inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-3074: Find groups and handle clashes

Browse Source 
* refactor how existing groups are found
* name with index
* handle hash clahses
This commit is contained in:
Roy Wetherall
2016-08-01 12:41:25 +10:00
parent c6ad5e71f6
commit 4b3521094e
1 changed files with 99 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
View File

@@ -40,6 +40,8 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl; import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.query.PagingRequest;
import org.alfresco.query.PagingResults;
import org.alfresco.repo.security.authority.RMAuthority; import org.alfresco.repo.security.authority.RMAuthority;
import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
@@ -73,6 +75,9 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
private static final String READER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "R"; private static final String READER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "R";
private static final String WRITER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "W"; private static final String WRITER_GROUP_PREFIX = ExtendedSecurityService.IPR_GROUP_PREFIX + "W";
/** max page size for authority query */
private static final int MAX_ITEMS = 50;
/** File plan service */ /** File plan service */
private FilePlanService filePlanService; private FilePlanService filePlanService;
@@ -301,43 +306,90 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{ {
Pair<String, String> result = null; Pair<String, String> result = null;
// see if the groups already exists or not // find read group or determine what the next index is if no group exists or there is a clash
String readerGroupName = getIPRGroupName(READER_GROUP_PREFIX, readers, writers, false); Pair<String, Integer> readGroupResult = findIPRGoup(READER_GROUP_PREFIX, readers, writers);
String writerGroupName = getIPRGroupName(WRITER_GROUP_PREFIX, readers, writers, false);
if (authorityService.authorityExists(readerGroupName) && if (readGroupResult.first == null)
authorityService.authorityExists(writerGroupName))
{
// check that the groups are a true match
if (authorityService.getContainingAuthorities(AuthorityType.GROUP, writerGroupName, true).contains(readerGroupName) &&
isIPRGroupTrueMatch(readers, readerGroupName) &&
isIPRGroupTrueMatch(writers, writerGroupName))
{
// reuse the existing groups
result = new Pair<String, String>(readerGroupName, writerGroupName);
}
else
{
// TODO - CLASH
throw new AlfrescoRuntimeException("IPR Group Name Clash!");
}
}
else
{ {
// create inplace record reader and writer groups // create inplace record reader and writer groups
result = createIPRGroups(readers, writers); result = createIPRGroups(readers, writers, readGroupResult.second);
}
else
{
// get the write group
String index = readGroupResult.first.substring(readGroupResult.first.length() - 1);
String writeGroup = PermissionService.GROUP_PREFIX +
getIPRGroupShortName(WRITER_GROUP_PREFIX, readers, writers, index);
// double check it's existence
if (!authorityService.authorityExists(writeGroup))
{
throw new AlfrescoRuntimeException("An inplace record write group does not exist for the corresponding read group " + readGroupResult.first);
}
// set result
result = new Pair<String, String>(readGroupResult.first, writeGroup);
} }
return result; return result;
} }
/**
*
* @param groupPrefix
* @param readers
* @param writers
* @return
*/
private Pair<String, Integer> findIPRGoup(String groupPrefix, Set<String> readers, Set<String> writers)
{
String iprGroup = null;
int nextGroupIndex = 0;
boolean hasMoreItems = true;
int pageCount = 0;
// determine the short name prefix
String groupShortNamePrefix = getIPRGroupPrefixShortName(groupPrefix, readers, writers);
// iterate over the authorities to find a match
while (hasMoreItems == true)
{
// get matching authorities
PagingResults<String> results = authorityService.getAuthorities(AuthorityType.GROUP,
RMAuthority.ZONE_APP_RM,
groupShortNamePrefix,
false,
false,
new PagingRequest(MAX_ITEMS*pageCount, MAX_ITEMS));
// record the total count
nextGroupIndex = nextGroupIndex + results.getPage().size();
// see if any of the matching groups exactly match
for (String group : results.getPage())
{
if (isIPRGroupTrueMatch(group, readers, writers))
{
iprGroup = group;
break;
}
}
// determine if there are any more pages to inspect
hasMoreItems = results.hasMoreItems();
pageCount ++;
}
return new Pair<String, Integer>(iprGroup, nextGroupIndex);
}
/** /**
* *
* @param authorities * @param authorities
* @param group * @param group
* @return * @return
*/ */
private boolean isIPRGroupTrueMatch(Set<String> authorities, String group) private boolean isIPRGroupTrueMatch(String group, Set<String> readers, Set<String> writers)
{ {
// TODO // TODO
return true; return true;
@@ -350,22 +402,32 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* @param shortName * @param shortName
* @return * @return
*/ */
private String getIPRGroupName(String prefix, Set<String> readers, Set<String> writers, boolean shortName) private String getIPRGroupPrefixShortName(String prefix, Set<String> readers, Set<String> writers)
{ {
StringBuilder builder = new StringBuilder(128); StringBuilder builder = new StringBuilder(128)
.append(prefix)
if (!shortName)
{
builder.append(GROUP_PREFIX);
}
builder.append(prefix)
.append(getAuthoritySetHashCode(readers)) .append(getAuthoritySetHashCode(readers))
.append(getAuthoritySetHashCode(writers)); .append(getAuthoritySetHashCode(writers));
return builder.toString(); return builder.toString();
} }
private String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, int index)
{
return getIPRGroupShortName(prefix, readers, writers, Integer.toString(index));
}
private String getIPRGroupShortName(String prefix, Set<String> readers, Set<String> writers, String index)
{
StringBuilder builder = new StringBuilder(128)
.append(prefix)
.append(getAuthoritySetHashCode(readers))
.append(getAuthoritySetHashCode(writers))
.append(index);
return builder.toString();
}
/** /**
* *
* @param authorities * @param authorities
@@ -387,10 +449,10 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
* @param writers * @param writers
* @return * @return
*/ */
private Pair<String, String> createIPRGroups(Set<String> readers, Set<String> writers) private Pair<String, String> createIPRGroups(Set<String> readers, Set<String> writers, int index)
{ {
String iprReaderGroup = createIPRGroup(getIPRGroupName(READER_GROUP_PREFIX, readers, writers, true), getRootIRPGroup(), readers); String iprReaderGroup = createIPRGroup(getIPRGroupShortName(READER_GROUP_PREFIX, readers, writers, index), getRootIRPGroup(), readers);
String iprWriterGroup = createIPRGroup(getIPRGroupName(WRITER_GROUP_PREFIX, readers, writers, true), iprReaderGroup, writers); String iprWriterGroup = createIPRGroup(getIPRGroupShortName(WRITER_GROUP_PREFIX, readers, writers, index), iprReaderGroup, writers);
return new Pair<String, String>(iprReaderGroup, iprWriterGroup); return new Pair<String, String>(iprReaderGroup, iprWriterGroup);
} }