From 51a47c56c4399404dd30353b2fd8ff7a350dcfa9 Mon Sep 17 00:00:00 2001 From: David Webster Date: Wed, 6 Dec 2017 09:50:50 +0000 Subject: [PATCH] Documentation updates following review --- .../documentation/extendedPermissionService.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rm-community/documentation/extendedPermissionService.md b/rm-community/documentation/extendedPermissionService.md index 14da46f65e..abc7d4a7d5 100644 --- a/rm-community/documentation/extendedPermissionService.md +++ b/rm-community/documentation/extendedPermissionService.md @@ -11,7 +11,7 @@ introduced the [ExtendedPermissionService](../../rm-community/rm-community-repo/ ### Overview -The ExtendedPermissionService is wired in, via [Spring config](../../rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml#L105), +The ExtendedPermissionService is wired in, via [Spring config](../../rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml), to extend Alfresco's core PermissionService, and adds support for: * the [RMPermissionModel](../../rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java), which defines the available permissions capabilities. * the [PermissionProcessorRegistry](../../rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionProcessorRegistry.java), which introduces pre- and post- processors. @@ -33,7 +33,7 @@ Out of the box, a system with the RM module installed will have the following pe ##### Post-processors: * [RecordsManagementPermissionPostProcessor](../../rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java) - * If the node is an RM node (i.e. it has the [RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT](../../rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordsManagementModel.java#L184) marker aspect) and the + * If the node is an RM node (i.e. it has the [RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT](../../rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordsManagementModel.java) marker aspect) and the core permissions evaluates to DENIED, then this post processor allows read/writes if the appropriate read/file permissions are present. @@ -43,7 +43,7 @@ Out of the box, a system with the RM module installed will have the following pe ##### Pre-processors: * [SecurityMarksPermissionPreProcessor](../../rm-enterprise/rm-enterprise-repo/src/main/java/org/alfresco/module/org_alfresco_module_rm/securitymarks/permission/SecurityMarksPermissionPreProcessor.java) * For all content: denies the result if the required security clearance rules (for classification or marks) are not satisfied. (uses -[securityClearanceService.isClearedFor](../../rm-enterprise/rm-enterprise-repo/src/main/java/org/alfresco/module/org_alfresco_module_rm/securitymarks/SecurityClearanceServiceImpl.java#L86)) +[securityClearanceService.isClearedFor](../../rm-enterprise/rm-enterprise-repo/src/main/java/org/alfresco/module/org_alfresco_module_rm/securitymarks/SecurityClearanceServiceImpl.java)) ##### Post-processors: * None. @@ -59,4 +59,10 @@ which call the add method on the appropriate list during init. There is certainly a performance overhead when adding additional processing to permission checks. This is most noticeable in the SecurityMarksPermissionPreProcessor where we need to call out to an external service. This has been profiled - heavily and optimised during 2.5 and 2.6 development. \ No newline at end of file + heavily and optimised during 2.5 and 2.6 development. + + ###TODO: + Not yet documented (in related areas of the code) are: + * Capabilities (see rm-capabilities-*.xml, declarativeCapability.java and DeclarativeCompositeCapability.java) + * RM's permission system has an any allow allows policy unlike alfresco which policy is any deny denies + \ No newline at end of file