inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.2 to HEAD

Browse Source 
7690: Build fix
   7694: AVM permissions


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8443 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2008-03-06 21:53:29 +00:00
parent ecb74c1447
commit 4fc796b4a3
29 changed files with 658 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java Normal file
View File

@@ -0,0 +1,161 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.admin.patch.impl;
import java.util.List;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.admin.patch.AbstractPatch;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.avm.AVMRepository;
import org.alfresco.repo.domain.PropertyValue;
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
/**
* Remove ACLs on all but staging area stores On staging area stores, set ACls according to the users and roles as set
* on the web site
*
* Note: runs as the system user
*
* @author andyh
*/
public class WCMPermissionPatch extends AbstractPatch
{
private static final String MSG_SUCCESS = "patch.wcmPermissionPatch.result";
AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor;
AVMService avmService;
PermissionService permissionService;
public void setAvmService(AVMService avmService)
{
this.avmService = avmService;
}
public void setAvmSnapShotTriggeredIndexingMethodInterceptor(AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor)
{
this.avmSnapShotTriggeredIndexingMethodInterceptor = avmSnapShotTriggeredIndexingMethodInterceptor;
}
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
@Override
protected String applyInternal() throws Exception
{
List<AVMStoreDescriptor> stores = avmService.getStores();
for (AVMStoreDescriptor store : stores)
{
switch (avmSnapShotTriggeredIndexingMethodInterceptor.getStoreType(store.getName()))
{
/* Set permissions in staging */
case STAGING:
setStagingAreaPermissions(store);
// TODO: mark read only
break;
/* Clear permissions */
case AUTHOR:
case AUTHOR_PREVIEW:
case AUTHOR_WORKFLOW:
case AUTHOR_WORKFLOW_PREVIEW:
// TODO: add app access control
clearPermissions(store);
break;
case STAGING_PREVIEW:
clearPermissions(store);
// TODO: mark read only
break;
case WORKFLOW:
case WORKFLOW_PREVIEW:
clearPermissions(store);
break;
/* non WCM stores - nothing to do */
case UNKNOWN:
default:
break;
}
}
// build the result message
String msg = I18NUtil.getMessage(MSG_SUCCESS);
// done
return msg;
}
private void clearPermissions(AVMStoreDescriptor store)
{
AVMNodeDescriptor www = avmService.lookup(-1, store.getName() + ":/www");
if(www.isLayeredDirectory() && www.isPrimary())
{
// throw away any acl
AVMRepository.GetInstance().setACL(store.getName() + ":/www", null);
// build the default layer acl
avmService.retargetLayeredDirectory(store.getName() + ":/www", www.getIndirection());
}
}
private void setStagingAreaPermissions(AVMStoreDescriptor store)
{
QName propQName = QName.createQName(null, ".web_project.noderef");
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, store.getName() + ":/www");
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
PropertyValue pValue = avmService.getStoreProperty(store.getName(), propQName);
if (pValue != null)
{
NodeRef webProjectNodeRef = (NodeRef)pValue.getValue(DataTypeDefinition.NODE_REF);
// Apply sepcific user permissions as set on the web project
List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(webProjectNodeRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef ref : userInfoRefs)
{
NodeRef userInfoRef = ref.getChildRef();
String username = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
String userrole = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
permissionService.setPermission(dirRef, username, userrole, true);
}
}
}
}

219
source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java
View File

@@ -24,6 +24,7 @@
package org.alfresco.repo.avm;
import java.io.IOException;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
@@ -48,6 +49,8 @@ import org.alfresco.repo.security.permissions.impl.ModelDAO;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.avmsync.AVMDifference;
import org.alfresco.service.cmr.avmsync.AVMSyncService;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -119,6 +122,10 @@ public class AVMServicePermissionsTest extends TestCase
private AVMNodeDAO avmNodeDAO;
private Object fContext;
private AVMSyncService avmSyncService;
public AVMServicePermissionsTest()
{
super();
@@ -132,6 +139,7 @@ public class AVMServicePermissionsTest extends TestCase
aclDaoComponent = (AclDaoComponent) applicationContext.getBean("aclDaoComponent");
avmService = (AVMService) applicationContext.getBean("avmService");
avmSyncService = (AVMSyncService)applicationContext.getBean("AVMSyncService");
nodeService = (NodeService) applicationContext.getBean("nodeService");
dictionaryService = (DictionaryService) applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE.getLocalName());
@@ -329,6 +337,210 @@ public class AVMServicePermissionsTest extends TestCase
}
}
private boolean checkCanPerformance(String user, String path, String permission, boolean allowed, int count)
{
String curentUser = AuthenticationUtil.getCurrentUserName();
try
{
runAs(user);
AVMNodeDescriptor desc = avmService.lookup(-1, path);
AVMNode node = avmNodeDAO.getByID(desc.getId());
boolean can = AVMRepository.GetInstance().can(node, permission);
long start = System.nanoTime();
for(int i = 0; i < count; i++)
{
can = AVMRepository.GetInstance().can(node, permission);
}
long end = System.nanoTime();
System.out.println("Can in "+((end-start)/1.0e9f));
return allowed ? can : !can;
}
finally
{
runAs(curentUser);
}
}
private boolean checkHasPermissionsPerformance(String user, String path, String permission, boolean allowed, int count)
{
String curentUser = AuthenticationUtil.getCurrentUserName();
try
{
runAs(user);
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, path);
boolean can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED;
long start = System.nanoTime();
for(int i = 0; i < count; i++)
{
can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED;
}
long end = System.nanoTime();
System.out.println("Has Permission in "+((end-start)/1.0e9f));
return allowed ? can : !can;
}
finally
{
runAs(curentUser);
}
}
public void testSimpleUpdate() throws Exception
{
runAs("admin");
String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime());
try
{
buildBaseStructure(storeName);
avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir");
avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close();
AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base");
AVMNode node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList acl = node.getAcl();
assertNotNull(acl);
acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId()));
assertNotNull(acl);
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList dirAcl = node.getAcl();
assertNotNull(dirAcl);
assertTrue(acl.getId() == dirAcl.getId());
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList fileAcl = node.getAcl();
assertNotNull(fileAcl);
assertTrue(acl.getId() == fileAcl.getId());
avmService.createSnapshot(storeName, "store", "store");
avmService.createSnapshot(storeName + "-layer-base", "store", "store");
List<AVMDifference> diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null);
avmSyncService.update(diffs, null, false, false, false, false, "A", "A");
desc = avmService.lookup(-1, storeName + ":/base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
dirAcl = node.getAcl();
assertNull(dirAcl);
desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
fileAcl = node.getAcl();
assertNull(fileAcl);
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
dirAcl = node.getAcl();
assertNotNull(dirAcl);
assertTrue(acl.getId() == dirAcl.getId());
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
fileAcl = node.getAcl();
assertNull(fileAcl);
}
finally
{
avmService.purgeStore(storeName);
avmService.purgeStore(storeName + "-layer-base");
avmService.purgeStore(storeName + "-layer-a");
avmService.purgeStore(storeName + "-layer-b");
avmService.purgeStore(storeName + "-layer-c");
avmService.purgeStore(storeName + "-layer-d");
avmService.purgeStore(storeName + "-layer-layer-base");
avmService.purgeStore(storeName + "-layer-layer-layer-base");
}
}
public void testUpdateWithPermissions() throws Exception
{
runAs("admin");
String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime());
try
{
buildBaseStructure(storeName);
AVMNodeDescriptor nodeDesc = avmService.lookup(-1, storeName + ":/base");
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true);
Long baseAcl = avmNodeDAO.getByID(nodeDesc.getId()).getAcl().getId();
Long inheritedBaseAcl = aclDaoComponent.getInheritedAccessControlList(baseAcl);
avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir");
avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close();
AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base");
AVMNode node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList acl = node.getAcl();
assertNotNull(acl);
acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId()));
assertNotNull(acl);
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList dirAcl = node.getAcl();
assertNotNull(dirAcl);
assertTrue(acl.getId() == dirAcl.getId());
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
DbAccessControlList fileAcl = node.getAcl();
assertNotNull(fileAcl);
assertTrue(acl.getId() == fileAcl.getId());
avmService.createSnapshot(storeName, "store", "store");
avmService.createSnapshot(storeName + "-layer-base", "store", "store");
List<AVMDifference> diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null);
avmSyncService.update(diffs, null, false, false, false, false, "A", "A");
desc = avmService.lookup(-1, storeName + ":/base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
dirAcl = node.getAcl();
assertNotNull(dirAcl);
assertEquals(inheritedBaseAcl, dirAcl.getId());
desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
fileAcl = node.getAcl();
assertNotNull(fileAcl);
assertEquals(inheritedBaseAcl, fileAcl.getId());
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
node = avmNodeDAO.getByID(desc.getId());
dirAcl = node.getAcl();
assertNotNull(dirAcl);
assertTrue(acl.getId() == dirAcl.getId());
desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
node = avmNodeDAO.getByID(desc.getId());
fileAcl = node.getAcl();
assertNotNull(fileAcl);
assertEquals(inheritedBaseAcl, fileAcl.getId());
}
finally
{
avmService.purgeStore(storeName);
avmService.purgeStore(storeName + "-layer-base");
avmService.purgeStore(storeName + "-layer-a");
avmService.purgeStore(storeName + "-layer-b");
avmService.purgeStore(storeName + "-layer-c");
avmService.purgeStore(storeName + "-layer-d");
avmService.purgeStore(storeName + "-layer-layer-base");
avmService.purgeStore(storeName + "-layer-layer-layer-base");
}
}
public void testComplexStore_AlterInheritance()
{
runAs("admin");
@@ -373,6 +585,11 @@ public class AVMServicePermissionsTest extends TestCase
assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.READ, true));
assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.ALL_PERMISSIONS, true));
// performance
checkCanPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000);
checkHasPermissionsPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000);
String[] excludeL = new String[] { storeName + "-layer-base:/layer-to-base/d-d/layer-d-a" };
String[] excludeLL = new String[] { storeName + "-layer-layer-base:/layer-to-layer-to-base/d-d/layer-d-a" };
String[] excludeLLL = new String[] { storeName + "-layer-layer-layer-base:/layer-to-layer-to-layer-to-base/d-d/layer-d-a" };
@@ -1432,7 +1649,7 @@ public class AVMServicePermissionsTest extends TestCase
permissionService.setPermission(nodeRef, "publisher", "ContentPublisher", true);
permissionService.setPermission(nodeRef, "contributor", "ContentContributor", true);
permissionService.setPermission(nodeRef, "reviewer", "ContentReviewer", true);
assertEquals(permissionService.getSetPermissions(nodeRef).getPermissionEntries().size(), 5);
assertEquals(definingId, avmACLDAO.getAccessControlList(nodeRef).getId());

51
source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java
View File

@@ -30,6 +30,9 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.hibernate.DbAccessControlListImpl;
import org.alfresco.repo.security.permissions.ACLCopyMode;
import org.alfresco.service.cmr.avm.AVMBadArgumentException;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMNotFoundException;
@@ -504,9 +507,53 @@ public class AVMSyncServiceImpl implements AVMSyncService
recursiveCopy(parentPath, name, toLink, excluder);
return;
}
fAVMService.link(parentPath, name, toLink);
String newPath = AVMNodeConverter.ExtendAVMPath(parentPath, name);
DbAccessControlList parentAcl= getACL(parentPath);
DbAccessControlList acl = getACL(toLink.getPath());
setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY));
}
/*
* Get acl
*/
private DbAccessControlList getACL(String path)
{
Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false);
if (lookup != null)
{
AVMNode node = lookup.getCurrentNode();
return node.getAcl();
}
else
{
return null;
}
}
/*
* Set ACL without COW
*/
private void setACL(String path, DbAccessControlList acl)
{
Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false);
if (lookup != null)
{
AVMNode node = lookup.getCurrentNode();
// May be support an unwrapped getById to avoid this monkey madness
AVMDAOs.Instance().fAVMNodeDAO.evict(node);
node = AVMDAOs.Instance().fAVMNodeDAO.getByID(node.getId());
node.setAcl(acl);
}
else
{
return;
}
}
/**
* Recursively copy a node into the given position.
* @param parentPath The place to put it.
@@ -545,6 +592,10 @@ public class AVMSyncServiceImpl implements AVMSyncService
if (toCopy.isFile() || toCopy.isDeleted() || toCopy.isPlainDirectory())
{
fAVMRepository.link(parent, name, toCopy);
// needs to get the acl from the new location
DbAccessControlList parentAcl = getACL(parent.getPath());
DbAccessControlList acl = getACL(toCopy.getPath());
setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY));
return;
}
// Otherwise make a directory in the target parent, and recursiveCopy all the source

78
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java
View File

@@ -31,6 +31,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAccessControlListChangeSet;
@@ -91,6 +92,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
static String QUERY_GET_LATEST_ACL_BY_ACLID = "permission.FindLatestAclByGuid";
/** a transactionally-safe cache to be injected */
private SimpleCache<Long, AccessControlList> aclCache;
private enum WriteMode
{
TRUNCATE_INHERITED, ADD_INHERITED, CHANGE_INHERITED, REMOVE_INHERITED, INSERT_INHERITED, COPY_UPDATE_AND_INHERIT, COPY_ONLY;
@@ -102,9 +106,18 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
DbAccessControlListImpl.setAclDaoComponent(this);
}
public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
{
this.aclCache = aclCache;
}
public DbAccessControlList getDbAccessControlList(Long id)
{
if(id == null)
if (id == null)
{
return null;
}
@@ -321,6 +334,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id);
if (!acl.isLatest())
{
aclCache.remove(id);
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
}
@@ -355,6 +369,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
{
acl.setInheritsFrom(inheritsFrom);
}
aclCache.remove(id);
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
}
else if ((acl.getAclChangeSet() == getCurrentChangeSet()) && (!requiresVersion) && (!acl.getRequiresVersion()))
@@ -388,6 +403,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
{
acl.setInheritsFrom(inheritsFrom);
}
aclCache.remove(id);
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
}
else
@@ -487,6 +503,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
// fix up old version
acl.setLatest(Boolean.FALSE);
acl.setRequiresVersion(Boolean.FALSE);
aclCache.remove(id);
return new AclChangeImpl(id, created, acl.getAclType(), newAcl.getAclType());
}
@@ -708,6 +725,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
// Delete acl entry
DbAccessControlListMember member = (DbAccessControlListMember) getHibernateTemplate().get(DbAccessControlListMemberImpl.class, (Long) ids[0]);
Long aclId = ((Long) ids[1]);
aclCache.remove(aclId);
DbAccessControlList list = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, aclId);
acls.add(new AclChangeImpl(aclId, aclId, list.getAclType(), list.getAclType()));
getHibernateTemplate().delete(member);
@@ -740,6 +758,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
getHibernateTemplate().delete(dbAuthority);
}
// TODO: Remove affected ACLs from the cache
return acls;
}
@@ -762,9 +782,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
{
getHibernateTemplate().delete(member);
}
aclCache.remove(id);
}
@SuppressWarnings("unchecked")
public List<AclChange> deleteAccessControlList(final Long id)
{
@@ -785,6 +805,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
if (acl.getInheritedAclId() != -1)
{
final DbAccessControlList inherited = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, acl.getInheritedAclId());
// Will remove from the cache
getWritable(inherited.getId(), acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
DbAccessControlList unusedInherited = null;
for (AclChange change : acls)
@@ -808,6 +829,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
List<Long> inheritors = (List<Long>) getHibernateTemplate().execute(callback);
for (Long nextId : inheritors)
{
// Will remove from the cache
getWritable(nextId, acl.getInheritsFrom(), null, null, acl.getInheritsFrom(), true, acls, WriteMode.REMOVE_INHERITED);
}
@@ -852,6 +874,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
List<Long> inheritors = (List<Long>) getHibernateTemplate().execute(callback);
for (Long nextId : inheritors)
{
// Will remove from the cache
getWritable(nextId, acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
}
}
@@ -882,6 +905,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
getHibernateTemplate().delete(acl);
}
// remove the deleted acl from the cache
aclCache.remove(id);
acls.add(new AclChangeImpl(id, null, acl.getAclType(), null));
return acls;
}
@@ -891,6 +916,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
List<AclChange> changes = new ArrayList<AclChange>();
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setPosition(Integer.valueOf(0));
// Will remove from the cache
getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
}
@@ -900,6 +926,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
List<AclChange> changes = new ArrayList<AclChange>();
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setPosition(Integer.valueOf(-1));
// Will remove from the cache
getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
}
@@ -907,6 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
public List<AclChange> deleteAccessControlEntries(Long id, AccessControlEntry pattern)
{
List<AclChange> changes = new ArrayList<AclChange>();
// Will remove from the cache
getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
}
@@ -917,15 +945,31 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
}
@SuppressWarnings("unchecked")
public AccessControlList getAccessControlList(final Long id)
public AccessControlList getAccessControlList(Long id)
{
AccessControlList acl = aclCache.get(id);
if(acl == null)
{
acl = getAccessControlListImpl(id);
aclCache.put(id, acl);
}
else
{
//System.out.println("Used cache for "+id);
}
return acl;
}
@SuppressWarnings("unchecked")
public AccessControlList getAccessControlListImpl(final Long id)
{
SimpleAccessControlList acl = new SimpleAccessControlList();
AccessControlListProperties properties = getAccessControlListProperties(id);
if(properties == null)
if (properties == null)
{
return null;
}
acl.setProperties(properties);
HibernateCallback callback = new HibernateCallback()
@@ -964,7 +1008,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
}
Collections.sort(entries);
acl.setEntries(entries);
return acl;
@@ -973,7 +1017,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
public AccessControlListProperties getAccessControlListProperties(Long id)
{
DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id);
if(acl == null)
if (acl == null)
{
return null;
}
@@ -1121,6 +1165,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
{
actualInheritedId = getInheritedAccessControlList(actualInheritedId);
}
// Will remove from the cache
getWritable(target, actualInheritedId, null, null, actualInheritedId, true, changes, WriteMode.CHANGE_INHERITED);
return changes;
@@ -1229,6 +1274,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
exclude.setPosition(0);
List<DbAccessControlEntry> toAdd = new ArrayList<DbAccessControlEntry>(1);
toAdd.add(entry);
// Will remove from the cache
getWritable(id, null, exclude, toAdd, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
@@ -1247,6 +1293,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
throw new IllegalArgumentException("Fixed and global permissions can not inherit");
case OLD:
acl.setInherits(Boolean.TRUE);
aclCache.remove(id);
changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
return changes;
case SHARED:
@@ -1258,12 +1305,14 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
default:
if (!acl.getInherits())
{
// Will remove from the cache
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter());
acl.setInherits(Boolean.TRUE);
}
else
{
// Will remove from the cache
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
}
@@ -1281,7 +1330,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
case GLOBAL:
return Collections.<AclChange> singletonList(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
case OLD:
acl.setInherits(Boolean.FALSE);
aclCache.remove(id);
changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
return changes;
case SHARED:
@@ -1314,11 +1365,13 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
case COW:
aclToCopy = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, toCopy);
aclToCopy.setRequiresVersion(true);
aclCache.remove(toCopy);
inheritedId = getInheritedAccessControlList(toCopy);
if ((inheritedId != null) && (!inheritedId.equals(toCopy)))
{
DbAccessControlList inheritedAcl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, inheritedId);
inheritedAcl.setRequiresVersion(true);
aclCache.remove(inheritedId);
}
return toCopy;
case REDIRECT:
@@ -1335,10 +1388,11 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
// This is not called on the redirecting node as only LAYERED change permissins when redirected
// So this needs to make a copy in the same way layered does
case LAYERED:
if(toInheritFrom == null)
if (toInheritFrom == null)
{
return toCopy;
}
// manages cache clearing beneath
List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
for (AclChange change : changes)
{
@@ -1420,7 +1474,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
public DbAccessControlList getDbAccessControlListCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode)
{
Long id = getCopy(toCopy, toInheritFrom, mode);
if(id == null)
if (id == null)
{
return null;
}
@@ -1468,15 +1522,17 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
{
return Collections.<AclChange> emptyList();
}
// Manges caching
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter());
final Long inheritsFrom = acl.getInheritsFrom();
acl.setInherits(Boolean.FALSE);
// Keep inherits from so we can reinstate if required
// acl.setInheritsFrom(-1l);
// Manges caching
getWritable(acl.getId(), null, null, null, null, true, changes, WriteMode.TRUNCATE_INHERITED);
// set Inherited
// set Inherited - TODO: UNTESTED
if ((inheritsFrom != null) && (inheritsFrom != -1) && setInheritedOnAcl)
{

2
source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java
View File

@@ -125,7 +125,7 @@ public class RuleServiceCoverageTest extends TestCase
* Category related values
*/
private static final String TEST_NAMESPACE = "http://www.alfresco.org/test/rulesystemtest";
private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "region");
private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "Region");
private QName regionCategorisationQName;
private NodeRef catContainer;
private NodeRef catRoot;

4
source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java
View File

@@ -404,7 +404,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte
}
}
private StoreType getStoreType(String name)
public StoreType getStoreType(String name)
{
if (avmService.getStore(name) != null)
{
@@ -457,7 +457,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte
NAME, TYPE;
}
private enum StoreType
public enum StoreType
{
STAGING, STAGING_PREVIEW, AUTHOR, AUTHOR_PREVIEW, WORKFLOW, WORKFLOW_PREVIEW, AUTHOR_WORKFLOW, AUTHOR_WORKFLOW_PREVIEW, UNKNOWN;
}

4
source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java
View File

@@ -24,9 +24,11 @@
*/
package org.alfresco.repo.security.permissions;
import java.io.Serializable;
import org.alfresco.service.cmr.security.AccessStatus;
public interface AccessControlEntry extends Comparable<AccessControlEntry>
public interface AccessControlEntry extends Comparable<AccessControlEntry>, Serializable
{
public Integer getPosition();

4
source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java
View File

@@ -24,7 +24,9 @@
*/
package org.alfresco.repo.security.permissions;
public interface AccessControlEntryContext
import java.io.Serializable;
public interface AccessControlEntryContext extends Serializable
{
/**
* Get the class context.

3
source/java/org/alfresco/repo/security/permissions/AccessControlList.java
View File

@@ -24,9 +24,10 @@
*/
package org.alfresco.repo.security.permissions;
import java.io.Serializable;
import java.util.List;
public interface AccessControlList
public interface AccessControlList extends Serializable
{
/**
* Get the properties

4
source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java
View File

@@ -24,8 +24,10 @@
*/
package org.alfresco.repo.security.permissions;
import java.io.Serializable;
public interface AccessControlListProperties
public interface AccessControlListProperties extends Serializable
{
/**
* Get the ACL ID

4
source/java/org/alfresco/repo/security/permissions/PermissionReference.java
View File

@@ -24,6 +24,8 @@
*/
package org.alfresco.repo.security.permissions;
import java.io.Serializable;
import org.alfresco.service.namespace.QName;
/**
@@ -32,7 +34,7 @@ import org.alfresco.service.namespace.QName;
*
* @author Andy Hind
*/
public interface PermissionReference
public interface PermissionReference extends Serializable
{
/**

5
source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java
View File

@@ -29,6 +29,11 @@ import org.alfresco.service.cmr.security.AuthorityType;
public class SimpleAccessControlEntry implements AccessControlEntry
{
/**
*
*/
private static final long serialVersionUID = -3099789485179796034L;
private AccessStatus accessStatus;
private ACEType aceType;

5
source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java
View File

@@ -27,6 +27,11 @@ package org.alfresco.repo.security.permissions;
public class SimpleAccessControlEntryContext implements AccessControlEntryContext
{
/**
*
*/
private static final long serialVersionUID = -5679179194140822827L;
private String classContext;
private String KVPContext;

5
source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java
View File

@@ -5,6 +5,11 @@ import java.util.List;
public class SimpleAccessControlList implements AccessControlList
{
/**
*
*/
private static final long serialVersionUID = -1859514919998903150L;
private AccessControlListProperties properties;
private List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();

5
source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java
View File

@@ -26,6 +26,11 @@ package org.alfresco.repo.security.permissions;
public class SimpleAccessControlListProperties implements AccessControlListProperties
{
/**
*
*/
private static final long serialVersionUID = 6476760867405494520L;
private String aclId;
private ACLType aclType;

5
source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java
View File

@@ -35,6 +35,11 @@ import org.alfresco.service.namespace.QName;
*/
public class PermissionReferenceImpl extends AbstractPermissionReference
{
/**
*
*/
private static final long serialVersionUID = -8639601925783501443L;
private QName qName;
private String name;

5
source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java
View File

@@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName;
*/
public final class RequiredPermission extends PermissionReferenceImpl
{
/**
*
*/
private static final long serialVersionUID = 4840771159714835909L;
public enum On {
PARENT, NODE, CHILDREN
};

5
source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java
View File

@@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName;
*/
public final class SimplePermissionReference extends AbstractPermissionReference
{
/**
*
*/
private static final long serialVersionUID = 637302438293417818L;
/*
* The type
*/

5
source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java
View File

@@ -35,6 +35,11 @@ import org.dom4j.Element;
*/
public class DynamicPermission extends AbstractPermission implements XMLModelInitialisable
{
/**
*
*/
private static final long serialVersionUID = 8060533686472973313L;
private static final String EVALUATOR = "evaluator";
private String evaluatorFullyQualifiedClassName;

5
source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java
View File

@@ -46,6 +46,11 @@ public class Permission extends AbstractPermission implements XMLModelInitialisa
{
// XML Constants
/**
*
*/
private static final long serialVersionUID = -4560426591597681329L;
private static final String GRANTED_TO_GROUP = "grantedToGroup";
private static final String GTG_NAME = "permissionGroup";

5
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java
View File

@@ -46,6 +46,11 @@ public final class PermissionGroup extends AbstractPermissionReference implement
{
// XML Constants
/**
*
*/
private static final long serialVersionUID = 7879839657714155737L;
private static final String NAME = "name";
private static final String EXTENDS = "extends";