/
|
||||||
private void makeRecord(NodeRef document)
|
private void makeRecord(NodeRef document)
|
||||||
{
|
{
|
||||||
nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null);
|
nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, null);
|
||||||
|
|
||||||
String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document).getParentRef());
|
String recordId = identifierService.generateIdentifier(ASPECT_RECORD, nodeService.getPrimaryParent(document)
|
||||||
nodeService.setProperty(document, PROP_IDENTIFIER, recordId);
|
.getParentRef());
|
||||||
}
|
nodeService.setProperty(document, PROP_IDENTIFIER, recordId);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -47,8 +47,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
|
|||||||
/** Authority service */
|
/** Authority service */
|
||||||
private AuthorityService authorityService;
|
private AuthorityService authorityService;
|
||||||
|
|
||||||
/** Records management security service */
|
/** Extended security service */
|
||||||
private RecordsManagementSecurityService recordsManagementSecurityService;
|
private ExtendedSecurityService extendedSecurityService;
|
||||||
|
|
||||||
/** Node service */
|
/** Node service */
|
||||||
private NodeService nodeService;
|
private NodeService nodeService;
|
||||||
@@ -72,15 +72,15 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return records management security service
|
* @return extended security service
|
||||||
*/
|
*/
|
||||||
public RecordsManagementSecurityService getRecordsManagementSecurityService()
|
public ExtendedSecurityService getExtendedSecurityService()
|
||||||
{
|
{
|
||||||
if (recordsManagementSecurityService == null)
|
if (extendedSecurityService == null)
|
||||||
{
|
{
|
||||||
recordsManagementSecurityService = (RecordsManagementSecurityService)applicationContext.getBean("recordsManagementSecurityService");
|
extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("extendedSecurityService");
|
||||||
}
|
}
|
||||||
return recordsManagementSecurityService;
|
return extendedSecurityService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -123,7 +123,7 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
|
|||||||
|
|
||||||
if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == true)
|
if (getNodeService().hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == true)
|
||||||
{
|
{
|
||||||
Set<String> readers = getRecordsManagementSecurityService().getExtendedReaders(nodeRef);
|
Set<String> readers = getExtendedSecurityService().getExtendedReaders(nodeRef);
|
||||||
if (readers != null)
|
if (readers != null)
|
||||||
{
|
{
|
||||||
for (String reader : readers)
|
for (String reader : readers)
|
||||||
@@ -167,6 +167,8 @@ public class ExtendedReaderDynamicAuthority implements DynamicAuthority,
|
|||||||
@Override
|
@Override
|
||||||
public Set<PermissionReference> requiredFor()
|
public Set<PermissionReference> requiredFor()
|
||||||
{
|
{
|
||||||
|
// TODO ... should we set something here? ReadRecord?
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,94 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2005-2012 Alfresco Software Limited.
|
||||||
|
*
|
||||||
|
* This file is part of Alfresco
|
||||||
|
*
|
||||||
|
* Alfresco is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Lesser General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Alfresco is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public License
|
||||||
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
package org.alfresco.module.org_alfresco_module_rm.security;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extended security service.
|
||||||
|
*
|
||||||
|
* @author Roy Wetherall
|
||||||
|
* @since 2.1
|
||||||
|
*/
|
||||||
|
public interface ExtendedSecurityService
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Indicates whether the node has any extended readers set or not.
|
||||||
|
*
|
||||||
|
* @param nodeRef node reference
|
||||||
|
* @return boolean true if the node has extended readers set, false otherwise
|
||||||
|
*/
|
||||||
|
boolean hasExtendedReaders(NodeRef nodeRef);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the set authorities that are extended readers for the given node.
|
||||||
|
*
|
||||||
|
* @param nodeRef node reference
|
||||||
|
* @return {@link Set}<{@link String}> extended readers
|
||||||
|
*/
|
||||||
|
Set<String> getExtendedReaders(NodeRef nodeRef);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the authorities that are extended readers on the node. Applies extended readers to
|
||||||
|
* file plan parent hierarchy.
|
||||||
|
*
|
||||||
|
* @param nodeRef node reference
|
||||||
|
* @param readers extended readers
|
||||||
|
*/
|
||||||
|
void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
* @param readers
|
||||||
|
* @param applyToParents
|
||||||
|
*/
|
||||||
|
void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
* @param readers
|
||||||
|
*/
|
||||||
|
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
* @param readers
|
||||||
|
* @param applyToParents
|
||||||
|
*/
|
||||||
|
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
*/
|
||||||
|
void removeAllExtendedReaders(NodeRef nodeRef);
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
* @param applyToParents
|
||||||
|
*/
|
||||||
|
void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents);
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,347 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2005-2012 Alfresco Software Limited.
|
||||||
|
*
|
||||||
|
* This file is part of Alfresco
|
||||||
|
*
|
||||||
|
* Alfresco is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Lesser General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Alfresco is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public License
|
||||||
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
package org.alfresco.module.org_alfresco_module_rm.security;
|
||||||
|
|
||||||
|
import java.io.Serializable;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.alfresco.model.RenditionModel;
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
||||||
|
import org.alfresco.repo.node.NodeServicePolicies;
|
||||||
|
import org.alfresco.repo.policy.JavaBehaviour;
|
||||||
|
import org.alfresco.repo.policy.PolicyComponent;
|
||||||
|
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||||
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||||
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||||
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||||
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
|
import org.alfresco.service.namespace.RegexQNamePattern;
|
||||||
|
import org.alfresco.util.ParameterCheck;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extended security service implementation.
|
||||||
|
*
|
||||||
|
* @author Roy Wetherall
|
||||||
|
* @since 2.1
|
||||||
|
*/
|
||||||
|
public class ExtendedSecurityServiceImpl implements ExtendedSecurityService,
|
||||||
|
RecordsManagementModel,
|
||||||
|
NodeServicePolicies.OnMoveNodePolicy
|
||||||
|
{
|
||||||
|
/** Policy component */
|
||||||
|
private PolicyComponent policyComponent;
|
||||||
|
|
||||||
|
/** Node service */
|
||||||
|
private NodeService nodeService;
|
||||||
|
|
||||||
|
/** Records management service */
|
||||||
|
private RecordsManagementService recordsManagementService;
|
||||||
|
|
||||||
|
/** Record service */
|
||||||
|
private RecordService recordService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param policyComponent policy component
|
||||||
|
*/
|
||||||
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
||||||
|
{
|
||||||
|
this.policyComponent = policyComponent;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param recordService record service
|
||||||
|
*/
|
||||||
|
public void setRecordService(RecordService recordService)
|
||||||
|
{
|
||||||
|
this.recordService = recordService;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param recordsManagementService records management service
|
||||||
|
*/
|
||||||
|
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
|
||||||
|
{
|
||||||
|
this.recordsManagementService = recordsManagementService;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param nodeService node service
|
||||||
|
*/
|
||||||
|
public void setNodeService(NodeService nodeService)
|
||||||
|
{
|
||||||
|
this.nodeService = nodeService;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Init method
|
||||||
|
*/
|
||||||
|
public void init()
|
||||||
|
{
|
||||||
|
policyComponent.bindClassBehaviour(
|
||||||
|
NodeServicePolicies.OnMoveNodePolicy.QNAME,
|
||||||
|
ASPECT_EXTENDED_READERS,
|
||||||
|
new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public boolean hasExtendedReaders(NodeRef nodeRef)
|
||||||
|
{
|
||||||
|
boolean result = false;
|
||||||
|
Set<String> extendedReaders = getExtendedReaders(nodeRef);
|
||||||
|
if (extendedReaders != null && extendedReaders.size() != 0)
|
||||||
|
{
|
||||||
|
result = true;
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
@Override
|
||||||
|
public Set<String> getExtendedReaders(NodeRef nodeRef)
|
||||||
|
{
|
||||||
|
Set<String> result = null;
|
||||||
|
|
||||||
|
Map<String, Integer> readerMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
|
||||||
|
if (readerMap != null)
|
||||||
|
{
|
||||||
|
result = readerMap.keySet();
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void setExtendedReaders(NodeRef nodeRef, Set<String> readers)
|
||||||
|
{
|
||||||
|
setExtendedReaders(nodeRef, readers, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
@Override
|
||||||
|
public void setExtendedReaders(NodeRef nodeRef, java.util.Set<String> readers, boolean applyToParents)
|
||||||
|
{
|
||||||
|
ParameterCheck.mandatory("nodeRef", nodeRef);
|
||||||
|
ParameterCheck.mandatory("readers", readers);
|
||||||
|
ParameterCheck.mandatory("applyToParents", applyToParents);
|
||||||
|
|
||||||
|
if (nodeRef != null && readers.isEmpty() == false)
|
||||||
|
{
|
||||||
|
// add the aspect if missing
|
||||||
|
if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false)
|
||||||
|
{
|
||||||
|
nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
// get reader map
|
||||||
|
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
|
||||||
|
if (readersMap == null)
|
||||||
|
{
|
||||||
|
// create reader map
|
||||||
|
readersMap = new HashMap<String, Integer>(7);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (String reader : readers)
|
||||||
|
{
|
||||||
|
if (readersMap.containsKey(reader) == true)
|
||||||
|
{
|
||||||
|
// increment reference count
|
||||||
|
Integer count = readersMap.get(reader);
|
||||||
|
readersMap.put(reader, Integer.valueOf(count.intValue()+1));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// add reader with initial count
|
||||||
|
readersMap.put(reader, Integer.valueOf(1));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// set the readers property (this will in turn apply the aspect if required)
|
||||||
|
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
|
||||||
|
|
||||||
|
// apply the readers to any renditions of the content
|
||||||
|
if (recordService.isRecord(nodeRef) == true)
|
||||||
|
{
|
||||||
|
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
|
||||||
|
for (ChildAssociationRef assoc : assocs)
|
||||||
|
{
|
||||||
|
NodeRef child = assoc.getChildRef();
|
||||||
|
setExtendedReaders(child, readers, false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (applyToParents == true)
|
||||||
|
{
|
||||||
|
// apply the extended readers up the file plan primary hierarchy
|
||||||
|
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
|
||||||
|
if (parent != null &&
|
||||||
|
recordsManagementService.isFilePlanComponent(parent) == true)
|
||||||
|
{
|
||||||
|
setExtendedReaders(parent, readers);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers)
|
||||||
|
{
|
||||||
|
removeExtendedReaders(nodeRef, readers, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents)
|
||||||
|
{
|
||||||
|
if (hasExtendedReaders(nodeRef) == true)
|
||||||
|
{
|
||||||
|
removeExtendedReadersImpl(nodeRef, readers);
|
||||||
|
|
||||||
|
// remove the readers from any renditions of the content
|
||||||
|
if (recordService.isRecord(nodeRef) == true)
|
||||||
|
{
|
||||||
|
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
|
||||||
|
for (ChildAssociationRef assoc : assocs)
|
||||||
|
{
|
||||||
|
NodeRef child = assoc.getChildRef();
|
||||||
|
removeExtendedReadersImpl(child, readers);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (applyToParents == true)
|
||||||
|
{
|
||||||
|
// apply the extended readers up the file plan primary hierarchy
|
||||||
|
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
|
||||||
|
if (parent != null &&
|
||||||
|
recordsManagementService.isFilePlanComponent(parent) == true)
|
||||||
|
{
|
||||||
|
removeExtendedReaders(parent, readers, applyToParents);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param nodeRef
|
||||||
|
* @param readers
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
private void removeExtendedReadersImpl(NodeRef nodeRef, Set<String> readers)
|
||||||
|
{
|
||||||
|
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
|
||||||
|
|
||||||
|
for (String reader : readers)
|
||||||
|
{
|
||||||
|
Integer readerCount = readersMap.get(reader);
|
||||||
|
if (readerCount != null)
|
||||||
|
{
|
||||||
|
if (readerCount == 1)
|
||||||
|
{
|
||||||
|
readersMap.remove(reader);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
readersMap.put(reader, Integer.valueOf(readerCount.intValue()-1));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (readersMap.isEmpty() == true)
|
||||||
|
{
|
||||||
|
readersMap = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void removeAllExtendedReaders(NodeRef nodeRef)
|
||||||
|
{
|
||||||
|
removeAllExtendedReaders(nodeRef, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, boolean)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void removeAllExtendedReaders(NodeRef nodeRef, boolean applyToParents)
|
||||||
|
{
|
||||||
|
if (hasExtendedReaders(nodeRef) == true)
|
||||||
|
{
|
||||||
|
Set<String> readers = getExtendedReaders(nodeRef);
|
||||||
|
if (readers != null && readers.isEmpty() == false)
|
||||||
|
{
|
||||||
|
removeExtendedReaders(nodeRef, readers);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.repo.node.NodeServicePolicies.OnMoveNodePolicy#onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef, org.alfresco.service.cmr.repository.ChildAssociationRef)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc)
|
||||||
|
{
|
||||||
|
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||||
|
{
|
||||||
|
@Override
|
||||||
|
public Void doWork() throws Exception
|
||||||
|
{
|
||||||
|
NodeRef record = newAssoc.getChildRef();
|
||||||
|
NodeRef newParent = newAssoc.getParentRef();
|
||||||
|
NodeRef oldParent = origAssoc.getParentRef();
|
||||||
|
|
||||||
|
Set<String> readers = getExtendedReaders(record);
|
||||||
|
if (readers != null && readers.size() != 0)
|
||||||
|
{
|
||||||
|
setExtendedReaders(newParent, readers);
|
||||||
|
removeExtendedReadersImpl(oldParent, readers);
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -152,56 +152,4 @@ public interface RecordsManagementSecurityService
|
|||||||
* @param permission permission
|
* @param permission permission
|
||||||
*/
|
*/
|
||||||
void deletePermission(NodeRef nodeRef, String authority, String permission);
|
void deletePermission(NodeRef nodeRef, String authority, String permission);
|
||||||
|
|
||||||
/**
|
|
||||||
* Indicates whether the node has any extended readers set or not.
|
|
||||||
*
|
|
||||||
* @param nodeRef node reference
|
|
||||||
* @return boolean true if the node has extended readers set, false otherwise
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
boolean hasExtendedReaders(NodeRef nodeRef);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the set authorities that are extended readers for the given node.
|
|
||||||
*
|
|
||||||
* @param nodeRef node reference
|
|
||||||
* @return {@link Set}<{@link String}> extended readers
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
Set<String> getExtendedReaders(NodeRef nodeRef);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the authorities that are extended readers on the node. Applies extended readers to
|
|
||||||
* file plan parent hierarchy.
|
|
||||||
*
|
|
||||||
* @param nodeRef node reference
|
|
||||||
* @param readers extended readers
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
void setExtendedReaders(NodeRef nodeRef, Set<String> readers);
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @param nodeRef
|
|
||||||
* @param readers
|
|
||||||
* @param applyToParents
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
void setExtendedReaders(NodeRef nodeRef, Set<String> readers, boolean applyToParents);
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @param nodeRef
|
|
||||||
* @param readers
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
void removeExtendedReaders(NodeRef nodeRef, Set<String> readers);
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @param nodeRef
|
|
||||||
* @since 2.1
|
|
||||||
*/
|
|
||||||
void removeAllExtendedReaders(NodeRef nodeRef);
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -31,7 +31,6 @@ import java.util.Set;
|
|||||||
|
|
||||||
import org.alfresco.error.AlfrescoRuntimeException;
|
import org.alfresco.error.AlfrescoRuntimeException;
|
||||||
import org.alfresco.model.ContentModel;
|
import org.alfresco.model.ContentModel;
|
||||||
import org.alfresco.model.RenditionModel;
|
|
||||||
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
|
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
|
||||||
@@ -43,7 +42,6 @@ import org.alfresco.repo.policy.JavaBehaviour;
|
|||||||
import org.alfresco.repo.policy.PolicyComponent;
|
import org.alfresco.repo.policy.PolicyComponent;
|
||||||
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
||||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeService;
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
@@ -61,9 +59,6 @@ import org.apache.commons.logging.LogFactory;
|
|||||||
import org.json.JSONArray;
|
import org.json.JSONArray;
|
||||||
import org.json.JSONException;
|
import org.json.JSONException;
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
import org.springframework.beans.BeansException;
|
|
||||||
import org.springframework.context.ApplicationContext;
|
|
||||||
import org.springframework.context.ApplicationContextAware;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Records management permission service implementation
|
* Records management permission service implementation
|
||||||
@@ -71,9 +66,7 @@ import org.springframework.context.ApplicationContextAware;
|
|||||||
* @author Roy Wetherall
|
* @author Roy Wetherall
|
||||||
*/
|
*/
|
||||||
public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService,
|
public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService,
|
||||||
RecordsManagementModel,
|
RecordsManagementModel
|
||||||
ApplicationContextAware,
|
|
||||||
NodeServicePolicies.OnMoveNodePolicy
|
|
||||||
|
|
||||||
{
|
{
|
||||||
/** Capability service */
|
/** Capability service */
|
||||||
@@ -106,18 +99,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
|
|||||||
/** Logger */
|
/** Logger */
|
||||||
private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class);
|
private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class);
|
||||||
|
|
||||||
/** Application context */
|
|
||||||
private ApplicationContext applicationContext;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
|
||||||
{
|
|
||||||
this.applicationContext = applicationContext;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the capability service
|
* Set the capability service
|
||||||
*
|
*
|
||||||
@@ -209,11 +190,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
|
|||||||
NodeServicePolicies.OnCreateNodePolicy.QNAME,
|
NodeServicePolicies.OnCreateNodePolicy.QNAME,
|
||||||
TYPE_RECORD_FOLDER,
|
TYPE_RECORD_FOLDER,
|
||||||
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
|
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
|
||||||
|
|
||||||
policyComponent.bindClassBehaviour(
|
|
||||||
NodeServicePolicies.OnMoveNodePolicy.QNAME,
|
|
||||||
ASPECT_RECORD,
|
|
||||||
new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -570,6 +546,13 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
|
|||||||
}, AuthenticationUtil.getSystemUserName());
|
}, AuthenticationUtil.getSystemUserName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method to convert a stream to a string.
|
||||||
|
*
|
||||||
|
* @param is input stream
|
||||||
|
* @return {@link String} string
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
public String convertStreamToString(InputStream is) throws IOException
|
public String convertStreamToString(InputStream is) throws IOException
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@@ -762,6 +745,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
|
||||||
|
*
|
||||||
|
* TODO .. change this to check a property of the role its self
|
||||||
*/
|
*/
|
||||||
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
|
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
|
||||||
{
|
{
|
||||||
@@ -1031,163 +1016,4 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
|
|||||||
}
|
}
|
||||||
}, AuthenticationUtil.getSystemUserName());
|
}, AuthenticationUtil.getSystemUserName());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public boolean hasExtendedReaders(NodeRef nodeRef)
|
|
||||||
{
|
|
||||||
boolean result = false;
|
|
||||||
Set<String> extendedReaders = getExtendedReaders(nodeRef);
|
|
||||||
if (extendedReaders != null && extendedReaders.size() != 0)
|
|
||||||
{
|
|
||||||
result = true;
|
|
||||||
}
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
|
||||||
*/
|
|
||||||
@SuppressWarnings("unchecked")
|
|
||||||
@Override
|
|
||||||
public Set<String> getExtendedReaders(NodeRef nodeRef)
|
|
||||||
{
|
|
||||||
NodeService nodeService = (NodeService)applicationContext.getBean("nodeService");
|
|
||||||
Set<String> result = null;
|
|
||||||
|
|
||||||
Map<String, Integer> readerMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
|
|
||||||
if (readerMap != null)
|
|
||||||
{
|
|
||||||
result = readerMap.keySet();
|
|
||||||
}
|
|
||||||
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public void setExtendedReaders(NodeRef nodeRef, Set<String> readers)
|
|
||||||
{
|
|
||||||
setExtendedReaders(nodeRef, readers, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setExtendedReaders(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, boolean)
|
|
||||||
*/
|
|
||||||
@SuppressWarnings("unchecked")
|
|
||||||
@Override
|
|
||||||
public void setExtendedReaders(NodeRef nodeRef, java.util.Set<String> readers, boolean applyToParents)
|
|
||||||
{
|
|
||||||
ParameterCheck.mandatory("nodeRef", nodeRef);
|
|
||||||
ParameterCheck.mandatory("readers", readers);
|
|
||||||
|
|
||||||
NodeService nodeService = (NodeService)applicationContext.getBean("nodeService");
|
|
||||||
RecordsManagementService recordsManagementService = (RecordsManagementService)applicationContext.getBean("recordsManagementService");
|
|
||||||
|
|
||||||
if (nodeRef != null &&
|
|
||||||
readers.isEmpty() == false)
|
|
||||||
{
|
|
||||||
// add the aspect if missing
|
|
||||||
if (nodeService.hasAspect(nodeRef, ASPECT_EXTENDED_READERS) == false)
|
|
||||||
{
|
|
||||||
nodeService.addAspect(nodeRef, ASPECT_EXTENDED_READERS, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
// get reader map
|
|
||||||
Map<String, Integer> readersMap = (Map<String, Integer>)nodeService.getProperty(nodeRef, PROP_READERS);
|
|
||||||
if (readersMap == null)
|
|
||||||
{
|
|
||||||
// create reader map
|
|
||||||
readersMap = new HashMap<String, Integer>(7);
|
|
||||||
}
|
|
||||||
|
|
||||||
for (String reader : readers)
|
|
||||||
{
|
|
||||||
if (readersMap.containsKey(reader) == true)
|
|
||||||
{
|
|
||||||
// increment reference count
|
|
||||||
Integer count = readersMap.get(reader);
|
|
||||||
readersMap.put(reader, Integer.valueOf(count.intValue()+1));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// add reader with initial count
|
|
||||||
readersMap.put(reader, Integer.valueOf(1));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// set the readers property (this will in turn apply the aspect if required)
|
|
||||||
nodeService.setProperty(nodeRef, PROP_READERS, (Serializable)readersMap);
|
|
||||||
|
|
||||||
// apply the readers to any renditions of the content
|
|
||||||
if (recordsManagementService.isRecord(nodeRef) == true)
|
|
||||||
{
|
|
||||||
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL);
|
|
||||||
for (ChildAssociationRef assoc : assocs)
|
|
||||||
{
|
|
||||||
NodeRef child = assoc.getChildRef();
|
|
||||||
setExtendedReaders(child, readers, false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (applyToParents == true)
|
|
||||||
{
|
|
||||||
// apply the extended readers up the file plan primary hierarchy
|
|
||||||
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
|
|
||||||
if (parent != null &&
|
|
||||||
recordsManagementService.isFilePlanComponent(parent) == true)
|
|
||||||
{
|
|
||||||
setExtendedReaders(parent, readers);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void removeExtendedReaders(NodeRef nodeRef, Set<String> readers)
|
|
||||||
{
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#removeAllExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public void removeAllExtendedReaders(NodeRef nodeRef)
|
|
||||||
{
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void onMoveNode(final ChildAssociationRef origAssoc, final ChildAssociationRef newAssoc)
|
|
||||||
{
|
|
||||||
// TODO temp solution for demo
|
|
||||||
|
|
||||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
|
||||||
{
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Void doWork() throws Exception
|
|
||||||
{
|
|
||||||
NodeRef record = newAssoc.getChildRef();
|
|
||||||
NodeRef parent = newAssoc.getParentRef();
|
|
||||||
|
|
||||||
Set<String> readers = getExtendedReaders(record);
|
|
||||||
if (readers != null && readers.size() != 0)
|
|
||||||
{
|
|
||||||
setExtendedReaders(parent, readers);
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}});
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import java.util.HashSet;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
|
|
||||||
@@ -14,8 +15,10 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
|||||||
*
|
*
|
||||||
* @author Roy Wetherall
|
* @author Roy Wetherall
|
||||||
*/
|
*/
|
||||||
public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
public class ExtendedSecurityServiceImplTest extends BaseRMTestCase
|
||||||
{
|
{
|
||||||
|
private ExtendedSecurityService extendedSecurityService;
|
||||||
|
|
||||||
private NodeRef record;
|
private NodeRef record;
|
||||||
private NodeRef recordToo;
|
private NodeRef recordToo;
|
||||||
|
|
||||||
@@ -25,6 +28,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void initServices()
|
||||||
|
{
|
||||||
|
super.initServices();
|
||||||
|
|
||||||
|
extendedSecurityService = (ExtendedSecurityService)applicationContext.getBean("ExtendedSecurityService");
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void setupTestDataImpl()
|
protected void setupTestDataImpl()
|
||||||
{
|
{
|
||||||
@@ -33,35 +44,6 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
record = utils.createRecord(rmFolder, "record.txt");
|
record = utils.createRecord(rmFolder, "record.txt");
|
||||||
recordToo = utils.createRecord(rmFolder, "recordToo.txt");
|
recordToo = utils.createRecord(rmFolder, "recordToo.txt");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// TODO testGetProtectedAspects
|
|
||||||
|
|
||||||
// TODO getProtectedProperties
|
|
||||||
|
|
||||||
// TODO bootstrapDefaultRoles
|
|
||||||
|
|
||||||
// TODO getRoles
|
|
||||||
|
|
||||||
// TODO getRolesByUser
|
|
||||||
|
|
||||||
// TODO getRole
|
|
||||||
|
|
||||||
// TODO existsRole
|
|
||||||
|
|
||||||
// TODO hasRMAdminRole
|
|
||||||
|
|
||||||
// TODO createRole
|
|
||||||
|
|
||||||
// TODO updateRole
|
|
||||||
|
|
||||||
// TODO deleteRole
|
|
||||||
|
|
||||||
// TODO assignRoleToAuthority
|
|
||||||
|
|
||||||
// TODO setPermission
|
|
||||||
|
|
||||||
// TODO deletePermission
|
|
||||||
|
|
||||||
public void testExtendedReaders()
|
public void testExtendedReaders()
|
||||||
{
|
{
|
||||||
@@ -74,13 +56,13 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
assertFalse(hasExtendedReadersAspect(rmFolder));
|
assertFalse(hasExtendedReadersAspect(rmFolder));
|
||||||
assertFalse(hasExtendedReadersAspect(record));
|
assertFalse(hasExtendedReadersAspect(record));
|
||||||
|
|
||||||
assertNull(securityService.getExtendedReaders(record));
|
assertNull(extendedSecurityService.getExtendedReaders(record));
|
||||||
|
|
||||||
Set<String> extendedReaders = new HashSet<String>(2);
|
Set<String> extendedReaders = new HashSet<String>(2);
|
||||||
extendedReaders.add("monkey");
|
extendedReaders.add("monkey");
|
||||||
extendedReaders.add("elephant");
|
extendedReaders.add("elephant");
|
||||||
|
|
||||||
securityService.setExtendedReaders(record, extendedReaders);
|
extendedSecurityService.setExtendedReaders(record, extendedReaders);
|
||||||
|
|
||||||
Map<String, Integer> testMap = new HashMap<String, Integer>(2);
|
Map<String, Integer> testMap = new HashMap<String, Integer>(2);
|
||||||
testMap.put("monkey", Integer.valueOf(1));
|
testMap.put("monkey", Integer.valueOf(1));
|
||||||
@@ -95,7 +77,7 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
extendedReadersToo.add("monkey");
|
extendedReadersToo.add("monkey");
|
||||||
extendedReadersToo.add("snake");
|
extendedReadersToo.add("snake");
|
||||||
|
|
||||||
securityService.setExtendedReaders(recordToo, extendedReadersToo);
|
extendedSecurityService.setExtendedReaders(recordToo, extendedReadersToo);
|
||||||
|
|
||||||
Map<String, Integer> testMapToo = new HashMap<String, Integer>(2);
|
Map<String, Integer> testMapToo = new HashMap<String, Integer>(2);
|
||||||
testMapToo.put("monkey", Integer.valueOf(1));
|
testMapToo.put("monkey", Integer.valueOf(1));
|
||||||
@@ -111,6 +93,39 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
test(rmFolder, testMapThree);
|
test(rmFolder, testMapThree);
|
||||||
test(recordToo, testMapToo);
|
test(recordToo, testMapToo);
|
||||||
|
|
||||||
|
// test remove (with no parent inheritance)
|
||||||
|
|
||||||
|
Set<String> removeMap1 = new HashSet<String>(2);
|
||||||
|
removeMap1.add("elephant");
|
||||||
|
removeMap1.add("monkey");
|
||||||
|
|
||||||
|
extendedSecurityService.removeExtendedReaders(rmFolder, removeMap1, false);
|
||||||
|
|
||||||
|
Map<String, Integer> testMapFour = new HashMap<String, Integer>(2);
|
||||||
|
testMapFour.put("monkey", Integer.valueOf(1));
|
||||||
|
testMapFour.put("snake", Integer.valueOf(1));
|
||||||
|
|
||||||
|
test(filePlan, testMapThree);
|
||||||
|
test(rmContainer, testMapThree);
|
||||||
|
test(rmFolder, testMapFour);
|
||||||
|
test(recordToo, testMapToo);
|
||||||
|
|
||||||
|
// test remove (apply to parents)
|
||||||
|
|
||||||
|
Set<String> removeMap2 = new HashSet<String>(1);
|
||||||
|
removeMap2.add("snake");
|
||||||
|
|
||||||
|
extendedSecurityService.removeExtendedReaders(recordToo, removeMap2, true);
|
||||||
|
|
||||||
|
testMapThree.remove("snake");
|
||||||
|
testMapFour.remove("snake");
|
||||||
|
testMapToo.remove("snake");
|
||||||
|
|
||||||
|
test(filePlan, testMapThree);
|
||||||
|
test(rmContainer, testMapThree);
|
||||||
|
test(rmFolder, testMapFour);
|
||||||
|
test(recordToo, testMapToo);
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -131,22 +146,14 @@ public class RecordsManagementSecurityServiceImplTest extends BaseRMTestCase
|
|||||||
for (Map.Entry<String, Integer> entry: testMap.entrySet())
|
for (Map.Entry<String, Integer> entry: testMap.entrySet())
|
||||||
{
|
{
|
||||||
assertTrue(readersMap.containsKey(entry.getKey()));
|
assertTrue(readersMap.containsKey(entry.getKey()));
|
||||||
assertEquals(entry.getValue(), readersMap.get(entry.getKey()));
|
assertEquals(entry.getKey(), entry.getValue(), readersMap.get(entry.getKey()));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Set<String> readers = securityService.getExtendedReaders(nodeRef);
|
Set<String> readers = extendedSecurityService.getExtendedReaders(nodeRef);
|
||||||
assertNotNull(readers);
|
assertNotNull(readers);
|
||||||
assertEquals(testMap.size(), readers.size());
|
assertEquals(testMap.size(), readers.size());
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO getExtendedReaders
|
|
||||||
|
|
||||||
// TODO setExtendedReaders
|
|
||||||
|
|
||||||
// TODO removeExtendedReaders
|
|
||||||
|
|
||||||
// TODO removeAllExtendedReaders
|
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user