inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.0 to HEAD

Browse Source 
11498: Improvements to DM ACL upgrade
   11502: Edit Details button text updated to Edit Site Details to avoid confusion
   11503: ETHREEOH-577 - It is possible to create empty comment at document details page
   11504: ETHREEOH-576 - Cannot create calendar event with name containing certain characters such as : /
   11505: Merged V2.2 to V3.0
      11337: Tidy up the deletion of unused ACEs when authorities are deleted - ETWOTWO-749
      11339: Fix permission checks under RunAs to use the effective user's groups - ETWOTWO-753
   11506: Fixed ETHREEOH-579: RuntimeExec can not handle commands and arguments that contains spaces

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12448 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2008-12-17 14:12:21 +00:00
parent 4669d51678
commit 46483f1c54
8 changed files with 285 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/java/org/alfresco/repo/content/transform/magick/ImageMagickContentTransformerTest.java
View File

@@ -47,7 +47,7 @@ public class ImageMagickContentTransformerTest extends AbstractContentTransforme
super.setUp();
RuntimeExec executer = new RuntimeExec();
executer.setCommand("imconvert.exe ${source} ${options} ${target}");
executer.setCommand(new String[] {"imconvert.exe", "${source}", "${options}", "${target}"});
executer.setDefaultProperties(Collections.singletonMap("options", ""));
transformer = new ImageMagickContentTransformer();

22
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java
View File

@@ -94,6 +94,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
static String QUERY_GET_ACES_AND_ACLS_BY_AUTHORITY = "permission.GetAcesAndAclsByAuthority";
static String QUERY_GET_ACES_BY_AUTHORITY = "permission.GetAcesByAuthority";
static String QUERY_GET_ACES_FOR_ACL = "permission.GetAcesForAcl";
static String QUERY_LOAD_ACL = "permission.LoadAcl";
@@ -855,6 +857,26 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
getHibernateTemplate().delete(ace);
}
// Tidy up any unreferenced ACEs
callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
{
Query query = session.getNamedQuery(QUERY_GET_ACES_BY_AUTHORITY);
query.setParameter("authority", authority);
return query.list();
}
};
List<DbAccessControlEntry> unreferenced = (List<DbAccessControlEntry>) getHibernateTemplate().execute(callback);
for (DbAccessControlEntry ace : unreferenced)
{
getHibernateTemplate().delete(ace);
}
// remove authority
callback = new HibernateCallback()

26
source/java/org/alfresco/repo/domain/hibernate/DMAccessControlListDAO.java
View File

@@ -206,7 +206,8 @@ public class DMAccessControlListDAO implements AccessControlListDAO
// Do the children first
DbAccessControlList existingAcl = getAccessControlList(nodeRef);
Long toInherit = inherited;
Long toInherit = null;
Long idToInheritFrom = null;
if (existingAcl != null)
{
@@ -229,13 +230,13 @@ public class DMAccessControlListDAO implements AccessControlListDAO
}
if (existingAcl.getInherits())
{
if (toInherit != null)
if (inherited != null)
{
aclDaoComponent.enableInheritance(id, toInherit);
aclDaoComponent.enableInheritance(id, inherited);
}
}
toInherit = aclDaoComponent.getInheritedAccessControlList(id);
idToInheritFrom = id;
setAccessControlList(nodeRef, newAcl);
}
@@ -256,20 +257,33 @@ public class DMAccessControlListDAO implements AccessControlListDAO
DbAccessControlList newAcl = aclDaoComponent.getDbAccessControlList(id);
toInherit = aclDaoComponent.getInheritedAccessControlList(id);
idToInheritFrom = id;
setAccessControlList(nodeRef, newAcl);
}
else
{
// Unset - simple inherit
DbAccessControlList inheritedAcl = aclDaoComponent.getDbAccessControlList(toInherit);
DbAccessControlList inheritedAcl = aclDaoComponent.getDbAccessControlList(inherited);
setAccessControlList(nodeRef, inheritedAcl);
}
}
for (ChildAssociationRef child : nodeService.getChildAssocs(nodeRef))
{
// Only make inherited if required
if(toInherit == null)
{
if(idToInheritFrom == null)
{
toInherit = inherited;
}
else
{
toInherit = aclDaoComponent.getInheritedAccessControlList(idToInheritFrom);
}
}
if (child.isPrimary())
{
CounterSet update = fixOldDmAcls(child.getChildRef(), toInherit, false);

11
source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
View File

@@ -336,6 +336,17 @@
authority.authority = :authority
</query>
<query name="permission.GetAcesByAuthority" cacheable="true">
select
ace
from
org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
join ace.authority as authority
where
authority.authority = :authority
</query>
<query name="permission.GetAcesForAcl" cacheable="true">
select

9
source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java
View File

@@ -1440,6 +1440,15 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
node.getProperties().clear();
node.getAspects().clear();
// delete ACLs
DbAccessControlList dbAcl = node.getAccessControlList();
node.setAccessControlList(null);
if(dbAcl != null)
{
getHibernateTemplate().delete(dbAcl);
}
// Mark the node as deleted
node.setDeleted(true);

1
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -790,6 +790,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
}
}
}
auths.addAll(authorityService.getAuthoritiesForUser(user.getUsername()));
return auths;
}

197
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -164,7 +164,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
}
public void testRunAsRealAndEffectiveUsers()
public void testRunAsRealAndEffectiveUsersWithPriorAuthentication()
{
runAs("admin");
@@ -197,6 +197,201 @@ public class PermissionServiceTest extends AbstractPermissionTest
}
public void testNestedRunAsRealAndEffectiveUsersWithPriorAuthentication()
{
runAs("admin");
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
runAs("andy");
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "andy");
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "admin");
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "lemur");
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "admin");
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
}
public void testRunAsRealAndEffectiveUsersWithNoPriorAuthentication()
{
runAs("admin");
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
AuthenticationUtil.clearCurrentSecurityContext();
assertNull(AuthenticationUtil.getCurrentRealUserName());
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "admin");
assertNull(AuthenticationUtil.getCurrentRealUserName());
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
}
public void testNestedRunAsRealAndEffectiveUsersWithNoPriorAuthentication()
{
runAs("admin");
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
AuthenticationUtil.clearCurrentSecurityContext();
assertNull(AuthenticationUtil.getCurrentRealUserName());
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "andy");
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "admin");
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "lemur");
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
return null;
}
}, "admin");
assertNull(AuthenticationUtil.getCurrentRealUserName());
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
}
public void testDefaultModelPermissions()
{
runAs("admin");

23
source/java/org/alfresco/repo/security/person/PersonTest.java
View File

@@ -37,6 +37,7 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
@@ -54,6 +55,8 @@ public class PersonTest extends BaseSpringTest
private NodeRef rootNodeRef;
private PermissionService permissionService;
public PersonTest()
{
super();
@@ -65,6 +68,7 @@ public class PersonTest extends BaseSpringTest
transactionService = (TransactionService) applicationContext.getBean("transactionService");
personService = (PersonService) applicationContext.getBean("personService");
nodeService = (NodeService) applicationContext.getBean("nodeService");
permissionService = (PermissionService) applicationContext.getBean("permissionService");
StoreRef storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
rootNodeRef = nodeService.getRootNode(storeRef);
@@ -119,6 +123,25 @@ public class PersonTest extends BaseSpringTest
}
}
public void testDeletePerson()
{
personService.getPerson("andy");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
permissionService.setPermission(n1, "andy", PermissionService.READ, true);
permissionService.setPermission(n2, "andy", PermissionService.ALL_PERMISSIONS, true);
setComplete();
endTransaction();
startNewTransaction();
nodeService.deleteNode(n1);
setComplete();
endTransaction();
startNewTransaction();
personService.deletePerson("andy");
setComplete();
endTransaction();
startNewTransaction();
}
public void testCreateAndThenDelete()
{