inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.2 to HEAD

Browse Source 
7690: Build fix
   7694: AVM permissions


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8443 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2008-03-06 21:53:29 +00:00
parent ecb74c1447
commit 4fc796b4a3
29 changed files with 658 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java Normal file
View File

@@ -0,0 +1,161 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.admin.patch.impl;
import java.util.List;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.admin.patch.AbstractPatch;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.avm.AVMRepository;
import org.alfresco.repo.domain.PropertyValue;
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
/**
* Remove ACLs on all but staging area stores On staging area stores, set ACls according to the users and roles as set
* on the web site
*
* Note: runs as the system user
*
* @author andyh
*/
public class WCMPermissionPatch extends AbstractPatch
{
private static final String MSG_SUCCESS = "patch.wcmPermissionPatch.result";
AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor;
AVMService avmService;
PermissionService permissionService;
public void setAvmService(AVMService avmService)
{
this.avmService = avmService;
}
public void setAvmSnapShotTriggeredIndexingMethodInterceptor(AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor)
{
this.avmSnapShotTriggeredIndexingMethodInterceptor = avmSnapShotTriggeredIndexingMethodInterceptor;
}
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
@Override
protected String applyInternal() throws Exception
{
List<AVMStoreDescriptor> stores = avmService.getStores();
for (AVMStoreDescriptor store : stores)
{
switch (avmSnapShotTriggeredIndexingMethodInterceptor.getStoreType(store.getName()))
{
/* Set permissions in staging */
case STAGING:
setStagingAreaPermissions(store);
// TODO: mark read only
break;
/* Clear permissions */
case AUTHOR:
case AUTHOR_PREVIEW:
case AUTHOR_WORKFLOW:
case AUTHOR_WORKFLOW_PREVIEW:
// TODO: add app access control
clearPermissions(store);
break;
case STAGING_PREVIEW:
clearPermissions(store);
// TODO: mark read only
break;
case WORKFLOW:
case WORKFLOW_PREVIEW:
clearPermissions(store);
break;
/* non WCM stores - nothing to do */
case UNKNOWN:
default:
break;
}
}
// build the result message
String msg = I18NUtil.getMessage(MSG_SUCCESS);
// done
return msg;
}
private void clearPermissions(AVMStoreDescriptor store)
{
AVMNodeDescriptor www = avmService.lookup(-1, store.getName() + ":/www");
if(www.isLayeredDirectory() && www.isPrimary())
{
// throw away any acl
AVMRepository.GetInstance().setACL(store.getName() + ":/www", null);
// build the default layer acl
avmService.retargetLayeredDirectory(store.getName() + ":/www", www.getIndirection());
}
}
private void setStagingAreaPermissions(AVMStoreDescriptor store)
{
QName propQName = QName.createQName(null, ".web_project.noderef");
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, store.getName() + ":/www");
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
PropertyValue pValue = avmService.getStoreProperty(store.getName(), propQName);
if (pValue != null)
{
NodeRef webProjectNodeRef = (NodeRef)pValue.getValue(DataTypeDefinition.NODE_REF);
// Apply sepcific user permissions as set on the web project
List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(webProjectNodeRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef ref : userInfoRefs)
{
NodeRef userInfoRef = ref.getChildRef();
String username = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
String userrole = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
permissionService.setPermission(dirRef, username, userrole, true);
}
}
}
}