Fix AR-279: Enforce permissions at FileFolderService entry

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3083 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2006-06-12 21:50:03 +00:00
parent 530eb70aaf
commit 469894719d
5 changed files with 88 additions and 36 deletions
--- a/config/alfresco/model-specific-services-context.xml
+++ b/config/alfresco/model-specific-services-context.xml
@@ -6,12 +6,11 @@
   <bean name="fileFolderService" class="org.alfresco.repo.model.filefolder.FileFolderServiceImpl" init-method="init">
      <property name="namespaceService"><ref bean="namespaceService" /></property>
      <property name="dictionaryService"><ref bean="dictionaryService" /></property>
-      <property name="nodeService"><ref bean="NodeService" /></property>
-      <property name="copyService"><ref bean="CopyService" /></property>
-      <!-- NOTE: using Big SearchService until AR-279 is completed -->
-      <property name="searchService"><ref bean="SearchService" /></property>
-      <property name="contentService"><ref bean="ContentService" /></property>
-      <property name="mimetypeService"><ref bean="MimetypeService" /></property>
+      <property name="nodeService"><ref bean="nodeService" /></property>
+      <property name="copyService"><ref bean="copyService" /></property>
+      <property name="searchService"><ref bean="searchService" /></property>
+      <property name="contentService"><ref bean="contentService" /></property>
+      <property name="mimetypeService"><ref bean="mimetypeService" /></property>

      <property name="systemPaths">
         <list>
--- a/config/alfresco/public-services-context.xml
+++ b/config/alfresco/public-services-context.xml
@@ -915,6 +915,7 @@
            <list>
                <idref local="FileFolderService_transaction" />
                <idref local="exceptionTranslator" />
+                <idref bean="FileFolderService_security" />
    		</list>
    	</property>
    </bean>
--- a/config/alfresco/public-services-security-context.xml
+++ b/config/alfresco/public-services-security-context.xml
@@ -353,6 +353,35 @@
        </property>
    </bean>
    
+    <!-- ============================== -->
+    <!-- FileFolder Service Permissions -->
+    <!-- ============================== -->
+    
+    <bean id="FileFolderService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
+        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+        <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
+        <property name="objectDefinitionSource">
+            <value>
+               org.alfresco.service.cmr.model.FileFolderService.list=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.listFiles=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.rename=ACL_PARENT.0.sys:base.CreateChildren,AFTER_ACL_NODE.0.sys:base.WriteProperties
+               org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.Read,ACL_NODE.1.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.create=ACL_PARENT.0.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode
+               org.alfresco.service.cmr.model.FileFolderService.makeFolders=AFTER_ACL_PARENT.0.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=AFTER_ACL_NODE.0.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent
+               org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent
+            </value>
+        </property>
+    </bean>
+    
    <!-- =========================== -->
    <!-- Content Service Permissions -->
    <!-- =========================== -->