inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-3074: groups assigned to RM roles, not authorities

Browse Source 
* IPR groups are now assigned to RM roles rather than the individual
authorities
* more unit tests
This commit is contained in:
Roy Wetherall
2016-08-02 11:20:55 +10:00
parent 6756f0f841
commit 43a961237e
3 changed files with 416 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -45,8 +45,6 @@ import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.RMAuthority;
import org.alfresco.service.cmr.repository.DuplicateChildNodeNameException;

67
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
View File

@@ -224,14 +224,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public void addExtendedSecurity(NodeRef nodeRef, Set<String> readers, Set<String> writers)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
if (nodeRef != null)
{
addExtendedSecurityImpl(nodeRef, readers, writers);
// add to the extended security roles
addExtendedSecurityRoles(nodeRef, readers, writers);
}
// TODO what happens if the node already has some extended permissions assigned?!
// TODO need to clear existing groups and add new ones
// add extended security impl
addExtendedSecurityImpl(nodeRef, readers, writers);
}
/**
@@ -249,6 +247,11 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
// find groups
Pair<String, String> iprGroups = createOrFindIPRGroups(readers, writers);
// assign groups to correct fileplan roles
NodeRef filePlan = filePlanService.getFilePlan(nodeRef);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_READERS, iprGroups.first);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_WRITERS, iprGroups.second);
// assign groups to node
assignIPRGroupsToNode(iprGroups, nodeRef);
@@ -306,8 +309,9 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* the set of groups that require exact match. A further index is used to handle
* a situation where there is a hash clash, but a difference in the authority lists.
* <p>
* When no match is found the groups are created.
* When no match is found the groups are created. Once created
*
* @param filePlan file plan
* @param readers authorities with read
* @param writers authorities with write
* @return Pair<String, String> where first is the full name of the read group and
@@ -441,6 +445,8 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* Get IPR group short name.
* <p>
* Note this excludes the "GROUP_" prefix.
* <p>
* 'package' scope to help testing.
*
* @param prefix prefix
* @param readers read authorities
@@ -448,7 +454,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* @param index group index
* @return String group short name
*/
private String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, int index)
/*package*/ String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, int index)
{
return getIPRGroupShortName(prefix, readers, writers, Integer.toString(index));
}
@@ -511,7 +517,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
}
/**
* Creates new IPR groups.
* Creates new IPR groups and assigns then to the correct RM roles.
*
* @param readers read authorities
* @param writers write authorities
@@ -562,7 +568,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
}
/**
* Assign IPR groups to a node reference with the appropraite permissions.
* Assign IPR groups to a node reference with the correct permissions.
*
* @param iprGroups iprGroups, first read and second write
* @param nodeRef node reference
@@ -572,43 +578,6 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
permissionService.setPermission(nodeRef, iprGroups.first, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(nodeRef, iprGroups.second, RMPermissionModel.FILING, true);
}
/**
* Add authorities to extended security roles.
*
* @param nodeRef node reference
* @param readers read authorities
* @param writers write authorities
*/
private void addExtendedSecurityRoles(NodeRef nodeRef, Set<String> readers, Set<String> writers)
{
NodeRef filePlan = filePlanService.getFilePlan(nodeRef);
addExtendedSecurityRolesImpl(filePlan, readers, FilePlanRoleService.ROLE_EXTENDED_READERS);
addExtendedSecurityRolesImpl(filePlan, writers, FilePlanRoleService.ROLE_EXTENDED_WRITERS);
}
/**
* Add extended security roles implementation
*
* @param filePlan file plan
* @param authorities authorities
* @param roleName role name
*/
private void addExtendedSecurityRolesImpl(NodeRef filePlan, Set<String> authorities, String roleName)
{
if (authorities != null)
{
for (String authority : authorities)
{
if ((!authority.equals(PermissionService.ALL_AUTHORITIES) && !authority.equals(PermissionService.OWNER_AUTHORITY)))
{
// add the authority to the role
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, authority);
}
}
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#removeAllExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef)