diff --git a/config/alfresco/cache-context.xml b/config/alfresco/cache-context.xml index c20a810ad3..d3036e2a74 100644 --- a/config/alfresco/cache-context.xml +++ b/config/alfresco/cache-context.xml @@ -424,7 +424,44 @@ 50 - + + + + + + + + + + + + + + + + org.alfresco.cache.aclCache + + + + + + + + + + + + + + + + org.alfresco.aclTransactionalCache + + + 10000 + + + diff --git a/config/alfresco/dbscripts/upgrade/2.2/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoSchemaUpdate-2.2-ACL.sql b/config/alfresco/dbscripts/upgrade/2.2/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoSchemaUpdate-2.2-ACL.sql index cbbe310be6..6f0ad8655d 100644 --- a/config/alfresco/dbscripts/upgrade/2.2/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoSchemaUpdate-2.2-ACL.sql +++ b/config/alfresco/dbscripts/upgrade/2.2/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoSchemaUpdate-2.2-ACL.sql @@ -8,7 +8,7 @@ -- -- Add index support for AVM --- Ideally we would have the indirection in the index but it is too long for mysql +-- Ideally we would have the indirection in the index but it is too long for mysql which needs additional options -- CREATE INDEX idx_avm_lyr_indn on avm_nodes (primary_indirection, indirection(128)); -- This matches the hibernate schema and should be good enough for the standard WCM use cases CREATE INDEX idx_avm_lyr_indn on avm_nodes (primary_indirection); diff --git a/config/alfresco/ehcache-default.xml b/config/alfresco/ehcache-default.xml index a0e99d16ba..12c3f69b4e 100644 --- a/config/alfresco/ehcache-default.xml +++ b/config/alfresco/ehcache-default.xml @@ -331,6 +331,12 @@ eternal="true" overflowToDisk="false" /> + @@ -448,5 +454,5 @@ eternal="true" overflowToDisk="false" /> - + \ No newline at end of file diff --git a/config/alfresco/extension/ehcache-custom.xml.sample.cluster b/config/alfresco/extension/ehcache-custom.xml.sample.cluster index 4e29e7fbca..77fc3984a3 100644 --- a/config/alfresco/extension/ehcache-custom.xml.sample.cluster +++ b/config/alfresco/extension/ehcache-custom.xml.sample.cluster @@ -526,6 +526,20 @@ replicateAsynchronously = false"/> + + + + diff --git a/config/alfresco/hibernate-context.xml b/config/alfresco/hibernate-context.xml index 73d5e84139..0a8c3b4b48 100644 --- a/config/alfresco/hibernate-context.xml +++ b/config/alfresco/hibernate-context.xml @@ -259,6 +259,9 @@ + + + diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties index 22342af3b2..28c64677c5 100644 --- a/config/alfresco/messages/patch-service.properties +++ b/config/alfresco/messages/patch-service.properties @@ -206,3 +206,6 @@ patch.updateAvmPermissionData.result=Changed {0} 'webfolder' access control entr patch.updateAvmPermissions.description=Update ACLs on all avm objects to the new 2.2 permission model patch.updateAvmPermissions.result=Updated ACLs. Created {0} defining and {1} layered ACLs. + +patch.wcmPermissionPatch.description=Fix ACLs so they are only set on the staging area store. +patch.wcmPermissionPatch.result=Updated ACLs: ACLS are moved to the staging area store and removed from all other stores. They are now applied via layering. diff --git a/config/alfresco/patch/patch-services-context.xml b/config/alfresco/patch/patch-services-context.xml index 0bdca0062f..2f73ee1cbc 100644 --- a/config/alfresco/patch/patch-services-context.xml +++ b/config/alfresco/patch/patch-services-context.xml @@ -1268,8 +1268,8 @@ patch.db-V2.2-QNames-0-CreateMissingTables patch.schemaUpgradeScript.description 0 - 85 - 86 + 120 + 121 classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-0-create-missing-tables.sql @@ -1283,8 +1283,8 @@ patch.db-V2.2-QNames-1-DropIndexesAndConstraints patch.schemaUpgradeScript.description 0 - 85 - 86 + 120 + 121 classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-1-drop-indexes-and-constraints.sql @@ -1298,8 +1298,8 @@ patch.db-V2.2-QNames-2-MoveQNames patch.schemaUpgradeScript.description 0 - 85 - 86 + 120 + 121 classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-2-move-qnames.sql @@ -1313,8 +1313,8 @@ patch.db-V2.2-QNames-3-PropTypes patch.schemaUpgradeScript.description 0 - 85 - 86 + 120 + 121 classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-3-proptypes.sql @@ -1328,8 +1328,8 @@ patch.db-V2.2-QNames-4-ExtraIndexesAndConstraints patch.schemaUpgradeScript.description 0 - 85 - 86 + 120 + 121 classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-4-extra-indexes-and-constraints.sql @@ -1340,4 +1340,21 @@ + + patch.wcmPermissionPatch + patch.wcmPermissionPatch.description + 0 + 121 + 122 + + + + + + + + + + + diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties index add7c58ae8..56f86eeb56 100644 --- a/config/alfresco/version.properties +++ b/config/alfresco/version.properties @@ -19,4 +19,4 @@ version.build=@build-number@ # Schema number -version.schema=121 +version.schema=122 diff --git a/source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java new file mode 100644 index 0000000000..65bd51b708 --- /dev/null +++ b/source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java @@ -0,0 +1,161 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing" + */ +package org.alfresco.repo.admin.patch.impl; + +import java.util.List; + +import org.alfresco.i18n.I18NUtil; +import org.alfresco.model.WCMAppModel; +import org.alfresco.repo.admin.patch.AbstractPatch; +import org.alfresco.repo.avm.AVMNodeConverter; +import org.alfresco.repo.avm.AVMRepository; +import org.alfresco.repo.domain.PropertyValue; +import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor; +import org.alfresco.service.cmr.avm.AVMNodeDescriptor; +import org.alfresco.service.cmr.avm.AVMService; +import org.alfresco.service.cmr.avm.AVMStoreDescriptor; +import org.alfresco.service.cmr.dictionary.DataTypeDefinition; +import org.alfresco.service.cmr.repository.ChildAssociationRef; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.security.PermissionService; +import org.alfresco.service.namespace.QName; +import org.alfresco.service.namespace.RegexQNamePattern; + +/** + * Remove ACLs on all but staging area stores On staging area stores, set ACls according to the users and roles as set + * on the web site + * + * Note: runs as the system user + * + * @author andyh + */ +public class WCMPermissionPatch extends AbstractPatch +{ + private static final String MSG_SUCCESS = "patch.wcmPermissionPatch.result"; + + AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor; + + AVMService avmService; + + PermissionService permissionService; + + public void setAvmService(AVMService avmService) + { + this.avmService = avmService; + } + + public void setAvmSnapShotTriggeredIndexingMethodInterceptor(AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor) + { + this.avmSnapShotTriggeredIndexingMethodInterceptor = avmSnapShotTriggeredIndexingMethodInterceptor; + } + + public void setPermissionService(PermissionService permissionService) + { + this.permissionService = permissionService; + } + + @Override + protected String applyInternal() throws Exception + { + List stores = avmService.getStores(); + for (AVMStoreDescriptor store : stores) + { + switch (avmSnapShotTriggeredIndexingMethodInterceptor.getStoreType(store.getName())) + { + /* Set permissions in staging */ + case STAGING: + setStagingAreaPermissions(store); + // TODO: mark read only + break; + /* Clear permissions */ + case AUTHOR: + case AUTHOR_PREVIEW: + case AUTHOR_WORKFLOW: + case AUTHOR_WORKFLOW_PREVIEW: + // TODO: add app access control + clearPermissions(store); + break; + case STAGING_PREVIEW: + clearPermissions(store); + // TODO: mark read only + break; + case WORKFLOW: + case WORKFLOW_PREVIEW: + clearPermissions(store); + break; + /* non WCM stores - nothing to do */ + case UNKNOWN: + default: + break; + } + } + + // build the result message + String msg = I18NUtil.getMessage(MSG_SUCCESS); + // done + return msg; + } + + private void clearPermissions(AVMStoreDescriptor store) + { + AVMNodeDescriptor www = avmService.lookup(-1, store.getName() + ":/www"); + if(www.isLayeredDirectory() && www.isPrimary()) + { + // throw away any acl + AVMRepository.GetInstance().setACL(store.getName() + ":/www", null); + // build the default layer acl + avmService.retargetLayeredDirectory(store.getName() + ":/www", www.getIndirection()); + } + } + + + private void setStagingAreaPermissions(AVMStoreDescriptor store) + { + QName propQName = QName.createQName(null, ".web_project.noderef"); + + NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, store.getName() + ":/www"); + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + + PropertyValue pValue = avmService.getStoreProperty(store.getName(), propQName); + + if (pValue != null) + { + NodeRef webProjectNodeRef = (NodeRef)pValue.getValue(DataTypeDefinition.NODE_REF); + + // Apply sepcific user permissions as set on the web project + List userInfoRefs = nodeService.getChildAssocs(webProjectNodeRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef ref : userInfoRefs) + { + NodeRef userInfoRef = ref.getChildRef(); + String username = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); + String userrole = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); + + permissionService.setPermission(dirRef, username, userrole, true); + } + } + } + +} diff --git a/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java b/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java index 8a0b56fc52..738009650d 100644 --- a/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java +++ b/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java @@ -24,6 +24,7 @@ package org.alfresco.repo.avm; +import java.io.IOException; import java.io.Serializable; import java.util.Date; import java.util.HashMap; @@ -48,6 +49,8 @@ import org.alfresco.repo.security.permissions.impl.ModelDAO; import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.avm.AVMNodeDescriptor; import org.alfresco.service.cmr.avm.AVMService; +import org.alfresco.service.cmr.avmsync.AVMDifference; +import org.alfresco.service.cmr.avmsync.AVMSyncService; import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; @@ -119,6 +122,10 @@ public class AVMServicePermissionsTest extends TestCase private AVMNodeDAO avmNodeDAO; + private Object fContext; + + private AVMSyncService avmSyncService; + public AVMServicePermissionsTest() { super(); @@ -132,6 +139,7 @@ public class AVMServicePermissionsTest extends TestCase aclDaoComponent = (AclDaoComponent) applicationContext.getBean("aclDaoComponent"); avmService = (AVMService) applicationContext.getBean("avmService"); + avmSyncService = (AVMSyncService)applicationContext.getBean("AVMSyncService"); nodeService = (NodeService) applicationContext.getBean("nodeService"); dictionaryService = (DictionaryService) applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE.getLocalName()); @@ -329,6 +337,210 @@ public class AVMServicePermissionsTest extends TestCase } } + private boolean checkCanPerformance(String user, String path, String permission, boolean allowed, int count) + { + String curentUser = AuthenticationUtil.getCurrentUserName(); + try + { + runAs(user); + AVMNodeDescriptor desc = avmService.lookup(-1, path); + AVMNode node = avmNodeDAO.getByID(desc.getId()); + boolean can = AVMRepository.GetInstance().can(node, permission); + long start = System.nanoTime(); + for(int i = 0; i < count; i++) + { + can = AVMRepository.GetInstance().can(node, permission); + } + long end = System.nanoTime(); + System.out.println("Can in "+((end-start)/1.0e9f)); + return allowed ? can : !can; + } + finally + { + runAs(curentUser); + } + } + + private boolean checkHasPermissionsPerformance(String user, String path, String permission, boolean allowed, int count) + { + String curentUser = AuthenticationUtil.getCurrentUserName(); + try + { + runAs(user); + NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, path); + boolean can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED; + long start = System.nanoTime(); + for(int i = 0; i < count; i++) + { + can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED; + } + long end = System.nanoTime(); + System.out.println("Has Permission in "+((end-start)/1.0e9f)); + return allowed ? can : !can; + } + finally + { + runAs(curentUser); + } + } + + + + public void testSimpleUpdate() throws Exception + { + runAs("admin"); + String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime()); + try + { + buildBaseStructure(storeName); + avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir"); + avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close(); + + AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base"); + AVMNode node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList acl = node.getAcl(); + assertNotNull(acl); + acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId())); + assertNotNull(acl); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList dirAcl = node.getAcl(); + assertNotNull(dirAcl); + assertTrue(acl.getId() == dirAcl.getId()); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList fileAcl = node.getAcl(); + assertNotNull(fileAcl); + assertTrue(acl.getId() == fileAcl.getId()); + + + avmService.createSnapshot(storeName, "store", "store"); + avmService.createSnapshot(storeName + "-layer-base", "store", "store"); + + List diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null); + + avmSyncService.update(diffs, null, false, false, false, false, "A", "A"); + + + desc = avmService.lookup(-1, storeName + ":/base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + dirAcl = node.getAcl(); + assertNull(dirAcl); + + desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + fileAcl = node.getAcl(); + assertNull(fileAcl); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + dirAcl = node.getAcl(); + assertNotNull(dirAcl); + assertTrue(acl.getId() == dirAcl.getId()); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + fileAcl = node.getAcl(); + assertNull(fileAcl); + } + finally + { + avmService.purgeStore(storeName); + avmService.purgeStore(storeName + "-layer-base"); + avmService.purgeStore(storeName + "-layer-a"); + avmService.purgeStore(storeName + "-layer-b"); + avmService.purgeStore(storeName + "-layer-c"); + avmService.purgeStore(storeName + "-layer-d"); + avmService.purgeStore(storeName + "-layer-layer-base"); + avmService.purgeStore(storeName + "-layer-layer-layer-base"); + } + } + + public void testUpdateWithPermissions() throws Exception + { + runAs("admin"); + String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime()); + try + { + buildBaseStructure(storeName); + + AVMNodeDescriptor nodeDesc = avmService.lookup(-1, storeName + ":/base"); + NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath()); + permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true); + Long baseAcl = avmNodeDAO.getByID(nodeDesc.getId()).getAcl().getId(); + Long inheritedBaseAcl = aclDaoComponent.getInheritedAccessControlList(baseAcl); + + + avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir"); + avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close(); + + AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base"); + AVMNode node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList acl = node.getAcl(); + assertNotNull(acl); + acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId())); + assertNotNull(acl); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList dirAcl = node.getAcl(); + assertNotNull(dirAcl); + assertTrue(acl.getId() == dirAcl.getId()); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + DbAccessControlList fileAcl = node.getAcl(); + assertNotNull(fileAcl); + assertTrue(acl.getId() == fileAcl.getId()); + + + avmService.createSnapshot(storeName, "store", "store"); + avmService.createSnapshot(storeName + "-layer-base", "store", "store"); + + List diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null); + + avmSyncService.update(diffs, null, false, false, false, false, "A", "A"); + + + desc = avmService.lookup(-1, storeName + ":/base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + dirAcl = node.getAcl(); + assertNotNull(dirAcl); + assertEquals(inheritedBaseAcl, dirAcl.getId()); + + desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + fileAcl = node.getAcl(); + assertNotNull(fileAcl); + assertEquals(inheritedBaseAcl, fileAcl.getId()); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); + node = avmNodeDAO.getByID(desc.getId()); + dirAcl = node.getAcl(); + assertNotNull(dirAcl); + assertTrue(acl.getId() == dirAcl.getId()); + + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); + node = avmNodeDAO.getByID(desc.getId()); + fileAcl = node.getAcl(); + assertNotNull(fileAcl); + assertEquals(inheritedBaseAcl, fileAcl.getId()); + } + finally + { + avmService.purgeStore(storeName); + avmService.purgeStore(storeName + "-layer-base"); + avmService.purgeStore(storeName + "-layer-a"); + avmService.purgeStore(storeName + "-layer-b"); + avmService.purgeStore(storeName + "-layer-c"); + avmService.purgeStore(storeName + "-layer-d"); + avmService.purgeStore(storeName + "-layer-layer-base"); + avmService.purgeStore(storeName + "-layer-layer-layer-base"); + } + } + public void testComplexStore_AlterInheritance() { runAs("admin"); @@ -373,6 +585,11 @@ public class AVMServicePermissionsTest extends TestCase assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.READ, true)); assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.ALL_PERMISSIONS, true)); + // performance + + checkCanPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000); + checkHasPermissionsPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000); + String[] excludeL = new String[] { storeName + "-layer-base:/layer-to-base/d-d/layer-d-a" }; String[] excludeLL = new String[] { storeName + "-layer-layer-base:/layer-to-layer-to-base/d-d/layer-d-a" }; String[] excludeLLL = new String[] { storeName + "-layer-layer-layer-base:/layer-to-layer-to-layer-to-base/d-d/layer-d-a" }; @@ -1432,7 +1649,7 @@ public class AVMServicePermissionsTest extends TestCase permissionService.setPermission(nodeRef, "publisher", "ContentPublisher", true); permissionService.setPermission(nodeRef, "contributor", "ContentContributor", true); permissionService.setPermission(nodeRef, "reviewer", "ContentReviewer", true); - + assertEquals(permissionService.getSetPermissions(nodeRef).getPermissionEntries().size(), 5); assertEquals(definingId, avmACLDAO.getAccessControlList(nodeRef).getId()); diff --git a/source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java b/source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java index 725e0b4e8f..19017486b1 100644 --- a/source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java +++ b/source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java @@ -30,6 +30,9 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.alfresco.repo.domain.DbAccessControlList; +import org.alfresco.repo.domain.hibernate.DbAccessControlListImpl; +import org.alfresco.repo.security.permissions.ACLCopyMode; import org.alfresco.service.cmr.avm.AVMBadArgumentException; import org.alfresco.service.cmr.avm.AVMNodeDescriptor; import org.alfresco.service.cmr.avm.AVMNotFoundException; @@ -504,9 +507,53 @@ public class AVMSyncServiceImpl implements AVMSyncService recursiveCopy(parentPath, name, toLink, excluder); return; } + fAVMService.link(parentPath, name, toLink); + + String newPath = AVMNodeConverter.ExtendAVMPath(parentPath, name); + + DbAccessControlList parentAcl= getACL(parentPath); + DbAccessControlList acl = getACL(toLink.getPath()); + setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY)); } + /* + * Get acl + */ + private DbAccessControlList getACL(String path) + { + Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false); + if (lookup != null) + { + AVMNode node = lookup.getCurrentNode(); + return node.getAcl(); + } + else + { + return null; + } + } + + /* + * Set ACL without COW + */ + private void setACL(String path, DbAccessControlList acl) + { + Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false); + if (lookup != null) + { + AVMNode node = lookup.getCurrentNode(); + // May be support an unwrapped getById to avoid this monkey madness + AVMDAOs.Instance().fAVMNodeDAO.evict(node); + node = AVMDAOs.Instance().fAVMNodeDAO.getByID(node.getId()); + node.setAcl(acl); + } + else + { + return; + } + } + /** * Recursively copy a node into the given position. * @param parentPath The place to put it. @@ -545,6 +592,10 @@ public class AVMSyncServiceImpl implements AVMSyncService if (toCopy.isFile() || toCopy.isDeleted() || toCopy.isPlainDirectory()) { fAVMRepository.link(parent, name, toCopy); + // needs to get the acl from the new location + DbAccessControlList parentAcl = getACL(parent.getPath()); + DbAccessControlList acl = getACL(toCopy.getPath()); + setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY)); return; } // Otherwise make a directory in the target parent, and recursiveCopy all the source diff --git a/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java index 9e99a72f5a..e7d2ffd1ac 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java @@ -31,6 +31,7 @@ import java.util.HashSet; import java.util.List; import java.util.Set; +import org.alfresco.repo.cache.SimpleCache; import org.alfresco.repo.domain.DbAccessControlEntry; import org.alfresco.repo.domain.DbAccessControlList; import org.alfresco.repo.domain.DbAccessControlListChangeSet; @@ -91,6 +92,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo static String QUERY_GET_LATEST_ACL_BY_ACLID = "permission.FindLatestAclByGuid"; + /** a transactionally-safe cache to be injected */ + private SimpleCache aclCache; + private enum WriteMode { TRUNCATE_INHERITED, ADD_INHERITED, CHANGE_INHERITED, REMOVE_INHERITED, INSERT_INHERITED, COPY_UPDATE_AND_INHERIT, COPY_ONLY; @@ -102,9 +106,18 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo DbAccessControlListImpl.setAclDaoComponent(this); } + + + public void setAclCache(SimpleCache aclCache) + { + this.aclCache = aclCache; + } + + + public DbAccessControlList getDbAccessControlList(Long id) { - if(id == null) + if (id == null) { return null; } @@ -321,6 +334,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id); if (!acl.isLatest()) { + aclCache.remove(id); return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()); } @@ -355,6 +369,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo { acl.setInheritsFrom(inheritsFrom); } + aclCache.remove(id); return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()); } else if ((acl.getAclChangeSet() == getCurrentChangeSet()) && (!requiresVersion) && (!acl.getRequiresVersion())) @@ -388,6 +403,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo { acl.setInheritsFrom(inheritsFrom); } + aclCache.remove(id); return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()); } else @@ -487,6 +503,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo // fix up old version acl.setLatest(Boolean.FALSE); acl.setRequiresVersion(Boolean.FALSE); + aclCache.remove(id); return new AclChangeImpl(id, created, acl.getAclType(), newAcl.getAclType()); } @@ -708,6 +725,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo // Delete acl entry DbAccessControlListMember member = (DbAccessControlListMember) getHibernateTemplate().get(DbAccessControlListMemberImpl.class, (Long) ids[0]); Long aclId = ((Long) ids[1]); + aclCache.remove(aclId); DbAccessControlList list = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, aclId); acls.add(new AclChangeImpl(aclId, aclId, list.getAclType(), list.getAclType())); getHibernateTemplate().delete(member); @@ -740,6 +758,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo getHibernateTemplate().delete(dbAuthority); } + // TODO: Remove affected ACLs from the cache + return acls; } @@ -762,9 +782,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo { getHibernateTemplate().delete(member); } - + aclCache.remove(id); } - + @SuppressWarnings("unchecked") public List deleteAccessControlList(final Long id) { @@ -785,6 +805,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo if (acl.getInheritedAclId() != -1) { final DbAccessControlList inherited = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, acl.getInheritedAclId()); + // Will remove from the cache getWritable(inherited.getId(), acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED); DbAccessControlList unusedInherited = null; for (AclChange change : acls) @@ -808,6 +829,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo List inheritors = (List) getHibernateTemplate().execute(callback); for (Long nextId : inheritors) { + // Will remove from the cache getWritable(nextId, acl.getInheritsFrom(), null, null, acl.getInheritsFrom(), true, acls, WriteMode.REMOVE_INHERITED); } @@ -852,6 +874,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo List inheritors = (List) getHibernateTemplate().execute(callback); for (Long nextId : inheritors) { + // Will remove from the cache getWritable(nextId, acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED); } } @@ -882,6 +905,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo getHibernateTemplate().delete(acl); } + // remove the deleted acl from the cache + aclCache.remove(id); acls.add(new AclChangeImpl(id, null, acl.getAclType(), null)); return acls; } @@ -891,6 +916,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo List changes = new ArrayList(); SimpleAccessControlEntry pattern = new SimpleAccessControlEntry(); pattern.setPosition(Integer.valueOf(0)); + // Will remove from the cache getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT); return changes; } @@ -900,6 +926,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo List changes = new ArrayList(); SimpleAccessControlEntry pattern = new SimpleAccessControlEntry(); pattern.setPosition(Integer.valueOf(-1)); + // Will remove from the cache getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT); return changes; } @@ -907,6 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo public List deleteAccessControlEntries(Long id, AccessControlEntry pattern) { List changes = new ArrayList(); + // Will remove from the cache getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT); return changes; } @@ -917,15 +945,31 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo } @SuppressWarnings("unchecked") - public AccessControlList getAccessControlList(final Long id) + public AccessControlList getAccessControlList(Long id) + { + AccessControlList acl = aclCache.get(id); + if(acl == null) + { + acl = getAccessControlListImpl(id); + aclCache.put(id, acl); + } + else + { + //System.out.println("Used cache for "+id); + } + return acl; + } + + @SuppressWarnings("unchecked") + public AccessControlList getAccessControlListImpl(final Long id) { SimpleAccessControlList acl = new SimpleAccessControlList(); AccessControlListProperties properties = getAccessControlListProperties(id); - if(properties == null) + if (properties == null) { return null; } - + acl.setProperties(properties); HibernateCallback callback = new HibernateCallback() @@ -964,7 +1008,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo } Collections.sort(entries); - + acl.setEntries(entries); return acl; @@ -973,7 +1017,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo public AccessControlListProperties getAccessControlListProperties(Long id) { DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id); - if(acl == null) + if (acl == null) { return null; } @@ -1121,6 +1165,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo { actualInheritedId = getInheritedAccessControlList(actualInheritedId); } + // Will remove from the cache getWritable(target, actualInheritedId, null, null, actualInheritedId, true, changes, WriteMode.CHANGE_INHERITED); return changes; @@ -1229,6 +1274,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo exclude.setPosition(0); List toAdd = new ArrayList(1); toAdd.add(entry); + // Will remove from the cache getWritable(id, null, exclude, toAdd, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT); return changes; @@ -1247,6 +1293,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo throw new IllegalArgumentException("Fixed and global permissions can not inherit"); case OLD: acl.setInherits(Boolean.TRUE); + aclCache.remove(id); changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType())); return changes; case SHARED: @@ -1258,12 +1305,14 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo default: if (!acl.getInherits()) { + // Will remove from the cache getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY); acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter()); acl.setInherits(Boolean.TRUE); } else { + // Will remove from the cache getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY); } @@ -1281,7 +1330,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo case GLOBAL: return Collections. singletonList(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType())); case OLD: + acl.setInherits(Boolean.FALSE); + aclCache.remove(id); changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType())); return changes; case SHARED: @@ -1314,11 +1365,13 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo case COW: aclToCopy = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, toCopy); aclToCopy.setRequiresVersion(true); + aclCache.remove(toCopy); inheritedId = getInheritedAccessControlList(toCopy); if ((inheritedId != null) && (!inheritedId.equals(toCopy))) { DbAccessControlList inheritedAcl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, inheritedId); inheritedAcl.setRequiresVersion(true); + aclCache.remove(inheritedId); } return toCopy; case REDIRECT: @@ -1335,10 +1388,11 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo // This is not called on the redirecting node as only LAYERED change permissins when redirected // So this needs to make a copy in the same way layered does case LAYERED: - if(toInheritFrom == null) + if (toInheritFrom == null) { return toCopy; } + // manages cache clearing beneath List changes = mergeInheritedAccessControlList(toInheritFrom, toCopy); for (AclChange change : changes) { @@ -1420,7 +1474,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo public DbAccessControlList getDbAccessControlListCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode) { Long id = getCopy(toCopy, toInheritFrom, mode); - if(id == null) + if (id == null) { return null; } @@ -1468,15 +1522,17 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo { return Collections. emptyList(); } + // Manges caching getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY); acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter()); final Long inheritsFrom = acl.getInheritsFrom(); acl.setInherits(Boolean.FALSE); // Keep inherits from so we can reinstate if required // acl.setInheritsFrom(-1l); + // Manges caching getWritable(acl.getId(), null, null, null, null, true, changes, WriteMode.TRUNCATE_INHERITED); - // set Inherited + // set Inherited - TODO: UNTESTED if ((inheritsFrom != null) && (inheritsFrom != -1) && setInheritedOnAcl) { diff --git a/source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java b/source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java index 76ae116512..548f46a102 100644 --- a/source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java +++ b/source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java @@ -125,7 +125,7 @@ public class RuleServiceCoverageTest extends TestCase * Category related values */ private static final String TEST_NAMESPACE = "http://www.alfresco.org/test/rulesystemtest"; - private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "region"); + private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "Region"); private QName regionCategorisationQName; private NodeRef catContainer; private NodeRef catRoot; diff --git a/source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java b/source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java index 841086f4bb..8e66d57656 100644 --- a/source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java +++ b/source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java @@ -404,7 +404,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte } } - private StoreType getStoreType(String name) + public StoreType getStoreType(String name) { if (avmService.getStore(name) != null) { @@ -457,7 +457,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte NAME, TYPE; } - private enum StoreType + public enum StoreType { STAGING, STAGING_PREVIEW, AUTHOR, AUTHOR_PREVIEW, WORKFLOW, WORKFLOW_PREVIEW, AUTHOR_WORKFLOW, AUTHOR_WORKFLOW_PREVIEW, UNKNOWN; } diff --git a/source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java b/source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java index ab7fbf8570..250bcafc20 100644 --- a/source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java +++ b/source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java @@ -24,9 +24,11 @@ */ package org.alfresco.repo.security.permissions; +import java.io.Serializable; + import org.alfresco.service.cmr.security.AccessStatus; -public interface AccessControlEntry extends Comparable +public interface AccessControlEntry extends Comparable, Serializable { public Integer getPosition(); diff --git a/source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java b/source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java index 01026ae07f..b289d5edc9 100644 --- a/source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java +++ b/source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java @@ -24,7 +24,9 @@ */ package org.alfresco.repo.security.permissions; -public interface AccessControlEntryContext +import java.io.Serializable; + +public interface AccessControlEntryContext extends Serializable { /** * Get the class context. diff --git a/source/java/org/alfresco/repo/security/permissions/AccessControlList.java b/source/java/org/alfresco/repo/security/permissions/AccessControlList.java index 87361768e3..b75fb3a117 100644 --- a/source/java/org/alfresco/repo/security/permissions/AccessControlList.java +++ b/source/java/org/alfresco/repo/security/permissions/AccessControlList.java @@ -24,9 +24,10 @@ */ package org.alfresco.repo.security.permissions; +import java.io.Serializable; import java.util.List; -public interface AccessControlList +public interface AccessControlList extends Serializable { /** * Get the properties diff --git a/source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java b/source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java index a8612b1aa4..b48c13ab0c 100644 --- a/source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java +++ b/source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java @@ -24,8 +24,10 @@ */ package org.alfresco.repo.security.permissions; +import java.io.Serializable; -public interface AccessControlListProperties + +public interface AccessControlListProperties extends Serializable { /** * Get the ACL ID diff --git a/source/java/org/alfresco/repo/security/permissions/PermissionReference.java b/source/java/org/alfresco/repo/security/permissions/PermissionReference.java index 7fb435f2ef..4c2b3244cb 100644 --- a/source/java/org/alfresco/repo/security/permissions/PermissionReference.java +++ b/source/java/org/alfresco/repo/security/permissions/PermissionReference.java @@ -24,6 +24,8 @@ */ package org.alfresco.repo.security.permissions; +import java.io.Serializable; + import org.alfresco.service.namespace.QName; /** @@ -32,7 +34,7 @@ import org.alfresco.service.namespace.QName; * * @author Andy Hind */ -public interface PermissionReference +public interface PermissionReference extends Serializable { /** diff --git a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java index 37ed6edc31..59e430ebb6 100644 --- a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java +++ b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java @@ -29,6 +29,11 @@ import org.alfresco.service.cmr.security.AuthorityType; public class SimpleAccessControlEntry implements AccessControlEntry { + /** + * + */ + private static final long serialVersionUID = -3099789485179796034L; + private AccessStatus accessStatus; private ACEType aceType; diff --git a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java index b3a6687280..41cee9488a 100644 --- a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java +++ b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java @@ -27,6 +27,11 @@ package org.alfresco.repo.security.permissions; public class SimpleAccessControlEntryContext implements AccessControlEntryContext { + /** + * + */ + private static final long serialVersionUID = -5679179194140822827L; + private String classContext; private String KVPContext; diff --git a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java index 3fed4fa82b..83f571d3ab 100644 --- a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java +++ b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java @@ -5,6 +5,11 @@ import java.util.List; public class SimpleAccessControlList implements AccessControlList { + /** + * + */ + private static final long serialVersionUID = -1859514919998903150L; + private AccessControlListProperties properties; private List entries = new ArrayList(); diff --git a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java index 65c5cc8cbf..2058206c7d 100644 --- a/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java +++ b/source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java @@ -26,6 +26,11 @@ package org.alfresco.repo.security.permissions; public class SimpleAccessControlListProperties implements AccessControlListProperties { + /** + * + */ + private static final long serialVersionUID = 6476760867405494520L; + private String aclId; private ACLType aclType; diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java index 83bc5e7b8e..190c079db9 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java @@ -35,6 +35,11 @@ import org.alfresco.service.namespace.QName; */ public class PermissionReferenceImpl extends AbstractPermissionReference { + /** + * + */ + private static final long serialVersionUID = -8639601925783501443L; + private QName qName; private String name; diff --git a/source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java b/source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java index bbab677343..e3dcfc5a74 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java @@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName; */ public final class RequiredPermission extends PermissionReferenceImpl { + /** + * + */ + private static final long serialVersionUID = 4840771159714835909L; + public enum On { PARENT, NODE, CHILDREN }; diff --git a/source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java b/source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java index 7aea9ac522..32ea4c2a2d 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java @@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName; */ public final class SimplePermissionReference extends AbstractPermissionReference { + /** + * + */ + private static final long serialVersionUID = 637302438293417818L; + /* * The type */ diff --git a/source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java b/source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java index ca54f5d36f..29e1c31706 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java @@ -35,6 +35,11 @@ import org.dom4j.Element; */ public class DynamicPermission extends AbstractPermission implements XMLModelInitialisable { + /** + * + */ + private static final long serialVersionUID = 8060533686472973313L; + private static final String EVALUATOR = "evaluator"; private String evaluatorFullyQualifiedClassName; diff --git a/source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java b/source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java index 9c07edc240..e9d6beb994 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java @@ -46,6 +46,11 @@ public class Permission extends AbstractPermission implements XMLModelInitialisa { // XML Constants + /** + * + */ + private static final long serialVersionUID = -4560426591597681329L; + private static final String GRANTED_TO_GROUP = "grantedToGroup"; private static final String GTG_NAME = "permissionGroup"; diff --git a/source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java b/source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java index 4a9ad9091b..0b17fae48d 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java @@ -46,6 +46,11 @@ public final class PermissionGroup extends AbstractPermissionReference implement { // XML Constants + /** + * + */ + private static final long serialVersionUID = 7879839657714155737L; + private static final String NAME = "name"; private static final String EXTENDS = "extends";