From 4e3e0cb7e4454645c1dca32d7936ea55d8266667 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Wed, 11 Sep 2013 04:49:39 +0000 Subject: [PATCH] RM-872: "admin" can access all areas of the file plan without have been given an explicit role or permissions. * it now valid for admin to have access to the file plan * rmadmin is still created and always has admin rights to file plans, but by default is created with a random password * admin has permissions to reset rmadmin password if administration of RM file plans needs to be delegated * rmadmin name I18n'ed * rmadmin patch and creation code updated git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55205 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco-global.properties | 6 +-- .../records-management-service.properties | 3 +- .../messages/rm-system.properties | 4 ++ .../org_alfresco_module_rm/module-context.xml | 1 + .../rm-patch-context.xml | 1 - .../rm-service-context.xml | 2 - .../action/impl/FreezeAction.java | 2 - .../patch/RMv2RMAdminUserPatch.java | 23 +++++------ .../role/FilePlanRoleServiceImpl.java | 15 ++++--- .../FilePlanAuthenticationService.java | 10 ----- .../FilePlanAuthenticationServiceImpl.java | 41 +------------------ 11 files changed, 31 insertions(+), 77 deletions(-) create mode 100644 rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties index c7cc3567fb..70676c0e4d 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties @@ -25,11 +25,11 @@ cache.writersSharedCache.maxItems=10000 # # Global RM admin default bootstrap details +# +# Note: rmadmin is created with a randomly generated password. This can be changed by 'admin' if +# required. # bootstrap.rmadmin.name=rmadmin -bootstrap.rmadmin.pwd=rmadmin -bootstrap.rmadmin.firstName=Records Management -bootstrap.rmadmin.lastName=Administrator # # Indicates whether RM rules will be run as RM Admin or not by default diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties index fec89d22b4..d1b597d0ce 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties @@ -14,5 +14,4 @@ rm.service.parent-record-folder-root=Can't create a record folder, because the p rm.service.parent-record-folder-type=Can't create record folder, because the parent was not sub-type of rm:recordsManagementContainer. (parentType={0}) rm.service.record-folder-type=Can't create record folder, because the provided type is not a sub-type of rm:recordFolder. (type={0}) rm.service.not-record=The node {0} is not a record. -rm.service.vital-def-missing=Vital record definition aspect is not present on node. (nodeRef={0}) -rm.hold.name=Hold \ No newline at end of file +rm.service.vital-def-missing=Vital record definition aspect is not present on node. (nodeRef={0}) \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties new file mode 100644 index 0000000000..05767df28b --- /dev/null +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties @@ -0,0 +1,4 @@ +bootstrap.rmadmin.firstName=Records Management +bootstrap.rmadmin.lastName=System Administrator + +rm.hold.name=Hold \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml index a1a0547ddf..5a9d1a4bf5 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml @@ -37,6 +37,7 @@ alfresco.module.org_alfresco_module_rm.messages.audit-service alfresco.module.org_alfresco_module_rm.messages.capability-service alfresco.module.org_alfresco_module_rm.messages.dataset-service + alfresco.module.org_alfresco_module_rm.messages.rm-system diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml index de39fc7c08..22d5ef5a91 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml @@ -122,7 +122,6 @@ - - - diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java index 6281f78bcc..9648d2a4cc 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java @@ -60,8 +60,6 @@ public class FreezeAction extends RMActionExecuterAbstractBase recordsManagementService.isRecordFolder(actionedUponNodeRef) == true) && freezeService.isFrozen(actionedUponNodeRef) == false) { - System.out.println("I am trying to freeze " + actionedUponNodeRef.toString()); - freezeService.freeze((String) action.getParameterValue(PARAM_REASON), actionedUponNodeRef); } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java index 294d5f8352..89848ff93b 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java @@ -27,14 +27,15 @@ import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.namespace.QName; +import org.alfresco.util.GUID; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.BeanNameAware; +import org.springframework.extensions.surf.util.I18NUtil; /** * RM v2.1: RM admin user patch @@ -43,11 +44,15 @@ import org.springframework.beans.factory.BeanNameAware; */ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNameAware { + /** I18N */ + private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName"; + private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName"; + /** Logger */ private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class); - /** default rm admin password */ - private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD; + /** generate rm admin password */ + private String password = GUID.generate(); /** mutable authenticaiton service */ private MutableAuthenticationService authenticationService; @@ -64,14 +69,6 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa /** file plan authentication service */ private FilePlanAuthenticationService filePlanAuthenticationService; - /** - * @param password rm admin password - */ - public void setPassword(String password) - { - this.password = password; - } - /** * @param personService person service */ @@ -124,8 +121,8 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa } String user = filePlanAuthenticationService.getRmAdminUserName(); - String firstName = filePlanAuthenticationService.getRmAdminFirstName(); - String lastName = filePlanAuthenticationService.getRmAdminLastName(); + String firstName = I18NUtil.getMessage(MSG_FIRST_NAME); + String lastName = I18NUtil.getMessage(MSG_LAST_NAME); if (authenticationService.authenticationExists(user) == false) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java index 2981d94155..e473009b9e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java @@ -40,7 +40,6 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService; -import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl; import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.policy.JavaBehaviour; @@ -58,6 +57,7 @@ import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.namespace.QName; +import org.alfresco.util.GUID; import org.alfresco.util.ParameterCheck; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -65,6 +65,7 @@ import org.apache.commons.logging.LogFactory; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import org.springframework.extensions.surf.util.I18NUtil; /** * Role service implementation @@ -75,6 +76,10 @@ import org.json.JSONObject; public class FilePlanRoleServiceImpl implements FilePlanRoleService, RecordsManagementModel { + /** I18N */ + private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName"; + private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName"; + /** Capability service */ private CapabilityService capabilityService; @@ -916,12 +921,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, */ private void createRMAdminUser() { - /** default rm admin password */ - String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD; + /** generate rm admin password */ + String password = GUID.generate(); String user = filePlanAuthenticationService.getRmAdminUserName(); - String firstName = filePlanAuthenticationService.getRmAdminFirstName(); - String lastName = filePlanAuthenticationService.getRmAdminLastName(); + String firstName = I18NUtil.getMessage(MSG_FIRST_NAME); + String lastName = I18NUtil.getMessage(MSG_LAST_NAME); if (authenticationService.authenticationExists(user) == false) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java index b3035b9d0a..884f09421f 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java @@ -32,16 +32,6 @@ public interface FilePlanAuthenticationService * @return rm admin user name */ String getRmAdminUserName(); - - /** - * @return rm admin first name - */ - String getRmAdminFirstName(); - - /** - * @return rm admin last name - */ - String getRmAdminLastName(); /** * Run provided work as the global rm admin user. diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java index 68ea87b338..92e0e57de3 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java @@ -30,14 +30,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication { /** Default rm admin user values */ public static final String DEFAULT_RM_ADMIN_USER = "rmadmin"; - public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin"; - public static final String DEFAULT_RM_ADMIN_FIRST_NAME = "Records Management"; - public static final String DEFAULT_RM_ADMIN_LAST_NAME = "Administrator"; + /** RM admin user name */ private String rmAdminUserName = DEFAULT_RM_ADMIN_USER; - private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME; - private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME; + /** tennant service */ private TenantService tenantService; /** @@ -71,40 +68,6 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName; } - /** - * @param rmAdminFirstName rm admin first name - */ - public void setRmAdminFirstName(String rmAdminFirstName) - { - this.rmAdminFirstName = rmAdminFirstName; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminFirstName() - */ - @Override - public String getRmAdminFirstName() - { - return rmAdminFirstName; - } - - /** - * @param rmAdminLastName rm admin last name - */ - public void setRmAdminLastName(String rmAdminLastName) - { - this.rmAdminLastName = rmAdminLastName; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminLastName() - */ - @Override - public String getRmAdminLastName() - { - return rmAdminLastName; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) */