inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Import permissions and permission inheritance.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2108 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
David Caruana
2006-01-13 15:22:15 +00:00
parent 6c65b84a91
commit 4fd84a9595
9 changed files with 331 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/core-services-context.xml
View File

@@ -658,6 +658,9 @@
<property name="ruleService">
<ref bean="ruleService" />
</property>
<property name="permissionService">
<ref bean="permissionService" />
</property>
</bean>
<bean id="systemBootstrap" class="org.alfresco.repo.importer.ImporterBootstrap" init-method="bootstrap" depends-on="nodeIndexer, auditableAspect">

12
source/java/org/alfresco/repo/importer/ImportNode.java
View File

@@ -17,12 +17,14 @@
package org.alfresco.repo.importer;
import java.io.Serializable;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.dictionary.TypeDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.namespace.QName;
@@ -78,4 +80,14 @@ public interface ImportNode
*/
public Set<QName> getNodeAspects();
/**
* @return true => the node inherits permissions from its parent
*/
public boolean getInheritPermissions();
/**
* @return the permissions applied to this node
*/
public List<AccessPermission> getAccessControlEntries();
}

13
source/java/org/alfresco/repo/importer/ImporterBootstrap.java
View File

@@ -36,6 +36,7 @@ import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.view.ImporterBinding;
import org.alfresco.service.cmr.view.ImporterException;
import org.alfresco.service.cmr.view.ImporterProgress;
@@ -477,6 +478,17 @@ public class ImporterBootstrap
logger.debug("Property " + property + " set to value " + value + " on node " + nodeRef);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.view.ImporterProgress#permissionSet(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.security.AccessPermission)
*/
public void permissionSet(NodeRef nodeRef, AccessPermission permission)
{
if (logger.isDebugEnabled())
logger.debug("Permission " + permission.getPermission() + " set on node " + nodeRef + " (authority=" + permission.getAuthority() +
", accessStatus=" + permission.getAccessStatus() + ")");
}
/* (non-Javadoc)
* @see org.alfresco.repo.importer.Progress#aspectAdded(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@@ -485,7 +497,6 @@ public class ImporterBootstrap
if (logger.isDebugEnabled())
logger.debug("Added aspect " + aspect + " to node " + nodeRef);
}
}
/**

57
source/java/org/alfresco/repo/importer/ImporterComponent.java
View File

@@ -51,6 +51,9 @@ import org.alfresco.service.cmr.rule.RuleService;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.view.ImportPackageHandler;
import org.alfresco.service.cmr.view.ImporterBinding;
import org.alfresco.service.cmr.view.ImporterException;
@@ -88,6 +91,7 @@ public class ImporterComponent
private SearchService searchService;
private ContentService contentService;
private RuleService ruleService;
private PermissionService permissionService;
// binding markers
private static final String START_BINDING_MARKER = "${";
@@ -160,6 +164,15 @@ public class ImporterComponent
this.ruleService = ruleService;
}
/**
* @param permissionService permissionService
*/
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
/* (non-Javadoc)
* @see org.alfresco.service.cmr.view.ImporterService#importView(java.io.InputStreamReader, org.alfresco.service.cmr.view.Location, java.util.Properties, org.alfresco.service.cmr.view.ImporterProgress)
*/
@@ -876,6 +889,23 @@ public class ImporterComponent
}
}
/**
* Helper to report permission set progress
*
* @param nodeRef
* @param permissions
*/
private void reportPermissionSet(NodeRef nodeRef, List<AccessPermission> permissions)
{
if (progress != null)
{
for (AccessPermission permission : permissions)
{
progress.permissionSet(nodeRef, permission);
}
}
}
/**
* Import strategy where imported nodes are always created regardless of whether a
* node of the same UUID already exists in the repository
@@ -950,17 +980,25 @@ public class ImporterComponent
// Create Node
ChildAssociationRef assocRef = nodeService.createNode(parentRef, assocType, childQName, nodeType.getName(), initialProperties);
NodeRef nodeRef = assocRef.getChildRef();
// Apply permissions
boolean inheritPermissions = node.getInheritPermissions();
if (!inheritPermissions)
{
permissionService.setInheritParentPermissions(nodeRef, false);
}
List<AccessPermission> permissions = node.getAccessControlEntries();
for (AccessPermission permission : permissions)
{
permissionService.setPermission(nodeRef, permission.getAuthority(), permission.getPermission(), permission.getAccessStatus().equals(AccessStatus.ALLOWED));
}
// Disable behaviour for the node until the complete node (and its children have been imported)
for (QName disabledBehaviour : disabledBehaviours)
{
behaviourFilter.enableBehaviour(disabledBehaviour);
}
// Report creation
NodeRef nodeRef = assocRef.getChildRef();
reportNodeCreated(assocRef);
reportPropertySet(nodeRef, initialProperties);
// Disable behaviour for the node until the complete node (and its children have been imported)
for (QName disabledBehaviour : disabledBehaviours)
{
behaviourFilter.disableBehaviour(nodeRef, disabledBehaviour);
@@ -968,6 +1006,11 @@ public class ImporterComponent
// TODO: Replace this with appropriate rule/action import handling
ruleService.disableRules(nodeRef);
// Report creation
reportNodeCreated(assocRef);
reportPropertySet(nodeRef, initialProperties);
reportPermissionSet(nodeRef, permissions);
// return newly created node reference
return nodeRef;
}

6
source/java/org/alfresco/repo/importer/ImporterComponentTest.java
View File

@@ -25,6 +25,7 @@ import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.view.ImporterProgress;
import org.alfresco.service.cmr.view.ImporterService;
import org.alfresco.service.cmr.view.Location;
@@ -111,6 +112,11 @@ public class ImporterComponentTest extends BaseSpringTest
{
System.out.println("TestProgress: added aspect " + aspect + " to node ");
}
public void permissionSet(NodeRef nodeRef, AccessPermission permission)
{
System.out.println("TestProgress: added permission " + permission.getPermission() + " to node ");
}
}

95
source/java/org/alfresco/repo/importer/view/NodeContext.java
View File

@@ -35,6 +35,9 @@ import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.cmr.dictionary.TypeDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.QName;
@@ -57,6 +60,10 @@ public class NodeContext extends ElementContext
private Map<QName, Serializable> nodeProperties = new HashMap<QName, Serializable>();
private Map<QName, DataTypeDefinition> propertyDatatypes = new HashMap<QName, DataTypeDefinition>();
// permissions
private boolean inherit = true;
private List<AccessPermission> accessControlEntries = new ArrayList<AccessPermission>();
/**
* Construct
@@ -148,6 +155,22 @@ public class NodeContext extends ElementContext
this.childName = childName;
}
/*
* @param inherit determines if node inherits permissions from parent
*/
public void setInheritPermissions(boolean inherit)
{
this.inherit = inherit;
}
/**
* @return true => node inherits permissions from parent
*/
public boolean getInheritPermissions()
{
return this.inherit;
}
/**
* Adds a collection property to the node
*
@@ -272,6 +295,32 @@ public class NodeContext extends ElementContext
return nodeAspects.keySet();
}
/**
* Adds an Access Control Entry
*
* @param accessStatus
* @param authority
* @param permission
*/
public void addAccessControlEntry(AccessStatus accessStatus, String authority, String permission)
{
ACE ace = new ACE();
ace.accessStatus = accessStatus;
ace.authority = authority;
ace.permission = permission;
accessControlEntries.add(ace);
}
/**
* Gets the Access Control Entries
*
* @return access control entries
*/
public List<AccessPermission> getAccessControlEntries()
{
return accessControlEntries;
}
/**
* Determine the type of definition (aspect, property, association) from the
* specified name
@@ -378,4 +427,50 @@ public class NodeContext extends ElementContext
",aspects=" + nodeAspects.values() + ",parentContext=" + parentContext.toString() + "]";
}
/**
* Access Control Entry
*/
private class ACE implements AccessPermission
{
private AccessStatus accessStatus;
private String authority;
private String permission;
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.AccessPermission#getPermission()
*/
public String getPermission()
{
return permission;
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.AccessPermission#getAccessStatus()
*/
public AccessStatus getAccessStatus()
{
return accessStatus;
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.AccessPermission#getAuthority()
*/
public String getAuthority()
{
return authority;
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.AccessPermission#getAuthorityType()
*/
public AuthorityType getAuthorityType()
{
return null;
}
}
}

136
source/java/org/alfresco/repo/importer/view/ViewParser.java
View File

@@ -29,6 +29,7 @@ import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.cmr.dictionary.TypeDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.view.ImporterException;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
@@ -52,12 +53,19 @@ public class ViewParser implements Parser
private static final String VIEW_CHILD_NAME_ATTR = "childName";
private static final String VIEW_DATATYPE_ATTR = "datatype";
private static final String VIEW_ISNULL_ATTR = "isNull";
private static final String VIEW_INHERIT_PERMISSIONS_ATTR = "inherit";
private static final String VIEW_ACCESS_STATUS_ATTR = "access";
private static final QName VIEW_METADATA = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "metadata");
private static final QName VIEW_VALUE_QNAME = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "value");
private static final QName VIEW_VALUES_QNAME = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "values");
private static final QName VIEW_ASPECTS = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "aspects");
private static final QName VIEW_PROPERTIES = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "properties");
private static final QName VIEW_ASSOCIATIONS = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "associations");
private static final QName VIEW_ACL = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "acl");
private static final QName VIEW_ACE = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "ace");
private static final QName VIEW_AUTHORITY = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "authority");
private static final QName VIEW_PERMISSION = QName.createQName(NamespaceService.REPOSITORY_VIEW_1_0_URI, "permission");
// XML Pull Parser Factory
private XmlPullParserFactory factory;
@@ -170,7 +178,7 @@ public class ViewParser implements Parser
{
contextStack.push(new MetaDataContext(defName, (ElementContext)context));
}
else if (defName.equals(VIEW_ASPECTS) || defName.equals(VIEW_PROPERTIES) || defName.equals(VIEW_ASSOCIATIONS))
else if (defName.equals(VIEW_ASPECTS) || defName.equals(VIEW_PROPERTIES) || defName.equals(VIEW_ASSOCIATIONS) || defName.equals(VIEW_ACL))
{
if (context instanceof NodeItemContext)
{
@@ -182,6 +190,12 @@ public class ViewParser implements Parser
}
NodeContext nodeContext = (NodeContext)context;
contextStack.push(new NodeItemContext(defName, nodeContext));
// process ACL specific attributes
if (defName.equals(VIEW_ACL))
{
processACL(xpp, contextStack);
}
}
else
{
@@ -259,6 +273,10 @@ public class ViewParser implements Parser
}
processStartChildAssoc(xpp, def, contextStack);
}
else if (itemName.equals(VIEW_ACL))
{
processAccessControlEntry(xpp, contextStack);
}
}
}
}
@@ -369,6 +387,122 @@ public class ViewParser implements Parser
logger.debug(indentLog("Processed aspect " + aspectDef.getName(), contextStack.size()));
}
/**
* Process ACL definition
*
* @param xpp
* @param contextStack
*/
private void processACL(XmlPullParser xpp, Stack<ElementContext> contextStack)
{
NodeContext context = peekNodeContext(contextStack);
String strInherit = xpp.getAttributeValue(NamespaceService.REPOSITORY_VIEW_1_0_URI, VIEW_INHERIT_PERMISSIONS_ATTR);
if (strInherit != null)
{
Boolean inherit = Boolean.valueOf(strInherit);
if (!inherit)
{
context.setInheritPermissions(false);
}
}
}
/**
* Process ACE definition
*
* @param xpp
* @param contextStack
* @throws XmlPullParserException
* @throws IOException
*/
private void processAccessControlEntry(XmlPullParser xpp, Stack<ElementContext> contextStack)
throws XmlPullParserException, IOException
{
NodeContext context = peekNodeContext(contextStack);
QName defName = getName(xpp);
if (!defName.equals(VIEW_ACE))
{
throw new ImporterException("Expected start element " + VIEW_ACE);
}
// extract Access Status
String access = xpp.getAttributeValue(NamespaceService.REPOSITORY_VIEW_1_0_URI, VIEW_ACCESS_STATUS_ATTR);
AccessStatus accessStatus = (access == null) ? AccessStatus.ALLOWED : AccessStatus.valueOf(AccessStatus.class, access);
if (accessStatus == null)
{
throw new ImporterException("Permission access status '" + access + "' is not recognised.");
}
// extract authority and permission
String authority = null;
String permission = null;
int eventType = xpp.next();
while (eventType != XmlPullParser.END_TAG)
{
if (eventType == XmlPullParser.START_TAG)
{
defName = getName(xpp);
if (defName.equals(VIEW_AUTHORITY))
{
eventType = xpp.next();
if (eventType != XmlPullParser.TEXT)
{
throw new ImporterException("Element " + VIEW_AUTHORITY + " must have a value");
}
authority = xpp.getText();
}
else if (defName.equals(VIEW_PERMISSION))
{
eventType = xpp.next();
if (eventType != XmlPullParser.TEXT)
{
throw new ImporterException("Element " + VIEW_PERMISSION + " must have a value");
}
permission = xpp.getText();
}
else
{
throw new ImporterException("Expected start element " + VIEW_AUTHORITY + " or " + VIEW_PERMISSION);
}
eventType = xpp.next();
if (eventType != XmlPullParser.END_TAG)
{
throw new ImporterException("Expected end element " + defName);
}
QName endDefName = getName(xpp);
if (!defName.equals(endDefName))
{
throw new ImporterException("Expected end element " + defName);
}
}
eventType = xpp.next();
}
// validate authority and permission
if (authority == null || authority.length() == 0)
{
throw new ImporterException("Authority must be specified");
}
if (permission == null || permission.length() == 0)
{
throw new ImporterException("Permisssion must be specified");
}
// extract end of ace
defName = getName(xpp);
if (!defName.equals(VIEW_ACE))
{
throw new ImporterException("Expected end element " + VIEW_ACE);
}
// update node context
context.addAccessControlEntry(accessStatus, authority, permission);
}
/**
* Process property definition
*

9
source/java/org/alfresco/service/cmr/view/ImporterProgress.java
View File

@@ -19,6 +19,7 @@ package org.alfresco.service.cmr.view;
import java.io.Serializable;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.namespace.QName;
@@ -57,6 +58,14 @@ public interface ImporterProgress
*/
public void propertySet(NodeRef nodeRef, QName property, Serializable value);
/**
* Report setting of a permission
*
* @param nodeRef the node ref
* @param permission the permission
*/
public void permissionSet(NodeRef nodeRef, AccessPermission permission);
/**
* Report addition of an aspect
*

8
source/java/org/alfresco/tools/Import.java
View File

@@ -24,6 +24,7 @@ import org.alfresco.repo.importer.ACPImportPackageHandler;
import org.alfresco.repo.importer.FileImportPackageHandler;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.view.ImportPackageHandler;
import org.alfresco.service.cmr.view.ImporterException;
import org.alfresco.service.cmr.view.ImporterProgress;
@@ -299,6 +300,13 @@ public class Import extends Tool
{
}
/* (non-Javadoc)
* @see org.alfresco.service.cmr.view.ImporterProgress#permissionSet(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.security.AccessPermission)
*/
public void permissionSet(NodeRef nodeRef, AccessPermission permission)
{
}
/* (non-Javadoc)
* @see org.alfresco.service.cmr.view.ImporterProgress#aspectAdded(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/