Merged V2.2 to HEAD

7690: Build fix
   7694: AVM permissions


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8443 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/cache-context.xml

@@ -425,6 +425,43 @@
        </property>
    </bean>
    
+	
+   <!-- ===================================== -->
+   <!-- ACL cache                      -->
+   <!-- ===================================== -->
+
+   <!-- The cross-transaction shared cache for Acls -->
+   
+   <bean name="aclSharedCache" class="org.alfresco.repo.cache.EhCacheAdapter">
+      <property name="cache">
+         <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean" >
+            <property name="cacheManager">
+               <ref bean="internalEHCacheManager" />
+            </property>
+            <property name="cacheName">
+               <value>org.alfresco.cache.aclCache</value>
+            </property>
+         </bean>
+      </property>
+   </bean>
+   
+   <!-- The transactional cache for Node Ownership -->
+   
+   <bean name="aclCache" class="org.alfresco.repo.cache.TransactionalCache">
+      <property name="sharedCache">
+         <ref bean="aclSharedCache" />
+      </property>
+      <property name="cacheManager" >
+         <ref bean="transactionalEHCacheManager" />
+      </property>
+      <property name="name">
+         <value>org.alfresco.aclTransactionalCache</value>
+      </property>
+      <property name="maxCacheSize">
+         <value>10000</value>
+      </property>
+   </bean>
+	
    <!-- ===================================== -->
    <!-- Messages Caches                       -->
    <!-- ===================================== -->

config/alfresco/dbscripts/upgrade/2.2/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoSchemaUpdate-2.2-ACL.sql

@@ -8,7 +8,7 @@
 --
 
 -- Add index support for AVM
--- Ideally we would have the indirection in the index but it is too long for mysql
+-- Ideally we would have the indirection in the index but it is too long for mysql which needs additional options
 -- CREATE INDEX idx_avm_lyr_indn on avm_nodes (primary_indirection, indirection(128));
 -- This matches the hibernate schema and should be good enough for the standard WCM use cases
 CREATE INDEX idx_avm_lyr_indn on avm_nodes (primary_indirection);

config/alfresco/ehcache-default.xml

@@ -331,6 +331,12 @@
         eternal="true"
         overflowToDisk="false"
         />
+    <cache 
+        name="org.alfresco.cache.aclCache" 
+        maxElementsInMemory="50000"
+        eternal="true"
+        overflowToDisk="false"
+        />
         
     <!-- Web Client Config (tenant-based) -->
         

config/alfresco/extension/ehcache-custom.xml.sample.cluster

@@ -526,6 +526,20 @@
                                 replicateAsynchronously = false"/>
     </cache>
 
+    <cache
+        name="org.alfresco.cache.aclCache"
+        maxElementsInMemory="50000"
+        eternal="true"
+        overflowToDisk="false">
+
+            <cacheEventListenerFactory
+                    class="net.sf.ehcache.distribution.RMICacheReplicatorFactory"
+                    properties="replicatePuts = false,
+                                replicateUpdates = true,
+                                replicateRemovals = true,
+                                replicateUpdatesViaCopy = false,
+                                replicateAsynchronously = false"/>
+    </cache>
 
     <!-- Web Client Config (tenant-based) -->
         

config/alfresco/hibernate-context.xml

@@ -259,6 +259,9 @@
    <bean id="aclDaoComponent" class="org.alfresco.repo.domain.hibernate.AclDaoComponentImpl">
       <property name="sessionFactory">
          <ref bean="sessionFactory" />
+      </property>
+	  <property name="aclCache">
+         <ref bean="aclCache" />
       </property>
    </bean>
    

config/alfresco/messages/patch-service.properties

@@ -206,3 +206,6 @@ patch.updateAvmPermissionData.result=Changed {0} 'webfolder' access control entr
 
 patch.updateAvmPermissions.description=Update ACLs on all avm objects to the new 2.2 permission model
 patch.updateAvmPermissions.result=Updated ACLs. Created {0} defining and {1} layered ACLs.
+
+patch.wcmPermissionPatch.description=Fix ACLs so they are only set on the staging area store.
+patch.wcmPermissionPatch.result=Updated ACLs: ACLS are moved to the staging area store and removed from all other stores. They are now applied via layering.

config/alfresco/patch/patch-services-context.xml

@@ -1268,8 +1268,8 @@
         <property name="id"><value>patch.db-V2.2-QNames-0-CreateMissingTables</value></property>
         <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
         <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>85</value></property>
+        <property name="fixesToSchema"><value>120</value></property>
-        <property name="targetSchema"><value>86</value></property>
+        <property name="targetSchema"><value>121</value></property>
         <property name="scriptUrl">
             <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-0-create-missing-tables.sql</value>
         </property>
@@ -1283,8 +1283,8 @@
         <property name="id"><value>patch.db-V2.2-QNames-1-DropIndexesAndConstraints</value></property>
         <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
         <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>85</value></property>
+        <property name="fixesToSchema"><value>120</value></property>
-        <property name="targetSchema"><value>86</value></property>
+        <property name="targetSchema"><value>121</value></property>
         <property name="scriptUrl">
             <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-1-drop-indexes-and-constraints.sql</value>
         </property>
@@ -1298,8 +1298,8 @@
         <property name="id"><value>patch.db-V2.2-QNames-2-MoveQNames</value></property>
         <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
         <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>85</value></property>
+        <property name="fixesToSchema"><value>120</value></property>
-        <property name="targetSchema"><value>86</value></property>
+        <property name="targetSchema"><value>121</value></property>
         <property name="scriptUrl">
             <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-2-move-qnames.sql</value>
         </property>
@@ -1313,8 +1313,8 @@
         <property name="id"><value>patch.db-V2.2-QNames-3-PropTypes</value></property>
         <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
         <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>85</value></property>
+        <property name="fixesToSchema"><value>120</value></property>
-        <property name="targetSchema"><value>86</value></property>
+        <property name="targetSchema"><value>121</value></property>
         <property name="scriptUrl">
             <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-3-proptypes.sql</value>
         </property>
@@ -1328,8 +1328,8 @@
         <property name="id"><value>patch.db-V2.2-QNames-4-ExtraIndexesAndConstraints</value></property>
         <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
         <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>85</value></property>
+        <property name="fixesToSchema"><value>120</value></property>
-        <property name="targetSchema"><value>86</value></property>
+        <property name="targetSchema"><value>121</value></property>
         <property name="scriptUrl">
             <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/upgrade-4-extra-indexes-and-constraints.sql</value>
         </property>
@@ -1340,4 +1340,21 @@
         </property>
     </bean>
 
+	<bean id="patch.wcmPermissionPatch" class="org.alfresco.repo.admin.patch.impl.WCMPermissionPatch" parent="basePatch" >
+        <property name="id"><value>patch.wcmPermissionPatch</value></property>
+        <property name="description"><value>patch.wcmPermissionPatch.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>121</value></property>
+        <property name="targetSchema"><value>122</value></property>
+        <!-- helper beans -->
+        <property name="avmService">
+			<ref bean="avmService" />
+		</property>
+		<property name="permissionService">
+			<ref bean="permissionService" />
+		</property>
+		<property name="avmSnapShotTriggeredIndexingMethodInterceptor">
+			<ref bean="avmSnapShotTriggeredIndexingMethodInterceptor" />
+		</property>
+    </bean>
 </beans>

config/alfresco/version.properties

@@ -19,4 +19,4 @@ version.build=@build-number@
 
 # Schema number
 
-version.schema=121
+version.schema=122

source/java/org/alfresco/repo/admin/patch/impl/WCMPermissionPatch.java

@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import java.util.List;
+
+import org.alfresco.i18n.I18NUtil;
+import org.alfresco.model.WCMAppModel;
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.repo.avm.AVMNodeConverter;
+import org.alfresco.repo.avm.AVMRepository;
+import org.alfresco.repo.domain.PropertyValue;
+import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
+import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
+import org.alfresco.service.cmr.avm.AVMService;
+import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
+import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.namespace.QName;
+import org.alfresco.service.namespace.RegexQNamePattern;
+
+/**
+ * Remove ACLs on all but staging area stores On staging area stores, set ACls according to the users and roles as set
+ * on the web site
+ * 
+ * Note: runs as the system user
+ * 
+ * @author andyh
+ */
+public class WCMPermissionPatch extends AbstractPatch
+{
+    private static final String MSG_SUCCESS = "patch.wcmPermissionPatch.result";
+
+    AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor;
+
+    AVMService avmService;
+
+    PermissionService permissionService;
+    
+    public void setAvmService(AVMService avmService)
+    {
+        this.avmService = avmService;
+    }
+
+    public void setAvmSnapShotTriggeredIndexingMethodInterceptor(AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor)
+    {
+        this.avmSnapShotTriggeredIndexingMethodInterceptor = avmSnapShotTriggeredIndexingMethodInterceptor;
+    }
+
+    public void setPermissionService(PermissionService permissionService)
+    {
+        this.permissionService = permissionService;
+    }
+
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        List<AVMStoreDescriptor> stores = avmService.getStores();
+        for (AVMStoreDescriptor store : stores)
+        {
+            switch (avmSnapShotTriggeredIndexingMethodInterceptor.getStoreType(store.getName()))
+            {
+            /* Set permissions in staging */
+            case STAGING:
+                setStagingAreaPermissions(store);
+                // TODO: mark read only
+                break;
+            /* Clear permissions */
+            case AUTHOR:
+            case AUTHOR_PREVIEW:
+            case AUTHOR_WORKFLOW:
+            case AUTHOR_WORKFLOW_PREVIEW:
+                // TODO: add app access control
+                clearPermissions(store);
+                break;
+            case STAGING_PREVIEW:
+                clearPermissions(store);
+                // TODO: mark read only
+                break;
+            case WORKFLOW:
+            case WORKFLOW_PREVIEW:
+                clearPermissions(store);
+                break;
+            /* non WCM stores - nothing to do */
+            case UNKNOWN:
+            default:
+                break;
+            }
+        }
+
+        // build the result message
+        String msg = I18NUtil.getMessage(MSG_SUCCESS);
+        // done
+        return msg;
+    }
+
+    private void clearPermissions(AVMStoreDescriptor store)
+    {
+        AVMNodeDescriptor www = avmService.lookup(-1, store.getName() + ":/www");
+        if(www.isLayeredDirectory() && www.isPrimary())
+        {
+            // throw away any acl
+            AVMRepository.GetInstance().setACL(store.getName() + ":/www", null);
+            // build the default layer acl
+            avmService.retargetLayeredDirectory(store.getName() + ":/www", www.getIndirection());
+        }
+    }
+    
+
+    private void setStagingAreaPermissions(AVMStoreDescriptor store)
+    {
+        QName propQName = QName.createQName(null, ".web_project.noderef");
+
+        NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, store.getName() + ":/www");
+        permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
+
+        PropertyValue pValue = avmService.getStoreProperty(store.getName(), propQName);
+
+        if (pValue != null)
+        {
+            NodeRef webProjectNodeRef = (NodeRef)pValue.getValue(DataTypeDefinition.NODE_REF);
+            
+            // Apply sepcific user permissions as set on the web project
+            List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(webProjectNodeRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
+            for (ChildAssociationRef ref : userInfoRefs)
+            {
+                NodeRef userInfoRef = ref.getChildRef();
+                String username = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
+                String userrole = (String) nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
+
+                permissionService.setPermission(dirRef, username, userrole, true);
+            }
+        }
+    }
+
+}

source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java

@@ -24,6 +24,7 @@
 
 package org.alfresco.repo.avm;
 
+import java.io.IOException;
 import java.io.Serializable;
 import java.util.Date;
 import java.util.HashMap;
@@ -48,6 +49,8 @@ import org.alfresco.repo.security.permissions.impl.ModelDAO;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
 import org.alfresco.service.cmr.avm.AVMService;
+import org.alfresco.service.cmr.avmsync.AVMDifference;
+import org.alfresco.service.cmr.avmsync.AVMSyncService;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -119,6 +122,10 @@ public class AVMServicePermissionsTest extends TestCase
 
     private AVMNodeDAO avmNodeDAO;
 
+    private Object fContext;
+
+    private AVMSyncService avmSyncService;
+
     public AVMServicePermissionsTest()
     {
         super();
@@ -132,6 +139,7 @@ public class AVMServicePermissionsTest extends TestCase
 
         aclDaoComponent = (AclDaoComponent) applicationContext.getBean("aclDaoComponent");
         avmService = (AVMService) applicationContext.getBean("avmService");
+        avmSyncService = (AVMSyncService)applicationContext.getBean("AVMSyncService");
 
         nodeService = (NodeService) applicationContext.getBean("nodeService");
         dictionaryService = (DictionaryService) applicationContext.getBean(ServiceRegistry.DICTIONARY_SERVICE.getLocalName());
@@ -329,6 +337,210 @@ public class AVMServicePermissionsTest extends TestCase
         }
     }
 
+    private boolean checkCanPerformance(String user, String path, String permission, boolean allowed, int count)
+    {
+        String curentUser = AuthenticationUtil.getCurrentUserName();
+        try
+        {
+            runAs(user);
+            AVMNodeDescriptor desc = avmService.lookup(-1, path);
+            AVMNode node = avmNodeDAO.getByID(desc.getId());
+            boolean can = AVMRepository.GetInstance().can(node, permission);
+            long start = System.nanoTime();
+            for(int i = 0; i < count; i++)
+            {
+                can = AVMRepository.GetInstance().can(node, permission);
+            }
+            long end = System.nanoTime();
+            System.out.println("Can in "+((end-start)/1.0e9f));
+            return allowed ? can : !can;
+        }
+        finally
+        {
+            runAs(curentUser);
+        }
+    }
+    
+    private boolean checkHasPermissionsPerformance(String user, String path, String permission, boolean allowed, int count)
+    {
+        String curentUser = AuthenticationUtil.getCurrentUserName();
+        try
+        {
+            runAs(user);
+            NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, path);
+            boolean can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED;
+            long start = System.nanoTime();
+            for(int i = 0; i < count; i++)
+            {
+                can = permissionService.hasPermission(nodeRef, permission) == AccessStatus.ALLOWED;
+            }
+            long end = System.nanoTime();
+            System.out.println("Has Permission in "+((end-start)/1.0e9f));
+            return allowed ? can : !can;
+        }
+        finally
+        {
+            runAs(curentUser);
+        }
+    }
+
+    
+    
+    public void testSimpleUpdate() throws Exception
+    {
+        runAs("admin");
+        String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime());
+        try
+        {
+            buildBaseStructure(storeName);
+            avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir");
+            avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close();
+            
+            AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base");
+            AVMNode node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList acl = node.getAcl();
+            assertNotNull(acl);
+            acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId()));
+            assertNotNull(acl);
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList dirAcl = node.getAcl();
+            assertNotNull(dirAcl);
+            assertTrue(acl.getId() == dirAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList fileAcl = node.getAcl();
+            assertNotNull(fileAcl);
+            assertTrue(acl.getId() == fileAcl.getId());
+            
+            
+            avmService.createSnapshot(storeName, "store", "store");
+            avmService.createSnapshot(storeName + "-layer-base", "store", "store");
+            
+            List<AVMDifference> diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null);
+            
+            avmSyncService.update(diffs, null, false, false, false, false, "A", "A");
+            
+            
+            desc = avmService.lookup(-1, storeName + ":/base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            dirAcl = node.getAcl();
+            assertNull(dirAcl);
+            
+            desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            fileAcl = node.getAcl();
+            assertNull(fileAcl);
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            dirAcl = node.getAcl();
+            assertNotNull(dirAcl);
+            assertTrue(acl.getId() == dirAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            fileAcl = node.getAcl();
+            assertNull(fileAcl);
+        }
+        finally
+        {
+            avmService.purgeStore(storeName);
+            avmService.purgeStore(storeName + "-layer-base");
+            avmService.purgeStore(storeName + "-layer-a");
+            avmService.purgeStore(storeName + "-layer-b");
+            avmService.purgeStore(storeName + "-layer-c");
+            avmService.purgeStore(storeName + "-layer-d");
+            avmService.purgeStore(storeName + "-layer-layer-base");
+            avmService.purgeStore(storeName + "-layer-layer-layer-base");
+        }
+    }
+    
+    public void testUpdateWithPermissions() throws Exception
+    {
+        runAs("admin");
+        String storeName = "PermissionsTest-" + getName() + "-" + (new Date().getTime());
+        try
+        {
+            buildBaseStructure(storeName);
+            
+            AVMNodeDescriptor nodeDesc = avmService.lookup(-1, storeName + ":/base");
+            NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath());
+            permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true);
+            Long baseAcl = avmNodeDAO.getByID(nodeDesc.getId()).getAcl().getId();
+            Long inheritedBaseAcl = aclDaoComponent.getInheritedAccessControlList(baseAcl);
+            
+            
+            avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir");
+            avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close();
+            
+            AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base");
+            AVMNode node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList acl = node.getAcl();
+            assertNotNull(acl);
+            acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId()));
+            assertNotNull(acl);
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList dirAcl = node.getAcl();
+            assertNotNull(dirAcl);
+            assertTrue(acl.getId() == dirAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            DbAccessControlList fileAcl = node.getAcl();
+            assertNotNull(fileAcl);
+            assertTrue(acl.getId() == fileAcl.getId());
+            
+            
+            avmService.createSnapshot(storeName, "store", "store");
+            avmService.createSnapshot(storeName + "-layer-base", "store", "store");
+            
+            List<AVMDifference> diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null);
+            
+            avmSyncService.update(diffs, null, false, false, false, false, "A", "A");
+            
+            
+            desc = avmService.lookup(-1, storeName + ":/base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            dirAcl = node.getAcl();
+            assertNotNull(dirAcl);
+            assertEquals(inheritedBaseAcl, dirAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            fileAcl = node.getAcl();
+            assertNotNull(fileAcl);
+            assertEquals(inheritedBaseAcl, fileAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir");
+            node = avmNodeDAO.getByID(desc.getId());
+            dirAcl = node.getAcl();
+            assertNotNull(dirAcl);
+            assertTrue(acl.getId() == dirAcl.getId());
+            
+            desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file");
+            node = avmNodeDAO.getByID(desc.getId());
+            fileAcl = node.getAcl();
+            assertNotNull(fileAcl);
+            assertEquals(inheritedBaseAcl, fileAcl.getId());
+        }
+        finally
+        {
+            avmService.purgeStore(storeName);
+            avmService.purgeStore(storeName + "-layer-base");
+            avmService.purgeStore(storeName + "-layer-a");
+            avmService.purgeStore(storeName + "-layer-b");
+            avmService.purgeStore(storeName + "-layer-c");
+            avmService.purgeStore(storeName + "-layer-d");
+            avmService.purgeStore(storeName + "-layer-layer-base");
+            avmService.purgeStore(storeName + "-layer-layer-layer-base");
+        }
+    }
+    
     public void testComplexStore_AlterInheritance()
     {
         runAs("admin");
@@ -373,6 +585,11 @@ public class AVMServicePermissionsTest extends TestCase
             assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.READ, true));
             assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.ALL_PERMISSIONS, true));
 
+            // performance
+            
+            checkCanPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000);
+            checkHasPermissionsPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000);
+            
             String[] excludeL = new String[] { storeName + "-layer-base:/layer-to-base/d-d/layer-d-a" };
             String[] excludeLL = new String[] { storeName + "-layer-layer-base:/layer-to-layer-to-base/d-d/layer-d-a" };
             String[] excludeLLL = new String[] { storeName + "-layer-layer-layer-base:/layer-to-layer-to-layer-to-base/d-d/layer-d-a" };

source/java/org/alfresco/repo/avm/AVMSyncServiceImpl.java

@@ -30,6 +30,9 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.domain.hibernate.DbAccessControlListImpl;
+import org.alfresco.repo.security.permissions.ACLCopyMode;
 import org.alfresco.service.cmr.avm.AVMBadArgumentException;
 import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
 import org.alfresco.service.cmr.avm.AVMNotFoundException;
@@ -504,7 +507,51 @@ public class AVMSyncServiceImpl implements AVMSyncService
             recursiveCopy(parentPath, name, toLink, excluder);
             return;
         }
+       
         fAVMService.link(parentPath, name, toLink);
+        
+        String newPath = AVMNodeConverter.ExtendAVMPath(parentPath, name);
+        
+        DbAccessControlList parentAcl= getACL(parentPath);
+        DbAccessControlList acl = getACL(toLink.getPath());
+        setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY));
+    }
+
+    /*
+     * Get acl
+     */
+    private DbAccessControlList getACL(String path)
+    {
+        Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false);
+        if (lookup != null)
+        {
+            AVMNode node = lookup.getCurrentNode();
+            return node.getAcl();
+        }
+        else
+        {
+            return null;
+        }
+    }
+    
+    /*
+     * Set ACL without COW
+     */
+    private void setACL(String path, DbAccessControlList acl)
+    {
+        Lookup lookup = AVMRepository.GetInstance().lookup(-1, path, false);
+        if (lookup != null)
+        {
+            AVMNode node = lookup.getCurrentNode();
+            // May be support an unwrapped getById to avoid this monkey madness
+            AVMDAOs.Instance().fAVMNodeDAO.evict(node);
+            node = AVMDAOs.Instance().fAVMNodeDAO.getByID(node.getId());
+            node.setAcl(acl);
+        }
+        else
+        {
+            return;
+        }
     }
     
     /**
@@ -545,6 +592,10 @@ public class AVMSyncServiceImpl implements AVMSyncService
         if (toCopy.isFile() || toCopy.isDeleted() || toCopy.isPlainDirectory())
         {
             fAVMRepository.link(parent, name, toCopy);
+            // needs to get the acl from the new location
+            DbAccessControlList parentAcl = getACL(parent.getPath());
+            DbAccessControlList acl = getACL(toCopy.getPath());
+            setACL(newPath, acl == null ? null : acl.getCopy(parentAcl == null ? null : parentAcl.getId(), ACLCopyMode.COPY));
             return;
         }
         // Otherwise make a directory in the target parent, and recursiveCopy all the source

source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java

@@ -31,6 +31,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import org.alfresco.repo.cache.SimpleCache;
 import org.alfresco.repo.domain.DbAccessControlEntry;
 import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.DbAccessControlListChangeSet;
@@ -91,6 +92,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
 
     static String QUERY_GET_LATEST_ACL_BY_ACLID = "permission.FindLatestAclByGuid";
 
+    /** a transactionally-safe cache to be injected */
+    private SimpleCache<Long, AccessControlList> aclCache;
+    
     private enum WriteMode
     {
         TRUNCATE_INHERITED, ADD_INHERITED, CHANGE_INHERITED, REMOVE_INHERITED, INSERT_INHERITED, COPY_UPDATE_AND_INHERIT, COPY_ONLY;
@@ -102,6 +106,15 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         DbAccessControlListImpl.setAclDaoComponent(this);
     }
 
+    
+    
+    public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
+    {
+        this.aclCache = aclCache;
+    }
+
+
+
     public DbAccessControlList getDbAccessControlList(Long id)
     {
         if (id == null)
@@ -321,6 +334,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id);
         if (!acl.isLatest())
         {
+            aclCache.remove(id);
             return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
         }
 
@@ -355,6 +369,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             {
                 acl.setInheritsFrom(inheritsFrom);
             }
+            aclCache.remove(id);
             return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
         }
         else if ((acl.getAclChangeSet() == getCurrentChangeSet()) && (!requiresVersion) && (!acl.getRequiresVersion()))
@@ -388,6 +403,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             {
                 acl.setInheritsFrom(inheritsFrom);
             }
+            aclCache.remove(id);
             return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
         }
         else
@@ -487,6 +503,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             // fix up old version
             acl.setLatest(Boolean.FALSE);
             acl.setRequiresVersion(Boolean.FALSE);
+            aclCache.remove(id);
             return new AclChangeImpl(id, created, acl.getAclType(), newAcl.getAclType());
         }
 
@@ -708,6 +725,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             // Delete acl entry
             DbAccessControlListMember member = (DbAccessControlListMember) getHibernateTemplate().get(DbAccessControlListMemberImpl.class, (Long) ids[0]);
             Long aclId = ((Long) ids[1]);
+            aclCache.remove(aclId);
             DbAccessControlList list = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, aclId);
             acls.add(new AclChangeImpl(aclId, aclId, list.getAclType(), list.getAclType()));
             getHibernateTemplate().delete(member);
@@ -740,6 +758,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             getHibernateTemplate().delete(dbAuthority);
         }
 
+        // TODO: Remove affected ACLs from the cache
+
         return acls;
     }
 
@@ -762,7 +782,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         {
             getHibernateTemplate().delete(member);
         }
-
+        aclCache.remove(id);
     }
 
     @SuppressWarnings("unchecked")
@@ -785,6 +805,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             if (acl.getInheritedAclId() != -1)
             {
                 final DbAccessControlList inherited = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, acl.getInheritedAclId());
+                // Will remove from the cache
                 getWritable(inherited.getId(), acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
                 DbAccessControlList unusedInherited = null;
                 for (AclChange change : acls)
@@ -808,6 +829,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
                 List<Long> inheritors = (List<Long>) getHibernateTemplate().execute(callback);
                 for (Long nextId : inheritors)
                 {
+                    // Will remove from the cache
                     getWritable(nextId, acl.getInheritsFrom(), null, null, acl.getInheritsFrom(), true, acls, WriteMode.REMOVE_INHERITED);
                 }
 
@@ -852,6 +874,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             List<Long> inheritors = (List<Long>) getHibernateTemplate().execute(callback);
             for (Long nextId : inheritors)
             {
+                // Will remove from the cache
                 getWritable(nextId, acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
             }
         }
@@ -882,6 +905,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             getHibernateTemplate().delete(acl);
         }
 
+        // remove the deleted acl from the cache
+        aclCache.remove(id);
         acls.add(new AclChangeImpl(id, null, acl.getAclType(), null));
         return acls;
     }
@@ -891,6 +916,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         List<AclChange> changes = new ArrayList<AclChange>();
         SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
         pattern.setPosition(Integer.valueOf(0));
+        // Will remove from the cache
         getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
         return changes;
     }
@@ -900,6 +926,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         List<AclChange> changes = new ArrayList<AclChange>();
         SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
         pattern.setPosition(Integer.valueOf(-1));
+        // Will remove from the cache
         getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
         return changes;
     }
@@ -907,6 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
     public List<AclChange> deleteAccessControlEntries(Long id, AccessControlEntry pattern)
     {
         List<AclChange> changes = new ArrayList<AclChange>();
+        // Will remove from the cache
         getWritable(id, null, pattern, null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
         return changes;
     }
@@ -917,7 +945,23 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
     }
 
     @SuppressWarnings("unchecked")
-    public AccessControlList getAccessControlList(final Long id)
+    public AccessControlList getAccessControlList(Long id)
+    {
+        AccessControlList acl = aclCache.get(id);
+        if(acl == null)
+        {
+            acl = getAccessControlListImpl(id);
+            aclCache.put(id, acl);
+        }
+        else
+        {
+            //System.out.println("Used cache for "+id);
+        }
+        return acl;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public AccessControlList getAccessControlListImpl(final Long id)
     {
         SimpleAccessControlList acl = new SimpleAccessControlList();
         AccessControlListProperties properties = getAccessControlListProperties(id);
@@ -1121,6 +1165,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         {
             actualInheritedId = getInheritedAccessControlList(actualInheritedId);
         }
+        // Will remove from the cache
         getWritable(target, actualInheritedId, null, null, actualInheritedId, true, changes, WriteMode.CHANGE_INHERITED);
 
         return changes;
@@ -1229,6 +1274,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         exclude.setPosition(0);
         List<DbAccessControlEntry> toAdd = new ArrayList<DbAccessControlEntry>(1);
         toAdd.add(entry);
+        // Will remove from the cache
         getWritable(id, null, exclude, toAdd, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
 
         return changes;
@@ -1247,6 +1293,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
             throw new IllegalArgumentException("Fixed and global permissions can not inherit");
         case OLD:
             acl.setInherits(Boolean.TRUE);
+            aclCache.remove(id);
             changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
             return changes;
         case SHARED:
@@ -1258,12 +1305,14 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         default:
             if (!acl.getInherits())
             {
+                // Will remove from the cache
                 getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
                 acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter());
                 acl.setInherits(Boolean.TRUE);
             }
             else
             {
+                // Will remove from the cache
                 getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
             }
 
@@ -1281,7 +1330,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         case GLOBAL:
             return Collections.<AclChange> singletonList(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
         case OLD:
+
             acl.setInherits(Boolean.FALSE);
+            aclCache.remove(id);
             changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
             return changes;
         case SHARED:
@@ -1314,11 +1365,13 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         case COW:
             aclToCopy = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, toCopy);
             aclToCopy.setRequiresVersion(true);
+            aclCache.remove(toCopy);
             inheritedId = getInheritedAccessControlList(toCopy);
             if ((inheritedId != null) && (!inheritedId.equals(toCopy)))
             {
                 DbAccessControlList inheritedAcl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, inheritedId);
                 inheritedAcl.setRequiresVersion(true);
+                aclCache.remove(inheritedId);
             }
             return toCopy;
         case REDIRECT:
@@ -1339,6 +1392,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
                 {
                     return toCopy;
                 }
+                // manages cache clearing beneath
                 List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
                 for (AclChange change : changes)
                 {
@@ -1468,15 +1522,17 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
         {
             return Collections.<AclChange> emptyList();
         }
+        // Manges caching
         getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
         acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, changes.get(0).getAfter());
         final Long inheritsFrom = acl.getInheritsFrom();
         acl.setInherits(Boolean.FALSE);
         // Keep inherits from so we can reinstate if required
         // acl.setInheritsFrom(-1l);
+        // Manges caching
         getWritable(acl.getId(), null, null, null, null, true, changes, WriteMode.TRUNCATE_INHERITED);
 
-        // set Inherited
+        // set Inherited - TODO: UNTESTED
 
         if ((inheritsFrom != null) && (inheritsFrom != -1) && setInheritedOnAcl)
         {

source/java/org/alfresco/repo/rule/RuleServiceCoverageTest.java

@@ -125,7 +125,7 @@ public class RuleServiceCoverageTest extends TestCase
      * Category related values
      */
     private static final String TEST_NAMESPACE = "http://www.alfresco.org/test/rulesystemtest";
-    private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "region");
+    private static final QName CAT_PROP_QNAME = QName.createQName(TEST_NAMESPACE, "Region");
     private QName regionCategorisationQName;
     private NodeRef catContainer;
     private NodeRef catRoot;

source/java/org/alfresco/repo/search/AVMSnapShotTriggeredIndexingMethodInterceptor.java

@@ -404,7 +404,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte
         }
     }
 
-    private StoreType getStoreType(String name)
+    public StoreType getStoreType(String name)
     {
         if (avmService.getStore(name) != null)
         {
@@ -457,7 +457,7 @@ public class AVMSnapShotTriggeredIndexingMethodInterceptor implements MethodInte
         NAME, TYPE;
     }
 
-    private enum StoreType
+    public enum StoreType
     {
         STAGING, STAGING_PREVIEW, AUTHOR, AUTHOR_PREVIEW, WORKFLOW, WORKFLOW_PREVIEW, AUTHOR_WORKFLOW, AUTHOR_WORKFLOW_PREVIEW, UNKNOWN;
     }

source/java/org/alfresco/repo/security/permissions/AccessControlEntry.java

@@ -24,9 +24,11 @@
  */
 package org.alfresco.repo.security.permissions;
 
+import java.io.Serializable;
+
 import org.alfresco.service.cmr.security.AccessStatus;
 
-public interface AccessControlEntry extends Comparable<AccessControlEntry>
+public interface AccessControlEntry extends Comparable<AccessControlEntry>, Serializable
 {
     public Integer getPosition();
 

source/java/org/alfresco/repo/security/permissions/AccessControlEntryContext.java

@@ -24,7 +24,9 @@
  */
 package org.alfresco.repo.security.permissions;
 
-public interface AccessControlEntryContext
+import java.io.Serializable;
+
+public interface AccessControlEntryContext extends Serializable
 {
     /**
      * Get the class context.

source/java/org/alfresco/repo/security/permissions/AccessControlList.java

@@ -24,9 +24,10 @@
  */
 package org.alfresco.repo.security.permissions;
 
+import java.io.Serializable;
 import java.util.List;
 
-public interface AccessControlList
+public interface AccessControlList extends Serializable
 {
     /**
      * Get the properties

source/java/org/alfresco/repo/security/permissions/AccessControlListProperties.java

@@ -24,8 +24,10 @@
  */
 package org.alfresco.repo.security.permissions;
 
+import java.io.Serializable;
 
-public interface AccessControlListProperties
+
+public interface AccessControlListProperties extends Serializable
 {
     /**
      * Get the ACL ID

source/java/org/alfresco/repo/security/permissions/PermissionReference.java

@@ -24,6 +24,8 @@
  */
 package org.alfresco.repo.security.permissions;
 
+import java.io.Serializable;
+
 import org.alfresco.service.namespace.QName;
 
 /**
@@ -32,7 +34,7 @@ import org.alfresco.service.namespace.QName;
  * 
  * @author Andy Hind
  */
-public interface PermissionReference
+public interface PermissionReference extends Serializable
 {
 
     /**

source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntry.java

@@ -29,6 +29,11 @@ import org.alfresco.service.cmr.security.AuthorityType;
 
 public class SimpleAccessControlEntry implements AccessControlEntry
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -3099789485179796034L;
+
     private AccessStatus accessStatus;
     
     private ACEType aceType;

source/java/org/alfresco/repo/security/permissions/SimpleAccessControlEntryContext.java

@@ -27,6 +27,11 @@ package org.alfresco.repo.security.permissions;
 
 public class SimpleAccessControlEntryContext implements AccessControlEntryContext
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -5679179194140822827L;
+
     private String classContext;
     
     private String KVPContext;

source/java/org/alfresco/repo/security/permissions/SimpleAccessControlList.java

@@ -5,6 +5,11 @@ import java.util.List;
 
 public class SimpleAccessControlList implements AccessControlList
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -1859514919998903150L;
+
     private AccessControlListProperties properties;
     
     private List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();

source/java/org/alfresco/repo/security/permissions/SimpleAccessControlListProperties.java

@@ -26,6 +26,11 @@ package org.alfresco.repo.security.permissions;
 
 public class SimpleAccessControlListProperties implements AccessControlListProperties
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 6476760867405494520L;
+
     private String aclId;
     
     private ACLType aclType;

source/java/org/alfresco/repo/security/permissions/impl/PermissionReferenceImpl.java

@@ -35,6 +35,11 @@ import org.alfresco.service.namespace.QName;
  */
 public class PermissionReferenceImpl extends AbstractPermissionReference
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -8639601925783501443L;
+
     private QName qName;
     
     private String name;

source/java/org/alfresco/repo/security/permissions/impl/RequiredPermission.java

@@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName;
  */
 public final class RequiredPermission extends PermissionReferenceImpl
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 4840771159714835909L;
+
     public enum On {
         PARENT, NODE, CHILDREN
     };

source/java/org/alfresco/repo/security/permissions/impl/SimplePermissionReference.java

@@ -33,6 +33,11 @@ import org.alfresco.service.namespace.QName;
  */
 public final class SimplePermissionReference extends AbstractPermissionReference
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 637302438293417818L;
+
     /*
      * The type
      */

source/java/org/alfresco/repo/security/permissions/impl/model/DynamicPermission.java

@@ -35,6 +35,11 @@ import org.dom4j.Element;
  */
 public class DynamicPermission extends AbstractPermission implements XMLModelInitialisable
 {
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 8060533686472973313L;
+
     private static final String EVALUATOR = "evaluator";
     
     private String evaluatorFullyQualifiedClassName;

source/java/org/alfresco/repo/security/permissions/impl/model/Permission.java

@@ -46,6 +46,11 @@ public class Permission extends AbstractPermission implements XMLModelInitialisa
 {
     // XML Constants
     
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -4560426591597681329L;
+
     private static final String GRANTED_TO_GROUP = "grantedToGroup";
     
     private static final String GTG_NAME = "permissionGroup";

source/java/org/alfresco/repo/security/permissions/impl/model/PermissionGroup.java

@@ -46,6 +46,11 @@ public final class PermissionGroup extends AbstractPermissionReference implement
 {
     // XML Constants
     
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 7879839657714155737L;
+
     private static final String NAME = "name";
     
     private static final String EXTENDS = "extends";