inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Site Service: added helper methods to set certain permissions at a node level within a site

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10393 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2008-08-18 12:44:09 +00:00
parent 6cf1100e1a
commit 540755aeb4
5 changed files with 243 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
source/java/org/alfresco/repo/site/script/Site.java
View File

@@ -33,9 +33,12 @@ import org.alfresco.repo.jscript.ScriptableHashMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.site.SiteInfo;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.site.SiteService;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
@@ -408,4 +411,127 @@ public class Site implements Serializable
return hasContainer;
}
/**
* Reset any permissions that have been set on the node.
* <p>
* All permissions will be deleted and the node set to inherit permissions.
*
* @param nodeRef node reference
*/
public void resetAllPermissions(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(this.serviceRegistry.getPermissionService().hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Reset all the permissions on the node
serviceRegistry.getPermissionService().setInheritParentPermissions(nodeRef, true);
serviceRegistry.getPermissionService().deletePermissions(nodeRef);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to reset permissions on this node.");
}
}
/**
* Allows all members of the site collaboration rights on the node.
*
* @param nodeRef node reference
*/
public void allowAllMembersCollaborate(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Get the permission service
final PermissionService permissionService = this.serviceRegistry.getPermissionService();
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Get the site groups
String siteGroup = siteService.getSiteGroup(siteInfo.getShortName());
String managerGroup = siteService.getSiteRoleGroup(siteInfo.getShortName(), SiteModel.SITE_MANAGER);
// Assign the correct permissions
permissionService.setInheritParentPermissions(nodeRef, false);
permissionService.deletePermissions(nodeRef);
permissionService.setPermission(nodeRef, siteGroup, SiteModel.SITE_COLLABORATOR, true);
permissionService.setPermission(nodeRef, managerGroup, SiteModel.SITE_MANAGER, true);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to all memebers contribute permissions on this node.");
}
}
/**
* Deny access to all members of the site to the node.
* <p>
* Note, site managers will stil have appropriate permissions on the node.
*
* @param nodeRef node reference
*/
public void denyAllAccess(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Get the permission service
final PermissionService permissionService = this.serviceRegistry.getPermissionService();
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Get the site groups
String managerGroup = siteService.getSiteRoleGroup(siteInfo.getShortName(), SiteModel.SITE_MANAGER);
// Assign the correct permissions
permissionService.setInheritParentPermissions(nodeRef, false);
permissionService.deletePermissions(nodeRef);
permissionService.setPermission(nodeRef, managerGroup, SiteModel.SITE_MANAGER, true);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to all memebers contribute permissions on this node.");
}
}
}

68
source/java/org/alfresco/repo/site/script/test_siteService.js
View File

@@ -130,9 +130,75 @@ function testContainer()
}
}
function testPermissions()
{
var site = siteService.createSite("sitePreset", "siteShortNameToo", "siteTitle", "siteDescription", false);
test.assertNotNull(site);
var container = site.createContainer("test.permissions");
test.assertNotNull(container);
// check the current permissions
var setPerms = container.getPermissions();
test.assertNotNull(setPerms);
var bManagers = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
}
if (bManagers == false)
{
test.fail("Managers where not assigned to the site group successfully");
}
// allow all members collaborate
site.allowAllMembersCollaborate(container);
setPerms = container.getPermissions();
test.assertNotNull(setPerms);
bManagers = false;
bContributor = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo;SiteCollaborator")
{
bContributor = true;
}
}
if (bManagers == false || bContributor == false)
{
test.fail("Allow all members contribute failed");
}
// deny all
site.denyAllAccess(container);
setPerms = container.getPermissions();
test.assertNotNull(setPerms);
bManagers = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
}
if (bManagers == false)
{
test.fail("Deny all access failed.");
}
// reset permissions
site.resetAllPermissions(container);
}
// Execute test's
testCRUD();
testListSites();
testMembership();
testContainer();
testContainer();
testPermissions();