From 5411d5ea12c3488e24e552185503823febc018ce Mon Sep 17 00:00:00 2001 From: David Webster Date: Tue, 7 Jun 2016 15:46:50 +0100 Subject: [PATCH 1/3] RM-3134: Rename caveat package securitymarks --- .../bootstrap/content/recordsCustomModel.xml | 4 +- .../org_alfresco_module_rm/module-context.xml | 2 +- .../rm-service-context.xml | 42 +- .../caveat/RMListOfValuesConstraint.java | 2 +- .../{caveat => securitymarks}/PivotUtil.java | 142 +- .../RMCaveatConfigComponent.java | 242 +- .../RMCaveatConfigComponentImpl.java | 2296 ++++++++--------- .../RMCaveatConfigService.java | 322 +-- .../RMCaveatConfigServiceImpl.java | 874 +++---- .../RMConstraintInfo.java | 176 +- .../RMConstraintMessageKeys.java | 78 +- .../RMListOfValuesConstraint.java | 518 ++-- .../ScriptAuthority.java | 120 +- .../ScriptConstraint.java | 540 ++-- .../ScriptConstraintAuthority.java | 116 +- .../ScriptConstraintValue.java | 132 +- .../ScriptRMCaveatConfigService.java | 348 +-- .../admin/RecordsManagementAdminService.java | 2 +- .../RecordsManagementAdminServiceImpl.java | 8 +- .../bootstrap/RecordsManagementBootstrap.java | 2 +- .../capability/RMSecurityCommon.java | 2 +- .../script/RMConstraintGet.java | 2 +- .../RMCaveatConfigServiceImplTest.java | 4 +- ...RecordsManagementAdminServiceImplTest.java | 4 +- .../test/util/BaseRMWebScriptTestCase.java | 2 +- 25 files changed, 2990 insertions(+), 2990 deletions(-) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/PivotUtil.java (94%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMCaveatConfigComponent.java (94%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMCaveatConfigComponentImpl.java (96%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMCaveatConfigService.java (95%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMCaveatConfigServiceImpl.java (96%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMConstraintInfo.java (94%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMConstraintMessageKeys.java (93%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/RMListOfValuesConstraint.java (96%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/ScriptAuthority.java (93%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/ScriptConstraint.java (95%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/ScriptConstraintAuthority.java (93%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/ScriptConstraintValue.java (93%) rename rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/{caveat => securitymarks}/ScriptRMCaveatConfigService.java (95%) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml index 9e3244ce81..a3b2a81a45 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml @@ -30,7 +30,7 @@ - + listconstraint.rmc_smList.title @@ -40,7 +40,7 @@ - + listconstraint.rmc_tlList.title diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml index 50e505c39f..5fcfda1d03 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml @@ -200,7 +200,7 @@ - + caveatConfig diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 7ddb3f28b2..3b5599f34c 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -1296,7 +1296,7 @@ - + @@ -1304,7 +1304,7 @@ @@ -1355,30 +1355,30 @@ - + - @@ -1398,7 +1398,7 @@ - org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService + org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java index e02a8a32d2..3357a9ab42 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java @@ -35,7 +35,7 @@ package org.alfresco.module.org_alfresco_module_dod5015.caveat; * * @author Roy Wetherall */ -public class RMListOfValuesConstraint extends org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint +public class RMListOfValuesConstraint extends org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint { // No implementation } diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java similarity index 94% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java index 2fe741e78b..182f72dac7 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java @@ -1,71 +1,71 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/* package scope */ final class PivotUtil -{ - private PivotUtil() - { - // Will not be called - } - - static Map> getPivot(Map> source) - { - - Map> pivot = new HashMap>(); - - for (Map.Entry> entry : source.entrySet()) - { - Listvalues = entry.getValue(); - for (String value : values) - { - String authority = entry.getKey(); - if (pivot.containsKey(value)) - { - // already exists - List list = pivot.get(value); - list.add(authority ); - } - else - { - // New value - List list = new ArrayList(); - list.add(authority); - pivot.put(value, list); - } - } - } - - return pivot; - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/* package scope */ final class PivotUtil +{ + private PivotUtil() + { + // Will not be called + } + + static Map> getPivot(Map> source) + { + + Map> pivot = new HashMap>(); + + for (Map.Entry> entry : source.entrySet()) + { + Listvalues = entry.getValue(); + for (String value : values) + { + String authority = entry.getKey(); + if (pivot.containsKey(value)) + { + // already exists + List list = pivot.get(value); + list.add(authority ); + } + else + { + // New value + List list = new ArrayList(); + list.add(authority); + pivot.put(value, list); + } + } + } + + return pivot; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java similarity index 94% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java index 4a9269639e..c5c6b6618d 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java @@ -1,121 +1,121 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.File; -import java.io.InputStream; -import java.util.List; -import java.util.Map; - -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; - -public interface RMCaveatConfigComponent -{ - void init(); - - /** - * Get allowed values for given caveat list (for current user) - * - * @param constraintName - * @return - */ - List getRMAllowedValues(String constraintName); - - /** - * Get custom caveat models - * - * @return - */ - List getRMCaveatModels(); - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - boolean hasAccess(NodeRef nodeRef); - - /** - * Get RM constraint list - * - * @param listName the name of the RMConstraintList - */ - RMConstraintInfo getRMConstraint(String listName); - - /** - * Add RM constraint - */ - void addRMConstraint(String listName); - - /** - * Add RM constraint value for given authority - */ - void addRMConstraintListValue(String listName, String authorityName, String value); - - /** - * Update RM constraint values for given authority - */ - void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); - - /** - * Update RM constraint authorities for given value - */ - void updateRMConstraintListValue(String listName, String valueName, Listauthorities); - - /** - * Remove RM constraint value (all authorities) - */ - void removeRMConstraintListValue(String listName, String valueName); - - /** - * Remove RM constraint authority (all values) - */ - void removeRMConstraintListAuthority(String listName, String authorityName); - - /** - * Delete RM Constraint - * - * @param listName the name of the RMConstraintList - */ - void deleteRMConstraint(String listName); - - /** - * Get the details of a caveat list - * @param listName - * @return - */ - Map> getListDetails(String listName); - - NodeRef updateOrCreateCaveatConfig(File jsonFile); - - NodeRef updateOrCreateCaveatConfig(String jsonString); - - NodeRef updateOrCreateCaveatConfig(InputStream is); -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.File; +import java.io.InputStream; +import java.util.List; +import java.util.Map; + +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.QName; + +public interface RMCaveatConfigComponent +{ + void init(); + + /** + * Get allowed values for given caveat list (for current user) + * + * @param constraintName + * @return + */ + List getRMAllowedValues(String constraintName); + + /** + * Get custom caveat models + * + * @return + */ + List getRMCaveatModels(); + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + boolean hasAccess(NodeRef nodeRef); + + /** + * Get RM constraint list + * + * @param listName the name of the RMConstraintList + */ + RMConstraintInfo getRMConstraint(String listName); + + /** + * Add RM constraint + */ + void addRMConstraint(String listName); + + /** + * Add RM constraint value for given authority + */ + void addRMConstraintListValue(String listName, String authorityName, String value); + + /** + * Update RM constraint values for given authority + */ + void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); + + /** + * Update RM constraint authorities for given value + */ + void updateRMConstraintListValue(String listName, String valueName, Listauthorities); + + /** + * Remove RM constraint value (all authorities) + */ + void removeRMConstraintListValue(String listName, String valueName); + + /** + * Remove RM constraint authority (all values) + */ + void removeRMConstraintListAuthority(String listName, String authorityName); + + /** + * Delete RM Constraint + * + * @param listName the name of the RMConstraintList + */ + void deleteRMConstraint(String listName); + + /** + * Get the details of a caveat list + * @param listName + * @return + */ + Map> getListDetails(String listName); + + NodeRef updateOrCreateCaveatConfig(File jsonFile); + + NodeRef updateOrCreateCaveatConfig(String jsonString); + + NodeRef updateOrCreateCaveatConfig(InputStream is); +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java similarity index 96% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java index a519825f5a..828b837360 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java @@ -1,1148 +1,1148 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import static org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace; - -import java.io.File; -import java.io.InputStream; -import java.io.Serializable; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.locks.Lock; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.repo.cache.SimpleCache; -import org.alfresco.repo.content.ContentServicePolicies; -import org.alfresco.repo.content.MimetypeMap; -import org.alfresco.repo.node.NodeServicePolicies; -import org.alfresco.repo.policy.Behaviour.NotificationFrequency; -import org.alfresco.repo.policy.annotation.Behaviour; -import org.alfresco.repo.policy.annotation.BehaviourBean; -import org.alfresco.repo.policy.annotation.BehaviourKind; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.version.VersionModel; -import org.alfresco.service.cmr.dictionary.Constraint; -import org.alfresco.service.cmr.dictionary.ConstraintDefinition; -import org.alfresco.service.cmr.dictionary.DataTypeDefinition; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.dictionary.PropertyDefinition; -import org.alfresco.service.cmr.repository.ChildAssociationRef; -import org.alfresco.service.cmr.repository.ContentReader; -import org.alfresco.service.cmr.repository.ContentService; -import org.alfresco.service.cmr.repository.ContentWriter; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.alfresco.util.JSONtoFmModel; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.json.JSONException; -import org.json.JSONObject; - -import net.sf.acegisecurity.AccessDeniedException; - -/** - * RM Caveat Config component impl - * - * @author janv - */ -@BehaviourBean(defaultType = "rma:caveatConfig") -public class RMCaveatConfigComponentImpl implements ContentServicePolicies.OnContentUpdatePolicy, - NodeServicePolicies.BeforeDeleteNodePolicy, - NodeServicePolicies.OnCreateNodePolicy, - RMCaveatConfigComponent -{ - private static Log logger = LogFactory.getLog(RMCaveatConfigComponentImpl.class); - - private ContentService contentService; - private DictionaryService dictionaryService; - private NamespaceService namespaceService; - private AuthorityService authorityService; - private PersonService personService; - private NodeService nodeService; - - // Default - private StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); - - private List caveatAspectURINames = new ArrayList(0); - private List caveatAspectQNames = new ArrayList(0); - - private List caveatModelURINames = new ArrayList(0); - private List caveatModelQNames = new ArrayList(0); - - private static final String CAVEAT_CONFIG_NAME = "caveatConfig.json"; - - private static final QName DATATYPE_TEXT = DataTypeDefinition.TEXT; - - /** - * Lock objects - */ - private ReadWriteLock lock = new ReentrantReadWriteLock(); - private Lock readLock = lock.readLock(); - private Lock writeLock = lock.writeLock(); - - /* - * Caveat Config (Shared) config - * first string is property name - * second string is authority name (user or group full name) - * third string is list of values of property - */ - private SimpleCache>> caveatConfig; - - public void setCaveatConfig(SimpleCache>> caveatConfig) - { - this.caveatConfig = caveatConfig; - } - - public void setNodeService(NodeService nodeService) - { - this.nodeService = nodeService; - } - - public void setContentService(ContentService contentService) - { - this.contentService = contentService; - } - - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - public void setAuthorityService(AuthorityService authorityService) - { - this.authorityService = authorityService; - } - - public void setPersonService(PersonService personService) - { - this.personService = personService; - } - - public void setStoreRef(String storeRef) - { - this.storeRef = new StoreRef(storeRef); - } - - public void setCaveatAspects(List caveatAspectNames) - { - this.caveatAspectURINames = caveatAspectNames; - } - - public void setCaveatModels(List caveatModelNames) - { - this.caveatModelURINames = caveatModelNames; - } - - /** - * Initialise behaviours and caveat config cache - */ - public void init() - { - if (caveatAspectURINames.size() > 0) - { - for (String caveatAspectURIName : caveatAspectURINames) - { - caveatAspectQNames.add(QName.createQName(caveatAspectURIName)); - } - - if (logger.isInfoEnabled()) - { - logger.info("Caveat aspects configured "+caveatAspectQNames); - } - } - else - { - logger.warn("No caveat aspects configured - caveats will not be applied"); - } - - if (caveatModelURINames.size() > 0) - { - for (String caveatModelURIName : caveatModelURINames) - { - caveatModelQNames.add(QName.createQName(caveatModelURIName)); - } - - if (logger.isInfoEnabled()) - { - logger.info("Caveat models configured "+caveatModelQNames); - } - } - else - { - logger.info("No caveat models configured - all models will be checked"); - } - - NodeRef caveatConfigNodeRef = getCaveatConfigNode(); - if (caveatConfigNodeRef != null) - { - validateAndReset(caveatConfigNodeRef); - } - } - - /** - * @see org.alfresco.repo.content.ContentServicePolicies.OnContentUpdatePolicy#onContentUpdate(org.alfresco.service.cmr.repository.NodeRef, boolean) - * RM-2770 - this method has to be fired on transaction commit to be able to validate the content when the content store is encrypted - */ - @Override - @Behaviour - ( - kind = BehaviourKind.CLASS, - notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT - ) - public void onContentUpdate(NodeRef nodeRef, boolean newContent) - { - if (logger.isInfoEnabled()) - { - logger.info("onContentUpdate: "+nodeRef+", "+newContent); - } - - validateAndReset(nodeRef); - } - - /** - * @see org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy#beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - @Behaviour(kind = BehaviourKind.CLASS) - public void beforeDeleteNode(NodeRef nodeRef) - { - if (logger.isInfoEnabled()) - { - logger.info("beforeDeleteNode: "+nodeRef); - } - - validateAndReset(nodeRef); - } - - /** - * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) - */ - @Override - @Behaviour(kind = BehaviourKind.CLASS) - public void onCreateNode(ChildAssociationRef childAssocRef) - { - if (logger.isInfoEnabled()) - { - logger.info("onCreateNode: "+childAssocRef); - } - - validateAndReset(childAssocRef.getChildRef()); - } - - /** - * Validate the caveat config and optionally update the cache. - * - * @param nodeRef The nodeRef of the config - * @param updateCache Set to true to update the cache - */ - @SuppressWarnings("unchecked") - protected void validateAndReset(NodeRef nodeRef) - { - ContentReader cr = contentService.getReader(nodeRef, ContentModel.PROP_CONTENT); - if (cr != null) - { - // TODO - check who can change caveat config ! - // TODO - locking (or checkout/checkin) - - String caveatConfigData = cr.getContentString(); - if (caveatConfigData != null) - { - NodeRef existing = getCaveatConfigNode(); - if ((existing != null && (! existing.equals(nodeRef)))) - { - throw new AlfrescoRuntimeException("Cannot create more than one caveat config (existing="+existing+", new="+nodeRef+")"); - } - - try - { - if (logger.isTraceEnabled()) - { - logger.trace(caveatConfigData); - } - - Set models = new HashSet(1); - Set props = new HashSet(10); - Set expectedPrefixes = new HashSet(10); - - if (caveatModelQNames.size() > 0) - { - models.addAll(caveatModelQNames); - } - else - { - models.addAll(dictionaryService.getAllModels()); - } - - if (logger.isTraceEnabled()) - { - logger.trace("validateAndReset: models to check "+models); - } - - for (QName model : models) - { - props.addAll(dictionaryService.getProperties(model, DATATYPE_TEXT)); - expectedPrefixes.addAll(namespaceService.getPrefixes(model.getNamespaceURI())); - } - - if (props.size() == 0) - { - logger.warn("validateAndReset: no caveat properties found"); - } - else - { - if (logger.isTraceEnabled()) - { - logger.trace("validateAndReset: properties to check "+props); - } - } - - Map caveatConfigMap = JSONtoFmModel.convertJSONObjectToMap(caveatConfigData); - - for (Map.Entry conEntry : caveatConfigMap.entrySet()) - { - String conStr = conEntry.getKey(); - - QName conQName = QName.resolveToQName(namespaceService, conStr); - - // check prefix - String conPrefix = QName.splitPrefixedQName(conStr)[0]; - boolean prefixFound = false; - for (String expectedPrefix : expectedPrefixes) - { - if (conPrefix.equals(expectedPrefix)) - { - prefixFound = true; - } - } - - if (! prefixFound) - { - throw new AlfrescoRuntimeException("Unexpected prefix: "+ conPrefix + " (" + conStr +") expected one of "+expectedPrefixes+")"); - } - - Map> caveatMap = (Map>)conEntry.getValue(); - - List allowedValues = null; - @SuppressWarnings("unused") - boolean found = false; - - for (QName propertyName : props) - { - PropertyDefinition propDef = dictionaryService.getProperty(propertyName); - List conDefs = propDef.getConstraints(); - for (ConstraintDefinition conDef : conDefs) - { - final Constraint con = conDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - String conName = ((RMListOfValuesConstraint)con).getShortName(); - if (conName.equals(conStr)) - { - // note: assumes only one caveat/LOV against a given property - allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return ((RMListOfValuesConstraint)con).getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - found = true; - break; - } - } - } - } - - if (allowedValues != null) - { - if (logger.isInfoEnabled()) - { - logger.info("Processing constraint: "+conQName); - } - - for (Map.Entry> caveatEntry : caveatMap.entrySet()) - { - String authorityName = caveatEntry.getKey(); - List caveatList = caveatEntry.getValue(); - - // validate authority (user or group) - note: groups are configured with fullname (ie. GROUP_xxx) - if ((! authorityService.authorityExists(authorityName) && ! personService.personExists(authorityName))) - { - // TODO - review warnings (& I18N) - String msg = "User/group does not exist: "+authorityName+" (constraint="+conStr+")"; - logger.warn(msg); - } - - // validate caveat list - for (String value : caveatList) - { - if (! allowedValues.contains(value)) - { - // TODO - review warnings (& add I18N) - String msg = "Invalid value in list: "+value+" (authority="+authorityName+", constraint="+conStr+")"; - logger.warn(msg); - } - } - } - } - } - - try - { - writeLock.lock(); - // we can't just clear the cache, as all puts to the cache afterwards in this transaction will be ignored - // first delete all keys that are now not in the config - caveatConfig.getKeys().retainAll(caveatConfigMap.keySet()); - - for (Map.Entry conEntry : caveatConfigMap.entrySet()) - { - String conStr = conEntry.getKey(); - Map> caveatMap = (Map>)conEntry.getValue(); - - Map> cacheValue = caveatConfig.get(conStr); - if (cacheValue == null || !cacheValue.equals(caveatMap)) - { - // update the cache - caveatConfig.put(conStr, caveatMap); - } - } - } - finally - { - writeLock.unlock(); - } - } - catch (JSONException e) - { - throw new AlfrescoRuntimeException("Invalid caveat config syntax: "+e); - } - } - } - } - - private NodeRef getCaveatConfigNode() - { - NodeRef rootNode = nodeService.getRootNode(storeRef); - return nodeService.getChildByName(rootNode, RecordsManagementModel.ASSOC_CAVEAT_CONFIG, CAVEAT_CONFIG_NAME); - } - - - public NodeRef updateOrCreateCaveatConfig(InputStream is) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(is); - - return caveatConfig; - } - - public NodeRef updateOrCreateCaveatConfig(File jsonFile) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(jsonFile); - - return caveatConfig; - } - - public NodeRef updateOrCreateCaveatConfig(String jsonString) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(jsonString); - - return caveatConfig; - } - - private NodeRef getOrCreateCaveatConfig() - { - NodeRef caveatConfig = getCaveatConfigNode(); - if (caveatConfig == null) - { - NodeRef rootNode = nodeService.getRootNode(storeRef); - nodeService.addAspect(rootNode, VersionModel.ASPECT_VERSION_STORE_ROOT, null); - - // Create caveat config - caveatConfig = nodeService.createNode(rootNode, - RecordsManagementModel.ASSOC_CAVEAT_CONFIG, - QName.createQName(RecordsManagementModel.RM_URI, CAVEAT_CONFIG_NAME), - RecordsManagementModel.TYPE_CAVEAT_CONFIG).getChildRef(); - - nodeService.setProperty(caveatConfig, ContentModel.PROP_NAME, CAVEAT_CONFIG_NAME); - } - - return caveatConfig; - } - - // Get list of all caveat qualified names - public Collection getRMConstraintNames() - { - Collection rmConstraintNames = Collections.emptySet(); - try - { - readLock.lock(); - rmConstraintNames = caveatConfig.getKeys(); - } - finally - { - readLock.unlock(); - } - return Collections.unmodifiableCollection(rmConstraintNames); - } - - // Get allowed values for given caveat (for current user) - public List getRMAllowedValues(String constraintName) - { - List allowedValues = new ArrayList(0); - - String userName = AuthenticationUtil.getRunAsUser(); - if (userName != null && !(AuthenticationUtil.isMtEnabled() && AuthenticationUtil.isRunAsUserTheSystemUser())) - { - // note: userName and userGroupNames must not be null - caveatConfig.get(constraintName); - - Set userGroupFullNames = authorityService.getAuthoritiesForUser(userName); - allowedValues = getRMAllowedValues(userName, userGroupFullNames, constraintName); - } - - return allowedValues; - } - - private List getRMAllowedValues(String userName, Set userGroupFullNames, String constraintName) - { - SetallowedValues = new HashSet(); - - // note: userName and userGroupNames must not be null - Map> caveatConstraintDef = null; - try - { - readLock.lock(); - caveatConstraintDef = caveatConfig.get(constraintName); - } - finally - { - readLock.unlock(); - } - - if (caveatConstraintDef != null) - { - List direct = caveatConstraintDef.get(userName); - if(direct != null) - { - allowedValues.addAll(direct); - } - - for (String group : userGroupFullNames) - { - List values = caveatConstraintDef.get(group); - if(values != null) - { - allowedValues.addAll(values); - } - } - } - - Listret = new ArrayList(); - ret.addAll(allowedValues); - return Collections.unmodifiableList(ret); - } - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - @SuppressWarnings("unchecked") - public boolean hasAccess(NodeRef nodeRef) - { - try - { - if ((! nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) - { - return true; - } - - boolean found = false; - for (QName caveatAspectQName : caveatAspectQNames) - { - if (nodeService.hasAspect(nodeRef, caveatAspectQName)) - { - found = true; - break; - } - } - - if (! found) - { - // no caveat aspect - return true; - } - else - { - // check for caveats - String userName = AuthenticationUtil.getRunAsUser(); - if (userName != null) - { - // check all text properties - Map props = nodeService.getProperties(nodeRef); - for (Map.Entry entry : props.entrySet()) - { - QName propName = entry.getKey(); - PropertyDefinition propDef = dictionaryService.getProperty(propName); - - if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) - { - List conDefs = propDef.getConstraints(); - for (ConstraintDefinition conDef : conDefs) - { - Constraint con = conDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint)con); - String conName = rmCon.getShortName(); - MatchLogic matchLogic = rmCon.getMatchLogicEnum(); - Map> caveatConstraintDef = caveatConfig.get(conName); - if (caveatConstraintDef == null) - { - continue; - } - else - { - Set userGroupNames = authorityService.getAuthoritiesForUser(userName); - List allowedValues = getRMAllowedValues(userName, userGroupNames, conName); - - List propValues = null; - Object val = entry.getValue(); - if (val instanceof String) - { - propValues = new ArrayList(1); - propValues.add((String)val); - } - else if (val instanceof List) - { - propValues = (List)val; - } - - if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) - { - if (logger.isDebugEnabled()) - { - logger.debug("Veto access: caveat="+conName+", userName="+userName+", nodeRef="+nodeRef+", propName="+propName+", propValues="+propValues+", allowedValues="+allowedValues); - } - return false; - } - } - } - } - } - } - } - - return true; - } - } - catch (AccessDeniedException ade) - { - return false; - } - } - - private boolean isAllowed(List propValues, List userGroupValues, MatchLogic matchLogic) - { - if (matchLogic.equals(MatchLogic.AND)) - { - // check user/group values match all values on node - for (String propValue : propValues) - { - if (! userGroupValues.contains(propValue)) - { - if (logger.isTraceEnabled()) - { - logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); - } - - return false; - } - } - - return true; - } - else if (matchLogic.equals(MatchLogic.OR)) - { - // check user/group values match at least one value on node - for (String propValue : propValues) - { - if (userGroupValues.contains(propValue)) - { - return true; - } - } - - if (logger.isTraceEnabled()) - { - logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); - } - - return false; - } - - logger.error("Unexpected match logic type: "+matchLogic); - return false; - } - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param value - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - public void addRMConstraintListValue(String listName, String authorityName, String value) - { - Map> members = null; - try - { - readLock.lock(); - members = caveatConfig.get(listName); - if(members == null) - { - throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); - } - - try - { - readLock.unlock(); - writeLock.lock(); - // check again - members = caveatConfig.get(listName); - if(members == null) - { - throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); - } - - List values = members.get(authorityName); - if(values == null) - { - throw new AlfrescoRuntimeException("Unable to add to authority in list. Authority not member listName: "+ listName + " authorityName:" +authorityName); - } - values.add(value); - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - readLock.lock(); - writeLock.unlock(); - } - - } - finally - { - readLock.unlock(); - } - } - - /** - * Get the member details of the specified list - * @param listName - * @return the details of the specified list - */ - public Map> getListDetails(String listName) - { - Map> listDetails = null; - try - { - readLock.lock(); - listDetails = caveatConfig.get(listName); - } - finally - { - readLock.unlock(); - } - if (listDetails == null) - { - return Collections.emptyMap(); - } - else - { - return Collections.unmodifiableMap(listDetails); - } - } - - public List getRMCaveatModels() - { - return caveatModelQNames; - } - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) - { - Map> members = null; - try - { - writeLock.lock(); - members = caveatConfig.get(listName); - if(members == null) - { - // Create the new list, with the authority name - Map> constraint = new HashMap>(0); - constraint.put(authorityName, new ArrayList(values)); - members = constraint; - } - else - { - members.put(authorityName, new ArrayList(values)); - } - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - /** - * Replace the authorities for a value in a list - * - * @param listName - * @param valueName - * @param authorities - */ - public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) - { - - Map> members = caveatConfig.get(listName); - try - { - writeLock.lock(); - - if(members == null) - { - // Members List does not exist - Map> emptyConstraint = new HashMap>(0); - caveatConfig.put(listName, emptyConstraint); - members = emptyConstraint; - - } - // authorities contains authority, values[] - // pivot contains value, members[] - Map> pivot = PivotUtil.getPivot(members); - - // remove all authorities which have this value - List existingAuthorities = pivot.get(valueName); - if(existingAuthorities != null) - { - for(String authority : existingAuthorities) - { - List vals = members.get(authority); - vals.remove(valueName); - } - } - // add the new authorities for this value - for(String authority : authorities) - { - List vals = members.get(authority); - if(vals == null) - { - vals= new ArrayList(); - members.put(authority, vals); - } - vals.add(valueName); - } - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - public void removeRMConstraintListValue(String listName, String valueName) - { - Map> members = null; - try - { - readLock.lock(); - - members = caveatConfig.get(listName); - if (members != null) - { - try - { - readLock.unlock(); - writeLock.lock(); - // check again - members = caveatConfig.get(listName); - if (members != null) - { - // authorities contains authority, values[] - // pivot contains value, members[] - Map> pivot = PivotUtil.getPivot(members); - - // remove all authorities which have this value - List existingAuthorities = pivot.get(valueName); - if(existingAuthorities != null) - { - for(String authority : existingAuthorities) - { - List vals = members.get(authority); - vals.remove(valueName); - } - caveatConfig.put(listName, members); - } - } - - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - readLock.lock(); - writeLock.unlock(); - } - } - } - finally - { - readLock.unlock(); - } - } - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void removeRMConstraintListAuthority(String listName, String authorityName) - { - Map> members = null; - try - { - writeLock.lock(); - members = caveatConfig.get(listName); - if(members != null) - { - members.remove(listName); - } - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - - } - finally - { - writeLock.unlock(); - } -} - - /** - * @param config the configuration to convert - * @return a String containing the JSON representation of the configuration. - */ - private String convertToJSONString(SimpleCache>> config) - { - JSONObject configJSONObject = new JSONObject(); - - Collection listNames = config.getKeys(); - for (String listName : listNames) - { - Map> members = config.get(listName); - - Set authorityNames = members.keySet(); - JSONObject listMembers = new JSONObject(); - - for (String authorityName : authorityNames) - { - List authorities = members.get(authorityName); - try - { - listMembers.put(authorityName, authorities); - } - catch (JSONException error) - { - StringBuilder sb = new StringBuilder(); - sb.append("Cannot add the key '"); - sb.append(authorityName); - sb.append("' with the value '"); - sb.append(authorities); - sb.append("' to the JSONObject 'listMembers' '"); - sb.append(listMembers); - sb.append("': "); - sb.append(getFullStackTrace(error)); - throw new AlfrescoRuntimeException(sb.toString()); - } - } - - try - { - configJSONObject.put(listName, listMembers); - } - catch (JSONException error) - { - StringBuilder sb = new StringBuilder(); - sb.append("Cannot add the key '"); - sb.append(listName); - sb.append("' with the value '"); - sb.append(listMembers); - sb.append("' to the JSONObject 'configJSONObject' '"); - sb.append(configJSONObject); - sb.append("': "); - sb.append(getFullStackTrace(error)); - throw new AlfrescoRuntimeException(sb.toString()); - } - } - - return configJSONObject.toString(); - } - - /** - * Get an RMConstraintInfo - * @param listQName - * @return the constraint or null if it does not exist - */ - public RMConstraintInfo getRMConstraint(QName listQName) - { - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - if(dictionaryDef != null) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(con.getTitle()); - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - info.setCaseSensitive(def.isCaseSensitive()); - return info; - } - } - return null; - } - - /** - * Get RM Constraint detail. - * - * @return the constraintInfo or null - */ - public RMConstraintInfo getRMConstraint(String listName) - { - QName listQName = QName.createQName(listName, namespaceService); - return getRMConstraint(listQName); - } - - public void deleteRMConstraint(String listName) - { - try - { - writeLock.lock(); - caveatConfig.remove(listName); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - public void addRMConstraint(String listName) - { - try - { - writeLock.lock(); - Map> emptyConstraint = new HashMap>(0); - caveatConfig.put(listName, emptyConstraint); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import static org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace; + +import java.io.File; +import java.io.InputStream; +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.model.ContentModel; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.repo.cache.SimpleCache; +import org.alfresco.repo.content.ContentServicePolicies; +import org.alfresco.repo.content.MimetypeMap; +import org.alfresco.repo.node.NodeServicePolicies; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.policy.annotation.Behaviour; +import org.alfresco.repo.policy.annotation.BehaviourBean; +import org.alfresco.repo.policy.annotation.BehaviourKind; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.version.VersionModel; +import org.alfresco.service.cmr.dictionary.Constraint; +import org.alfresco.service.cmr.dictionary.ConstraintDefinition; +import org.alfresco.service.cmr.dictionary.DataTypeDefinition; +import org.alfresco.service.cmr.dictionary.DictionaryService; +import org.alfresco.service.cmr.dictionary.PropertyDefinition; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.ContentReader; +import org.alfresco.service.cmr.repository.ContentService; +import org.alfresco.service.cmr.repository.ContentWriter; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.repository.StoreRef; +import org.alfresco.service.cmr.security.AuthorityService; +import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.alfresco.util.JSONtoFmModel; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.json.JSONException; +import org.json.JSONObject; + +import net.sf.acegisecurity.AccessDeniedException; + +/** + * RM Caveat Config component impl + * + * @author janv + */ +@BehaviourBean(defaultType = "rma:caveatConfig") +public class RMCaveatConfigComponentImpl implements ContentServicePolicies.OnContentUpdatePolicy, + NodeServicePolicies.BeforeDeleteNodePolicy, + NodeServicePolicies.OnCreateNodePolicy, + RMCaveatConfigComponent +{ + private static Log logger = LogFactory.getLog(RMCaveatConfigComponentImpl.class); + + private ContentService contentService; + private DictionaryService dictionaryService; + private NamespaceService namespaceService; + private AuthorityService authorityService; + private PersonService personService; + private NodeService nodeService; + + // Default + private StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); + + private List caveatAspectURINames = new ArrayList(0); + private List caveatAspectQNames = new ArrayList(0); + + private List caveatModelURINames = new ArrayList(0); + private List caveatModelQNames = new ArrayList(0); + + private static final String CAVEAT_CONFIG_NAME = "caveatConfig.json"; + + private static final QName DATATYPE_TEXT = DataTypeDefinition.TEXT; + + /** + * Lock objects + */ + private ReadWriteLock lock = new ReentrantReadWriteLock(); + private Lock readLock = lock.readLock(); + private Lock writeLock = lock.writeLock(); + + /* + * Caveat Config (Shared) config + * first string is property name + * second string is authority name (user or group full name) + * third string is list of values of property + */ + private SimpleCache>> caveatConfig; + + public void setCaveatConfig(SimpleCache>> caveatConfig) + { + this.caveatConfig = caveatConfig; + } + + public void setNodeService(NodeService nodeService) + { + this.nodeService = nodeService; + } + + public void setContentService(ContentService contentService) + { + this.contentService = contentService; + } + + public void setDictionaryService(DictionaryService dictionaryService) + { + this.dictionaryService = dictionaryService; + } + + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + public void setPersonService(PersonService personService) + { + this.personService = personService; + } + + public void setStoreRef(String storeRef) + { + this.storeRef = new StoreRef(storeRef); + } + + public void setCaveatAspects(List caveatAspectNames) + { + this.caveatAspectURINames = caveatAspectNames; + } + + public void setCaveatModels(List caveatModelNames) + { + this.caveatModelURINames = caveatModelNames; + } + + /** + * Initialise behaviours and caveat config cache + */ + public void init() + { + if (caveatAspectURINames.size() > 0) + { + for (String caveatAspectURIName : caveatAspectURINames) + { + caveatAspectQNames.add(QName.createQName(caveatAspectURIName)); + } + + if (logger.isInfoEnabled()) + { + logger.info("Caveat aspects configured "+caveatAspectQNames); + } + } + else + { + logger.warn("No caveat aspects configured - caveats will not be applied"); + } + + if (caveatModelURINames.size() > 0) + { + for (String caveatModelURIName : caveatModelURINames) + { + caveatModelQNames.add(QName.createQName(caveatModelURIName)); + } + + if (logger.isInfoEnabled()) + { + logger.info("Caveat models configured "+caveatModelQNames); + } + } + else + { + logger.info("No caveat models configured - all models will be checked"); + } + + NodeRef caveatConfigNodeRef = getCaveatConfigNode(); + if (caveatConfigNodeRef != null) + { + validateAndReset(caveatConfigNodeRef); + } + } + + /** + * @see org.alfresco.repo.content.ContentServicePolicies.OnContentUpdatePolicy#onContentUpdate(org.alfresco.service.cmr.repository.NodeRef, boolean) + * RM-2770 - this method has to be fired on transaction commit to be able to validate the content when the content store is encrypted + */ + @Override + @Behaviour + ( + kind = BehaviourKind.CLASS, + notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT + ) + public void onContentUpdate(NodeRef nodeRef, boolean newContent) + { + if (logger.isInfoEnabled()) + { + logger.info("onContentUpdate: "+nodeRef+", "+newContent); + } + + validateAndReset(nodeRef); + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy#beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + @Behaviour(kind = BehaviourKind.CLASS) + public void beforeDeleteNode(NodeRef nodeRef) + { + if (logger.isInfoEnabled()) + { + logger.info("beforeDeleteNode: "+nodeRef); + } + + validateAndReset(nodeRef); + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) + */ + @Override + @Behaviour(kind = BehaviourKind.CLASS) + public void onCreateNode(ChildAssociationRef childAssocRef) + { + if (logger.isInfoEnabled()) + { + logger.info("onCreateNode: "+childAssocRef); + } + + validateAndReset(childAssocRef.getChildRef()); + } + + /** + * Validate the caveat config and optionally update the cache. + * + * @param nodeRef The nodeRef of the config + * @param updateCache Set to true to update the cache + */ + @SuppressWarnings("unchecked") + protected void validateAndReset(NodeRef nodeRef) + { + ContentReader cr = contentService.getReader(nodeRef, ContentModel.PROP_CONTENT); + if (cr != null) + { + // TODO - check who can change caveat config ! + // TODO - locking (or checkout/checkin) + + String caveatConfigData = cr.getContentString(); + if (caveatConfigData != null) + { + NodeRef existing = getCaveatConfigNode(); + if ((existing != null && (! existing.equals(nodeRef)))) + { + throw new AlfrescoRuntimeException("Cannot create more than one caveat config (existing="+existing+", new="+nodeRef+")"); + } + + try + { + if (logger.isTraceEnabled()) + { + logger.trace(caveatConfigData); + } + + Set models = new HashSet(1); + Set props = new HashSet(10); + Set expectedPrefixes = new HashSet(10); + + if (caveatModelQNames.size() > 0) + { + models.addAll(caveatModelQNames); + } + else + { + models.addAll(dictionaryService.getAllModels()); + } + + if (logger.isTraceEnabled()) + { + logger.trace("validateAndReset: models to check "+models); + } + + for (QName model : models) + { + props.addAll(dictionaryService.getProperties(model, DATATYPE_TEXT)); + expectedPrefixes.addAll(namespaceService.getPrefixes(model.getNamespaceURI())); + } + + if (props.size() == 0) + { + logger.warn("validateAndReset: no caveat properties found"); + } + else + { + if (logger.isTraceEnabled()) + { + logger.trace("validateAndReset: properties to check "+props); + } + } + + Map caveatConfigMap = JSONtoFmModel.convertJSONObjectToMap(caveatConfigData); + + for (Map.Entry conEntry : caveatConfigMap.entrySet()) + { + String conStr = conEntry.getKey(); + + QName conQName = QName.resolveToQName(namespaceService, conStr); + + // check prefix + String conPrefix = QName.splitPrefixedQName(conStr)[0]; + boolean prefixFound = false; + for (String expectedPrefix : expectedPrefixes) + { + if (conPrefix.equals(expectedPrefix)) + { + prefixFound = true; + } + } + + if (! prefixFound) + { + throw new AlfrescoRuntimeException("Unexpected prefix: "+ conPrefix + " (" + conStr +") expected one of "+expectedPrefixes+")"); + } + + Map> caveatMap = (Map>)conEntry.getValue(); + + List allowedValues = null; + @SuppressWarnings("unused") + boolean found = false; + + for (QName propertyName : props) + { + PropertyDefinition propDef = dictionaryService.getProperty(propertyName); + List conDefs = propDef.getConstraints(); + for (ConstraintDefinition conDef : conDefs) + { + final Constraint con = conDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + String conName = ((RMListOfValuesConstraint)con).getShortName(); + if (conName.equals(conStr)) + { + // note: assumes only one caveat/LOV against a given property + allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return ((RMListOfValuesConstraint)con).getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + found = true; + break; + } + } + } + } + + if (allowedValues != null) + { + if (logger.isInfoEnabled()) + { + logger.info("Processing constraint: "+conQName); + } + + for (Map.Entry> caveatEntry : caveatMap.entrySet()) + { + String authorityName = caveatEntry.getKey(); + List caveatList = caveatEntry.getValue(); + + // validate authority (user or group) - note: groups are configured with fullname (ie. GROUP_xxx) + if ((! authorityService.authorityExists(authorityName) && ! personService.personExists(authorityName))) + { + // TODO - review warnings (& I18N) + String msg = "User/group does not exist: "+authorityName+" (constraint="+conStr+")"; + logger.warn(msg); + } + + // validate caveat list + for (String value : caveatList) + { + if (! allowedValues.contains(value)) + { + // TODO - review warnings (& add I18N) + String msg = "Invalid value in list: "+value+" (authority="+authorityName+", constraint="+conStr+")"; + logger.warn(msg); + } + } + } + } + } + + try + { + writeLock.lock(); + // we can't just clear the cache, as all puts to the cache afterwards in this transaction will be ignored + // first delete all keys that are now not in the config + caveatConfig.getKeys().retainAll(caveatConfigMap.keySet()); + + for (Map.Entry conEntry : caveatConfigMap.entrySet()) + { + String conStr = conEntry.getKey(); + Map> caveatMap = (Map>)conEntry.getValue(); + + Map> cacheValue = caveatConfig.get(conStr); + if (cacheValue == null || !cacheValue.equals(caveatMap)) + { + // update the cache + caveatConfig.put(conStr, caveatMap); + } + } + } + finally + { + writeLock.unlock(); + } + } + catch (JSONException e) + { + throw new AlfrescoRuntimeException("Invalid caveat config syntax: "+e); + } + } + } + } + + private NodeRef getCaveatConfigNode() + { + NodeRef rootNode = nodeService.getRootNode(storeRef); + return nodeService.getChildByName(rootNode, RecordsManagementModel.ASSOC_CAVEAT_CONFIG, CAVEAT_CONFIG_NAME); + } + + + public NodeRef updateOrCreateCaveatConfig(InputStream is) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(is); + + return caveatConfig; + } + + public NodeRef updateOrCreateCaveatConfig(File jsonFile) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(jsonFile); + + return caveatConfig; + } + + public NodeRef updateOrCreateCaveatConfig(String jsonString) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(jsonString); + + return caveatConfig; + } + + private NodeRef getOrCreateCaveatConfig() + { + NodeRef caveatConfig = getCaveatConfigNode(); + if (caveatConfig == null) + { + NodeRef rootNode = nodeService.getRootNode(storeRef); + nodeService.addAspect(rootNode, VersionModel.ASPECT_VERSION_STORE_ROOT, null); + + // Create caveat config + caveatConfig = nodeService.createNode(rootNode, + RecordsManagementModel.ASSOC_CAVEAT_CONFIG, + QName.createQName(RecordsManagementModel.RM_URI, CAVEAT_CONFIG_NAME), + RecordsManagementModel.TYPE_CAVEAT_CONFIG).getChildRef(); + + nodeService.setProperty(caveatConfig, ContentModel.PROP_NAME, CAVEAT_CONFIG_NAME); + } + + return caveatConfig; + } + + // Get list of all caveat qualified names + public Collection getRMConstraintNames() + { + Collection rmConstraintNames = Collections.emptySet(); + try + { + readLock.lock(); + rmConstraintNames = caveatConfig.getKeys(); + } + finally + { + readLock.unlock(); + } + return Collections.unmodifiableCollection(rmConstraintNames); + } + + // Get allowed values for given caveat (for current user) + public List getRMAllowedValues(String constraintName) + { + List allowedValues = new ArrayList(0); + + String userName = AuthenticationUtil.getRunAsUser(); + if (userName != null && !(AuthenticationUtil.isMtEnabled() && AuthenticationUtil.isRunAsUserTheSystemUser())) + { + // note: userName and userGroupNames must not be null + caveatConfig.get(constraintName); + + Set userGroupFullNames = authorityService.getAuthoritiesForUser(userName); + allowedValues = getRMAllowedValues(userName, userGroupFullNames, constraintName); + } + + return allowedValues; + } + + private List getRMAllowedValues(String userName, Set userGroupFullNames, String constraintName) + { + SetallowedValues = new HashSet(); + + // note: userName and userGroupNames must not be null + Map> caveatConstraintDef = null; + try + { + readLock.lock(); + caveatConstraintDef = caveatConfig.get(constraintName); + } + finally + { + readLock.unlock(); + } + + if (caveatConstraintDef != null) + { + List direct = caveatConstraintDef.get(userName); + if(direct != null) + { + allowedValues.addAll(direct); + } + + for (String group : userGroupFullNames) + { + List values = caveatConstraintDef.get(group); + if(values != null) + { + allowedValues.addAll(values); + } + } + } + + Listret = new ArrayList(); + ret.addAll(allowedValues); + return Collections.unmodifiableList(ret); + } + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + @SuppressWarnings("unchecked") + public boolean hasAccess(NodeRef nodeRef) + { + try + { + if ((! nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) + { + return true; + } + + boolean found = false; + for (QName caveatAspectQName : caveatAspectQNames) + { + if (nodeService.hasAspect(nodeRef, caveatAspectQName)) + { + found = true; + break; + } + } + + if (! found) + { + // no caveat aspect + return true; + } + else + { + // check for caveats + String userName = AuthenticationUtil.getRunAsUser(); + if (userName != null) + { + // check all text properties + Map props = nodeService.getProperties(nodeRef); + for (Map.Entry entry : props.entrySet()) + { + QName propName = entry.getKey(); + PropertyDefinition propDef = dictionaryService.getProperty(propName); + + if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) + { + List conDefs = propDef.getConstraints(); + for (ConstraintDefinition conDef : conDefs) + { + Constraint con = conDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint)con); + String conName = rmCon.getShortName(); + MatchLogic matchLogic = rmCon.getMatchLogicEnum(); + Map> caveatConstraintDef = caveatConfig.get(conName); + if (caveatConstraintDef == null) + { + continue; + } + else + { + Set userGroupNames = authorityService.getAuthoritiesForUser(userName); + List allowedValues = getRMAllowedValues(userName, userGroupNames, conName); + + List propValues = null; + Object val = entry.getValue(); + if (val instanceof String) + { + propValues = new ArrayList(1); + propValues.add((String)val); + } + else if (val instanceof List) + { + propValues = (List)val; + } + + if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) + { + if (logger.isDebugEnabled()) + { + logger.debug("Veto access: caveat="+conName+", userName="+userName+", nodeRef="+nodeRef+", propName="+propName+", propValues="+propValues+", allowedValues="+allowedValues); + } + return false; + } + } + } + } + } + } + } + + return true; + } + } + catch (AccessDeniedException ade) + { + return false; + } + } + + private boolean isAllowed(List propValues, List userGroupValues, MatchLogic matchLogic) + { + if (matchLogic.equals(MatchLogic.AND)) + { + // check user/group values match all values on node + for (String propValue : propValues) + { + if (! userGroupValues.contains(propValue)) + { + if (logger.isTraceEnabled()) + { + logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); + } + + return false; + } + } + + return true; + } + else if (matchLogic.equals(MatchLogic.OR)) + { + // check user/group values match at least one value on node + for (String propValue : propValues) + { + if (userGroupValues.contains(propValue)) + { + return true; + } + } + + if (logger.isTraceEnabled()) + { + logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); + } + + return false; + } + + logger.error("Unexpected match logic type: "+matchLogic); + return false; + } + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param value + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + public void addRMConstraintListValue(String listName, String authorityName, String value) + { + Map> members = null; + try + { + readLock.lock(); + members = caveatConfig.get(listName); + if(members == null) + { + throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); + } + + try + { + readLock.unlock(); + writeLock.lock(); + // check again + members = caveatConfig.get(listName); + if(members == null) + { + throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); + } + + List values = members.get(authorityName); + if(values == null) + { + throw new AlfrescoRuntimeException("Unable to add to authority in list. Authority not member listName: "+ listName + " authorityName:" +authorityName); + } + values.add(value); + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + readLock.lock(); + writeLock.unlock(); + } + + } + finally + { + readLock.unlock(); + } + } + + /** + * Get the member details of the specified list + * @param listName + * @return the details of the specified list + */ + public Map> getListDetails(String listName) + { + Map> listDetails = null; + try + { + readLock.lock(); + listDetails = caveatConfig.get(listName); + } + finally + { + readLock.unlock(); + } + if (listDetails == null) + { + return Collections.emptyMap(); + } + else + { + return Collections.unmodifiableMap(listDetails); + } + } + + public List getRMCaveatModels() + { + return caveatModelQNames; + } + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) + { + Map> members = null; + try + { + writeLock.lock(); + members = caveatConfig.get(listName); + if(members == null) + { + // Create the new list, with the authority name + Map> constraint = new HashMap>(0); + constraint.put(authorityName, new ArrayList(values)); + members = constraint; + } + else + { + members.put(authorityName, new ArrayList(values)); + } + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + /** + * Replace the authorities for a value in a list + * + * @param listName + * @param valueName + * @param authorities + */ + public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) + { + + Map> members = caveatConfig.get(listName); + try + { + writeLock.lock(); + + if(members == null) + { + // Members List does not exist + Map> emptyConstraint = new HashMap>(0); + caveatConfig.put(listName, emptyConstraint); + members = emptyConstraint; + + } + // authorities contains authority, values[] + // pivot contains value, members[] + Map> pivot = PivotUtil.getPivot(members); + + // remove all authorities which have this value + List existingAuthorities = pivot.get(valueName); + if(existingAuthorities != null) + { + for(String authority : existingAuthorities) + { + List vals = members.get(authority); + vals.remove(valueName); + } + } + // add the new authorities for this value + for(String authority : authorities) + { + List vals = members.get(authority); + if(vals == null) + { + vals= new ArrayList(); + members.put(authority, vals); + } + vals.add(valueName); + } + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + public void removeRMConstraintListValue(String listName, String valueName) + { + Map> members = null; + try + { + readLock.lock(); + + members = caveatConfig.get(listName); + if (members != null) + { + try + { + readLock.unlock(); + writeLock.lock(); + // check again + members = caveatConfig.get(listName); + if (members != null) + { + // authorities contains authority, values[] + // pivot contains value, members[] + Map> pivot = PivotUtil.getPivot(members); + + // remove all authorities which have this value + List existingAuthorities = pivot.get(valueName); + if(existingAuthorities != null) + { + for(String authority : existingAuthorities) + { + List vals = members.get(authority); + vals.remove(valueName); + } + caveatConfig.put(listName, members); + } + } + + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + readLock.lock(); + writeLock.unlock(); + } + } + } + finally + { + readLock.unlock(); + } + } + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void removeRMConstraintListAuthority(String listName, String authorityName) + { + Map> members = null; + try + { + writeLock.lock(); + members = caveatConfig.get(listName); + if(members != null) + { + members.remove(listName); + } + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + + } + finally + { + writeLock.unlock(); + } +} + + /** + * @param config the configuration to convert + * @return a String containing the JSON representation of the configuration. + */ + private String convertToJSONString(SimpleCache>> config) + { + JSONObject configJSONObject = new JSONObject(); + + Collection listNames = config.getKeys(); + for (String listName : listNames) + { + Map> members = config.get(listName); + + Set authorityNames = members.keySet(); + JSONObject listMembers = new JSONObject(); + + for (String authorityName : authorityNames) + { + List authorities = members.get(authorityName); + try + { + listMembers.put(authorityName, authorities); + } + catch (JSONException error) + { + StringBuilder sb = new StringBuilder(); + sb.append("Cannot add the key '"); + sb.append(authorityName); + sb.append("' with the value '"); + sb.append(authorities); + sb.append("' to the JSONObject 'listMembers' '"); + sb.append(listMembers); + sb.append("': "); + sb.append(getFullStackTrace(error)); + throw new AlfrescoRuntimeException(sb.toString()); + } + } + + try + { + configJSONObject.put(listName, listMembers); + } + catch (JSONException error) + { + StringBuilder sb = new StringBuilder(); + sb.append("Cannot add the key '"); + sb.append(listName); + sb.append("' with the value '"); + sb.append(listMembers); + sb.append("' to the JSONObject 'configJSONObject' '"); + sb.append(configJSONObject); + sb.append("': "); + sb.append(getFullStackTrace(error)); + throw new AlfrescoRuntimeException(sb.toString()); + } + } + + return configJSONObject.toString(); + } + + /** + * Get an RMConstraintInfo + * @param listQName + * @return the constraint or null if it does not exist + */ + public RMConstraintInfo getRMConstraint(QName listQName) + { + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + if(dictionaryDef != null) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(con.getTitle()); + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + info.setCaseSensitive(def.isCaseSensitive()); + return info; + } + } + return null; + } + + /** + * Get RM Constraint detail. + * + * @return the constraintInfo or null + */ + public RMConstraintInfo getRMConstraint(String listName) + { + QName listQName = QName.createQName(listName, namespaceService); + return getRMConstraint(listQName); + } + + public void deleteRMConstraint(String listName) + { + try + { + writeLock.lock(); + caveatConfig.remove(listName); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + public void addRMConstraint(String listName) + { + try + { + writeLock.lock(); + Map> emptyConstraint = new HashMap>(0); + caveatConfig.put(listName, emptyConstraint); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java similarity index 95% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java index 4ef215a322..50538c84a2 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java @@ -1,161 +1,161 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.File; -import java.io.InputStream; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.service.cmr.repository.NodeRef; - -public interface RMCaveatConfigService -{ - void init(); - - /** - * Get allowed values for given caveat list (for current user) - * @param constraintName - * @return - */ - List getRMAllowedValues(String constraintName); - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - boolean hasAccess(NodeRef nodeRef); - - /* - * Get a single RM constraint - */ - RMConstraintInfo getRMConstraint(String listName); - - /* - * Get the names of all the caveat lists - */ - Set getAllRMConstraints(); - - /** - * Get the details of a caveat list - * @param listName - * @return - */ - Map> getListDetails(String listName); - - NodeRef updateOrCreateCaveatConfig(File jsonFile); - - NodeRef updateOrCreateCaveatConfig(String jsonString); - - NodeRef updateOrCreateCaveatConfig(InputStream is); - - /** - * add RM constraint list - * @param listName the name of the RMConstraintList - * @param listTitle - */ - RMConstraintInfo addRMConstraint(String listName, String listTitle, String[] allowedValues); - - /** - * update RM constraint list allowed values - * @param listName the name of the RMConstraintList - can not be changed - * @param allowedValues - */ - RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues); - - /** - * update RM constraint Title - * @param listName the name of the RMConstraintList - can not be changed - * @param allowedValues - */ - RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle); - - - /** - * delete RM Constraint - * - * @param listName the name of the RMConstraintList - */ - void deleteRMConstraint(String listName); - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - void addRMConstraintListValue(String listName, String authorityName, String value); - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - void removeRMConstraintListAuthority(String listName, String authorityName); - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param value - * @param authorities - */ - void updateRMConstraintListValue(String listName, String value, Listauthorities); - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param value - */ - void removeRMConstraintListValue(String listName, String valueName); -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.File; +import java.io.InputStream; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.service.cmr.repository.NodeRef; + +public interface RMCaveatConfigService +{ + void init(); + + /** + * Get allowed values for given caveat list (for current user) + * @param constraintName + * @return + */ + List getRMAllowedValues(String constraintName); + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + boolean hasAccess(NodeRef nodeRef); + + /* + * Get a single RM constraint + */ + RMConstraintInfo getRMConstraint(String listName); + + /* + * Get the names of all the caveat lists + */ + Set getAllRMConstraints(); + + /** + * Get the details of a caveat list + * @param listName + * @return + */ + Map> getListDetails(String listName); + + NodeRef updateOrCreateCaveatConfig(File jsonFile); + + NodeRef updateOrCreateCaveatConfig(String jsonString); + + NodeRef updateOrCreateCaveatConfig(InputStream is); + + /** + * add RM constraint list + * @param listName the name of the RMConstraintList + * @param listTitle + */ + RMConstraintInfo addRMConstraint(String listName, String listTitle, String[] allowedValues); + + /** + * update RM constraint list allowed values + * @param listName the name of the RMConstraintList - can not be changed + * @param allowedValues + */ + RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues); + + /** + * update RM constraint Title + * @param listName the name of the RMConstraintList - can not be changed + * @param allowedValues + */ + RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle); + + + /** + * delete RM Constraint + * + * @param listName the name of the RMConstraintList + */ + void deleteRMConstraint(String listName); + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + void addRMConstraintListValue(String listName, String authorityName, String value); + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + void removeRMConstraintListAuthority(String listName, String authorityName); + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param value + * @param authorities + */ + void updateRMConstraintListValue(String listName, String value, Listauthorities); + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param value + */ + void removeRMConstraintListValue(String listName, String valueName); +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java similarity index 96% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java index 8994ff4d18..5c2d55283c 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java @@ -1,437 +1,437 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.File; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.service.cmr.dictionary.Constraint; -import org.alfresco.service.cmr.dictionary.ConstraintDefinition; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * RM Caveat Config Service impl - * - * @author janv - */ -public class RMCaveatConfigServiceImpl implements RMCaveatConfigService -{ - private static Log logger = LogFactory.getLog(RMCaveatConfigServiceImpl.class); - - private NamespaceService namespaceService; - private DictionaryService dictionaryService; - - private RMCaveatConfigComponent rmCaveatConfigComponent; - private RecordsManagementAdminService recordsManagementAdminService; - - - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - - public void setCaveatConfigComponent(RMCaveatConfigComponent rmCaveatConfigComponent) - { - this.rmCaveatConfigComponent = rmCaveatConfigComponent; - } - - public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService) - { - this.recordsManagementAdminService = recordsManagementAdminService; - } - - public RecordsManagementAdminService getRecordsManagementAdminService() - { - return recordsManagementAdminService; - } - - public void init() - { - rmCaveatConfigComponent.init(); - } - - public NodeRef updateOrCreateCaveatConfig(InputStream is) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(is); - } - - public NodeRef updateOrCreateCaveatConfig(File jsonFile) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonFile); - } - - public NodeRef updateOrCreateCaveatConfig(String jsonString) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonString); - } - - // Get allowed values for given caveat (for current user) - public List getRMAllowedValues(String constraintName) - { - return rmCaveatConfigComponent.getRMAllowedValues(constraintName); - } - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - public boolean hasAccess(NodeRef nodeRef) - { - return rmCaveatConfigComponent.hasAccess(nodeRef); - } - - /** - * add RM constraint list - * @param listName the name of the RMConstraintList - */ - public RMConstraintInfo addRMConstraint(String listName, String title, String[] values) - { - return addRMConstraint(listName, title, values, MatchLogic.AND); - } - - public RMConstraintInfo addRMConstraint(String listName, String title, String[] values, MatchLogic matchLogic) - { - if (listName == null) - { - // Generate a list name - StringBuilder sb = new StringBuilder(); - sb.append(RecordsManagementCustomModel.RM_CUSTOM_PREFIX); - sb.append(QName.NAMESPACE_PREFIX); - sb.append(UUID.randomUUID().toString()); - listName = sb.toString(); - } - - ListallowedValues = new ArrayList(); - for(String value : values) - { - allowedValues.add(value); - } - - QName listQName = QName.createQName(listName, namespaceService); - - // TEMP review - if it already exists then change it for now - try - { - recordsManagementAdminService.addCustomConstraintDefinition(listQName, title, true, allowedValues, matchLogic); - } - catch (AlfrescoRuntimeException e) - { - if (e.getMessage().contains("Constraint already exists")) - { - recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValues); - recordsManagementAdminService.changeCustomConstraintTitle(listQName, title); - } - } - - rmCaveatConfigComponent.addRMConstraint(listName); - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(title); - info.setAllowedValues(values); - info.setCaseSensitive(true); - return info; - } - - /** - * delete RM Constraint List - * - * @param listName the name of the RMConstraintList - */ - public void deleteRMConstraint(String listName) - { - rmCaveatConfigComponent.deleteRMConstraint(listName); - - QName listQName = QName.createQName(listName, namespaceService); - - recordsManagementAdminService.removeCustomConstraintDefinition(listQName); - } - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - public void addRMConstraintListValue(String listName, String authorityName, String value) - { - rmCaveatConfigComponent.addRMConstraintListValue(listName, authorityName, value); - } - - /** - * Get the details of the specified list - * @param listName - * @return the details of the specified list - */ - public Map> getListDetails(String listName) - { - return rmCaveatConfigComponent.getListDetails(listName); - } - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) - { - rmCaveatConfigComponent.updateRMConstraintListAuthority(listName, authorityName, values); - } - - /** - * Replace the authorities for a value in a list - * - * @param listName - * @param valueName - * @param authorities - */ - public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) - { - rmCaveatConfigComponent.updateRMConstraintListValue(listName, valueName, authorities); - } - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void removeRMConstraintListAuthority(String listName, String authorityName) - { - rmCaveatConfigComponent.removeRMConstraintListAuthority(listName, authorityName); - } - - /** - * Get all Constraint Lists - */ - public Set getAllRMConstraints() - { - Set info = new HashSet(); - - List defs = new ArrayList(10); - for (QName caveatModelQName : rmCaveatConfigComponent.getRMCaveatModels()) - { - defs.addAll(recordsManagementAdminService.getCustomConstraintDefinitions(caveatModelQName)); - } - - for(ConstraintDefinition dictionaryDef : defs) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - RMConstraintInfo i = new RMConstraintInfo(); - i.setName(def.getShortName()); - i.setTitle(def.getTitle()); - - // note: assumes only one caveat/LOV against a given property - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - i.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - i.setCaseSensitive(def.isCaseSensitive()); - info.add(i); - } - - } - - return info; - } - - /** - * Get an RMConstraintInfo - * @param listQName - * @return the constraint or null if it does not exist - */ - public RMConstraintInfo getRMConstraint(QName listQName) - { - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - if(dictionaryDef != null) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(con.getTitle()); - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - info.setCaseSensitive(def.isCaseSensitive()); - return info; - } - } - return null; - } - - /** - * Get RM Constraint detail. - * - * @return the constraintInfo or null - */ - public RMConstraintInfo getRMConstraint(String listName) - { - QName listQName = QName.createQName(listName, namespaceService); - return getRMConstraint(listQName); - - } - - /** - * Update The allowed values for an RM Constraint. - * - * @param listName The name of the list. - * @param allowedValues the new alowed values - * - */ - public RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues) - { - QName listQName = QName.createQName(listName, namespaceService); - - if(allowedValues != null) - { - ListallowedValueList = new ArrayList(); - for(String value : allowedValues) - { - allowedValueList.add(value); - } - - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - List oldAllowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - /** - * Deal with any additions - */ - for(String newValue : allowedValueList) - { - if(!oldAllowedValues.contains(newValue) && logger.isDebugEnabled()) - { - // This is an addition - logger.debug("value added to list:" + listQName + ":" + newValue); - } - } - - /** - * Deal with any deletions - */ - for(String oldValue : oldAllowedValues) - { - if(!allowedValueList.contains(oldValue)) - { - // This is a deletion - if(logger.isDebugEnabled()) - { - logger.debug("value removed from list:" + listQName + ":" + oldValue); - } - removeRMConstraintListValue(listName, oldValue); - } - } - } - - recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValueList); - } - - return getRMConstraint(listName); - } - - /** - * Remove a value from a list and cascade delete. - */ - public void removeRMConstraintListValue(String listName, String valueName) - { - //TODO need to update the rm constraint definition - // recordsManagementAdminService. - - rmCaveatConfigComponent.removeRMConstraintListValue(listName, valueName); - } - - /** - * Update the title of this RM Constraint. - */ - public RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle) - { - QName listQName = QName.createQName(listName, namespaceService); - - recordsManagementAdminService.changeCustomConstraintTitle(listQName, newTitle); - return getRMConstraint(listName); - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.File; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.UUID; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.service.cmr.dictionary.Constraint; +import org.alfresco.service.cmr.dictionary.ConstraintDefinition; +import org.alfresco.service.cmr.dictionary.DictionaryService; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * RM Caveat Config Service impl + * + * @author janv + */ +public class RMCaveatConfigServiceImpl implements RMCaveatConfigService +{ + private static Log logger = LogFactory.getLog(RMCaveatConfigServiceImpl.class); + + private NamespaceService namespaceService; + private DictionaryService dictionaryService; + + private RMCaveatConfigComponent rmCaveatConfigComponent; + private RecordsManagementAdminService recordsManagementAdminService; + + + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + public void setDictionaryService(DictionaryService dictionaryService) + { + this.dictionaryService = dictionaryService; + } + + public void setCaveatConfigComponent(RMCaveatConfigComponent rmCaveatConfigComponent) + { + this.rmCaveatConfigComponent = rmCaveatConfigComponent; + } + + public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService) + { + this.recordsManagementAdminService = recordsManagementAdminService; + } + + public RecordsManagementAdminService getRecordsManagementAdminService() + { + return recordsManagementAdminService; + } + + public void init() + { + rmCaveatConfigComponent.init(); + } + + public NodeRef updateOrCreateCaveatConfig(InputStream is) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(is); + } + + public NodeRef updateOrCreateCaveatConfig(File jsonFile) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonFile); + } + + public NodeRef updateOrCreateCaveatConfig(String jsonString) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonString); + } + + // Get allowed values for given caveat (for current user) + public List getRMAllowedValues(String constraintName) + { + return rmCaveatConfigComponent.getRMAllowedValues(constraintName); + } + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + public boolean hasAccess(NodeRef nodeRef) + { + return rmCaveatConfigComponent.hasAccess(nodeRef); + } + + /** + * add RM constraint list + * @param listName the name of the RMConstraintList + */ + public RMConstraintInfo addRMConstraint(String listName, String title, String[] values) + { + return addRMConstraint(listName, title, values, MatchLogic.AND); + } + + public RMConstraintInfo addRMConstraint(String listName, String title, String[] values, MatchLogic matchLogic) + { + if (listName == null) + { + // Generate a list name + StringBuilder sb = new StringBuilder(); + sb.append(RecordsManagementCustomModel.RM_CUSTOM_PREFIX); + sb.append(QName.NAMESPACE_PREFIX); + sb.append(UUID.randomUUID().toString()); + listName = sb.toString(); + } + + ListallowedValues = new ArrayList(); + for(String value : values) + { + allowedValues.add(value); + } + + QName listQName = QName.createQName(listName, namespaceService); + + // TEMP review - if it already exists then change it for now + try + { + recordsManagementAdminService.addCustomConstraintDefinition(listQName, title, true, allowedValues, matchLogic); + } + catch (AlfrescoRuntimeException e) + { + if (e.getMessage().contains("Constraint already exists")) + { + recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValues); + recordsManagementAdminService.changeCustomConstraintTitle(listQName, title); + } + } + + rmCaveatConfigComponent.addRMConstraint(listName); + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(title); + info.setAllowedValues(values); + info.setCaseSensitive(true); + return info; + } + + /** + * delete RM Constraint List + * + * @param listName the name of the RMConstraintList + */ + public void deleteRMConstraint(String listName) + { + rmCaveatConfigComponent.deleteRMConstraint(listName); + + QName listQName = QName.createQName(listName, namespaceService); + + recordsManagementAdminService.removeCustomConstraintDefinition(listQName); + } + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + public void addRMConstraintListValue(String listName, String authorityName, String value) + { + rmCaveatConfigComponent.addRMConstraintListValue(listName, authorityName, value); + } + + /** + * Get the details of the specified list + * @param listName + * @return the details of the specified list + */ + public Map> getListDetails(String listName) + { + return rmCaveatConfigComponent.getListDetails(listName); + } + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) + { + rmCaveatConfigComponent.updateRMConstraintListAuthority(listName, authorityName, values); + } + + /** + * Replace the authorities for a value in a list + * + * @param listName + * @param valueName + * @param authorities + */ + public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) + { + rmCaveatConfigComponent.updateRMConstraintListValue(listName, valueName, authorities); + } + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void removeRMConstraintListAuthority(String listName, String authorityName) + { + rmCaveatConfigComponent.removeRMConstraintListAuthority(listName, authorityName); + } + + /** + * Get all Constraint Lists + */ + public Set getAllRMConstraints() + { + Set info = new HashSet(); + + List defs = new ArrayList(10); + for (QName caveatModelQName : rmCaveatConfigComponent.getRMCaveatModels()) + { + defs.addAll(recordsManagementAdminService.getCustomConstraintDefinitions(caveatModelQName)); + } + + for(ConstraintDefinition dictionaryDef : defs) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + RMConstraintInfo i = new RMConstraintInfo(); + i.setName(def.getShortName()); + i.setTitle(def.getTitle()); + + // note: assumes only one caveat/LOV against a given property + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + i.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + i.setCaseSensitive(def.isCaseSensitive()); + info.add(i); + } + + } + + return info; + } + + /** + * Get an RMConstraintInfo + * @param listQName + * @return the constraint or null if it does not exist + */ + public RMConstraintInfo getRMConstraint(QName listQName) + { + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + if(dictionaryDef != null) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(con.getTitle()); + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + info.setCaseSensitive(def.isCaseSensitive()); + return info; + } + } + return null; + } + + /** + * Get RM Constraint detail. + * + * @return the constraintInfo or null + */ + public RMConstraintInfo getRMConstraint(String listName) + { + QName listQName = QName.createQName(listName, namespaceService); + return getRMConstraint(listQName); + + } + + /** + * Update The allowed values for an RM Constraint. + * + * @param listName The name of the list. + * @param allowedValues the new alowed values + * + */ + public RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues) + { + QName listQName = QName.createQName(listName, namespaceService); + + if(allowedValues != null) + { + ListallowedValueList = new ArrayList(); + for(String value : allowedValues) + { + allowedValueList.add(value); + } + + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + List oldAllowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + /** + * Deal with any additions + */ + for(String newValue : allowedValueList) + { + if(!oldAllowedValues.contains(newValue) && logger.isDebugEnabled()) + { + // This is an addition + logger.debug("value added to list:" + listQName + ":" + newValue); + } + } + + /** + * Deal with any deletions + */ + for(String oldValue : oldAllowedValues) + { + if(!allowedValueList.contains(oldValue)) + { + // This is a deletion + if(logger.isDebugEnabled()) + { + logger.debug("value removed from list:" + listQName + ":" + oldValue); + } + removeRMConstraintListValue(listName, oldValue); + } + } + } + + recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValueList); + } + + return getRMConstraint(listName); + } + + /** + * Remove a value from a list and cascade delete. + */ + public void removeRMConstraintListValue(String listName, String valueName) + { + //TODO need to update the rm constraint definition + // recordsManagementAdminService. + + rmCaveatConfigComponent.removeRMConstraintListValue(listName, valueName); + } + + /** + * Update the title of this RM Constraint. + */ + public RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle) + { + QName listQName = QName.createQName(listName, namespaceService); + + recordsManagementAdminService.changeCustomConstraintTitle(listQName, newTitle); + return getRMConstraint(listName); + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java similarity index 94% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java index cc6d92cd49..2b18346539 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java @@ -1,88 +1,88 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.util.Arrays; - -public class RMConstraintInfo -{ - private String name; - private String title; - private boolean caseSensitive; - private String[] allowedValues; - - public void setName(String name) - { - this.name = name; - } - public String getName() - { - return name; - } - public void setTitle(String title) - { - this.title = title; - } - public String getTitle() - { - return title; - } - public void setCaseSensitive(boolean caseSensitive) - { - this.caseSensitive = caseSensitive; - } - public boolean isCaseSensitive() - { - return caseSensitive; - } - public void setAllowedValues(String[] values) - { - this.allowedValues = values.clone(); - } - public String[] getAllowedValues() - { - return allowedValues; - } - - @Override - public String toString() - { - StringBuilder builder = new StringBuilder(); - builder.append("RMConstraintInfo [name="); - builder.append(this.name); - builder.append(", title="); - builder.append(this.title); - builder.append(", caseSensitive="); - builder.append(this.caseSensitive); - builder.append(", allowedValues="); - builder.append(Arrays.toString(this.allowedValues)); - builder.append("]"); - return builder.toString(); - } - -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.util.Arrays; + +public class RMConstraintInfo +{ + private String name; + private String title; + private boolean caseSensitive; + private String[] allowedValues; + + public void setName(String name) + { + this.name = name; + } + public String getName() + { + return name; + } + public void setTitle(String title) + { + this.title = title; + } + public String getTitle() + { + return title; + } + public void setCaseSensitive(boolean caseSensitive) + { + this.caseSensitive = caseSensitive; + } + public boolean isCaseSensitive() + { + return caseSensitive; + } + public void setAllowedValues(String[] values) + { + this.allowedValues = values.clone(); + } + public String[] getAllowedValues() + { + return allowedValues; + } + + @Override + public String toString() + { + StringBuilder builder = new StringBuilder(); + builder.append("RMConstraintInfo [name="); + builder.append(this.name); + builder.append(", title="); + builder.append(this.title); + builder.append(", caseSensitive="); + builder.append(this.caseSensitive); + builder.append(", allowedValues="); + builder.append(Arrays.toString(this.allowedValues)); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java similarity index 93% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java index 23fe1dfc89..3cab03f2cd 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java @@ -1,39 +1,39 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -/** - * A class to hold I18N keys for messages related to constraint validation. - * - * @author tpage - */ -public class RMConstraintMessageKeys -{ - public static final String ERR_NON_STRING = "d_dictionary.constraint.string_length.non_string"; - public static final String ERR_INVALID_VALUE = "d_dictionary.constraint.list_of_values.invalid_value"; -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +/** + * A class to hold I18N keys for messages related to constraint validation. + * + * @author tpage + */ +public class RMConstraintMessageKeys +{ + public static final String ERR_NON_STRING = "d_dictionary.constraint.string_length.non_string"; + public static final String ERR_INVALID_VALUE = "d_dictionary.constraint.list_of_values.invalid_value"; +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java similarity index 96% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java index a6e8b51710..df1604bd69 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java @@ -1,259 +1,259 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.alfresco.repo.dictionary.constraint.ListOfValuesConstraint; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.service.cmr.dictionary.ConstraintException; -import org.alfresco.service.cmr.i18n.MessageLookup; -import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; -import org.alfresco.service.cmr.repository.datatype.TypeConversionException; -import org.apache.commons.lang.StringUtils; -import org.springframework.extensions.surf.util.I18NUtil; - -/** - * RM Constraint implementation that ensures the value is one of a constrained - * list of values. By default, this constraint is case-sensitive. - * - * @see #setAllowedValues(List) - * @see #setCaseSensitive(boolean) - * - * @author janv - */ -public class RMListOfValuesConstraint extends ListOfValuesConstraint -{ - private static final String LOV_CONSTRAINT_VALUE = "listconstraint"; - private List allowedValues; - private List allowedValuesUpper; - // defined match logic used by caveat matching (default = "AND") - private MatchLogic matchLogic = MatchLogic.AND; - - public enum MatchLogic - { - // closed marking - all values must match - AND, - // open marking - at least one value must match - OR; - } - - // note: alternative to static init could be to use 'registered' constraint - private static RMCaveatConfigService caveatConfigService; - - public void setCaveatConfigService(RMCaveatConfigService caveatConfigService) - { - RMListOfValuesConstraint.caveatConfigService = caveatConfigService; - } - - - @Override - public String toString() - { - StringBuilder sb = new StringBuilder(80); - sb.append("RMListOfValuesConstraint") - .append("[allowedValues=").append(getAllowedValues()) - .append(", caseSensitive=").append(isCaseSensitive()) - .append(", sorted=").append(isSorted()) - .append(", matchLogic=").append(getMatchLogic()) - .append("]"); - return sb.toString(); - } - - public RMListOfValuesConstraint() - { - super(); - - // Set RM list of value constraints to be sorted by default - sorted = true; - } - - /** - * Get the allowed values. Note that these are String instances, but may - * represent non-String values. It is up to the caller to distinguish. - * - * @return Returns the values allowed - */ - @Override - public List getRawAllowedValues() - { - String runAsUser = AuthenticationUtil.getRunAsUser(); - if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) - { - // get allowed values for current user - List allowedForUser = caveatConfigService.getRMAllowedValues(getShortName()); - - List filteredList = new ArrayList(allowedForUser.size()); - for (String allowed : allowedForUser) - { - if (this.allowedValues.contains(allowed)) - { - filteredList.add(allowed); - } - } - - return filteredList; - } - else - { - return this.allowedValues; - } - } - - public String getDisplayLabel(String constraintAllowableValue, MessageLookup messageLookup) - { - if (!this.allowedValues.contains(constraintAllowableValue)) - { - return null; - } - - String key = LOV_CONSTRAINT_VALUE; - key += "." + this.getShortName(); - key += "." + constraintAllowableValue; - key = StringUtils.replace(key, ":", "_"); - - String message = messageLookup.getMessage(key, I18NUtil.getLocale()); - return message == null ? constraintAllowableValue : message; - } - - private List getAllowedValuesUpper() - { - String runAsUser = AuthenticationUtil.getRunAsUser(); - if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) - { - // get allowed values for current user - List allowedForUser = caveatConfigService.getRMAllowedValues(getType()); - - List filteredList = new ArrayList(allowedForUser.size()); - for (String allowed : allowedForUser) - { - if (this.allowedValuesUpper.contains(allowed.toUpperCase())) - { - filteredList.add(allowed); - } - } - - return filteredList; - } - else - { - return this.allowedValuesUpper; - } - } - /** - * Set the values that are allowed by the constraint. - * - * @param values a list of allowed values - */ - @SuppressWarnings({ "unchecked", "rawtypes" }) - @Override - public void setAllowedValues(List allowedValues) - { - if (allowedValues == null) - { - allowedValues = new ArrayList(0); - } - int valueCount = allowedValues.size(); - this.allowedValues = Collections.unmodifiableList(allowedValues); - - // make the upper case versions - this.allowedValuesUpper = new ArrayList(valueCount); - for (String allowedValue : this.allowedValues) - { - allowedValuesUpper.add(allowedValue.toUpperCase()); - } - } - - @Override - public void initialize() - { - checkPropertyNotNull("allowedValues", allowedValues); - } - - @Override - public Map getParameters() - { - Map params = new HashMap(2); - - params.put("caseSensitive", isCaseSensitive()); - params.put("allowedValues", getAllowedValues()); - params.put("sorted", isSorted()); - params.put("matchLogic", getMatchLogic()); - - return params; - } - - public MatchLogic getMatchLogicEnum() - { - return matchLogic; - } - - public String getMatchLogic() - { - return matchLogic.toString(); - } - - public void setMatchLogic(String matchLogicStr) - { - this.matchLogic = MatchLogic.valueOf(matchLogicStr); - } - - @Override - protected void evaluateSingleValue(Object value) - { - // convert the value to a String - String valueStr = null; - try - { - valueStr = DefaultTypeConverter.INSTANCE.convert(String.class, value); - } - catch (TypeConversionException e) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_NON_STRING, value, e); - } - // check that the value is in the set of allowed values - if (isCaseSensitive()) - { - if (!getAllowedValues().contains(valueStr)) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); - } - } - else - { - if (!getAllowedValuesUpper().contains(valueStr.toUpperCase())) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); - } - } - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.alfresco.repo.dictionary.constraint.ListOfValuesConstraint; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.service.cmr.dictionary.ConstraintException; +import org.alfresco.service.cmr.i18n.MessageLookup; +import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; +import org.alfresco.service.cmr.repository.datatype.TypeConversionException; +import org.apache.commons.lang.StringUtils; +import org.springframework.extensions.surf.util.I18NUtil; + +/** + * RM Constraint implementation that ensures the value is one of a constrained + * list of values. By default, this constraint is case-sensitive. + * + * @see #setAllowedValues(List) + * @see #setCaseSensitive(boolean) + * + * @author janv + */ +public class RMListOfValuesConstraint extends ListOfValuesConstraint +{ + private static final String LOV_CONSTRAINT_VALUE = "listconstraint"; + private List allowedValues; + private List allowedValuesUpper; + // defined match logic used by caveat matching (default = "AND") + private MatchLogic matchLogic = MatchLogic.AND; + + public enum MatchLogic + { + // closed marking - all values must match + AND, + // open marking - at least one value must match + OR; + } + + // note: alternative to static init could be to use 'registered' constraint + private static RMCaveatConfigService caveatConfigService; + + public void setCaveatConfigService(RMCaveatConfigService caveatConfigService) + { + RMListOfValuesConstraint.caveatConfigService = caveatConfigService; + } + + + @Override + public String toString() + { + StringBuilder sb = new StringBuilder(80); + sb.append("RMListOfValuesConstraint") + .append("[allowedValues=").append(getAllowedValues()) + .append(", caseSensitive=").append(isCaseSensitive()) + .append(", sorted=").append(isSorted()) + .append(", matchLogic=").append(getMatchLogic()) + .append("]"); + return sb.toString(); + } + + public RMListOfValuesConstraint() + { + super(); + + // Set RM list of value constraints to be sorted by default + sorted = true; + } + + /** + * Get the allowed values. Note that these are String instances, but may + * represent non-String values. It is up to the caller to distinguish. + * + * @return Returns the values allowed + */ + @Override + public List getRawAllowedValues() + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) + { + // get allowed values for current user + List allowedForUser = caveatConfigService.getRMAllowedValues(getShortName()); + + List filteredList = new ArrayList(allowedForUser.size()); + for (String allowed : allowedForUser) + { + if (this.allowedValues.contains(allowed)) + { + filteredList.add(allowed); + } + } + + return filteredList; + } + else + { + return this.allowedValues; + } + } + + public String getDisplayLabel(String constraintAllowableValue, MessageLookup messageLookup) + { + if (!this.allowedValues.contains(constraintAllowableValue)) + { + return null; + } + + String key = LOV_CONSTRAINT_VALUE; + key += "." + this.getShortName(); + key += "." + constraintAllowableValue; + key = StringUtils.replace(key, ":", "_"); + + String message = messageLookup.getMessage(key, I18NUtil.getLocale()); + return message == null ? constraintAllowableValue : message; + } + + private List getAllowedValuesUpper() + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) + { + // get allowed values for current user + List allowedForUser = caveatConfigService.getRMAllowedValues(getType()); + + List filteredList = new ArrayList(allowedForUser.size()); + for (String allowed : allowedForUser) + { + if (this.allowedValuesUpper.contains(allowed.toUpperCase())) + { + filteredList.add(allowed); + } + } + + return filteredList; + } + else + { + return this.allowedValuesUpper; + } + } + /** + * Set the values that are allowed by the constraint. + * + * @param values a list of allowed values + */ + @SuppressWarnings({ "unchecked", "rawtypes" }) + @Override + public void setAllowedValues(List allowedValues) + { + if (allowedValues == null) + { + allowedValues = new ArrayList(0); + } + int valueCount = allowedValues.size(); + this.allowedValues = Collections.unmodifiableList(allowedValues); + + // make the upper case versions + this.allowedValuesUpper = new ArrayList(valueCount); + for (String allowedValue : this.allowedValues) + { + allowedValuesUpper.add(allowedValue.toUpperCase()); + } + } + + @Override + public void initialize() + { + checkPropertyNotNull("allowedValues", allowedValues); + } + + @Override + public Map getParameters() + { + Map params = new HashMap(2); + + params.put("caseSensitive", isCaseSensitive()); + params.put("allowedValues", getAllowedValues()); + params.put("sorted", isSorted()); + params.put("matchLogic", getMatchLogic()); + + return params; + } + + public MatchLogic getMatchLogicEnum() + { + return matchLogic; + } + + public String getMatchLogic() + { + return matchLogic.toString(); + } + + public void setMatchLogic(String matchLogicStr) + { + this.matchLogic = MatchLogic.valueOf(matchLogicStr); + } + + @Override + protected void evaluateSingleValue(Object value) + { + // convert the value to a String + String valueStr = null; + try + { + valueStr = DefaultTypeConverter.INSTANCE.convert(String.class, value); + } + catch (TypeConversionException e) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_NON_STRING, value, e); + } + // check that the value is in the set of allowed values + if (isCaseSensitive()) + { + if (!getAllowedValues().contains(valueStr)) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); + } + } + else + { + if (!getAllowedValuesUpper().contains(valueStr.toUpperCase())) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); + } + } + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java similarity index 93% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java index 72eb9f263f..3a017795e5 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java @@ -1,60 +1,60 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.Serializable; - - -public class ScriptAuthority implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = 1L; - private String authorityTitle; - private String authorityName; - - public void setAuthorityName(String authorityName) - { - this.authorityName = authorityName; - } - public String getAuthorityName() - { - return authorityName; - } - public void setAuthorityTitle(String authorityName) - { - this.authorityTitle = authorityName; - } - public String getAuthorityTitle() - { - return authorityTitle; - } - - -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.Serializable; + + +public class ScriptAuthority implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = 1L; + private String authorityTitle; + private String authorityName; + + public void setAuthorityName(String authorityName) + { + this.authorityName = authorityName; + } + public String getAuthorityName() + { + return authorityName; + } + public void setAuthorityTitle(String authorityName) + { + this.authorityTitle = authorityName; + } + public String getAuthorityTitle() + { + return authorityTitle; + } + + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java similarity index 95% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java index 651d81195c..6c8d20edc4 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java @@ -1,270 +1,270 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.Serializable; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.alfresco.service.cmr.security.AuthorityService; -import org.apache.commons.lang.StringUtils; -import org.json.JSONArray; -import org.json.JSONObject; - -public class ScriptConstraint implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = 1L; - - private RMConstraintInfo info; - - private RMCaveatConfigService rmCaveatconfigService; - - private AuthorityService authorityService; - - ScriptConstraint(RMConstraintInfo info, RMCaveatConfigService rmCaveatconfigService, AuthorityService authorityService) - { - this.info = info; - this.rmCaveatconfigService = rmCaveatconfigService; - this.authorityService = authorityService; - } - - public void setTitle(String title) - { - info.setTitle(title); - } - public String getTitle() - { - return info.getTitle(); - } - public void setName(String name) - { - info.setName(name); - } - - public String getName() - { - return info.getName().replace(":", "_"); - } - - public boolean isCaseSensitive() - { - return info.isCaseSensitive(); - } - - public String[] getAllowedValues() - { - return info.getAllowedValues(); - } - - public ScriptConstraintAuthority[] getAuthorities() - { - Map> values = rmCaveatconfigService.getListDetails(info.getName()); - - if (values == null) - { - return new ScriptConstraintAuthority[0]; - } - - // Here with some data to return - Set authorities = values.keySet(); - - ArrayList constraints = new ArrayList(values.size()); - for(String authority : authorities) - { - ScriptConstraintAuthority constraint = new ScriptConstraintAuthority(); - constraint.setAuthorityName(authority); - constraint.setValues(values.get(authority)); - constraints.add(constraint); - } - - ScriptConstraintAuthority[] retVal = constraints.toArray(new ScriptConstraintAuthority[constraints.size()]); - - return retVal; - } - - /** - * updateTitle - */ - public void updateTitle(String newTitle) - { - info.setTitle(newTitle); - rmCaveatconfigService.updateRMConstraintTitle(info.getName(), newTitle) ; - } - - /** - * updateAllowedValues - */ - public void updateAllowedValues(String[] allowedValues) - { - info.setAllowedValues(allowedValues); - rmCaveatconfigService.updateRMConstraintAllowedValues(info.getName(), allowedValues); - } - - /** - * Update a value - * @param values - * @param authorities - */ - public void updateValues(JSONArray bodge) throws Exception - { - for(int i = 0; i < bodge.length(); i++) - { - - JSONObject obj = bodge.getJSONObject(i); - String value = obj.getString("value"); - JSONArray authorities = obj.getJSONArray("authorities"); - List aList = new ArrayList(); - for(int j = 0; j < authorities.length();j++) - { - aList.add(authorities.getString(j)); - } - rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, aList); - } - } - - /** - * Update a value - * @param values - * @param authorities - */ - public void updateValues(String value, String[] authorities) - { - List list = Arrays.asList(authorities); - rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, list); - } - - /** - * Cascade delete an authority - * @param authority - */ - public void deleteAuthority(String authority) - { - - } - - /** - * Cascade delete a value - * @param value - */ - public void deleteValue(String value) - { - - } - - - /** - * Get a single value - * @param value - * @return - */ - public ScriptConstraintValue getValue(String value) - { - ScriptConstraintValue[] values = getValues(); - - for(ScriptConstraintValue val : values) - { - if(val.getValueName().equalsIgnoreCase(value)) - { - return val; - } - } - return null; - } - - public ScriptConstraintValue[] getValues() - { - // authority, values - Map> details = rmCaveatconfigService.getListDetails(info.getName()); - - if (details == null) - { - details = new HashMap>(); - } - - // values, authorities - Map> pivot = PivotUtil.getPivot(details); - - // Here with some data to return - Set values = pivot.keySet(); - - ArrayList constraints = new ArrayList(pivot.size()); - for(String value : values) - { - ScriptConstraintValue constraint = new ScriptConstraintValue(); - constraint.setValueName(value); - constraint.setValueTitle(value); - - Listauthorities = pivot.get(value); - List sauth = new ArrayList(); - for(String authority : authorities) - { - ScriptAuthority a = new ScriptAuthority(); - a.setAuthorityName(authority); - - String displayName = authorityService.getAuthorityDisplayName(authority); - if(StringUtils.isNotBlank(displayName)) - { - a.setAuthorityTitle(displayName); - } - else - { - a.setAuthorityTitle(authority); - } - sauth.add(a); - } - constraint.setAuthorities(sauth); - constraints.add(constraint); - } - - /** - * Now go through and add any "empty" values - */ - for(String value : info.getAllowedValues()) - { - if(!values.contains(value)) - { - ScriptConstraintValue constraint = new ScriptConstraintValue(); - constraint.setValueName(value); - constraint.setValueTitle(value); - List sauth = new ArrayList(); - constraint.setAuthorities(sauth); - constraints.add(constraint); - } - } - - return constraints.toArray(new ScriptConstraintValue[constraints.size()]); - } - -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.service.cmr.security.AuthorityService; +import org.apache.commons.lang.StringUtils; +import org.json.JSONArray; +import org.json.JSONObject; + +public class ScriptConstraint implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = 1L; + + private RMConstraintInfo info; + + private RMCaveatConfigService rmCaveatconfigService; + + private AuthorityService authorityService; + + ScriptConstraint(RMConstraintInfo info, RMCaveatConfigService rmCaveatconfigService, AuthorityService authorityService) + { + this.info = info; + this.rmCaveatconfigService = rmCaveatconfigService; + this.authorityService = authorityService; + } + + public void setTitle(String title) + { + info.setTitle(title); + } + public String getTitle() + { + return info.getTitle(); + } + public void setName(String name) + { + info.setName(name); + } + + public String getName() + { + return info.getName().replace(":", "_"); + } + + public boolean isCaseSensitive() + { + return info.isCaseSensitive(); + } + + public String[] getAllowedValues() + { + return info.getAllowedValues(); + } + + public ScriptConstraintAuthority[] getAuthorities() + { + Map> values = rmCaveatconfigService.getListDetails(info.getName()); + + if (values == null) + { + return new ScriptConstraintAuthority[0]; + } + + // Here with some data to return + Set authorities = values.keySet(); + + ArrayList constraints = new ArrayList(values.size()); + for(String authority : authorities) + { + ScriptConstraintAuthority constraint = new ScriptConstraintAuthority(); + constraint.setAuthorityName(authority); + constraint.setValues(values.get(authority)); + constraints.add(constraint); + } + + ScriptConstraintAuthority[] retVal = constraints.toArray(new ScriptConstraintAuthority[constraints.size()]); + + return retVal; + } + + /** + * updateTitle + */ + public void updateTitle(String newTitle) + { + info.setTitle(newTitle); + rmCaveatconfigService.updateRMConstraintTitle(info.getName(), newTitle) ; + } + + /** + * updateAllowedValues + */ + public void updateAllowedValues(String[] allowedValues) + { + info.setAllowedValues(allowedValues); + rmCaveatconfigService.updateRMConstraintAllowedValues(info.getName(), allowedValues); + } + + /** + * Update a value + * @param values + * @param authorities + */ + public void updateValues(JSONArray bodge) throws Exception + { + for(int i = 0; i < bodge.length(); i++) + { + + JSONObject obj = bodge.getJSONObject(i); + String value = obj.getString("value"); + JSONArray authorities = obj.getJSONArray("authorities"); + List aList = new ArrayList(); + for(int j = 0; j < authorities.length();j++) + { + aList.add(authorities.getString(j)); + } + rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, aList); + } + } + + /** + * Update a value + * @param values + * @param authorities + */ + public void updateValues(String value, String[] authorities) + { + List list = Arrays.asList(authorities); + rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, list); + } + + /** + * Cascade delete an authority + * @param authority + */ + public void deleteAuthority(String authority) + { + + } + + /** + * Cascade delete a value + * @param value + */ + public void deleteValue(String value) + { + + } + + + /** + * Get a single value + * @param value + * @return + */ + public ScriptConstraintValue getValue(String value) + { + ScriptConstraintValue[] values = getValues(); + + for(ScriptConstraintValue val : values) + { + if(val.getValueName().equalsIgnoreCase(value)) + { + return val; + } + } + return null; + } + + public ScriptConstraintValue[] getValues() + { + // authority, values + Map> details = rmCaveatconfigService.getListDetails(info.getName()); + + if (details == null) + { + details = new HashMap>(); + } + + // values, authorities + Map> pivot = PivotUtil.getPivot(details); + + // Here with some data to return + Set values = pivot.keySet(); + + ArrayList constraints = new ArrayList(pivot.size()); + for(String value : values) + { + ScriptConstraintValue constraint = new ScriptConstraintValue(); + constraint.setValueName(value); + constraint.setValueTitle(value); + + Listauthorities = pivot.get(value); + List sauth = new ArrayList(); + for(String authority : authorities) + { + ScriptAuthority a = new ScriptAuthority(); + a.setAuthorityName(authority); + + String displayName = authorityService.getAuthorityDisplayName(authority); + if(StringUtils.isNotBlank(displayName)) + { + a.setAuthorityTitle(displayName); + } + else + { + a.setAuthorityTitle(authority); + } + sauth.add(a); + } + constraint.setAuthorities(sauth); + constraints.add(constraint); + } + + /** + * Now go through and add any "empty" values + */ + for(String value : info.getAllowedValues()) + { + if(!values.contains(value)) + { + ScriptConstraintValue constraint = new ScriptConstraintValue(); + constraint.setValueName(value); + constraint.setValueTitle(value); + List sauth = new ArrayList(); + constraint.setAuthorities(sauth); + constraints.add(constraint); + } + } + + return constraints.toArray(new ScriptConstraintValue[constraints.size()]); + } + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java similarity index 93% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java index 2fbf847906..e4d3b6c494 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java @@ -1,58 +1,58 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.Serializable; -import java.util.List; - -public class ScriptConstraintAuthority implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = -4659454215122271811L; - private String authorityName; - private Listvalues; - - public void setValues(List values) - { - this.values = values; - } - public List getValues() - { - return values; - } - public void setAuthorityName(String authorityName) - { - this.authorityName = authorityName; - } - public String getAuthorityName() - { - return authorityName; - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.Serializable; +import java.util.List; + +public class ScriptConstraintAuthority implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = -4659454215122271811L; + private String authorityName; + private Listvalues; + + public void setValues(List values) + { + this.values = values; + } + public List getValues() + { + return values; + } + public void setAuthorityName(String authorityName) + { + this.authorityName = authorityName; + } + public String getAuthorityName() + { + return authorityName; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java similarity index 93% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java index 2f43a8e5d3..08d0dc4a2a 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java @@ -1,66 +1,66 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.io.Serializable; -import java.util.List; - -public class ScriptConstraintValue implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = -4659454215122271811L; - private String value; - private Listauthorities; - - public void setAuthorities(List values) - { - this.authorities = values; - } - public List getAuthorities() - { - return authorities; - } - public void setValueName(String authorityName) - { - this.value = authorityName; - } - public String getValueName() - { - return value; - } - public void setValueTitle(String authorityName) - { - this.value = authorityName; - } - public String getValueTitle() - { - return value; - } -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.io.Serializable; +import java.util.List; + +public class ScriptConstraintValue implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = -4659454215122271811L; + private String value; + private Listauthorities; + + public void setAuthorities(List values) + { + this.authorities = values; + } + public List getAuthorities() + { + return authorities; + } + public void setValueName(String authorityName) + { + this.value = authorityName; + } + public String getValueName() + { + return value; + } + public void setValueTitle(String authorityName) + { + this.value = authorityName; + } + public String getValueTitle() + { + return value; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java similarity index 95% rename from rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java rename to rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java index 1e40342b5c..15bdcffa94 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java @@ -1,174 +1,174 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.caveat; - -import java.util.ArrayList; -import java.util.List; -import java.util.Set; - -import org.alfresco.repo.jscript.BaseScopableProcessorExtension; -import org.alfresco.service.cmr.security.AuthorityService; - -/** - * Script projection of RM Caveat Config Service - * - * @author Mark Rogers - */ -public class ScriptRMCaveatConfigService extends BaseScopableProcessorExtension -{ - private RMCaveatConfigService caveatConfigService; - private AuthorityService authorityService; - - public void setCaveatConfigService(RMCaveatConfigService rmCaveatConfigService) - { - this.caveatConfigService = rmCaveatConfigService; - } - - public RMCaveatConfigService getRmCaveatConfigService() - { - return caveatConfigService; - } - - public void setAuthorityService(AuthorityService authorityService) - { - this.authorityService = authorityService; - } - - public AuthorityService getAuthorityService() - { - return authorityService; - } - - public ScriptConstraint getConstraint(String listName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - RMConstraintInfo info = caveatConfigService.getRMConstraint(xxx); - - if(info != null) - { - return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); - } - - return null; - } - - public ScriptConstraint[] getAllConstraints() - { - return getConstraints(true); - } - - public ScriptConstraint[] getConstraintsWithoutEmptyList() - { - return getConstraints(false); - } - - private ScriptConstraint[] getConstraints(boolean includeEmptyList) - { - Set values = caveatConfigService.getAllRMConstraints(); - - List vals = new ArrayList(values.size()); - for(RMConstraintInfo value : values) - { - ScriptConstraint c = new ScriptConstraint(value, caveatConfigService, getAuthorityService()); - if (includeEmptyList) - { - vals.add(c); - } - else - { - if (c.getValues().length > 0) - { - vals.add(c); - } - } - } - - return vals.toArray(new ScriptConstraint[vals.size()]); - } - - /** - * Delete list - * @param listName - - */ - public void deleteConstraintList(String listName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - caveatConfigService.deleteRMConstraint(xxx); - } - - - - /** - * Update value - */ - public void updateConstraintValues(String listName, String authorityName, String[]values) - { - List vals = new ArrayList(); - caveatConfigService.updateRMConstraintListAuthority(listName, authorityName, vals); - } - - /** - * Delete the constraint values. i.e remove an authority from a constraint list - */ - public void deleteRMConstraintListAuthority(String listName, String authorityName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - caveatConfigService.removeRMConstraintListAuthority(xxx, authorityName); - } - - /** - * Delete the constraint values. i.e remove a value from a constraint list - */ - public void deleteRMConstraintListValue(String listName, String valueName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - caveatConfigService.removeRMConstraintListValue(xxx, valueName); - - } - - public ScriptConstraint createConstraint(String listName, String title, String[] allowedValues) - { - //TODO Temporary conversion - if(listName != null) - { - listName = listName.replace("_", ":"); - } - - RMConstraintInfo info = caveatConfigService.addRMConstraint(listName, title, allowedValues); - return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); - } - -} +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.securitymarks; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.alfresco.repo.jscript.BaseScopableProcessorExtension; +import org.alfresco.service.cmr.security.AuthorityService; + +/** + * Script projection of RM Caveat Config Service + * + * @author Mark Rogers + */ +public class ScriptRMCaveatConfigService extends BaseScopableProcessorExtension +{ + private RMCaveatConfigService caveatConfigService; + private AuthorityService authorityService; + + public void setCaveatConfigService(RMCaveatConfigService rmCaveatConfigService) + { + this.caveatConfigService = rmCaveatConfigService; + } + + public RMCaveatConfigService getRmCaveatConfigService() + { + return caveatConfigService; + } + + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + public AuthorityService getAuthorityService() + { + return authorityService; + } + + public ScriptConstraint getConstraint(String listName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + RMConstraintInfo info = caveatConfigService.getRMConstraint(xxx); + + if(info != null) + { + return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); + } + + return null; + } + + public ScriptConstraint[] getAllConstraints() + { + return getConstraints(true); + } + + public ScriptConstraint[] getConstraintsWithoutEmptyList() + { + return getConstraints(false); + } + + private ScriptConstraint[] getConstraints(boolean includeEmptyList) + { + Set values = caveatConfigService.getAllRMConstraints(); + + List vals = new ArrayList(values.size()); + for(RMConstraintInfo value : values) + { + ScriptConstraint c = new ScriptConstraint(value, caveatConfigService, getAuthorityService()); + if (includeEmptyList) + { + vals.add(c); + } + else + { + if (c.getValues().length > 0) + { + vals.add(c); + } + } + } + + return vals.toArray(new ScriptConstraint[vals.size()]); + } + + /** + * Delete list + * @param listName + + */ + public void deleteConstraintList(String listName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + caveatConfigService.deleteRMConstraint(xxx); + } + + + + /** + * Update value + */ + public void updateConstraintValues(String listName, String authorityName, String[]values) + { + List vals = new ArrayList(); + caveatConfigService.updateRMConstraintListAuthority(listName, authorityName, vals); + } + + /** + * Delete the constraint values. i.e remove an authority from a constraint list + */ + public void deleteRMConstraintListAuthority(String listName, String authorityName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + caveatConfigService.removeRMConstraintListAuthority(xxx, authorityName); + } + + /** + * Delete the constraint values. i.e remove a value from a constraint list + */ + public void deleteRMConstraintListValue(String listName, String valueName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + caveatConfigService.removeRMConstraintListValue(xxx, valueName); + + } + + public ScriptConstraint createConstraint(String listName, String title, String[] allowedValues) + { + //TODO Temporary conversion + if(listName != null) + { + listName = listName.replace("_", ":"); + } + + RMConstraintInfo info = caveatConfigService.addRMConstraint(listName, title, allowedValues); + return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); + } + +} diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java index 1f39b29932..ed0f85dd44 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java @@ -32,7 +32,7 @@ import java.util.Map; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService; import org.alfresco.service.cmr.dictionary.AssociationDefinition; import org.alfresco.service.cmr.dictionary.ConstraintDefinition; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java index 8fa2f8b10d..71782e7d1f 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java @@ -41,8 +41,8 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.compatibility.CompatibilityModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; @@ -99,7 +99,7 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas private static final String MSG_ERROR_CLIENT_ID = "rm.admin.error-client-id"; /** Constants */ - private static final String CUSTOM_CONSTRAINT_TYPE = org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.class.getName(); + private static final String CUSTOM_CONSTRAINT_TYPE = org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.class.getName(); private static final String CAPATIBILITY_CUSTOM_CONTRAINT_TYPE = org.alfresco.module.org_alfresco_module_dod5015.caveat.RMListOfValuesConstraint.class.getName(); private static final String PARAM_ALLOWED_VALUES = "allowedValues"; private static final String PARAM_CASE_SENSITIVE = "caseSensitive"; @@ -1068,7 +1068,7 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas } /** - * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#addCustomConstraintDefinition(org.alfresco.service.namespace.QName, java.lang.String, boolean, java.util.List, org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic) + * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#addCustomConstraintDefinition(org.alfresco.service.namespace.QName, java.lang.String, boolean, java.util.List, org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic) */ public void addCustomConstraintDefinition(QName constraintName, String title, boolean caseSensitive, List allowedValues, MatchLogic matchLogic) { diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java index f78b5a15bd..2ad43640ca 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java @@ -29,7 +29,7 @@ package org.alfresco.module.org_alfresco_module_rm.bootstrap; import org.alfresco.module.org_alfresco_module_rm.action.impl.SplitEmailAction; import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; import org.alfresco.module.org_alfresco_module_rm.email.CustomEmailMappingService; import org.alfresco.repo.action.parameter.NodeParameterSuggesterBootstrap; import org.alfresco.repo.security.authentication.AuthenticationUtil; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java index fc5593c6fa..c665439e60 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java @@ -30,7 +30,7 @@ package org.alfresco.module.org_alfresco_module_rm.capability; import java.util.Map; import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigComponent; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.repo.security.authentication.AuthenticationUtil; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java index 2db0f32022..70ab4803df 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java @@ -31,7 +31,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; import org.springframework.extensions.webscripts.Cache; import org.springframework.extensions.webscripts.DeclarativeWebScript; import org.springframework.extensions.webscripts.Status; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java index c7555ebe11..885f679ae1 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java @@ -33,8 +33,8 @@ import java.util.List; import javax.transaction.UserTransaction; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigServiceImpl; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigServiceImpl; import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java index 99701d26b0..ad14cdabca 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java @@ -39,8 +39,8 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementPolicies.Befo import org.alfresco.module.org_alfresco_module_rm.RecordsManagementPolicies.OnCreateReference; import org.alfresco.module.org_alfresco_module_rm.admin.CustomMetadataException; import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipDefinition; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java index 0d221db809..473ac374fa 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java @@ -36,7 +36,7 @@ import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; -import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService; import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService; From bdeae2912a9ce7126bbba4dbe04505d8fd42e70c Mon Sep 17 00:00:00 2001 From: David Webster Date: Wed, 8 Jun 2016 10:05:02 +0100 Subject: [PATCH 2/3] RM-3134: Revert change to rm-community caveat code as legacy feature isn't being renamed --- .../bootstrap/content/recordsCustomModel.xml | 4 +- .../org_alfresco_module_rm/module-context.xml | 2 +- .../rm-service-context.xml | 42 +- .../caveat/RMListOfValuesConstraint.java | 2 +- .../caveat/PivotUtil.java | 71 + .../caveat/RMCaveatConfigComponent.java | 121 ++ .../caveat/RMCaveatConfigComponentImpl.java | 1148 +++++++++++++++++ .../caveat/RMCaveatConfigService.java | 161 +++ .../caveat/RMCaveatConfigServiceImpl.java | 437 +++++++ .../caveat/RMConstraintInfo.java | 88 ++ .../caveat/RMConstraintMessageKeys.java | 39 + .../caveat/RMListOfValuesConstraint.java | 259 ++++ .../caveat/ScriptAuthority.java | 60 + .../caveat/ScriptConstraint.java | 270 ++++ .../caveat/ScriptConstraintAuthority.java | 58 + .../caveat/ScriptConstraintValue.java | 66 + .../caveat/ScriptRMCaveatConfigService.java | 174 +++ .../admin/RecordsManagementAdminService.java | 2 +- .../RecordsManagementAdminServiceImpl.java | 8 +- .../bootstrap/RecordsManagementBootstrap.java | 2 +- .../capability/RMSecurityCommon.java | 2 +- .../script/RMConstraintGet.java | 2 +- .../RMCaveatConfigServiceImplTest.java | 4 +- ...RecordsManagementAdminServiceImplTest.java | 4 +- .../test/util/BaseRMWebScriptTestCase.java | 2 +- 25 files changed, 2990 insertions(+), 38 deletions(-) create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java create mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml index a3b2a81a45..9e3244ce81 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/bootstrap/content/recordsCustomModel.xml @@ -30,7 +30,7 @@ - + listconstraint.rmc_smList.title @@ -40,7 +40,7 @@ - + listconstraint.rmc_tlList.title diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml index 5fcfda1d03..50e505c39f 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/module-context.xml @@ -200,7 +200,7 @@ - + caveatConfig diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 3b5599f34c..7ddb3f28b2 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -1296,7 +1296,7 @@ - + @@ -1304,7 +1304,7 @@ @@ -1355,30 +1355,30 @@ - + - @@ -1398,7 +1398,7 @@ - org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService + org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java index 3357a9ab42..e02a8a32d2 100644 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_dod5015/caveat/RMListOfValuesConstraint.java @@ -35,7 +35,7 @@ package org.alfresco.module.org_alfresco_module_dod5015.caveat; * * @author Roy Wetherall */ -public class RMListOfValuesConstraint extends org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint +public class RMListOfValuesConstraint extends org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint { // No implementation } diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java new file mode 100644 index 0000000000..2fe741e78b --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/PivotUtil.java @@ -0,0 +1,71 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/* package scope */ final class PivotUtil +{ + private PivotUtil() + { + // Will not be called + } + + static Map> getPivot(Map> source) + { + + Map> pivot = new HashMap>(); + + for (Map.Entry> entry : source.entrySet()) + { + Listvalues = entry.getValue(); + for (String value : values) + { + String authority = entry.getKey(); + if (pivot.containsKey(value)) + { + // already exists + List list = pivot.get(value); + list.add(authority ); + } + else + { + // New value + List list = new ArrayList(); + list.add(authority); + pivot.put(value, list); + } + } + } + + return pivot; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java new file mode 100644 index 0000000000..4a9269639e --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponent.java @@ -0,0 +1,121 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.File; +import java.io.InputStream; +import java.util.List; +import java.util.Map; + +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.QName; + +public interface RMCaveatConfigComponent +{ + void init(); + + /** + * Get allowed values for given caveat list (for current user) + * + * @param constraintName + * @return + */ + List getRMAllowedValues(String constraintName); + + /** + * Get custom caveat models + * + * @return + */ + List getRMCaveatModels(); + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + boolean hasAccess(NodeRef nodeRef); + + /** + * Get RM constraint list + * + * @param listName the name of the RMConstraintList + */ + RMConstraintInfo getRMConstraint(String listName); + + /** + * Add RM constraint + */ + void addRMConstraint(String listName); + + /** + * Add RM constraint value for given authority + */ + void addRMConstraintListValue(String listName, String authorityName, String value); + + /** + * Update RM constraint values for given authority + */ + void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); + + /** + * Update RM constraint authorities for given value + */ + void updateRMConstraintListValue(String listName, String valueName, Listauthorities); + + /** + * Remove RM constraint value (all authorities) + */ + void removeRMConstraintListValue(String listName, String valueName); + + /** + * Remove RM constraint authority (all values) + */ + void removeRMConstraintListAuthority(String listName, String authorityName); + + /** + * Delete RM Constraint + * + * @param listName the name of the RMConstraintList + */ + void deleteRMConstraint(String listName); + + /** + * Get the details of a caveat list + * @param listName + * @return + */ + Map> getListDetails(String listName); + + NodeRef updateOrCreateCaveatConfig(File jsonFile); + + NodeRef updateOrCreateCaveatConfig(String jsonString); + + NodeRef updateOrCreateCaveatConfig(InputStream is); +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java new file mode 100644 index 0000000000..a519825f5a --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigComponentImpl.java @@ -0,0 +1,1148 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import static org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace; + +import java.io.File; +import java.io.InputStream; +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.model.ContentModel; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.repo.cache.SimpleCache; +import org.alfresco.repo.content.ContentServicePolicies; +import org.alfresco.repo.content.MimetypeMap; +import org.alfresco.repo.node.NodeServicePolicies; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.policy.annotation.Behaviour; +import org.alfresco.repo.policy.annotation.BehaviourBean; +import org.alfresco.repo.policy.annotation.BehaviourKind; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.version.VersionModel; +import org.alfresco.service.cmr.dictionary.Constraint; +import org.alfresco.service.cmr.dictionary.ConstraintDefinition; +import org.alfresco.service.cmr.dictionary.DataTypeDefinition; +import org.alfresco.service.cmr.dictionary.DictionaryService; +import org.alfresco.service.cmr.dictionary.PropertyDefinition; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.ContentReader; +import org.alfresco.service.cmr.repository.ContentService; +import org.alfresco.service.cmr.repository.ContentWriter; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.repository.StoreRef; +import org.alfresco.service.cmr.security.AuthorityService; +import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.alfresco.util.JSONtoFmModel; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.json.JSONException; +import org.json.JSONObject; + +import net.sf.acegisecurity.AccessDeniedException; + +/** + * RM Caveat Config component impl + * + * @author janv + */ +@BehaviourBean(defaultType = "rma:caveatConfig") +public class RMCaveatConfigComponentImpl implements ContentServicePolicies.OnContentUpdatePolicy, + NodeServicePolicies.BeforeDeleteNodePolicy, + NodeServicePolicies.OnCreateNodePolicy, + RMCaveatConfigComponent +{ + private static Log logger = LogFactory.getLog(RMCaveatConfigComponentImpl.class); + + private ContentService contentService; + private DictionaryService dictionaryService; + private NamespaceService namespaceService; + private AuthorityService authorityService; + private PersonService personService; + private NodeService nodeService; + + // Default + private StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); + + private List caveatAspectURINames = new ArrayList(0); + private List caveatAspectQNames = new ArrayList(0); + + private List caveatModelURINames = new ArrayList(0); + private List caveatModelQNames = new ArrayList(0); + + private static final String CAVEAT_CONFIG_NAME = "caveatConfig.json"; + + private static final QName DATATYPE_TEXT = DataTypeDefinition.TEXT; + + /** + * Lock objects + */ + private ReadWriteLock lock = new ReentrantReadWriteLock(); + private Lock readLock = lock.readLock(); + private Lock writeLock = lock.writeLock(); + + /* + * Caveat Config (Shared) config + * first string is property name + * second string is authority name (user or group full name) + * third string is list of values of property + */ + private SimpleCache>> caveatConfig; + + public void setCaveatConfig(SimpleCache>> caveatConfig) + { + this.caveatConfig = caveatConfig; + } + + public void setNodeService(NodeService nodeService) + { + this.nodeService = nodeService; + } + + public void setContentService(ContentService contentService) + { + this.contentService = contentService; + } + + public void setDictionaryService(DictionaryService dictionaryService) + { + this.dictionaryService = dictionaryService; + } + + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + public void setPersonService(PersonService personService) + { + this.personService = personService; + } + + public void setStoreRef(String storeRef) + { + this.storeRef = new StoreRef(storeRef); + } + + public void setCaveatAspects(List caveatAspectNames) + { + this.caveatAspectURINames = caveatAspectNames; + } + + public void setCaveatModels(List caveatModelNames) + { + this.caveatModelURINames = caveatModelNames; + } + + /** + * Initialise behaviours and caveat config cache + */ + public void init() + { + if (caveatAspectURINames.size() > 0) + { + for (String caveatAspectURIName : caveatAspectURINames) + { + caveatAspectQNames.add(QName.createQName(caveatAspectURIName)); + } + + if (logger.isInfoEnabled()) + { + logger.info("Caveat aspects configured "+caveatAspectQNames); + } + } + else + { + logger.warn("No caveat aspects configured - caveats will not be applied"); + } + + if (caveatModelURINames.size() > 0) + { + for (String caveatModelURIName : caveatModelURINames) + { + caveatModelQNames.add(QName.createQName(caveatModelURIName)); + } + + if (logger.isInfoEnabled()) + { + logger.info("Caveat models configured "+caveatModelQNames); + } + } + else + { + logger.info("No caveat models configured - all models will be checked"); + } + + NodeRef caveatConfigNodeRef = getCaveatConfigNode(); + if (caveatConfigNodeRef != null) + { + validateAndReset(caveatConfigNodeRef); + } + } + + /** + * @see org.alfresco.repo.content.ContentServicePolicies.OnContentUpdatePolicy#onContentUpdate(org.alfresco.service.cmr.repository.NodeRef, boolean) + * RM-2770 - this method has to be fired on transaction commit to be able to validate the content when the content store is encrypted + */ + @Override + @Behaviour + ( + kind = BehaviourKind.CLASS, + notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT + ) + public void onContentUpdate(NodeRef nodeRef, boolean newContent) + { + if (logger.isInfoEnabled()) + { + logger.info("onContentUpdate: "+nodeRef+", "+newContent); + } + + validateAndReset(nodeRef); + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy#beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + @Behaviour(kind = BehaviourKind.CLASS) + public void beforeDeleteNode(NodeRef nodeRef) + { + if (logger.isInfoEnabled()) + { + logger.info("beforeDeleteNode: "+nodeRef); + } + + validateAndReset(nodeRef); + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) + */ + @Override + @Behaviour(kind = BehaviourKind.CLASS) + public void onCreateNode(ChildAssociationRef childAssocRef) + { + if (logger.isInfoEnabled()) + { + logger.info("onCreateNode: "+childAssocRef); + } + + validateAndReset(childAssocRef.getChildRef()); + } + + /** + * Validate the caveat config and optionally update the cache. + * + * @param nodeRef The nodeRef of the config + * @param updateCache Set to true to update the cache + */ + @SuppressWarnings("unchecked") + protected void validateAndReset(NodeRef nodeRef) + { + ContentReader cr = contentService.getReader(nodeRef, ContentModel.PROP_CONTENT); + if (cr != null) + { + // TODO - check who can change caveat config ! + // TODO - locking (or checkout/checkin) + + String caveatConfigData = cr.getContentString(); + if (caveatConfigData != null) + { + NodeRef existing = getCaveatConfigNode(); + if ((existing != null && (! existing.equals(nodeRef)))) + { + throw new AlfrescoRuntimeException("Cannot create more than one caveat config (existing="+existing+", new="+nodeRef+")"); + } + + try + { + if (logger.isTraceEnabled()) + { + logger.trace(caveatConfigData); + } + + Set models = new HashSet(1); + Set props = new HashSet(10); + Set expectedPrefixes = new HashSet(10); + + if (caveatModelQNames.size() > 0) + { + models.addAll(caveatModelQNames); + } + else + { + models.addAll(dictionaryService.getAllModels()); + } + + if (logger.isTraceEnabled()) + { + logger.trace("validateAndReset: models to check "+models); + } + + for (QName model : models) + { + props.addAll(dictionaryService.getProperties(model, DATATYPE_TEXT)); + expectedPrefixes.addAll(namespaceService.getPrefixes(model.getNamespaceURI())); + } + + if (props.size() == 0) + { + logger.warn("validateAndReset: no caveat properties found"); + } + else + { + if (logger.isTraceEnabled()) + { + logger.trace("validateAndReset: properties to check "+props); + } + } + + Map caveatConfigMap = JSONtoFmModel.convertJSONObjectToMap(caveatConfigData); + + for (Map.Entry conEntry : caveatConfigMap.entrySet()) + { + String conStr = conEntry.getKey(); + + QName conQName = QName.resolveToQName(namespaceService, conStr); + + // check prefix + String conPrefix = QName.splitPrefixedQName(conStr)[0]; + boolean prefixFound = false; + for (String expectedPrefix : expectedPrefixes) + { + if (conPrefix.equals(expectedPrefix)) + { + prefixFound = true; + } + } + + if (! prefixFound) + { + throw new AlfrescoRuntimeException("Unexpected prefix: "+ conPrefix + " (" + conStr +") expected one of "+expectedPrefixes+")"); + } + + Map> caveatMap = (Map>)conEntry.getValue(); + + List allowedValues = null; + @SuppressWarnings("unused") + boolean found = false; + + for (QName propertyName : props) + { + PropertyDefinition propDef = dictionaryService.getProperty(propertyName); + List conDefs = propDef.getConstraints(); + for (ConstraintDefinition conDef : conDefs) + { + final Constraint con = conDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + String conName = ((RMListOfValuesConstraint)con).getShortName(); + if (conName.equals(conStr)) + { + // note: assumes only one caveat/LOV against a given property + allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return ((RMListOfValuesConstraint)con).getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + found = true; + break; + } + } + } + } + + if (allowedValues != null) + { + if (logger.isInfoEnabled()) + { + logger.info("Processing constraint: "+conQName); + } + + for (Map.Entry> caveatEntry : caveatMap.entrySet()) + { + String authorityName = caveatEntry.getKey(); + List caveatList = caveatEntry.getValue(); + + // validate authority (user or group) - note: groups are configured with fullname (ie. GROUP_xxx) + if ((! authorityService.authorityExists(authorityName) && ! personService.personExists(authorityName))) + { + // TODO - review warnings (& I18N) + String msg = "User/group does not exist: "+authorityName+" (constraint="+conStr+")"; + logger.warn(msg); + } + + // validate caveat list + for (String value : caveatList) + { + if (! allowedValues.contains(value)) + { + // TODO - review warnings (& add I18N) + String msg = "Invalid value in list: "+value+" (authority="+authorityName+", constraint="+conStr+")"; + logger.warn(msg); + } + } + } + } + } + + try + { + writeLock.lock(); + // we can't just clear the cache, as all puts to the cache afterwards in this transaction will be ignored + // first delete all keys that are now not in the config + caveatConfig.getKeys().retainAll(caveatConfigMap.keySet()); + + for (Map.Entry conEntry : caveatConfigMap.entrySet()) + { + String conStr = conEntry.getKey(); + Map> caveatMap = (Map>)conEntry.getValue(); + + Map> cacheValue = caveatConfig.get(conStr); + if (cacheValue == null || !cacheValue.equals(caveatMap)) + { + // update the cache + caveatConfig.put(conStr, caveatMap); + } + } + } + finally + { + writeLock.unlock(); + } + } + catch (JSONException e) + { + throw new AlfrescoRuntimeException("Invalid caveat config syntax: "+e); + } + } + } + } + + private NodeRef getCaveatConfigNode() + { + NodeRef rootNode = nodeService.getRootNode(storeRef); + return nodeService.getChildByName(rootNode, RecordsManagementModel.ASSOC_CAVEAT_CONFIG, CAVEAT_CONFIG_NAME); + } + + + public NodeRef updateOrCreateCaveatConfig(InputStream is) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(is); + + return caveatConfig; + } + + public NodeRef updateOrCreateCaveatConfig(File jsonFile) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(jsonFile); + + return caveatConfig; + } + + public NodeRef updateOrCreateCaveatConfig(String jsonString) + { + NodeRef caveatConfig = getOrCreateCaveatConfig(); + + // Update the content + ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); + writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); + writer.setEncoding("UTF-8"); + writer.putContent(jsonString); + + return caveatConfig; + } + + private NodeRef getOrCreateCaveatConfig() + { + NodeRef caveatConfig = getCaveatConfigNode(); + if (caveatConfig == null) + { + NodeRef rootNode = nodeService.getRootNode(storeRef); + nodeService.addAspect(rootNode, VersionModel.ASPECT_VERSION_STORE_ROOT, null); + + // Create caveat config + caveatConfig = nodeService.createNode(rootNode, + RecordsManagementModel.ASSOC_CAVEAT_CONFIG, + QName.createQName(RecordsManagementModel.RM_URI, CAVEAT_CONFIG_NAME), + RecordsManagementModel.TYPE_CAVEAT_CONFIG).getChildRef(); + + nodeService.setProperty(caveatConfig, ContentModel.PROP_NAME, CAVEAT_CONFIG_NAME); + } + + return caveatConfig; + } + + // Get list of all caveat qualified names + public Collection getRMConstraintNames() + { + Collection rmConstraintNames = Collections.emptySet(); + try + { + readLock.lock(); + rmConstraintNames = caveatConfig.getKeys(); + } + finally + { + readLock.unlock(); + } + return Collections.unmodifiableCollection(rmConstraintNames); + } + + // Get allowed values for given caveat (for current user) + public List getRMAllowedValues(String constraintName) + { + List allowedValues = new ArrayList(0); + + String userName = AuthenticationUtil.getRunAsUser(); + if (userName != null && !(AuthenticationUtil.isMtEnabled() && AuthenticationUtil.isRunAsUserTheSystemUser())) + { + // note: userName and userGroupNames must not be null + caveatConfig.get(constraintName); + + Set userGroupFullNames = authorityService.getAuthoritiesForUser(userName); + allowedValues = getRMAllowedValues(userName, userGroupFullNames, constraintName); + } + + return allowedValues; + } + + private List getRMAllowedValues(String userName, Set userGroupFullNames, String constraintName) + { + SetallowedValues = new HashSet(); + + // note: userName and userGroupNames must not be null + Map> caveatConstraintDef = null; + try + { + readLock.lock(); + caveatConstraintDef = caveatConfig.get(constraintName); + } + finally + { + readLock.unlock(); + } + + if (caveatConstraintDef != null) + { + List direct = caveatConstraintDef.get(userName); + if(direct != null) + { + allowedValues.addAll(direct); + } + + for (String group : userGroupFullNames) + { + List values = caveatConstraintDef.get(group); + if(values != null) + { + allowedValues.addAll(values); + } + } + } + + Listret = new ArrayList(); + ret.addAll(allowedValues); + return Collections.unmodifiableList(ret); + } + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + @SuppressWarnings("unchecked") + public boolean hasAccess(NodeRef nodeRef) + { + try + { + if ((! nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) + { + return true; + } + + boolean found = false; + for (QName caveatAspectQName : caveatAspectQNames) + { + if (nodeService.hasAspect(nodeRef, caveatAspectQName)) + { + found = true; + break; + } + } + + if (! found) + { + // no caveat aspect + return true; + } + else + { + // check for caveats + String userName = AuthenticationUtil.getRunAsUser(); + if (userName != null) + { + // check all text properties + Map props = nodeService.getProperties(nodeRef); + for (Map.Entry entry : props.entrySet()) + { + QName propName = entry.getKey(); + PropertyDefinition propDef = dictionaryService.getProperty(propName); + + if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) + { + List conDefs = propDef.getConstraints(); + for (ConstraintDefinition conDef : conDefs) + { + Constraint con = conDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint)con); + String conName = rmCon.getShortName(); + MatchLogic matchLogic = rmCon.getMatchLogicEnum(); + Map> caveatConstraintDef = caveatConfig.get(conName); + if (caveatConstraintDef == null) + { + continue; + } + else + { + Set userGroupNames = authorityService.getAuthoritiesForUser(userName); + List allowedValues = getRMAllowedValues(userName, userGroupNames, conName); + + List propValues = null; + Object val = entry.getValue(); + if (val instanceof String) + { + propValues = new ArrayList(1); + propValues.add((String)val); + } + else if (val instanceof List) + { + propValues = (List)val; + } + + if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) + { + if (logger.isDebugEnabled()) + { + logger.debug("Veto access: caveat="+conName+", userName="+userName+", nodeRef="+nodeRef+", propName="+propName+", propValues="+propValues+", allowedValues="+allowedValues); + } + return false; + } + } + } + } + } + } + } + + return true; + } + } + catch (AccessDeniedException ade) + { + return false; + } + } + + private boolean isAllowed(List propValues, List userGroupValues, MatchLogic matchLogic) + { + if (matchLogic.equals(MatchLogic.AND)) + { + // check user/group values match all values on node + for (String propValue : propValues) + { + if (! userGroupValues.contains(propValue)) + { + if (logger.isTraceEnabled()) + { + logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); + } + + return false; + } + } + + return true; + } + else if (matchLogic.equals(MatchLogic.OR)) + { + // check user/group values match at least one value on node + for (String propValue : propValues) + { + if (userGroupValues.contains(propValue)) + { + return true; + } + } + + if (logger.isTraceEnabled()) + { + logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); + } + + return false; + } + + logger.error("Unexpected match logic type: "+matchLogic); + return false; + } + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param value + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + public void addRMConstraintListValue(String listName, String authorityName, String value) + { + Map> members = null; + try + { + readLock.lock(); + members = caveatConfig.get(listName); + if(members == null) + { + throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); + } + + try + { + readLock.unlock(); + writeLock.lock(); + // check again + members = caveatConfig.get(listName); + if(members == null) + { + throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); + } + + List values = members.get(authorityName); + if(values == null) + { + throw new AlfrescoRuntimeException("Unable to add to authority in list. Authority not member listName: "+ listName + " authorityName:" +authorityName); + } + values.add(value); + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + readLock.lock(); + writeLock.unlock(); + } + + } + finally + { + readLock.unlock(); + } + } + + /** + * Get the member details of the specified list + * @param listName + * @return the details of the specified list + */ + public Map> getListDetails(String listName) + { + Map> listDetails = null; + try + { + readLock.lock(); + listDetails = caveatConfig.get(listName); + } + finally + { + readLock.unlock(); + } + if (listDetails == null) + { + return Collections.emptyMap(); + } + else + { + return Collections.unmodifiableMap(listDetails); + } + } + + public List getRMCaveatModels() + { + return caveatModelQNames; + } + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) + { + Map> members = null; + try + { + writeLock.lock(); + members = caveatConfig.get(listName); + if(members == null) + { + // Create the new list, with the authority name + Map> constraint = new HashMap>(0); + constraint.put(authorityName, new ArrayList(values)); + members = constraint; + } + else + { + members.put(authorityName, new ArrayList(values)); + } + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + /** + * Replace the authorities for a value in a list + * + * @param listName + * @param valueName + * @param authorities + */ + public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) + { + + Map> members = caveatConfig.get(listName); + try + { + writeLock.lock(); + + if(members == null) + { + // Members List does not exist + Map> emptyConstraint = new HashMap>(0); + caveatConfig.put(listName, emptyConstraint); + members = emptyConstraint; + + } + // authorities contains authority, values[] + // pivot contains value, members[] + Map> pivot = PivotUtil.getPivot(members); + + // remove all authorities which have this value + List existingAuthorities = pivot.get(valueName); + if(existingAuthorities != null) + { + for(String authority : existingAuthorities) + { + List vals = members.get(authority); + vals.remove(valueName); + } + } + // add the new authorities for this value + for(String authority : authorities) + { + List vals = members.get(authority); + if(vals == null) + { + vals= new ArrayList(); + members.put(authority, vals); + } + vals.add(valueName); + } + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + public void removeRMConstraintListValue(String listName, String valueName) + { + Map> members = null; + try + { + readLock.lock(); + + members = caveatConfig.get(listName); + if (members != null) + { + try + { + readLock.unlock(); + writeLock.lock(); + // check again + members = caveatConfig.get(listName); + if (members != null) + { + // authorities contains authority, values[] + // pivot contains value, members[] + Map> pivot = PivotUtil.getPivot(members); + + // remove all authorities which have this value + List existingAuthorities = pivot.get(valueName); + if(existingAuthorities != null) + { + for(String authority : existingAuthorities) + { + List vals = members.get(authority); + vals.remove(valueName); + } + caveatConfig.put(listName, members); + } + } + + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + readLock.lock(); + writeLock.unlock(); + } + } + } + finally + { + readLock.unlock(); + } + } + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void removeRMConstraintListAuthority(String listName, String authorityName) + { + Map> members = null; + try + { + writeLock.lock(); + members = caveatConfig.get(listName); + if(members != null) + { + members.remove(listName); + } + + caveatConfig.put(listName, members); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + + } + finally + { + writeLock.unlock(); + } +} + + /** + * @param config the configuration to convert + * @return a String containing the JSON representation of the configuration. + */ + private String convertToJSONString(SimpleCache>> config) + { + JSONObject configJSONObject = new JSONObject(); + + Collection listNames = config.getKeys(); + for (String listName : listNames) + { + Map> members = config.get(listName); + + Set authorityNames = members.keySet(); + JSONObject listMembers = new JSONObject(); + + for (String authorityName : authorityNames) + { + List authorities = members.get(authorityName); + try + { + listMembers.put(authorityName, authorities); + } + catch (JSONException error) + { + StringBuilder sb = new StringBuilder(); + sb.append("Cannot add the key '"); + sb.append(authorityName); + sb.append("' with the value '"); + sb.append(authorities); + sb.append("' to the JSONObject 'listMembers' '"); + sb.append(listMembers); + sb.append("': "); + sb.append(getFullStackTrace(error)); + throw new AlfrescoRuntimeException(sb.toString()); + } + } + + try + { + configJSONObject.put(listName, listMembers); + } + catch (JSONException error) + { + StringBuilder sb = new StringBuilder(); + sb.append("Cannot add the key '"); + sb.append(listName); + sb.append("' with the value '"); + sb.append(listMembers); + sb.append("' to the JSONObject 'configJSONObject' '"); + sb.append(configJSONObject); + sb.append("': "); + sb.append(getFullStackTrace(error)); + throw new AlfrescoRuntimeException(sb.toString()); + } + } + + return configJSONObject.toString(); + } + + /** + * Get an RMConstraintInfo + * @param listQName + * @return the constraint or null if it does not exist + */ + public RMConstraintInfo getRMConstraint(QName listQName) + { + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + if(dictionaryDef != null) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(con.getTitle()); + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + info.setCaseSensitive(def.isCaseSensitive()); + return info; + } + } + return null; + } + + /** + * Get RM Constraint detail. + * + * @return the constraintInfo or null + */ + public RMConstraintInfo getRMConstraint(String listName) + { + QName listQName = QName.createQName(listName, namespaceService); + return getRMConstraint(listQName); + } + + public void deleteRMConstraint(String listName) + { + try + { + writeLock.lock(); + caveatConfig.remove(listName); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } + + public void addRMConstraint(String listName) + { + try + { + writeLock.lock(); + Map> emptyConstraint = new HashMap>(0); + caveatConfig.put(listName, emptyConstraint); + updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); + } + finally + { + writeLock.unlock(); + } + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java new file mode 100644 index 0000000000..4ef215a322 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigService.java @@ -0,0 +1,161 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.File; +import java.io.InputStream; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.service.cmr.repository.NodeRef; + +public interface RMCaveatConfigService +{ + void init(); + + /** + * Get allowed values for given caveat list (for current user) + * @param constraintName + * @return + */ + List getRMAllowedValues(String constraintName); + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + boolean hasAccess(NodeRef nodeRef); + + /* + * Get a single RM constraint + */ + RMConstraintInfo getRMConstraint(String listName); + + /* + * Get the names of all the caveat lists + */ + Set getAllRMConstraints(); + + /** + * Get the details of a caveat list + * @param listName + * @return + */ + Map> getListDetails(String listName); + + NodeRef updateOrCreateCaveatConfig(File jsonFile); + + NodeRef updateOrCreateCaveatConfig(String jsonString); + + NodeRef updateOrCreateCaveatConfig(InputStream is); + + /** + * add RM constraint list + * @param listName the name of the RMConstraintList + * @param listTitle + */ + RMConstraintInfo addRMConstraint(String listName, String listTitle, String[] allowedValues); + + /** + * update RM constraint list allowed values + * @param listName the name of the RMConstraintList - can not be changed + * @param allowedValues + */ + RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues); + + /** + * update RM constraint Title + * @param listName the name of the RMConstraintList - can not be changed + * @param allowedValues + */ + RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle); + + + /** + * delete RM Constraint + * + * @param listName the name of the RMConstraintList + */ + void deleteRMConstraint(String listName); + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + void addRMConstraintListValue(String listName, String authorityName, String value); + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + void removeRMConstraintListAuthority(String listName, String authorityName); + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param value + * @param authorities + */ + void updateRMConstraintListValue(String listName, String value, Listauthorities); + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param value + */ + void removeRMConstraintListValue(String listName, String valueName); +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java new file mode 100644 index 0000000000..8994ff4d18 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMCaveatConfigServiceImpl.java @@ -0,0 +1,437 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.File; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.UUID; + +import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.service.cmr.dictionary.Constraint; +import org.alfresco.service.cmr.dictionary.ConstraintDefinition; +import org.alfresco.service.cmr.dictionary.DictionaryService; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * RM Caveat Config Service impl + * + * @author janv + */ +public class RMCaveatConfigServiceImpl implements RMCaveatConfigService +{ + private static Log logger = LogFactory.getLog(RMCaveatConfigServiceImpl.class); + + private NamespaceService namespaceService; + private DictionaryService dictionaryService; + + private RMCaveatConfigComponent rmCaveatConfigComponent; + private RecordsManagementAdminService recordsManagementAdminService; + + + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + public void setDictionaryService(DictionaryService dictionaryService) + { + this.dictionaryService = dictionaryService; + } + + public void setCaveatConfigComponent(RMCaveatConfigComponent rmCaveatConfigComponent) + { + this.rmCaveatConfigComponent = rmCaveatConfigComponent; + } + + public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService) + { + this.recordsManagementAdminService = recordsManagementAdminService; + } + + public RecordsManagementAdminService getRecordsManagementAdminService() + { + return recordsManagementAdminService; + } + + public void init() + { + rmCaveatConfigComponent.init(); + } + + public NodeRef updateOrCreateCaveatConfig(InputStream is) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(is); + } + + public NodeRef updateOrCreateCaveatConfig(File jsonFile) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonFile); + } + + public NodeRef updateOrCreateCaveatConfig(String jsonString) + { + return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonString); + } + + // Get allowed values for given caveat (for current user) + public List getRMAllowedValues(String constraintName) + { + return rmCaveatConfigComponent.getRMAllowedValues(constraintName); + } + + /** + * Check whether access to 'record component' node is vetoed for current user due to caveat(s) + * + * @param nodeRef + * @return false, if caveat(s) veto access otherwise return true + */ + public boolean hasAccess(NodeRef nodeRef) + { + return rmCaveatConfigComponent.hasAccess(nodeRef); + } + + /** + * add RM constraint list + * @param listName the name of the RMConstraintList + */ + public RMConstraintInfo addRMConstraint(String listName, String title, String[] values) + { + return addRMConstraint(listName, title, values, MatchLogic.AND); + } + + public RMConstraintInfo addRMConstraint(String listName, String title, String[] values, MatchLogic matchLogic) + { + if (listName == null) + { + // Generate a list name + StringBuilder sb = new StringBuilder(); + sb.append(RecordsManagementCustomModel.RM_CUSTOM_PREFIX); + sb.append(QName.NAMESPACE_PREFIX); + sb.append(UUID.randomUUID().toString()); + listName = sb.toString(); + } + + ListallowedValues = new ArrayList(); + for(String value : values) + { + allowedValues.add(value); + } + + QName listQName = QName.createQName(listName, namespaceService); + + // TEMP review - if it already exists then change it for now + try + { + recordsManagementAdminService.addCustomConstraintDefinition(listQName, title, true, allowedValues, matchLogic); + } + catch (AlfrescoRuntimeException e) + { + if (e.getMessage().contains("Constraint already exists")) + { + recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValues); + recordsManagementAdminService.changeCustomConstraintTitle(listQName, title); + } + } + + rmCaveatConfigComponent.addRMConstraint(listName); + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(title); + info.setAllowedValues(values); + info.setCaseSensitive(true); + return info; + } + + /** + * delete RM Constraint List + * + * @param listName the name of the RMConstraintList + */ + public void deleteRMConstraint(String listName) + { + rmCaveatConfigComponent.deleteRMConstraint(listName); + + QName listQName = QName.createQName(listName, namespaceService); + + recordsManagementAdminService.removeCustomConstraintDefinition(listQName); + } + + /** + * Add a single value to an authority in a list. The existing values of the list remain. + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. + */ + public void addRMConstraintListValue(String listName, String authorityName, String value) + { + rmCaveatConfigComponent.addRMConstraintListValue(listName, authorityName, value); + } + + /** + * Get the details of the specified list + * @param listName + * @return the details of the specified list + */ + public Map> getListDetails(String listName) + { + return rmCaveatConfigComponent.getListDetails(listName); + } + + /** + * Replace the values for an authority in a list. + * The existing values are removed. + * + * If the authority does not already exist in the list, it will be added + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) + { + rmCaveatConfigComponent.updateRMConstraintListAuthority(listName, authorityName, values); + } + + /** + * Replace the authorities for a value in a list + * + * @param listName + * @param valueName + * @param authorities + */ + public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) + { + rmCaveatConfigComponent.updateRMConstraintListValue(listName, valueName, authorities); + } + + /** + * Remove an authority from a list + * + * @param listName the name of the RMConstraintList + * @param authorityName + * @param values + */ + public void removeRMConstraintListAuthority(String listName, String authorityName) + { + rmCaveatConfigComponent.removeRMConstraintListAuthority(listName, authorityName); + } + + /** + * Get all Constraint Lists + */ + public Set getAllRMConstraints() + { + Set info = new HashSet(); + + List defs = new ArrayList(10); + for (QName caveatModelQName : rmCaveatConfigComponent.getRMCaveatModels()) + { + defs.addAll(recordsManagementAdminService.getCustomConstraintDefinitions(caveatModelQName)); + } + + for(ConstraintDefinition dictionaryDef : defs) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + RMConstraintInfo i = new RMConstraintInfo(); + i.setName(def.getShortName()); + i.setTitle(def.getTitle()); + + // note: assumes only one caveat/LOV against a given property + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + i.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + i.setCaseSensitive(def.isCaseSensitive()); + info.add(i); + } + + } + + return info; + } + + /** + * Get an RMConstraintInfo + * @param listQName + * @return the constraint or null if it does not exist + */ + public RMConstraintInfo getRMConstraint(QName listQName) + { + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + if(dictionaryDef != null) + { + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + + RMConstraintInfo info = new RMConstraintInfo(); + info.setName(listQName.toPrefixString()); + info.setTitle(con.getTitle()); + List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); + info.setCaseSensitive(def.isCaseSensitive()); + return info; + } + } + return null; + } + + /** + * Get RM Constraint detail. + * + * @return the constraintInfo or null + */ + public RMConstraintInfo getRMConstraint(String listName) + { + QName listQName = QName.createQName(listName, namespaceService); + return getRMConstraint(listQName); + + } + + /** + * Update The allowed values for an RM Constraint. + * + * @param listName The name of the list. + * @param allowedValues the new alowed values + * + */ + public RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues) + { + QName listQName = QName.createQName(listName, namespaceService); + + if(allowedValues != null) + { + ListallowedValueList = new ArrayList(); + for(String value : allowedValues) + { + allowedValueList.add(value); + } + + ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); + Constraint con = dictionaryDef.getConstraint(); + if (con instanceof RMListOfValuesConstraint) + { + final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; + List oldAllowedValues = AuthenticationUtil.runAs(new RunAsWork>() + { + public List doWork() + { + return def.getAllowedValues(); + } + }, AuthenticationUtil.getSystemUserName()); + + /** + * Deal with any additions + */ + for(String newValue : allowedValueList) + { + if(!oldAllowedValues.contains(newValue) && logger.isDebugEnabled()) + { + // This is an addition + logger.debug("value added to list:" + listQName + ":" + newValue); + } + } + + /** + * Deal with any deletions + */ + for(String oldValue : oldAllowedValues) + { + if(!allowedValueList.contains(oldValue)) + { + // This is a deletion + if(logger.isDebugEnabled()) + { + logger.debug("value removed from list:" + listQName + ":" + oldValue); + } + removeRMConstraintListValue(listName, oldValue); + } + } + } + + recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValueList); + } + + return getRMConstraint(listName); + } + + /** + * Remove a value from a list and cascade delete. + */ + public void removeRMConstraintListValue(String listName, String valueName) + { + //TODO need to update the rm constraint definition + // recordsManagementAdminService. + + rmCaveatConfigComponent.removeRMConstraintListValue(listName, valueName); + } + + /** + * Update the title of this RM Constraint. + */ + public RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle) + { + QName listQName = QName.createQName(listName, namespaceService); + + recordsManagementAdminService.changeCustomConstraintTitle(listQName, newTitle); + return getRMConstraint(listName); + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java new file mode 100644 index 0000000000..cc6d92cd49 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintInfo.java @@ -0,0 +1,88 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.util.Arrays; + +public class RMConstraintInfo +{ + private String name; + private String title; + private boolean caseSensitive; + private String[] allowedValues; + + public void setName(String name) + { + this.name = name; + } + public String getName() + { + return name; + } + public void setTitle(String title) + { + this.title = title; + } + public String getTitle() + { + return title; + } + public void setCaseSensitive(boolean caseSensitive) + { + this.caseSensitive = caseSensitive; + } + public boolean isCaseSensitive() + { + return caseSensitive; + } + public void setAllowedValues(String[] values) + { + this.allowedValues = values.clone(); + } + public String[] getAllowedValues() + { + return allowedValues; + } + + @Override + public String toString() + { + StringBuilder builder = new StringBuilder(); + builder.append("RMConstraintInfo [name="); + builder.append(this.name); + builder.append(", title="); + builder.append(this.title); + builder.append(", caseSensitive="); + builder.append(this.caseSensitive); + builder.append(", allowedValues="); + builder.append(Arrays.toString(this.allowedValues)); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java new file mode 100644 index 0000000000..23fe1dfc89 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMConstraintMessageKeys.java @@ -0,0 +1,39 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +/** + * A class to hold I18N keys for messages related to constraint validation. + * + * @author tpage + */ +public class RMConstraintMessageKeys +{ + public static final String ERR_NON_STRING = "d_dictionary.constraint.string_length.non_string"; + public static final String ERR_INVALID_VALUE = "d_dictionary.constraint.list_of_values.invalid_value"; +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java new file mode 100644 index 0000000000..a6e8b51710 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/RMListOfValuesConstraint.java @@ -0,0 +1,259 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.alfresco.repo.dictionary.constraint.ListOfValuesConstraint; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.service.cmr.dictionary.ConstraintException; +import org.alfresco.service.cmr.i18n.MessageLookup; +import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; +import org.alfresco.service.cmr.repository.datatype.TypeConversionException; +import org.apache.commons.lang.StringUtils; +import org.springframework.extensions.surf.util.I18NUtil; + +/** + * RM Constraint implementation that ensures the value is one of a constrained + * list of values. By default, this constraint is case-sensitive. + * + * @see #setAllowedValues(List) + * @see #setCaseSensitive(boolean) + * + * @author janv + */ +public class RMListOfValuesConstraint extends ListOfValuesConstraint +{ + private static final String LOV_CONSTRAINT_VALUE = "listconstraint"; + private List allowedValues; + private List allowedValuesUpper; + // defined match logic used by caveat matching (default = "AND") + private MatchLogic matchLogic = MatchLogic.AND; + + public enum MatchLogic + { + // closed marking - all values must match + AND, + // open marking - at least one value must match + OR; + } + + // note: alternative to static init could be to use 'registered' constraint + private static RMCaveatConfigService caveatConfigService; + + public void setCaveatConfigService(RMCaveatConfigService caveatConfigService) + { + RMListOfValuesConstraint.caveatConfigService = caveatConfigService; + } + + + @Override + public String toString() + { + StringBuilder sb = new StringBuilder(80); + sb.append("RMListOfValuesConstraint") + .append("[allowedValues=").append(getAllowedValues()) + .append(", caseSensitive=").append(isCaseSensitive()) + .append(", sorted=").append(isSorted()) + .append(", matchLogic=").append(getMatchLogic()) + .append("]"); + return sb.toString(); + } + + public RMListOfValuesConstraint() + { + super(); + + // Set RM list of value constraints to be sorted by default + sorted = true; + } + + /** + * Get the allowed values. Note that these are String instances, but may + * represent non-String values. It is up to the caller to distinguish. + * + * @return Returns the values allowed + */ + @Override + public List getRawAllowedValues() + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) + { + // get allowed values for current user + List allowedForUser = caveatConfigService.getRMAllowedValues(getShortName()); + + List filteredList = new ArrayList(allowedForUser.size()); + for (String allowed : allowedForUser) + { + if (this.allowedValues.contains(allowed)) + { + filteredList.add(allowed); + } + } + + return filteredList; + } + else + { + return this.allowedValues; + } + } + + public String getDisplayLabel(String constraintAllowableValue, MessageLookup messageLookup) + { + if (!this.allowedValues.contains(constraintAllowableValue)) + { + return null; + } + + String key = LOV_CONSTRAINT_VALUE; + key += "." + this.getShortName(); + key += "." + constraintAllowableValue; + key = StringUtils.replace(key, ":", "_"); + + String message = messageLookup.getMessage(key, I18NUtil.getLocale()); + return message == null ? constraintAllowableValue : message; + } + + private List getAllowedValuesUpper() + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) + { + // get allowed values for current user + List allowedForUser = caveatConfigService.getRMAllowedValues(getType()); + + List filteredList = new ArrayList(allowedForUser.size()); + for (String allowed : allowedForUser) + { + if (this.allowedValuesUpper.contains(allowed.toUpperCase())) + { + filteredList.add(allowed); + } + } + + return filteredList; + } + else + { + return this.allowedValuesUpper; + } + } + /** + * Set the values that are allowed by the constraint. + * + * @param values a list of allowed values + */ + @SuppressWarnings({ "unchecked", "rawtypes" }) + @Override + public void setAllowedValues(List allowedValues) + { + if (allowedValues == null) + { + allowedValues = new ArrayList(0); + } + int valueCount = allowedValues.size(); + this.allowedValues = Collections.unmodifiableList(allowedValues); + + // make the upper case versions + this.allowedValuesUpper = new ArrayList(valueCount); + for (String allowedValue : this.allowedValues) + { + allowedValuesUpper.add(allowedValue.toUpperCase()); + } + } + + @Override + public void initialize() + { + checkPropertyNotNull("allowedValues", allowedValues); + } + + @Override + public Map getParameters() + { + Map params = new HashMap(2); + + params.put("caseSensitive", isCaseSensitive()); + params.put("allowedValues", getAllowedValues()); + params.put("sorted", isSorted()); + params.put("matchLogic", getMatchLogic()); + + return params; + } + + public MatchLogic getMatchLogicEnum() + { + return matchLogic; + } + + public String getMatchLogic() + { + return matchLogic.toString(); + } + + public void setMatchLogic(String matchLogicStr) + { + this.matchLogic = MatchLogic.valueOf(matchLogicStr); + } + + @Override + protected void evaluateSingleValue(Object value) + { + // convert the value to a String + String valueStr = null; + try + { + valueStr = DefaultTypeConverter.INSTANCE.convert(String.class, value); + } + catch (TypeConversionException e) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_NON_STRING, value, e); + } + // check that the value is in the set of allowed values + if (isCaseSensitive()) + { + if (!getAllowedValues().contains(valueStr)) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); + } + } + else + { + if (!getAllowedValuesUpper().contains(valueStr.toUpperCase())) + { + throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); + } + } + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java new file mode 100644 index 0000000000..72eb9f263f --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptAuthority.java @@ -0,0 +1,60 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.Serializable; + + +public class ScriptAuthority implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = 1L; + private String authorityTitle; + private String authorityName; + + public void setAuthorityName(String authorityName) + { + this.authorityName = authorityName; + } + public String getAuthorityName() + { + return authorityName; + } + public void setAuthorityTitle(String authorityName) + { + this.authorityTitle = authorityName; + } + public String getAuthorityTitle() + { + return authorityTitle; + } + + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java new file mode 100644 index 0000000000..651d81195c --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraint.java @@ -0,0 +1,270 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.service.cmr.security.AuthorityService; +import org.apache.commons.lang.StringUtils; +import org.json.JSONArray; +import org.json.JSONObject; + +public class ScriptConstraint implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = 1L; + + private RMConstraintInfo info; + + private RMCaveatConfigService rmCaveatconfigService; + + private AuthorityService authorityService; + + ScriptConstraint(RMConstraintInfo info, RMCaveatConfigService rmCaveatconfigService, AuthorityService authorityService) + { + this.info = info; + this.rmCaveatconfigService = rmCaveatconfigService; + this.authorityService = authorityService; + } + + public void setTitle(String title) + { + info.setTitle(title); + } + public String getTitle() + { + return info.getTitle(); + } + public void setName(String name) + { + info.setName(name); + } + + public String getName() + { + return info.getName().replace(":", "_"); + } + + public boolean isCaseSensitive() + { + return info.isCaseSensitive(); + } + + public String[] getAllowedValues() + { + return info.getAllowedValues(); + } + + public ScriptConstraintAuthority[] getAuthorities() + { + Map> values = rmCaveatconfigService.getListDetails(info.getName()); + + if (values == null) + { + return new ScriptConstraintAuthority[0]; + } + + // Here with some data to return + Set authorities = values.keySet(); + + ArrayList constraints = new ArrayList(values.size()); + for(String authority : authorities) + { + ScriptConstraintAuthority constraint = new ScriptConstraintAuthority(); + constraint.setAuthorityName(authority); + constraint.setValues(values.get(authority)); + constraints.add(constraint); + } + + ScriptConstraintAuthority[] retVal = constraints.toArray(new ScriptConstraintAuthority[constraints.size()]); + + return retVal; + } + + /** + * updateTitle + */ + public void updateTitle(String newTitle) + { + info.setTitle(newTitle); + rmCaveatconfigService.updateRMConstraintTitle(info.getName(), newTitle) ; + } + + /** + * updateAllowedValues + */ + public void updateAllowedValues(String[] allowedValues) + { + info.setAllowedValues(allowedValues); + rmCaveatconfigService.updateRMConstraintAllowedValues(info.getName(), allowedValues); + } + + /** + * Update a value + * @param values + * @param authorities + */ + public void updateValues(JSONArray bodge) throws Exception + { + for(int i = 0; i < bodge.length(); i++) + { + + JSONObject obj = bodge.getJSONObject(i); + String value = obj.getString("value"); + JSONArray authorities = obj.getJSONArray("authorities"); + List aList = new ArrayList(); + for(int j = 0; j < authorities.length();j++) + { + aList.add(authorities.getString(j)); + } + rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, aList); + } + } + + /** + * Update a value + * @param values + * @param authorities + */ + public void updateValues(String value, String[] authorities) + { + List list = Arrays.asList(authorities); + rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, list); + } + + /** + * Cascade delete an authority + * @param authority + */ + public void deleteAuthority(String authority) + { + + } + + /** + * Cascade delete a value + * @param value + */ + public void deleteValue(String value) + { + + } + + + /** + * Get a single value + * @param value + * @return + */ + public ScriptConstraintValue getValue(String value) + { + ScriptConstraintValue[] values = getValues(); + + for(ScriptConstraintValue val : values) + { + if(val.getValueName().equalsIgnoreCase(value)) + { + return val; + } + } + return null; + } + + public ScriptConstraintValue[] getValues() + { + // authority, values + Map> details = rmCaveatconfigService.getListDetails(info.getName()); + + if (details == null) + { + details = new HashMap>(); + } + + // values, authorities + Map> pivot = PivotUtil.getPivot(details); + + // Here with some data to return + Set values = pivot.keySet(); + + ArrayList constraints = new ArrayList(pivot.size()); + for(String value : values) + { + ScriptConstraintValue constraint = new ScriptConstraintValue(); + constraint.setValueName(value); + constraint.setValueTitle(value); + + Listauthorities = pivot.get(value); + List sauth = new ArrayList(); + for(String authority : authorities) + { + ScriptAuthority a = new ScriptAuthority(); + a.setAuthorityName(authority); + + String displayName = authorityService.getAuthorityDisplayName(authority); + if(StringUtils.isNotBlank(displayName)) + { + a.setAuthorityTitle(displayName); + } + else + { + a.setAuthorityTitle(authority); + } + sauth.add(a); + } + constraint.setAuthorities(sauth); + constraints.add(constraint); + } + + /** + * Now go through and add any "empty" values + */ + for(String value : info.getAllowedValues()) + { + if(!values.contains(value)) + { + ScriptConstraintValue constraint = new ScriptConstraintValue(); + constraint.setValueName(value); + constraint.setValueTitle(value); + List sauth = new ArrayList(); + constraint.setAuthorities(sauth); + constraints.add(constraint); + } + } + + return constraints.toArray(new ScriptConstraintValue[constraints.size()]); + } + +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java new file mode 100644 index 0000000000..2fbf847906 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintAuthority.java @@ -0,0 +1,58 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.Serializable; +import java.util.List; + +public class ScriptConstraintAuthority implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = -4659454215122271811L; + private String authorityName; + private Listvalues; + + public void setValues(List values) + { + this.values = values; + } + public List getValues() + { + return values; + } + public void setAuthorityName(String authorityName) + { + this.authorityName = authorityName; + } + public String getAuthorityName() + { + return authorityName; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java new file mode 100644 index 0000000000..2f43a8e5d3 --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptConstraintValue.java @@ -0,0 +1,66 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.io.Serializable; +import java.util.List; + +public class ScriptConstraintValue implements Serializable +{ + /** + * + */ + private static final long serialVersionUID = -4659454215122271811L; + private String value; + private Listauthorities; + + public void setAuthorities(List values) + { + this.authorities = values; + } + public List getAuthorities() + { + return authorities; + } + public void setValueName(String authorityName) + { + this.value = authorityName; + } + public String getValueName() + { + return value; + } + public void setValueTitle(String authorityName) + { + this.value = authorityName; + } + public String getValueTitle() + { + return value; + } +} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java new file mode 100644 index 0000000000..1e40342b5c --- /dev/null +++ b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/caveat/ScriptRMCaveatConfigService.java @@ -0,0 +1,174 @@ +/* + * #%L + * Alfresco Records Management Module + * %% + * Copyright (C) 2005 - 2016 Alfresco Software Limited + * %% + * This file is part of the Alfresco software. + * - + * If the software was purchased under a paid Alfresco license, the terms of + * the paid license agreement will prevail. Otherwise, the software is + * provided under the following open source license terms: + * - + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * - + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * - + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + * #L% + */ + +package org.alfresco.module.org_alfresco_module_rm.caveat; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.alfresco.repo.jscript.BaseScopableProcessorExtension; +import org.alfresco.service.cmr.security.AuthorityService; + +/** + * Script projection of RM Caveat Config Service + * + * @author Mark Rogers + */ +public class ScriptRMCaveatConfigService extends BaseScopableProcessorExtension +{ + private RMCaveatConfigService caveatConfigService; + private AuthorityService authorityService; + + public void setCaveatConfigService(RMCaveatConfigService rmCaveatConfigService) + { + this.caveatConfigService = rmCaveatConfigService; + } + + public RMCaveatConfigService getRmCaveatConfigService() + { + return caveatConfigService; + } + + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + public AuthorityService getAuthorityService() + { + return authorityService; + } + + public ScriptConstraint getConstraint(String listName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + RMConstraintInfo info = caveatConfigService.getRMConstraint(xxx); + + if(info != null) + { + return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); + } + + return null; + } + + public ScriptConstraint[] getAllConstraints() + { + return getConstraints(true); + } + + public ScriptConstraint[] getConstraintsWithoutEmptyList() + { + return getConstraints(false); + } + + private ScriptConstraint[] getConstraints(boolean includeEmptyList) + { + Set values = caveatConfigService.getAllRMConstraints(); + + List vals = new ArrayList(values.size()); + for(RMConstraintInfo value : values) + { + ScriptConstraint c = new ScriptConstraint(value, caveatConfigService, getAuthorityService()); + if (includeEmptyList) + { + vals.add(c); + } + else + { + if (c.getValues().length > 0) + { + vals.add(c); + } + } + } + + return vals.toArray(new ScriptConstraint[vals.size()]); + } + + /** + * Delete list + * @param listName + + */ + public void deleteConstraintList(String listName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + caveatConfigService.deleteRMConstraint(xxx); + } + + + + /** + * Update value + */ + public void updateConstraintValues(String listName, String authorityName, String[]values) + { + List vals = new ArrayList(); + caveatConfigService.updateRMConstraintListAuthority(listName, authorityName, vals); + } + + /** + * Delete the constraint values. i.e remove an authority from a constraint list + */ + public void deleteRMConstraintListAuthority(String listName, String authorityName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + caveatConfigService.removeRMConstraintListAuthority(xxx, authorityName); + } + + /** + * Delete the constraint values. i.e remove a value from a constraint list + */ + public void deleteRMConstraintListValue(String listName, String valueName) + { + //TODO Temporary conversion + String xxx = listName.replace("_", ":"); + + caveatConfigService.removeRMConstraintListValue(xxx, valueName); + + } + + public ScriptConstraint createConstraint(String listName, String title, String[] allowedValues) + { + //TODO Temporary conversion + if(listName != null) + { + listName = listName.replace("_", ":"); + } + + RMConstraintInfo info = caveatConfigService.addRMConstraint(listName, title, allowedValues); + return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); + } + +} diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java index ed0f85dd44..1f39b29932 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminService.java @@ -32,7 +32,7 @@ import java.util.Map; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService; import org.alfresco.service.cmr.dictionary.AssociationDefinition; import org.alfresco.service.cmr.dictionary.ConstraintDefinition; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java index 71782e7d1f..8fa2f8b10d 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java @@ -41,8 +41,8 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.compatibility.CompatibilityModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; @@ -99,7 +99,7 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas private static final String MSG_ERROR_CLIENT_ID = "rm.admin.error-client-id"; /** Constants */ - private static final String CUSTOM_CONSTRAINT_TYPE = org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.class.getName(); + private static final String CUSTOM_CONSTRAINT_TYPE = org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.class.getName(); private static final String CAPATIBILITY_CUSTOM_CONTRAINT_TYPE = org.alfresco.module.org_alfresco_module_dod5015.caveat.RMListOfValuesConstraint.class.getName(); private static final String PARAM_ALLOWED_VALUES = "allowedValues"; private static final String PARAM_CASE_SENSITIVE = "caseSensitive"; @@ -1068,7 +1068,7 @@ public class RecordsManagementAdminServiceImpl extends RecordsManagementAdminBas } /** - * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#addCustomConstraintDefinition(org.alfresco.service.namespace.QName, java.lang.String, boolean, java.util.List, org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic) + * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#addCustomConstraintDefinition(org.alfresco.service.namespace.QName, java.lang.String, boolean, java.util.List, org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic) */ public void addCustomConstraintDefinition(QName constraintName, String title, boolean caseSensitive, List allowedValues, MatchLogic matchLogic) { diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java index 2ad43640ca..f78b5a15bd 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/bootstrap/RecordsManagementBootstrap.java @@ -29,7 +29,7 @@ package org.alfresco.module.org_alfresco_module_rm.bootstrap; import org.alfresco.module.org_alfresco_module_rm.action.impl.SplitEmailAction; import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; import org.alfresco.module.org_alfresco_module_rm.email.CustomEmailMappingService; import org.alfresco.repo.action.parameter.NodeParameterSuggesterBootstrap; import org.alfresco.repo.security.authentication.AuthenticationUtil; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java index c665439e60..fc5593c6fa 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java @@ -30,7 +30,7 @@ package org.alfresco.module.org_alfresco_module_rm.capability; import java.util.Map; import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigComponent; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent; import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.repo.security.authentication.AuthenticationUtil; diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java index 70ab4803df..2db0f32022 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/RMConstraintGet.java @@ -31,7 +31,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; import org.springframework.extensions.webscripts.Cache; import org.springframework.extensions.webscripts.DeclarativeWebScript; import org.springframework.extensions.webscripts.Status; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java index 885f679ae1..c7555ebe11 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RMCaveatConfigServiceImplTest.java @@ -33,8 +33,8 @@ import java.util.List; import javax.transaction.UserTransaction; import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigServiceImpl; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigServiceImpl; import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java index ad14cdabca..99701d26b0 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/service/RecordsManagementAdminServiceImplTest.java @@ -39,8 +39,8 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementPolicies.Befo import org.alfresco.module.org_alfresco_module_rm.RecordsManagementPolicies.OnCreateReference; import org.alfresco.module.org_alfresco_module_rm.admin.CustomMetadataException; import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipDefinition; diff --git a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java index 473ac374fa..0d221db809 100644 --- a/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java +++ b/rm-community/rm-community-repo/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java @@ -36,7 +36,7 @@ import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMCaveatConfigService; +import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigService; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService; import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService; From 1e187d8f3661b3233e13221bfe663366eb6d76b9 Mon Sep 17 00:00:00 2001 From: David Webster Date: Wed, 8 Jun 2016 19:36:13 +0100 Subject: [PATCH 3/3] RM-3134: Fix community build - delete files not deleted by previous revert --- .../securitymarks/PivotUtil.java | 71 - .../RMCaveatConfigComponent.java | 121 -- .../RMCaveatConfigComponentImpl.java | 1148 ----------------- .../securitymarks/RMCaveatConfigService.java | 161 --- .../RMCaveatConfigServiceImpl.java | 437 ------- .../securitymarks/RMConstraintInfo.java | 88 -- .../RMConstraintMessageKeys.java | 39 - .../RMListOfValuesConstraint.java | 259 ---- .../securitymarks/ScriptAuthority.java | 60 - .../securitymarks/ScriptConstraint.java | 270 ---- .../ScriptConstraintAuthority.java | 58 - .../securitymarks/ScriptConstraintValue.java | 66 - .../ScriptRMCaveatConfigService.java | 174 --- 13 files changed, 2952 deletions(-) delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java delete mode 100644 rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java deleted file mode 100644 index 182f72dac7..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/PivotUtil.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/* package scope */ final class PivotUtil -{ - private PivotUtil() - { - // Will not be called - } - - static Map> getPivot(Map> source) - { - - Map> pivot = new HashMap>(); - - for (Map.Entry> entry : source.entrySet()) - { - Listvalues = entry.getValue(); - for (String value : values) - { - String authority = entry.getKey(); - if (pivot.containsKey(value)) - { - // already exists - List list = pivot.get(value); - list.add(authority ); - } - else - { - // New value - List list = new ArrayList(); - list.add(authority); - pivot.put(value, list); - } - } - } - - return pivot; - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java deleted file mode 100644 index c5c6b6618d..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponent.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.File; -import java.io.InputStream; -import java.util.List; -import java.util.Map; - -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; - -public interface RMCaveatConfigComponent -{ - void init(); - - /** - * Get allowed values for given caveat list (for current user) - * - * @param constraintName - * @return - */ - List getRMAllowedValues(String constraintName); - - /** - * Get custom caveat models - * - * @return - */ - List getRMCaveatModels(); - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - boolean hasAccess(NodeRef nodeRef); - - /** - * Get RM constraint list - * - * @param listName the name of the RMConstraintList - */ - RMConstraintInfo getRMConstraint(String listName); - - /** - * Add RM constraint - */ - void addRMConstraint(String listName); - - /** - * Add RM constraint value for given authority - */ - void addRMConstraintListValue(String listName, String authorityName, String value); - - /** - * Update RM constraint values for given authority - */ - void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); - - /** - * Update RM constraint authorities for given value - */ - void updateRMConstraintListValue(String listName, String valueName, Listauthorities); - - /** - * Remove RM constraint value (all authorities) - */ - void removeRMConstraintListValue(String listName, String valueName); - - /** - * Remove RM constraint authority (all values) - */ - void removeRMConstraintListAuthority(String listName, String authorityName); - - /** - * Delete RM Constraint - * - * @param listName the name of the RMConstraintList - */ - void deleteRMConstraint(String listName); - - /** - * Get the details of a caveat list - * @param listName - * @return - */ - Map> getListDetails(String listName); - - NodeRef updateOrCreateCaveatConfig(File jsonFile); - - NodeRef updateOrCreateCaveatConfig(String jsonString); - - NodeRef updateOrCreateCaveatConfig(InputStream is); -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java deleted file mode 100644 index 828b837360..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigComponentImpl.java +++ /dev/null @@ -1,1148 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import static org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace; - -import java.io.File; -import java.io.InputStream; -import java.io.Serializable; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.locks.Lock; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.model.ContentModel; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.repo.cache.SimpleCache; -import org.alfresco.repo.content.ContentServicePolicies; -import org.alfresco.repo.content.MimetypeMap; -import org.alfresco.repo.node.NodeServicePolicies; -import org.alfresco.repo.policy.Behaviour.NotificationFrequency; -import org.alfresco.repo.policy.annotation.Behaviour; -import org.alfresco.repo.policy.annotation.BehaviourBean; -import org.alfresco.repo.policy.annotation.BehaviourKind; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.repo.version.VersionModel; -import org.alfresco.service.cmr.dictionary.Constraint; -import org.alfresco.service.cmr.dictionary.ConstraintDefinition; -import org.alfresco.service.cmr.dictionary.DataTypeDefinition; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.dictionary.PropertyDefinition; -import org.alfresco.service.cmr.repository.ChildAssociationRef; -import org.alfresco.service.cmr.repository.ContentReader; -import org.alfresco.service.cmr.repository.ContentService; -import org.alfresco.service.cmr.repository.ContentWriter; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.alfresco.util.JSONtoFmModel; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.json.JSONException; -import org.json.JSONObject; - -import net.sf.acegisecurity.AccessDeniedException; - -/** - * RM Caveat Config component impl - * - * @author janv - */ -@BehaviourBean(defaultType = "rma:caveatConfig") -public class RMCaveatConfigComponentImpl implements ContentServicePolicies.OnContentUpdatePolicy, - NodeServicePolicies.BeforeDeleteNodePolicy, - NodeServicePolicies.OnCreateNodePolicy, - RMCaveatConfigComponent -{ - private static Log logger = LogFactory.getLog(RMCaveatConfigComponentImpl.class); - - private ContentService contentService; - private DictionaryService dictionaryService; - private NamespaceService namespaceService; - private AuthorityService authorityService; - private PersonService personService; - private NodeService nodeService; - - // Default - private StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore"); - - private List caveatAspectURINames = new ArrayList(0); - private List caveatAspectQNames = new ArrayList(0); - - private List caveatModelURINames = new ArrayList(0); - private List caveatModelQNames = new ArrayList(0); - - private static final String CAVEAT_CONFIG_NAME = "caveatConfig.json"; - - private static final QName DATATYPE_TEXT = DataTypeDefinition.TEXT; - - /** - * Lock objects - */ - private ReadWriteLock lock = new ReentrantReadWriteLock(); - private Lock readLock = lock.readLock(); - private Lock writeLock = lock.writeLock(); - - /* - * Caveat Config (Shared) config - * first string is property name - * second string is authority name (user or group full name) - * third string is list of values of property - */ - private SimpleCache>> caveatConfig; - - public void setCaveatConfig(SimpleCache>> caveatConfig) - { - this.caveatConfig = caveatConfig; - } - - public void setNodeService(NodeService nodeService) - { - this.nodeService = nodeService; - } - - public void setContentService(ContentService contentService) - { - this.contentService = contentService; - } - - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - public void setAuthorityService(AuthorityService authorityService) - { - this.authorityService = authorityService; - } - - public void setPersonService(PersonService personService) - { - this.personService = personService; - } - - public void setStoreRef(String storeRef) - { - this.storeRef = new StoreRef(storeRef); - } - - public void setCaveatAspects(List caveatAspectNames) - { - this.caveatAspectURINames = caveatAspectNames; - } - - public void setCaveatModels(List caveatModelNames) - { - this.caveatModelURINames = caveatModelNames; - } - - /** - * Initialise behaviours and caveat config cache - */ - public void init() - { - if (caveatAspectURINames.size() > 0) - { - for (String caveatAspectURIName : caveatAspectURINames) - { - caveatAspectQNames.add(QName.createQName(caveatAspectURIName)); - } - - if (logger.isInfoEnabled()) - { - logger.info("Caveat aspects configured "+caveatAspectQNames); - } - } - else - { - logger.warn("No caveat aspects configured - caveats will not be applied"); - } - - if (caveatModelURINames.size() > 0) - { - for (String caveatModelURIName : caveatModelURINames) - { - caveatModelQNames.add(QName.createQName(caveatModelURIName)); - } - - if (logger.isInfoEnabled()) - { - logger.info("Caveat models configured "+caveatModelQNames); - } - } - else - { - logger.info("No caveat models configured - all models will be checked"); - } - - NodeRef caveatConfigNodeRef = getCaveatConfigNode(); - if (caveatConfigNodeRef != null) - { - validateAndReset(caveatConfigNodeRef); - } - } - - /** - * @see org.alfresco.repo.content.ContentServicePolicies.OnContentUpdatePolicy#onContentUpdate(org.alfresco.service.cmr.repository.NodeRef, boolean) - * RM-2770 - this method has to be fired on transaction commit to be able to validate the content when the content store is encrypted - */ - @Override - @Behaviour - ( - kind = BehaviourKind.CLASS, - notificationFrequency = NotificationFrequency.TRANSACTION_COMMIT - ) - public void onContentUpdate(NodeRef nodeRef, boolean newContent) - { - if (logger.isInfoEnabled()) - { - logger.info("onContentUpdate: "+nodeRef+", "+newContent); - } - - validateAndReset(nodeRef); - } - - /** - * @see org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy#beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef) - */ - @Override - @Behaviour(kind = BehaviourKind.CLASS) - public void beforeDeleteNode(NodeRef nodeRef) - { - if (logger.isInfoEnabled()) - { - logger.info("beforeDeleteNode: "+nodeRef); - } - - validateAndReset(nodeRef); - } - - /** - * @see org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy#onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) - */ - @Override - @Behaviour(kind = BehaviourKind.CLASS) - public void onCreateNode(ChildAssociationRef childAssocRef) - { - if (logger.isInfoEnabled()) - { - logger.info("onCreateNode: "+childAssocRef); - } - - validateAndReset(childAssocRef.getChildRef()); - } - - /** - * Validate the caveat config and optionally update the cache. - * - * @param nodeRef The nodeRef of the config - * @param updateCache Set to true to update the cache - */ - @SuppressWarnings("unchecked") - protected void validateAndReset(NodeRef nodeRef) - { - ContentReader cr = contentService.getReader(nodeRef, ContentModel.PROP_CONTENT); - if (cr != null) - { - // TODO - check who can change caveat config ! - // TODO - locking (or checkout/checkin) - - String caveatConfigData = cr.getContentString(); - if (caveatConfigData != null) - { - NodeRef existing = getCaveatConfigNode(); - if ((existing != null && (! existing.equals(nodeRef)))) - { - throw new AlfrescoRuntimeException("Cannot create more than one caveat config (existing="+existing+", new="+nodeRef+")"); - } - - try - { - if (logger.isTraceEnabled()) - { - logger.trace(caveatConfigData); - } - - Set models = new HashSet(1); - Set props = new HashSet(10); - Set expectedPrefixes = new HashSet(10); - - if (caveatModelQNames.size() > 0) - { - models.addAll(caveatModelQNames); - } - else - { - models.addAll(dictionaryService.getAllModels()); - } - - if (logger.isTraceEnabled()) - { - logger.trace("validateAndReset: models to check "+models); - } - - for (QName model : models) - { - props.addAll(dictionaryService.getProperties(model, DATATYPE_TEXT)); - expectedPrefixes.addAll(namespaceService.getPrefixes(model.getNamespaceURI())); - } - - if (props.size() == 0) - { - logger.warn("validateAndReset: no caveat properties found"); - } - else - { - if (logger.isTraceEnabled()) - { - logger.trace("validateAndReset: properties to check "+props); - } - } - - Map caveatConfigMap = JSONtoFmModel.convertJSONObjectToMap(caveatConfigData); - - for (Map.Entry conEntry : caveatConfigMap.entrySet()) - { - String conStr = conEntry.getKey(); - - QName conQName = QName.resolveToQName(namespaceService, conStr); - - // check prefix - String conPrefix = QName.splitPrefixedQName(conStr)[0]; - boolean prefixFound = false; - for (String expectedPrefix : expectedPrefixes) - { - if (conPrefix.equals(expectedPrefix)) - { - prefixFound = true; - } - } - - if (! prefixFound) - { - throw new AlfrescoRuntimeException("Unexpected prefix: "+ conPrefix + " (" + conStr +") expected one of "+expectedPrefixes+")"); - } - - Map> caveatMap = (Map>)conEntry.getValue(); - - List allowedValues = null; - @SuppressWarnings("unused") - boolean found = false; - - for (QName propertyName : props) - { - PropertyDefinition propDef = dictionaryService.getProperty(propertyName); - List conDefs = propDef.getConstraints(); - for (ConstraintDefinition conDef : conDefs) - { - final Constraint con = conDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - String conName = ((RMListOfValuesConstraint)con).getShortName(); - if (conName.equals(conStr)) - { - // note: assumes only one caveat/LOV against a given property - allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return ((RMListOfValuesConstraint)con).getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - found = true; - break; - } - } - } - } - - if (allowedValues != null) - { - if (logger.isInfoEnabled()) - { - logger.info("Processing constraint: "+conQName); - } - - for (Map.Entry> caveatEntry : caveatMap.entrySet()) - { - String authorityName = caveatEntry.getKey(); - List caveatList = caveatEntry.getValue(); - - // validate authority (user or group) - note: groups are configured with fullname (ie. GROUP_xxx) - if ((! authorityService.authorityExists(authorityName) && ! personService.personExists(authorityName))) - { - // TODO - review warnings (& I18N) - String msg = "User/group does not exist: "+authorityName+" (constraint="+conStr+")"; - logger.warn(msg); - } - - // validate caveat list - for (String value : caveatList) - { - if (! allowedValues.contains(value)) - { - // TODO - review warnings (& add I18N) - String msg = "Invalid value in list: "+value+" (authority="+authorityName+", constraint="+conStr+")"; - logger.warn(msg); - } - } - } - } - } - - try - { - writeLock.lock(); - // we can't just clear the cache, as all puts to the cache afterwards in this transaction will be ignored - // first delete all keys that are now not in the config - caveatConfig.getKeys().retainAll(caveatConfigMap.keySet()); - - for (Map.Entry conEntry : caveatConfigMap.entrySet()) - { - String conStr = conEntry.getKey(); - Map> caveatMap = (Map>)conEntry.getValue(); - - Map> cacheValue = caveatConfig.get(conStr); - if (cacheValue == null || !cacheValue.equals(caveatMap)) - { - // update the cache - caveatConfig.put(conStr, caveatMap); - } - } - } - finally - { - writeLock.unlock(); - } - } - catch (JSONException e) - { - throw new AlfrescoRuntimeException("Invalid caveat config syntax: "+e); - } - } - } - } - - private NodeRef getCaveatConfigNode() - { - NodeRef rootNode = nodeService.getRootNode(storeRef); - return nodeService.getChildByName(rootNode, RecordsManagementModel.ASSOC_CAVEAT_CONFIG, CAVEAT_CONFIG_NAME); - } - - - public NodeRef updateOrCreateCaveatConfig(InputStream is) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(is); - - return caveatConfig; - } - - public NodeRef updateOrCreateCaveatConfig(File jsonFile) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(jsonFile); - - return caveatConfig; - } - - public NodeRef updateOrCreateCaveatConfig(String jsonString) - { - NodeRef caveatConfig = getOrCreateCaveatConfig(); - - // Update the content - ContentWriter writer = this.contentService.getWriter(caveatConfig, ContentModel.PROP_CONTENT, true); - writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN); - writer.setEncoding("UTF-8"); - writer.putContent(jsonString); - - return caveatConfig; - } - - private NodeRef getOrCreateCaveatConfig() - { - NodeRef caveatConfig = getCaveatConfigNode(); - if (caveatConfig == null) - { - NodeRef rootNode = nodeService.getRootNode(storeRef); - nodeService.addAspect(rootNode, VersionModel.ASPECT_VERSION_STORE_ROOT, null); - - // Create caveat config - caveatConfig = nodeService.createNode(rootNode, - RecordsManagementModel.ASSOC_CAVEAT_CONFIG, - QName.createQName(RecordsManagementModel.RM_URI, CAVEAT_CONFIG_NAME), - RecordsManagementModel.TYPE_CAVEAT_CONFIG).getChildRef(); - - nodeService.setProperty(caveatConfig, ContentModel.PROP_NAME, CAVEAT_CONFIG_NAME); - } - - return caveatConfig; - } - - // Get list of all caveat qualified names - public Collection getRMConstraintNames() - { - Collection rmConstraintNames = Collections.emptySet(); - try - { - readLock.lock(); - rmConstraintNames = caveatConfig.getKeys(); - } - finally - { - readLock.unlock(); - } - return Collections.unmodifiableCollection(rmConstraintNames); - } - - // Get allowed values for given caveat (for current user) - public List getRMAllowedValues(String constraintName) - { - List allowedValues = new ArrayList(0); - - String userName = AuthenticationUtil.getRunAsUser(); - if (userName != null && !(AuthenticationUtil.isMtEnabled() && AuthenticationUtil.isRunAsUserTheSystemUser())) - { - // note: userName and userGroupNames must not be null - caveatConfig.get(constraintName); - - Set userGroupFullNames = authorityService.getAuthoritiesForUser(userName); - allowedValues = getRMAllowedValues(userName, userGroupFullNames, constraintName); - } - - return allowedValues; - } - - private List getRMAllowedValues(String userName, Set userGroupFullNames, String constraintName) - { - SetallowedValues = new HashSet(); - - // note: userName and userGroupNames must not be null - Map> caveatConstraintDef = null; - try - { - readLock.lock(); - caveatConstraintDef = caveatConfig.get(constraintName); - } - finally - { - readLock.unlock(); - } - - if (caveatConstraintDef != null) - { - List direct = caveatConstraintDef.get(userName); - if(direct != null) - { - allowedValues.addAll(direct); - } - - for (String group : userGroupFullNames) - { - List values = caveatConstraintDef.get(group); - if(values != null) - { - allowedValues.addAll(values); - } - } - } - - Listret = new ArrayList(); - ret.addAll(allowedValues); - return Collections.unmodifiableList(ret); - } - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - @SuppressWarnings("unchecked") - public boolean hasAccess(NodeRef nodeRef) - { - try - { - if ((! nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) - { - return true; - } - - boolean found = false; - for (QName caveatAspectQName : caveatAspectQNames) - { - if (nodeService.hasAspect(nodeRef, caveatAspectQName)) - { - found = true; - break; - } - } - - if (! found) - { - // no caveat aspect - return true; - } - else - { - // check for caveats - String userName = AuthenticationUtil.getRunAsUser(); - if (userName != null) - { - // check all text properties - Map props = nodeService.getProperties(nodeRef); - for (Map.Entry entry : props.entrySet()) - { - QName propName = entry.getKey(); - PropertyDefinition propDef = dictionaryService.getProperty(propName); - - if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) - { - List conDefs = propDef.getConstraints(); - for (ConstraintDefinition conDef : conDefs) - { - Constraint con = conDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint)con); - String conName = rmCon.getShortName(); - MatchLogic matchLogic = rmCon.getMatchLogicEnum(); - Map> caveatConstraintDef = caveatConfig.get(conName); - if (caveatConstraintDef == null) - { - continue; - } - else - { - Set userGroupNames = authorityService.getAuthoritiesForUser(userName); - List allowedValues = getRMAllowedValues(userName, userGroupNames, conName); - - List propValues = null; - Object val = entry.getValue(); - if (val instanceof String) - { - propValues = new ArrayList(1); - propValues.add((String)val); - } - else if (val instanceof List) - { - propValues = (List)val; - } - - if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) - { - if (logger.isDebugEnabled()) - { - logger.debug("Veto access: caveat="+conName+", userName="+userName+", nodeRef="+nodeRef+", propName="+propName+", propValues="+propValues+", allowedValues="+allowedValues); - } - return false; - } - } - } - } - } - } - } - - return true; - } - } - catch (AccessDeniedException ade) - { - return false; - } - } - - private boolean isAllowed(List propValues, List userGroupValues, MatchLogic matchLogic) - { - if (matchLogic.equals(MatchLogic.AND)) - { - // check user/group values match all values on node - for (String propValue : propValues) - { - if (! userGroupValues.contains(propValue)) - { - if (logger.isTraceEnabled()) - { - logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); - } - - return false; - } - } - - return true; - } - else if (matchLogic.equals(MatchLogic.OR)) - { - // check user/group values match at least one value on node - for (String propValue : propValues) - { - if (userGroupValues.contains(propValue)) - { - return true; - } - } - - if (logger.isTraceEnabled()) - { - logger.trace("Not allowed: "+propValues+", "+userGroupValues+", "+matchLogic); - } - - return false; - } - - logger.error("Unexpected match logic type: "+matchLogic); - return false; - } - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param value - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - public void addRMConstraintListValue(String listName, String authorityName, String value) - { - Map> members = null; - try - { - readLock.lock(); - members = caveatConfig.get(listName); - if(members == null) - { - throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); - } - - try - { - readLock.unlock(); - writeLock.lock(); - // check again - members = caveatConfig.get(listName); - if(members == null) - { - throw new AlfrescoRuntimeException("unable to add to list, list not defined:"+ listName); - } - - List values = members.get(authorityName); - if(values == null) - { - throw new AlfrescoRuntimeException("Unable to add to authority in list. Authority not member listName: "+ listName + " authorityName:" +authorityName); - } - values.add(value); - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - readLock.lock(); - writeLock.unlock(); - } - - } - finally - { - readLock.unlock(); - } - } - - /** - * Get the member details of the specified list - * @param listName - * @return the details of the specified list - */ - public Map> getListDetails(String listName) - { - Map> listDetails = null; - try - { - readLock.lock(); - listDetails = caveatConfig.get(listName); - } - finally - { - readLock.unlock(); - } - if (listDetails == null) - { - return Collections.emptyMap(); - } - else - { - return Collections.unmodifiableMap(listDetails); - } - } - - public List getRMCaveatModels() - { - return caveatModelQNames; - } - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) - { - Map> members = null; - try - { - writeLock.lock(); - members = caveatConfig.get(listName); - if(members == null) - { - // Create the new list, with the authority name - Map> constraint = new HashMap>(0); - constraint.put(authorityName, new ArrayList(values)); - members = constraint; - } - else - { - members.put(authorityName, new ArrayList(values)); - } - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - /** - * Replace the authorities for a value in a list - * - * @param listName - * @param valueName - * @param authorities - */ - public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) - { - - Map> members = caveatConfig.get(listName); - try - { - writeLock.lock(); - - if(members == null) - { - // Members List does not exist - Map> emptyConstraint = new HashMap>(0); - caveatConfig.put(listName, emptyConstraint); - members = emptyConstraint; - - } - // authorities contains authority, values[] - // pivot contains value, members[] - Map> pivot = PivotUtil.getPivot(members); - - // remove all authorities which have this value - List existingAuthorities = pivot.get(valueName); - if(existingAuthorities != null) - { - for(String authority : existingAuthorities) - { - List vals = members.get(authority); - vals.remove(valueName); - } - } - // add the new authorities for this value - for(String authority : authorities) - { - List vals = members.get(authority); - if(vals == null) - { - vals= new ArrayList(); - members.put(authority, vals); - } - vals.add(valueName); - } - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - public void removeRMConstraintListValue(String listName, String valueName) - { - Map> members = null; - try - { - readLock.lock(); - - members = caveatConfig.get(listName); - if (members != null) - { - try - { - readLock.unlock(); - writeLock.lock(); - // check again - members = caveatConfig.get(listName); - if (members != null) - { - // authorities contains authority, values[] - // pivot contains value, members[] - Map> pivot = PivotUtil.getPivot(members); - - // remove all authorities which have this value - List existingAuthorities = pivot.get(valueName); - if(existingAuthorities != null) - { - for(String authority : existingAuthorities) - { - List vals = members.get(authority); - vals.remove(valueName); - } - caveatConfig.put(listName, members); - } - } - - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - readLock.lock(); - writeLock.unlock(); - } - } - } - finally - { - readLock.unlock(); - } - } - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void removeRMConstraintListAuthority(String listName, String authorityName) - { - Map> members = null; - try - { - writeLock.lock(); - members = caveatConfig.get(listName); - if(members != null) - { - members.remove(listName); - } - - caveatConfig.put(listName, members); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - - } - finally - { - writeLock.unlock(); - } -} - - /** - * @param config the configuration to convert - * @return a String containing the JSON representation of the configuration. - */ - private String convertToJSONString(SimpleCache>> config) - { - JSONObject configJSONObject = new JSONObject(); - - Collection listNames = config.getKeys(); - for (String listName : listNames) - { - Map> members = config.get(listName); - - Set authorityNames = members.keySet(); - JSONObject listMembers = new JSONObject(); - - for (String authorityName : authorityNames) - { - List authorities = members.get(authorityName); - try - { - listMembers.put(authorityName, authorities); - } - catch (JSONException error) - { - StringBuilder sb = new StringBuilder(); - sb.append("Cannot add the key '"); - sb.append(authorityName); - sb.append("' with the value '"); - sb.append(authorities); - sb.append("' to the JSONObject 'listMembers' '"); - sb.append(listMembers); - sb.append("': "); - sb.append(getFullStackTrace(error)); - throw new AlfrescoRuntimeException(sb.toString()); - } - } - - try - { - configJSONObject.put(listName, listMembers); - } - catch (JSONException error) - { - StringBuilder sb = new StringBuilder(); - sb.append("Cannot add the key '"); - sb.append(listName); - sb.append("' with the value '"); - sb.append(listMembers); - sb.append("' to the JSONObject 'configJSONObject' '"); - sb.append(configJSONObject); - sb.append("': "); - sb.append(getFullStackTrace(error)); - throw new AlfrescoRuntimeException(sb.toString()); - } - } - - return configJSONObject.toString(); - } - - /** - * Get an RMConstraintInfo - * @param listQName - * @return the constraint or null if it does not exist - */ - public RMConstraintInfo getRMConstraint(QName listQName) - { - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - if(dictionaryDef != null) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(con.getTitle()); - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - info.setCaseSensitive(def.isCaseSensitive()); - return info; - } - } - return null; - } - - /** - * Get RM Constraint detail. - * - * @return the constraintInfo or null - */ - public RMConstraintInfo getRMConstraint(String listName) - { - QName listQName = QName.createQName(listName, namespaceService); - return getRMConstraint(listQName); - } - - public void deleteRMConstraint(String listName) - { - try - { - writeLock.lock(); - caveatConfig.remove(listName); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } - - public void addRMConstraint(String listName) - { - try - { - writeLock.lock(); - Map> emptyConstraint = new HashMap>(0); - caveatConfig.put(listName, emptyConstraint); - updateOrCreateCaveatConfig(convertToJSONString(caveatConfig)); - } - finally - { - writeLock.unlock(); - } - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java deleted file mode 100644 index 50538c84a2..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigService.java +++ /dev/null @@ -1,161 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.File; -import java.io.InputStream; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.service.cmr.repository.NodeRef; - -public interface RMCaveatConfigService -{ - void init(); - - /** - * Get allowed values for given caveat list (for current user) - * @param constraintName - * @return - */ - List getRMAllowedValues(String constraintName); - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - boolean hasAccess(NodeRef nodeRef); - - /* - * Get a single RM constraint - */ - RMConstraintInfo getRMConstraint(String listName); - - /* - * Get the names of all the caveat lists - */ - Set getAllRMConstraints(); - - /** - * Get the details of a caveat list - * @param listName - * @return - */ - Map> getListDetails(String listName); - - NodeRef updateOrCreateCaveatConfig(File jsonFile); - - NodeRef updateOrCreateCaveatConfig(String jsonString); - - NodeRef updateOrCreateCaveatConfig(InputStream is); - - /** - * add RM constraint list - * @param listName the name of the RMConstraintList - * @param listTitle - */ - RMConstraintInfo addRMConstraint(String listName, String listTitle, String[] allowedValues); - - /** - * update RM constraint list allowed values - * @param listName the name of the RMConstraintList - can not be changed - * @param allowedValues - */ - RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues); - - /** - * update RM constraint Title - * @param listName the name of the RMConstraintList - can not be changed - * @param allowedValues - */ - RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle); - - - /** - * delete RM Constraint - * - * @param listName the name of the RMConstraintList - */ - void deleteRMConstraint(String listName); - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - void addRMConstraintListValue(String listName, String authorityName, String value); - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues); - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - void removeRMConstraintListAuthority(String listName, String authorityName); - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param value - * @param authorities - */ - void updateRMConstraintListValue(String listName, String value, Listauthorities); - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param value - */ - void removeRMConstraintListValue(String listName, String valueName); -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java deleted file mode 100644 index 5c2d55283c..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMCaveatConfigServiceImpl.java +++ /dev/null @@ -1,437 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.File; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -import org.alfresco.error.AlfrescoRuntimeException; -import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService; -import org.alfresco.module.org_alfresco_module_rm.securitymarks.RMListOfValuesConstraint.MatchLogic; -import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; -import org.alfresco.service.cmr.dictionary.Constraint; -import org.alfresco.service.cmr.dictionary.ConstraintDefinition; -import org.alfresco.service.cmr.dictionary.DictionaryService; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.NamespaceService; -import org.alfresco.service.namespace.QName; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * RM Caveat Config Service impl - * - * @author janv - */ -public class RMCaveatConfigServiceImpl implements RMCaveatConfigService -{ - private static Log logger = LogFactory.getLog(RMCaveatConfigServiceImpl.class); - - private NamespaceService namespaceService; - private DictionaryService dictionaryService; - - private RMCaveatConfigComponent rmCaveatConfigComponent; - private RecordsManagementAdminService recordsManagementAdminService; - - - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - public void setDictionaryService(DictionaryService dictionaryService) - { - this.dictionaryService = dictionaryService; - } - - public void setCaveatConfigComponent(RMCaveatConfigComponent rmCaveatConfigComponent) - { - this.rmCaveatConfigComponent = rmCaveatConfigComponent; - } - - public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService) - { - this.recordsManagementAdminService = recordsManagementAdminService; - } - - public RecordsManagementAdminService getRecordsManagementAdminService() - { - return recordsManagementAdminService; - } - - public void init() - { - rmCaveatConfigComponent.init(); - } - - public NodeRef updateOrCreateCaveatConfig(InputStream is) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(is); - } - - public NodeRef updateOrCreateCaveatConfig(File jsonFile) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonFile); - } - - public NodeRef updateOrCreateCaveatConfig(String jsonString) - { - return rmCaveatConfigComponent.updateOrCreateCaveatConfig(jsonString); - } - - // Get allowed values for given caveat (for current user) - public List getRMAllowedValues(String constraintName) - { - return rmCaveatConfigComponent.getRMAllowedValues(constraintName); - } - - /** - * Check whether access to 'record component' node is vetoed for current user due to caveat(s) - * - * @param nodeRef - * @return false, if caveat(s) veto access otherwise return true - */ - public boolean hasAccess(NodeRef nodeRef) - { - return rmCaveatConfigComponent.hasAccess(nodeRef); - } - - /** - * add RM constraint list - * @param listName the name of the RMConstraintList - */ - public RMConstraintInfo addRMConstraint(String listName, String title, String[] values) - { - return addRMConstraint(listName, title, values, MatchLogic.AND); - } - - public RMConstraintInfo addRMConstraint(String listName, String title, String[] values, MatchLogic matchLogic) - { - if (listName == null) - { - // Generate a list name - StringBuilder sb = new StringBuilder(); - sb.append(RecordsManagementCustomModel.RM_CUSTOM_PREFIX); - sb.append(QName.NAMESPACE_PREFIX); - sb.append(UUID.randomUUID().toString()); - listName = sb.toString(); - } - - ListallowedValues = new ArrayList(); - for(String value : values) - { - allowedValues.add(value); - } - - QName listQName = QName.createQName(listName, namespaceService); - - // TEMP review - if it already exists then change it for now - try - { - recordsManagementAdminService.addCustomConstraintDefinition(listQName, title, true, allowedValues, matchLogic); - } - catch (AlfrescoRuntimeException e) - { - if (e.getMessage().contains("Constraint already exists")) - { - recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValues); - recordsManagementAdminService.changeCustomConstraintTitle(listQName, title); - } - } - - rmCaveatConfigComponent.addRMConstraint(listName); - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(title); - info.setAllowedValues(values); - info.setCaseSensitive(true); - return info; - } - - /** - * delete RM Constraint List - * - * @param listName the name of the RMConstraintList - */ - public void deleteRMConstraint(String listName) - { - rmCaveatConfigComponent.deleteRMConstraint(listName); - - QName listQName = QName.createQName(listName, namespaceService); - - recordsManagementAdminService.removeCustomConstraintDefinition(listQName); - } - - /** - * Add a single value to an authority in a list. The existing values of the list remain. - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - * @throws AlfrescoRuntimeException if either the list or the authority do not already exist. - */ - public void addRMConstraintListValue(String listName, String authorityName, String value) - { - rmCaveatConfigComponent.addRMConstraintListValue(listName, authorityName, value); - } - - /** - * Get the details of the specified list - * @param listName - * @return the details of the specified list - */ - public Map> getListDetails(String listName) - { - return rmCaveatConfigComponent.getListDetails(listName); - } - - /** - * Replace the values for an authority in a list. - * The existing values are removed. - * - * If the authority does not already exist in the list, it will be added - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void updateRMConstraintListAuthority(String listName, String authorityName, Listvalues) - { - rmCaveatConfigComponent.updateRMConstraintListAuthority(listName, authorityName, values); - } - - /** - * Replace the authorities for a value in a list - * - * @param listName - * @param valueName - * @param authorities - */ - public void updateRMConstraintListValue(String listName, String valueName, Listauthorities) - { - rmCaveatConfigComponent.updateRMConstraintListValue(listName, valueName, authorities); - } - - /** - * Remove an authority from a list - * - * @param listName the name of the RMConstraintList - * @param authorityName - * @param values - */ - public void removeRMConstraintListAuthority(String listName, String authorityName) - { - rmCaveatConfigComponent.removeRMConstraintListAuthority(listName, authorityName); - } - - /** - * Get all Constraint Lists - */ - public Set getAllRMConstraints() - { - Set info = new HashSet(); - - List defs = new ArrayList(10); - for (QName caveatModelQName : rmCaveatConfigComponent.getRMCaveatModels()) - { - defs.addAll(recordsManagementAdminService.getCustomConstraintDefinitions(caveatModelQName)); - } - - for(ConstraintDefinition dictionaryDef : defs) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - RMConstraintInfo i = new RMConstraintInfo(); - i.setName(def.getShortName()); - i.setTitle(def.getTitle()); - - // note: assumes only one caveat/LOV against a given property - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - i.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - i.setCaseSensitive(def.isCaseSensitive()); - info.add(i); - } - - } - - return info; - } - - /** - * Get an RMConstraintInfo - * @param listQName - * @return the constraint or null if it does not exist - */ - public RMConstraintInfo getRMConstraint(QName listQName) - { - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - if(dictionaryDef != null) - { - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - - RMConstraintInfo info = new RMConstraintInfo(); - info.setName(listQName.toPrefixString()); - info.setTitle(con.getTitle()); - List allowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()])); - info.setCaseSensitive(def.isCaseSensitive()); - return info; - } - } - return null; - } - - /** - * Get RM Constraint detail. - * - * @return the constraintInfo or null - */ - public RMConstraintInfo getRMConstraint(String listName) - { - QName listQName = QName.createQName(listName, namespaceService); - return getRMConstraint(listQName); - - } - - /** - * Update The allowed values for an RM Constraint. - * - * @param listName The name of the list. - * @param allowedValues the new alowed values - * - */ - public RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues) - { - QName listQName = QName.createQName(listName, namespaceService); - - if(allowedValues != null) - { - ListallowedValueList = new ArrayList(); - for(String value : allowedValues) - { - allowedValueList.add(value); - } - - ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName); - Constraint con = dictionaryDef.getConstraint(); - if (con instanceof RMListOfValuesConstraint) - { - final RMListOfValuesConstraint def = (RMListOfValuesConstraint)con; - List oldAllowedValues = AuthenticationUtil.runAs(new RunAsWork>() - { - public List doWork() - { - return def.getAllowedValues(); - } - }, AuthenticationUtil.getSystemUserName()); - - /** - * Deal with any additions - */ - for(String newValue : allowedValueList) - { - if(!oldAllowedValues.contains(newValue) && logger.isDebugEnabled()) - { - // This is an addition - logger.debug("value added to list:" + listQName + ":" + newValue); - } - } - - /** - * Deal with any deletions - */ - for(String oldValue : oldAllowedValues) - { - if(!allowedValueList.contains(oldValue)) - { - // This is a deletion - if(logger.isDebugEnabled()) - { - logger.debug("value removed from list:" + listQName + ":" + oldValue); - } - removeRMConstraintListValue(listName, oldValue); - } - } - } - - recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValueList); - } - - return getRMConstraint(listName); - } - - /** - * Remove a value from a list and cascade delete. - */ - public void removeRMConstraintListValue(String listName, String valueName) - { - //TODO need to update the rm constraint definition - // recordsManagementAdminService. - - rmCaveatConfigComponent.removeRMConstraintListValue(listName, valueName); - } - - /** - * Update the title of this RM Constraint. - */ - public RMConstraintInfo updateRMConstraintTitle(String listName, String newTitle) - { - QName listQName = QName.createQName(listName, namespaceService); - - recordsManagementAdminService.changeCustomConstraintTitle(listQName, newTitle); - return getRMConstraint(listName); - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java deleted file mode 100644 index 2b18346539..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintInfo.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.util.Arrays; - -public class RMConstraintInfo -{ - private String name; - private String title; - private boolean caseSensitive; - private String[] allowedValues; - - public void setName(String name) - { - this.name = name; - } - public String getName() - { - return name; - } - public void setTitle(String title) - { - this.title = title; - } - public String getTitle() - { - return title; - } - public void setCaseSensitive(boolean caseSensitive) - { - this.caseSensitive = caseSensitive; - } - public boolean isCaseSensitive() - { - return caseSensitive; - } - public void setAllowedValues(String[] values) - { - this.allowedValues = values.clone(); - } - public String[] getAllowedValues() - { - return allowedValues; - } - - @Override - public String toString() - { - StringBuilder builder = new StringBuilder(); - builder.append("RMConstraintInfo [name="); - builder.append(this.name); - builder.append(", title="); - builder.append(this.title); - builder.append(", caseSensitive="); - builder.append(this.caseSensitive); - builder.append(", allowedValues="); - builder.append(Arrays.toString(this.allowedValues)); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java deleted file mode 100644 index 3cab03f2cd..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMConstraintMessageKeys.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -/** - * A class to hold I18N keys for messages related to constraint validation. - * - * @author tpage - */ -public class RMConstraintMessageKeys -{ - public static final String ERR_NON_STRING = "d_dictionary.constraint.string_length.non_string"; - public static final String ERR_INVALID_VALUE = "d_dictionary.constraint.list_of_values.invalid_value"; -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java deleted file mode 100644 index df1604bd69..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/RMListOfValuesConstraint.java +++ /dev/null @@ -1,259 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.alfresco.repo.dictionary.constraint.ListOfValuesConstraint; -import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.service.cmr.dictionary.ConstraintException; -import org.alfresco.service.cmr.i18n.MessageLookup; -import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; -import org.alfresco.service.cmr.repository.datatype.TypeConversionException; -import org.apache.commons.lang.StringUtils; -import org.springframework.extensions.surf.util.I18NUtil; - -/** - * RM Constraint implementation that ensures the value is one of a constrained - * list of values. By default, this constraint is case-sensitive. - * - * @see #setAllowedValues(List) - * @see #setCaseSensitive(boolean) - * - * @author janv - */ -public class RMListOfValuesConstraint extends ListOfValuesConstraint -{ - private static final String LOV_CONSTRAINT_VALUE = "listconstraint"; - private List allowedValues; - private List allowedValuesUpper; - // defined match logic used by caveat matching (default = "AND") - private MatchLogic matchLogic = MatchLogic.AND; - - public enum MatchLogic - { - // closed marking - all values must match - AND, - // open marking - at least one value must match - OR; - } - - // note: alternative to static init could be to use 'registered' constraint - private static RMCaveatConfigService caveatConfigService; - - public void setCaveatConfigService(RMCaveatConfigService caveatConfigService) - { - RMListOfValuesConstraint.caveatConfigService = caveatConfigService; - } - - - @Override - public String toString() - { - StringBuilder sb = new StringBuilder(80); - sb.append("RMListOfValuesConstraint") - .append("[allowedValues=").append(getAllowedValues()) - .append(", caseSensitive=").append(isCaseSensitive()) - .append(", sorted=").append(isSorted()) - .append(", matchLogic=").append(getMatchLogic()) - .append("]"); - return sb.toString(); - } - - public RMListOfValuesConstraint() - { - super(); - - // Set RM list of value constraints to be sorted by default - sorted = true; - } - - /** - * Get the allowed values. Note that these are String instances, but may - * represent non-String values. It is up to the caller to distinguish. - * - * @return Returns the values allowed - */ - @Override - public List getRawAllowedValues() - { - String runAsUser = AuthenticationUtil.getRunAsUser(); - if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) - { - // get allowed values for current user - List allowedForUser = caveatConfigService.getRMAllowedValues(getShortName()); - - List filteredList = new ArrayList(allowedForUser.size()); - for (String allowed : allowedForUser) - { - if (this.allowedValues.contains(allowed)) - { - filteredList.add(allowed); - } - } - - return filteredList; - } - else - { - return this.allowedValues; - } - } - - public String getDisplayLabel(String constraintAllowableValue, MessageLookup messageLookup) - { - if (!this.allowedValues.contains(constraintAllowableValue)) - { - return null; - } - - String key = LOV_CONSTRAINT_VALUE; - key += "." + this.getShortName(); - key += "." + constraintAllowableValue; - key = StringUtils.replace(key, ":", "_"); - - String message = messageLookup.getMessage(key, I18NUtil.getLocale()); - return message == null ? constraintAllowableValue : message; - } - - private List getAllowedValuesUpper() - { - String runAsUser = AuthenticationUtil.getRunAsUser(); - if ((runAsUser != null) && (! runAsUser.equals(AuthenticationUtil.getSystemUserName())) && (caveatConfigService != null)) - { - // get allowed values for current user - List allowedForUser = caveatConfigService.getRMAllowedValues(getType()); - - List filteredList = new ArrayList(allowedForUser.size()); - for (String allowed : allowedForUser) - { - if (this.allowedValuesUpper.contains(allowed.toUpperCase())) - { - filteredList.add(allowed); - } - } - - return filteredList; - } - else - { - return this.allowedValuesUpper; - } - } - /** - * Set the values that are allowed by the constraint. - * - * @param values a list of allowed values - */ - @SuppressWarnings({ "unchecked", "rawtypes" }) - @Override - public void setAllowedValues(List allowedValues) - { - if (allowedValues == null) - { - allowedValues = new ArrayList(0); - } - int valueCount = allowedValues.size(); - this.allowedValues = Collections.unmodifiableList(allowedValues); - - // make the upper case versions - this.allowedValuesUpper = new ArrayList(valueCount); - for (String allowedValue : this.allowedValues) - { - allowedValuesUpper.add(allowedValue.toUpperCase()); - } - } - - @Override - public void initialize() - { - checkPropertyNotNull("allowedValues", allowedValues); - } - - @Override - public Map getParameters() - { - Map params = new HashMap(2); - - params.put("caseSensitive", isCaseSensitive()); - params.put("allowedValues", getAllowedValues()); - params.put("sorted", isSorted()); - params.put("matchLogic", getMatchLogic()); - - return params; - } - - public MatchLogic getMatchLogicEnum() - { - return matchLogic; - } - - public String getMatchLogic() - { - return matchLogic.toString(); - } - - public void setMatchLogic(String matchLogicStr) - { - this.matchLogic = MatchLogic.valueOf(matchLogicStr); - } - - @Override - protected void evaluateSingleValue(Object value) - { - // convert the value to a String - String valueStr = null; - try - { - valueStr = DefaultTypeConverter.INSTANCE.convert(String.class, value); - } - catch (TypeConversionException e) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_NON_STRING, value, e); - } - // check that the value is in the set of allowed values - if (isCaseSensitive()) - { - if (!getAllowedValues().contains(valueStr)) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); - } - } - else - { - if (!getAllowedValuesUpper().contains(valueStr.toUpperCase())) - { - throw new ConstraintException(RMConstraintMessageKeys.ERR_INVALID_VALUE, value); - } - } - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java deleted file mode 100644 index 3a017795e5..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptAuthority.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.Serializable; - - -public class ScriptAuthority implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = 1L; - private String authorityTitle; - private String authorityName; - - public void setAuthorityName(String authorityName) - { - this.authorityName = authorityName; - } - public String getAuthorityName() - { - return authorityName; - } - public void setAuthorityTitle(String authorityName) - { - this.authorityTitle = authorityName; - } - public String getAuthorityTitle() - { - return authorityTitle; - } - - -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java deleted file mode 100644 index 6c8d20edc4..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraint.java +++ /dev/null @@ -1,270 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.Serializable; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.alfresco.service.cmr.security.AuthorityService; -import org.apache.commons.lang.StringUtils; -import org.json.JSONArray; -import org.json.JSONObject; - -public class ScriptConstraint implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = 1L; - - private RMConstraintInfo info; - - private RMCaveatConfigService rmCaveatconfigService; - - private AuthorityService authorityService; - - ScriptConstraint(RMConstraintInfo info, RMCaveatConfigService rmCaveatconfigService, AuthorityService authorityService) - { - this.info = info; - this.rmCaveatconfigService = rmCaveatconfigService; - this.authorityService = authorityService; - } - - public void setTitle(String title) - { - info.setTitle(title); - } - public String getTitle() - { - return info.getTitle(); - } - public void setName(String name) - { - info.setName(name); - } - - public String getName() - { - return info.getName().replace(":", "_"); - } - - public boolean isCaseSensitive() - { - return info.isCaseSensitive(); - } - - public String[] getAllowedValues() - { - return info.getAllowedValues(); - } - - public ScriptConstraintAuthority[] getAuthorities() - { - Map> values = rmCaveatconfigService.getListDetails(info.getName()); - - if (values == null) - { - return new ScriptConstraintAuthority[0]; - } - - // Here with some data to return - Set authorities = values.keySet(); - - ArrayList constraints = new ArrayList(values.size()); - for(String authority : authorities) - { - ScriptConstraintAuthority constraint = new ScriptConstraintAuthority(); - constraint.setAuthorityName(authority); - constraint.setValues(values.get(authority)); - constraints.add(constraint); - } - - ScriptConstraintAuthority[] retVal = constraints.toArray(new ScriptConstraintAuthority[constraints.size()]); - - return retVal; - } - - /** - * updateTitle - */ - public void updateTitle(String newTitle) - { - info.setTitle(newTitle); - rmCaveatconfigService.updateRMConstraintTitle(info.getName(), newTitle) ; - } - - /** - * updateAllowedValues - */ - public void updateAllowedValues(String[] allowedValues) - { - info.setAllowedValues(allowedValues); - rmCaveatconfigService.updateRMConstraintAllowedValues(info.getName(), allowedValues); - } - - /** - * Update a value - * @param values - * @param authorities - */ - public void updateValues(JSONArray bodge) throws Exception - { - for(int i = 0; i < bodge.length(); i++) - { - - JSONObject obj = bodge.getJSONObject(i); - String value = obj.getString("value"); - JSONArray authorities = obj.getJSONArray("authorities"); - List aList = new ArrayList(); - for(int j = 0; j < authorities.length();j++) - { - aList.add(authorities.getString(j)); - } - rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, aList); - } - } - - /** - * Update a value - * @param values - * @param authorities - */ - public void updateValues(String value, String[] authorities) - { - List list = Arrays.asList(authorities); - rmCaveatconfigService.updateRMConstraintListValue(info.getName(), value, list); - } - - /** - * Cascade delete an authority - * @param authority - */ - public void deleteAuthority(String authority) - { - - } - - /** - * Cascade delete a value - * @param value - */ - public void deleteValue(String value) - { - - } - - - /** - * Get a single value - * @param value - * @return - */ - public ScriptConstraintValue getValue(String value) - { - ScriptConstraintValue[] values = getValues(); - - for(ScriptConstraintValue val : values) - { - if(val.getValueName().equalsIgnoreCase(value)) - { - return val; - } - } - return null; - } - - public ScriptConstraintValue[] getValues() - { - // authority, values - Map> details = rmCaveatconfigService.getListDetails(info.getName()); - - if (details == null) - { - details = new HashMap>(); - } - - // values, authorities - Map> pivot = PivotUtil.getPivot(details); - - // Here with some data to return - Set values = pivot.keySet(); - - ArrayList constraints = new ArrayList(pivot.size()); - for(String value : values) - { - ScriptConstraintValue constraint = new ScriptConstraintValue(); - constraint.setValueName(value); - constraint.setValueTitle(value); - - Listauthorities = pivot.get(value); - List sauth = new ArrayList(); - for(String authority : authorities) - { - ScriptAuthority a = new ScriptAuthority(); - a.setAuthorityName(authority); - - String displayName = authorityService.getAuthorityDisplayName(authority); - if(StringUtils.isNotBlank(displayName)) - { - a.setAuthorityTitle(displayName); - } - else - { - a.setAuthorityTitle(authority); - } - sauth.add(a); - } - constraint.setAuthorities(sauth); - constraints.add(constraint); - } - - /** - * Now go through and add any "empty" values - */ - for(String value : info.getAllowedValues()) - { - if(!values.contains(value)) - { - ScriptConstraintValue constraint = new ScriptConstraintValue(); - constraint.setValueName(value); - constraint.setValueTitle(value); - List sauth = new ArrayList(); - constraint.setAuthorities(sauth); - constraints.add(constraint); - } - } - - return constraints.toArray(new ScriptConstraintValue[constraints.size()]); - } - -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java deleted file mode 100644 index e4d3b6c494..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintAuthority.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.Serializable; -import java.util.List; - -public class ScriptConstraintAuthority implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = -4659454215122271811L; - private String authorityName; - private Listvalues; - - public void setValues(List values) - { - this.values = values; - } - public List getValues() - { - return values; - } - public void setAuthorityName(String authorityName) - { - this.authorityName = authorityName; - } - public String getAuthorityName() - { - return authorityName; - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java deleted file mode 100644 index 08d0dc4a2a..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptConstraintValue.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.io.Serializable; -import java.util.List; - -public class ScriptConstraintValue implements Serializable -{ - /** - * - */ - private static final long serialVersionUID = -4659454215122271811L; - private String value; - private Listauthorities; - - public void setAuthorities(List values) - { - this.authorities = values; - } - public List getAuthorities() - { - return authorities; - } - public void setValueName(String authorityName) - { - this.value = authorityName; - } - public String getValueName() - { - return value; - } - public void setValueTitle(String authorityName) - { - this.value = authorityName; - } - public String getValueTitle() - { - return value; - } -} diff --git a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java b/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java deleted file mode 100644 index 15bdcffa94..0000000000 --- a/rm-community/rm-community-repo/source/compatibility/org/alfresco/module/org_alfresco_module_rm/securitymarks/ScriptRMCaveatConfigService.java +++ /dev/null @@ -1,174 +0,0 @@ -/* - * #%L - * Alfresco Records Management Module - * %% - * Copyright (C) 2005 - 2016 Alfresco Software Limited - * %% - * This file is part of the Alfresco software. - * - - * If the software was purchased under a paid Alfresco license, the terms of - * the paid license agreement will prevail. Otherwise, the software is - * provided under the following open source license terms: - * - - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - * #L% - */ - -package org.alfresco.module.org_alfresco_module_rm.securitymarks; - -import java.util.ArrayList; -import java.util.List; -import java.util.Set; - -import org.alfresco.repo.jscript.BaseScopableProcessorExtension; -import org.alfresco.service.cmr.security.AuthorityService; - -/** - * Script projection of RM Caveat Config Service - * - * @author Mark Rogers - */ -public class ScriptRMCaveatConfigService extends BaseScopableProcessorExtension -{ - private RMCaveatConfigService caveatConfigService; - private AuthorityService authorityService; - - public void setCaveatConfigService(RMCaveatConfigService rmCaveatConfigService) - { - this.caveatConfigService = rmCaveatConfigService; - } - - public RMCaveatConfigService getRmCaveatConfigService() - { - return caveatConfigService; - } - - public void setAuthorityService(AuthorityService authorityService) - { - this.authorityService = authorityService; - } - - public AuthorityService getAuthorityService() - { - return authorityService; - } - - public ScriptConstraint getConstraint(String listName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - RMConstraintInfo info = caveatConfigService.getRMConstraint(xxx); - - if(info != null) - { - return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); - } - - return null; - } - - public ScriptConstraint[] getAllConstraints() - { - return getConstraints(true); - } - - public ScriptConstraint[] getConstraintsWithoutEmptyList() - { - return getConstraints(false); - } - - private ScriptConstraint[] getConstraints(boolean includeEmptyList) - { - Set values = caveatConfigService.getAllRMConstraints(); - - List vals = new ArrayList(values.size()); - for(RMConstraintInfo value : values) - { - ScriptConstraint c = new ScriptConstraint(value, caveatConfigService, getAuthorityService()); - if (includeEmptyList) - { - vals.add(c); - } - else - { - if (c.getValues().length > 0) - { - vals.add(c); - } - } - } - - return vals.toArray(new ScriptConstraint[vals.size()]); - } - - /** - * Delete list - * @param listName - - */ - public void deleteConstraintList(String listName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - caveatConfigService.deleteRMConstraint(xxx); - } - - - - /** - * Update value - */ - public void updateConstraintValues(String listName, String authorityName, String[]values) - { - List vals = new ArrayList(); - caveatConfigService.updateRMConstraintListAuthority(listName, authorityName, vals); - } - - /** - * Delete the constraint values. i.e remove an authority from a constraint list - */ - public void deleteRMConstraintListAuthority(String listName, String authorityName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - caveatConfigService.removeRMConstraintListAuthority(xxx, authorityName); - } - - /** - * Delete the constraint values. i.e remove a value from a constraint list - */ - public void deleteRMConstraintListValue(String listName, String valueName) - { - //TODO Temporary conversion - String xxx = listName.replace("_", ":"); - - caveatConfigService.removeRMConstraintListValue(xxx, valueName); - - } - - public ScriptConstraint createConstraint(String listName, String title, String[] allowedValues) - { - //TODO Temporary conversion - if(listName != null) - { - listName = listName.replace("_", ":"); - } - - RMConstraintInfo info = caveatConfigService.addRMConstraint(listName, title, allowedValues); - return new ScriptConstraint(info, caveatConfigService, getAuthorityService()); - } - -}