inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1315: Manage Permissions is not working for folder inside Holds/Unfiled Records

Browse Source 
* ensure permissions for unfile record folders are setup correctly
 * some more refactoring of file plan service for better code reuse and clarity



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@66103 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2014-04-02 04:25:58 +00:00
parent e0a085ac5d
commit 4bac8ea366
2 changed files with 107 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RecordInheritancePatch.java
View File

@@ -128,7 +128,7 @@ public class RMv21RecordInheritancePatch extends RMv21PatchComponent
NodeRef parent = assoc.getParentRef(); NodeRef parent = assoc.getParentRef();
if (parent != null) if (parent != null)
{ {
filePlanPermissionServiceImpl.initialiseRecordPermissions(recordNodeRef, parent); filePlanPermissionServiceImpl.setupPermissions(parent, recordNodeRef);
} }
} }
} }

236
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -30,6 +30,9 @@ import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.annotation.Behaviour;
import org.alfresco.repo.policy.annotation.BehaviourBean;
import org.alfresco.repo.policy.annotation.BehaviourKind;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
@@ -48,6 +51,7 @@ import org.apache.commons.logging.LogFactory;
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.1 * @since 2.1
*/ */
@BehaviourBean
public class FilePlanPermissionServiceImpl extends ServiceBaseImpl public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
implements FilePlanPermissionService implements FilePlanPermissionService
{ {
@@ -65,26 +69,14 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/ */
public void init() public void init()
{ {
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_RECORD_FOLDER,
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnAddAspectPolicy.QNAME, NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME, NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_HOLD,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_TRANSFER,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
} }
/** /**
@@ -158,46 +150,117 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
} }
/** /**
* @param childAssocRef * Setup permissions on new unfiled record folder
*
* @param childAssocRef child association reference
*/ */
@Behaviour
(
type = "rma:unfiledRecordFolder",
kind = BehaviourKind.CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
)
public void onCreateUnfiledRecordFolder(ChildAssociationRef childAssocRef)
{
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
/**
* Setup permissions on new record folder
*
* @param childAssocRef child association reference
*/
@Behaviour
(
type = "rma:recordFolder",
kind = BehaviourKind.CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
)
public void onCreateRecordFolder(ChildAssociationRef childAssocRef) public void onCreateRecordFolder(ChildAssociationRef childAssocRef)
{ {
final NodeRef folderNodeRef = childAssocRef.getChildRef(); setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
// initialise the permissions /**
initPermissions(folderNodeRef); * Setup permissions on newly created hold.
*
* @param childAssocRef child association reference
*/
@Behaviour
(
type = "rma:hold",
kind = BehaviourKind.CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
)
public void onCreateHold(final ChildAssociationRef childAssocRef)
{
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
// Pull any permissions found on the parent (ie the record category) /**
final NodeRef catNodeRef = childAssocRef.getParentRef(); * Setup permissions on newly created transfer.
if (nodeService.exists(catNodeRef)) *
* @param childAssocRef child association reference
*/
@Behaviour
(
type = "rma:transfer",
kind = BehaviourKind.CLASS,
policy = "alf:onCreateNode",
notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT
)
public void onCreateTransfer(final ChildAssociationRef childAssocRef)
{
setupPermissions(childAssocRef.getParentRef(), childAssocRef.getChildRef());
}
/**
* Helper method to setup permissions.
*
* @param parent parent node reference
* @param nodeRef child node reference
*/
public void setupPermissions(final NodeRef parent, final NodeRef nodeRef)
{
if (nodeService.exists(nodeRef))
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() // initialise permissions
{ initPermissions(nodeRef);
public Object doWork()
{
Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef);
for (AccessPermission perm : perms)
{
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
}
permissionService.setPermission(
folderNodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
return null; if (nodeService.exists(parent))
} {
}, AuthenticationUtil.getSystemUserName()); AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
// setup inherited permissions
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms)
{
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
}
permissionService.setPermission(
nodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
return null;
}
});
}
} }
} }
@@ -218,7 +281,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
if (nodeService.exists(record) && nodeService.hasAspect(record, aspectTypeQName)) if (nodeService.exists(record) && nodeService.hasAspect(record, aspectTypeQName))
{ {
NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef(); NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
initialiseRecordPermissions(record, recordFolder); setupPermissions(recordFolder, record);
} }
return null; return null;
@@ -226,83 +289,6 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/**
* Sets up permissions for transfer and hold objects
*
* @param childAssocRef
*/
public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef)
{
AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
NodeRef nodeRef = childAssocRef.getChildRef();
if (nodeService.exists(nodeRef))
{
initPermissions(nodeRef);
NodeRef parent = childAssocRef.getParentRef();
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms)
{
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
}
permissionService.setPermission(
nodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
return null;
}
});
}
/**
* Initialise the record permissions for the given parent.
*
* NOTE: method is public so it can be accessed via the associated patch bean.
*
* @param record record
* @param parent records permission parent
*/
public void initialiseRecordPermissions(NodeRef record, NodeRef parent)
{
initPermissions(record);
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms)
{
if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
!ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
}
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
/** /**
* onMoveRecord behaviour * onMoveRecord behaviour
* *
@@ -342,7 +328,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
permissionService.deletePermissions(record); permissionService.deletePermissions(record);
// re-setup the records permissions // re-setup the records permissions
initialiseRecordPermissions(record, destinationAssocRef.getParentRef()); setupPermissions(destinationAssocRef.getParentRef(), record);
// re-add keep'er permissions // re-add keep'er permissions
for (AccessPermission keeper : keepPerms) for (AccessPermission keeper : keepPerms)