inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Site Service: added helper methods to set certain permissions at a node level within a site

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10393 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2008-08-18 12:44:09 +00:00
parent 6cf1100e1a
commit 540755aeb4
5 changed files with 243 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/java/org/alfresco/repo/admin/patch/impl/SitePermissionRefactorPatch.java
View File

@@ -97,7 +97,7 @@ public class SitePermissionRefactorPatch extends AbstractPatch
String siteGroup = authorityService.createAuthority( String siteGroup = authorityService.createAuthority(
AuthorityType.GROUP, AuthorityType.GROUP,
null, null,
((SiteServiceImpl)this.siteService).getSiteGroupName(siteInfo.getShortName(), ((SiteServiceImpl)this.siteService).getSiteGroup(siteInfo.getShortName(),
false)); false));
Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE); Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE);
for (String permission : permissions) for (String permission : permissions)
@@ -106,7 +106,7 @@ public class SitePermissionRefactorPatch extends AbstractPatch
String permissionGroup = authorityService.createAuthority( String permissionGroup = authorityService.createAuthority(
AuthorityType.GROUP, AuthorityType.GROUP,
siteGroup, siteGroup,
((SiteServiceImpl)this.siteService).getSitePermissionGroupName( ((SiteServiceImpl)this.siteService).getSiteRoleGroup(
siteInfo.getShortName(), siteInfo.getShortName(),
permission, permission,
false)); false));
@@ -123,7 +123,7 @@ public class SitePermissionRefactorPatch extends AbstractPatch
if (permission.getAuthorityType() == AuthorityType.USER) if (permission.getAuthorityType() == AuthorityType.USER)
{ {
// Add this authority to the appropriate group // Add this authority to the appropriate group
String group = ((SiteServiceImpl)this.siteService).getSitePermissionGroupName( String group = ((SiteServiceImpl)this.siteService).getSiteRoleGroup(
siteInfo.getShortName(), siteInfo.getShortName(),
permission.getPermission(), permission.getPermission(),
true); true);

18
source/java/org/alfresco/repo/site/SiteService.java
View File

@@ -154,4 +154,22 @@ public interface SiteService
*/ */
boolean hasContainer(String shortName, String componentId); boolean hasContainer(String shortName, String componentId);
/**
* Gets the sites group. All members of the site are contained within this group.
*
* @param shortName site short name
* @return String group name
*/
String getSiteGroup(String shortName);
/**
* Gets the sites role group. All members assigned the given role will be memebers of
* the returned group.
*
* @param shortName site short name
* @param role membership role
* @return String group name
*/
String getSiteRoleGroup(String shortName, String role);
} }

42
source/java/org/alfresco/repo/site/SiteServiceImpl.java
View File

@@ -229,12 +229,12 @@ public class SiteServiceImpl implements SiteService, SiteModel
public String doWork() throws Exception public String doWork() throws Exception
{ {
// Create the site's groups // Create the site's groups
String siteGroup = authorityService.createAuthority(AuthorityType.GROUP, null, getSiteGroupName(shortName, false)); String siteGroup = authorityService.createAuthority(AuthorityType.GROUP, null, getSiteGroup(shortName, false));
Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE); Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE);
for (String permission : permissions) for (String permission : permissions)
{ {
// Create a group for the permission // Create a group for the permission
String permissionGroup = authorityService.createAuthority(AuthorityType.GROUP, siteGroup, getSitePermissionGroupName(shortName, permission, false)); String permissionGroup = authorityService.createAuthority(AuthorityType.GROUP, siteGroup, getSiteRoleGroup(shortName, permission, false));
// Assign the group the relevant permission on the site // Assign the group the relevant permission on the site
permissionService.setPermission(siteNodeRef, permissionGroup, permission, true); permissionService.setPermission(siteNodeRef, permissionGroup, permission, true);
@@ -249,7 +249,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER, true); permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER, true);
} }
permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ_PERMISSIONS, true); permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ_PERMISSIONS, true);
authorityService.addAuthority(getSitePermissionGroupName(shortName, SiteModel.SITE_MANAGER, true), currentUser); authorityService.addAuthority(getSiteRoleGroup(shortName, SiteModel.SITE_MANAGER, true), currentUser);
// Return nothing // Return nothing
return null; return null;
@@ -262,13 +262,29 @@ public class SiteServiceImpl implements SiteService, SiteModel
return siteInfo; return siteInfo;
} }
/**
* @see org.alfresco.repo.site.SiteService#getSiteGroup(java.lang.String)
*/
public String getSiteGroup(String shortName)
{
return getSiteGroup(shortName, true);
}
/**
* @see org.alfresco.repo.site.SiteService#getSiteRoleGroup(java.lang.String, java.lang.String)
*/
public String getSiteRoleGroup(String shortName, String role)
{
return getSiteRoleGroup(shortName, role, true);
}
/** /**
* Helper method to get the name of the site group * Helper method to get the name of the site group
* *
* @param shortName site short name * @param shortName site short name
* @return String site group name * @return String site group name
*/ */
public String getSiteGroupName(String shortName, boolean withGroupPrefix) public String getSiteGroup(String shortName, boolean withGroupPrefix)
{ {
StringBuffer sb = new StringBuffer(64); StringBuffer sb = new StringBuffer(64);
if (withGroupPrefix == true) if (withGroupPrefix == true)
@@ -287,9 +303,9 @@ public class SiteServiceImpl implements SiteService, SiteModel
* @param permission permission name * @param permission permission name
* @return String site permission group name * @return String site permission group name
*/ */
public String getSitePermissionGroupName(String shortName, String permission, boolean withGroupPrefix) public String getSiteRoleGroup(String shortName, String permission, boolean withGroupPrefix)
{ {
return getSiteGroupName(shortName, withGroupPrefix) + "_" + permission; return getSiteGroup(shortName, withGroupPrefix) + "_" + permission;
} }
/** /**
@@ -514,7 +530,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
{ {
public Object doWork() throws Exception public Object doWork() throws Exception
{ {
authorityService.deleteAuthority(getSiteGroupName(shortName, true)); authorityService.deleteAuthority(getSiteGroup(shortName, true));
return null; return null;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
@@ -536,7 +552,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE); Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE);
for (String permission : permissions) for (String permission : permissions)
{ {
String groupName = getSitePermissionGroupName(shortName, permission, true); String groupName = getSiteRoleGroup(shortName, permission, true);
Set<String> users = this.authorityService.getContainedAuthorities(AuthorityType.USER, groupName, true); Set<String> users = this.authorityService.getContainedAuthorities(AuthorityType.USER, groupName, true);
for (String user : users) for (String user : users)
{ {
@@ -626,7 +642,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
{ {
Set<String> siteMangers = this.authorityService.getContainedAuthorities( Set<String> siteMangers = this.authorityService.getContainedAuthorities(
AuthorityType.USER, AuthorityType.USER,
getSitePermissionGroupName(shortName, SITE_MANAGER, true), getSiteRoleGroup(shortName, SITE_MANAGER, true),
true); true);
if (siteMangers.size() == 1) if (siteMangers.size() == 1)
{ {
@@ -653,7 +669,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
public Object doWork() throws Exception public Object doWork() throws Exception
{ {
// Remove the user from the current permission group // Remove the user from the current permission group
String currentGroup = getSitePermissionGroupName(shortName, role, true); String currentGroup = getSiteRoleGroup(shortName, role, true);
authorityService.removeAuthority(currentGroup, userName); authorityService.removeAuthority(currentGroup, userName);
return null; return null;
@@ -723,7 +739,7 @@ public class SiteServiceImpl implements SiteService, SiteModel
{ {
Set<String> siteMangers = this.authorityService.getContainedAuthorities( Set<String> siteMangers = this.authorityService.getContainedAuthorities(
AuthorityType.USER, AuthorityType.USER,
getSitePermissionGroupName(shortName, SITE_MANAGER, true), getSiteRoleGroup(shortName, SITE_MANAGER, true),
true); true);
if (siteMangers.size() == 1) if (siteMangers.size() == 1)
{ {
@@ -739,12 +755,12 @@ public class SiteServiceImpl implements SiteService, SiteModel
if (currentRole != null) if (currentRole != null)
{ {
// Remove the user from the current permission group // Remove the user from the current permission group
String currentGroup = getSitePermissionGroupName(shortName, currentRole, true); String currentGroup = getSiteRoleGroup(shortName, currentRole, true);
authorityService.removeAuthority(currentGroup, userName); authorityService.removeAuthority(currentGroup, userName);
} }
// Add the user to the new permission group // Add the user to the new permission group
String newGroup = getSitePermissionGroupName(shortName, role, true); String newGroup = getSiteRoleGroup(shortName, role, true);
authorityService.addAuthority(newGroup, userName); authorityService.addAuthority(newGroup, userName);
return null; return null;

126
source/java/org/alfresco/repo/site/script/Site.java
View File

@@ -33,9 +33,12 @@ import org.alfresco.repo.jscript.ScriptableHashMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.site.SiteInfo; import org.alfresco.repo.site.SiteInfo;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.site.SiteService; import org.alfresco.repo.site.SiteService;
import org.alfresco.service.ServiceRegistry; import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.mozilla.javascript.Scriptable; import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject; import org.mozilla.javascript.ScriptableObject;
@@ -408,4 +411,127 @@ public class Site implements Serializable
return hasContainer; return hasContainer;
} }
/**
* Reset any permissions that have been set on the node.
* <p>
* All permissions will be deleted and the node set to inherit permissions.
*
* @param nodeRef node reference
*/
public void resetAllPermissions(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(this.serviceRegistry.getPermissionService().hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Reset all the permissions on the node
serviceRegistry.getPermissionService().setInheritParentPermissions(nodeRef, true);
serviceRegistry.getPermissionService().deletePermissions(nodeRef);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to reset permissions on this node.");
}
}
/**
* Allows all members of the site collaboration rights on the node.
*
* @param nodeRef node reference
*/
public void allowAllMembersCollaborate(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Get the permission service
final PermissionService permissionService = this.serviceRegistry.getPermissionService();
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Get the site groups
String siteGroup = siteService.getSiteGroup(siteInfo.getShortName());
String managerGroup = siteService.getSiteRoleGroup(siteInfo.getShortName(), SiteModel.SITE_MANAGER);
// Assign the correct permissions
permissionService.setInheritParentPermissions(nodeRef, false);
permissionService.deletePermissions(nodeRef);
permissionService.setPermission(nodeRef, siteGroup, SiteModel.SITE_COLLABORATOR, true);
permissionService.setPermission(nodeRef, managerGroup, SiteModel.SITE_MANAGER, true);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to all memebers contribute permissions on this node.");
}
}
/**
* Deny access to all members of the site to the node.
* <p>
* Note, site managers will stil have appropriate permissions on the node.
*
* @param nodeRef node reference
*/
public void denyAllAccess(ScriptNode node)
{
final NodeRef nodeRef = node.getNodeRef();
// TODO Check that the node is indeed a child of the site
// Get the permission service
final PermissionService permissionService = this.serviceRegistry.getPermissionService();
// Check that the user has permissions to change permissions on the node
if (AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS)) == true)
{
// Do the work as system as we are messing about with permissions
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Get the site groups
String managerGroup = siteService.getSiteRoleGroup(siteInfo.getShortName(), SiteModel.SITE_MANAGER);
// Assign the correct permissions
permissionService.setInheritParentPermissions(nodeRef, false);
permissionService.deletePermissions(nodeRef);
permissionService.setPermission(nodeRef, managerGroup, SiteModel.SITE_MANAGER, true);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
else
{
throw new AlfrescoRuntimeException("You do not have permissions to all memebers contribute permissions on this node.");
}
}
} }

66
source/java/org/alfresco/repo/site/script/test_siteService.js
View File

@@ -130,9 +130,75 @@ function testContainer()
} }
} }
function testPermissions()
{
var site = siteService.createSite("sitePreset", "siteShortNameToo", "siteTitle", "siteDescription", false);
test.assertNotNull(site);
var container = site.createContainer("test.permissions");
test.assertNotNull(container);
// check the current permissions
var setPerms = container.getPermissions();
test.assertNotNull(setPerms);
var bManagers = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
}
if (bManagers == false)
{
test.fail("Managers where not assigned to the site group successfully");
}
// allow all members collaborate
site.allowAllMembersCollaborate(container);
setPerms = container.getPermissions();
test.assertNotNull(setPerms);
bManagers = false;
bContributor = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo;SiteCollaborator")
{
bContributor = true;
}
}
if (bManagers == false || bContributor == false)
{
test.fail("Allow all members contribute failed");
}
// deny all
site.denyAllAccess(container);
setPerms = container.getPermissions();
test.assertNotNull(setPerms);
bManagers = false;
for (index in setPerms)
{
if (setPerms[index] == "ALLOWED;GROUP_site_siteShortNameToo_SiteManager;SiteManager")
{
bManagers = true;
}
}
if (bManagers == false)
{
test.fail("Deny all access failed.");
}
// reset permissions
site.resetAllPermissions(container);
}
// Execute test's // Execute test's
testCRUD(); testCRUD();
testListSites(); testListSites();
testMembership(); testMembership();
testContainer(); testContainer();
testPermissions();