RM-872: "admin" can access all areas of the file plan without have been given an explicit role or permissions.

* it now valid for admin to have access to the file plan * rmadmin is still created and always has admin rights to file plans, but by default is created with a random password * admin has permissions to reset rmadmin password if administration of RM file plans needs to be delegated * rmadmin name I18n'ed * rmadmin patch and creation code updated git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55205 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-09-11 04:49:39 +00:00
parent f3f9440672
commit 4e3e0cb7e4
11 changed files with 31 additions and 77 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
@@ -25,11 +25,11 @@ cache.writersSharedCache.maxItems=10000
 #
 # Global RM admin default bootstrap details
 # 
 # Note: rmadmin is created with a randomly generated password.  This can be changed by 'admin' if
 #       required.
 #
 bootstrap.rmadmin.name=rmadmin
 bootstrap.rmadmin.pwd=rmadmin
 bootstrap.rmadmin.firstName=Records Management
 bootstrap.rmadmin.lastName=Administrator
 # 
 # Indicates whether RM rules will be run as RM Admin or not by default
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/records-management-service.properties
@@ -14,5 +14,4 @@ rm.service.parent-record-folder-root=Can't create a record folder, because the p
 rm.service.parent-record-folder-type=Can't create record folder, because the parent was not sub-type of rm:recordsManagementContainer. (parentType={0})
 rm.service.record-folder-type=Can't create record folder, because the provided type is not a sub-type of rm:recordFolder. (type={0})
 rm.service.not-record=The node {0} is not a record.
-rm.service.vital-def-missing=Vital record definition aspect is not present on node. (nodeRef={0})
+rm.service.vital-def-missing=Vital record definition aspect is not present on node. (nodeRef={0})
 rm.hold.name=Hold
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/rm-system.properties
@@ -0,0 +1,4 @@
 bootstrap.rmadmin.firstName=Records Management
 bootstrap.rmadmin.lastName=System Administrator
 rm.hold.name=Hold
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
@@ -37,6 +37,7 @@
            <value>alfresco.module.org_alfresco_module_rm.messages.audit-service</value>
            <value>alfresco.module.org_alfresco_module_rm.messages.capability-service</value>
            <value>alfresco.module.org_alfresco_module_rm.messages.dataset-service</value>
            <value>alfresco.module.org_alfresco_module_rm.messages.rm-system</value>
         </list>
      </property>
   </bean>
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
@@ -122,7 +122,6 @@
       <property name="authenticationService" ref="AuthenticationService" />
       <property name="personService" ref="PersonService" />
       <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
       <property name="password" value="${bootstrap.rmadmin.pwd}" />
   </bean>
   <bean id="org_alfresco_module_rm_RMv21RecordInheritancePatch"
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -1195,8 +1195,6 @@
    <bean id="filePlanAuthenticationService"
          class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl">
     	<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
     	<property name="rmAdminFirstName" value="${bootstrap.rmadmin.firstName}" />
     	<property name="rmAdminLastName" value="${bootstrap.rmadmin.lastName}" />
        <property name="tenantService">
            <ref bean="tenantService"/>
        </property>
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java
@@ -60,8 +60,6 @@ public class FreezeAction extends RMActionExecuterAbstractBase
            recordsManagementService.isRecordFolder(actionedUponNodeRef) == true) &&
           freezeService.isFrozen(actionedUponNodeRef) == false)
       {
           System.out.println("I am trying to freeze " + actionedUponNodeRef.toString());
           freezeService.freeze((String) action.getParameterValue(PARAM_REASON), actionedUponNodeRef);
       }
   }
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
@@ -27,14 +27,15 @@ import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.GUID;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.BeanNameAware;
 import org.springframework.extensions.surf.util.I18NUtil;
 /**
 * RM v2.1: RM admin user patch
@@ -43,11 +44,15 @@ import org.springframework.beans.factory.BeanNameAware;
 */
 public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNameAware
 {
    /** I18N */
    private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
    private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
    /** Logger */
    private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
-    /** default rm admin password */
+    /** generate rm admin password */
-    private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
+    private String password = GUID.generate();
    /** mutable authenticaiton service */
    private MutableAuthenticationService authenticationService;
@@ -64,14 +69,6 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa
    /** file plan authentication service */
    private FilePlanAuthenticationService filePlanAuthenticationService;
    /**
     * @param password  rm admin password
     */
    public void setPassword(String password)
    {
        this.password = password;
    }
    /**     
     * @param personService person service
     */
@@ -124,8 +121,8 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa
        }                
        String user = filePlanAuthenticationService.getRmAdminUserName();
-        String firstName = filePlanAuthenticationService.getRmAdminFirstName();
+        String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
-        String lastName = filePlanAuthenticationService.getRmAdminLastName();
+        String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
        if (authenticationService.authenticationExists(user) == false)
        {
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
@@ -40,7 +40,6 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.JavaBehaviour;
@@ -58,6 +57,7 @@ import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.GUID;
 import org.alfresco.util.ParameterCheck;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
@@ -65,6 +65,7 @@ import org.apache.commons.logging.LogFactory;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.springframework.extensions.surf.util.I18NUtil;
 /**
 * Role service implementation
@@ -75,6 +76,10 @@ import org.json.JSONObject;
 public class FilePlanRoleServiceImpl implements FilePlanRoleService,
                                        RecordsManagementModel
 {
    /** I18N */
    private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
    private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
    /** Capability service */
    private CapabilityService capabilityService;
@@ -916,12 +921,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
     */
    private void createRMAdminUser()
    {
-        /** default rm admin password */
+        /** generate rm admin password */
-        String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
+        String password = GUID.generate();
        String user = filePlanAuthenticationService.getRmAdminUserName();
-        String firstName = filePlanAuthenticationService.getRmAdminFirstName();
+        String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
-        String lastName = filePlanAuthenticationService.getRmAdminLastName();
+        String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
        if (authenticationService.authenticationExists(user) == false)
        {
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
@@ -32,16 +32,6 @@ public interface FilePlanAuthenticationService
     * @return  rm admin user name
     */
    String getRmAdminUserName();
    /**
     * @return rm admin first name
     */
    String getRmAdminFirstName();
    /**
     * @return rm admin last name
     */
    String getRmAdminLastName();
    /**
     * Run provided work as the global rm admin user.
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
@@ -30,14 +30,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
 {
    /** Default rm admin user values */
    public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
    public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin";
    public static final String DEFAULT_RM_ADMIN_FIRST_NAME = "Records Management";
    public static final String DEFAULT_RM_ADMIN_LAST_NAME = "Administrator";
    /** RM admin user name */
    private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
    private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME;
    private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME;
    /** tennant service */
    private TenantService tenantService;
    /**
@@ -71,40 +68,6 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
        return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
    }
    /**
     * @param rmAdminFirstName rm admin first name
     */
    public void setRmAdminFirstName(String rmAdminFirstName)
    {
        this.rmAdminFirstName = rmAdminFirstName;
    }
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminFirstName()
     */
    @Override
    public String getRmAdminFirstName()
    {
        return rmAdminFirstName;
    }
    /**
     * @param rmAdminLastName rm admin last name
     */
    public void setRmAdminLastName(String rmAdminLastName)
    {
        this.rmAdminLastName = rmAdminLastName;
    }
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminLastName()
     */
    @Override
    public String getRmAdminLastName()
    {
        return rmAdminLastName;
    }
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
     */