PRODESC-5780: ACS Repo DAU APIs to also use non-attach allow list

- back-port to 7.1.N (cherry-pick *and* resolve conflicts)
2025-09-17 14:21:39 +00:00 · 2021-12-07 17:21:31 +00:00
parent e8f44a14e3
commit 5a03bde0dc
6 changed files with 66 additions and 26 deletions
--- a/remote-api/src/main/java/org/alfresco/opencmis/CMISServletDispatcher.java
+++ b/remote-api/src/main/java/org/alfresco/opencmis/CMISServletDispatcher.java
@@ -2,7 +2,7 @@
 * #%L
 * Alfresco Remote API
 * %%
- * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * Copyright (C) 2005 - 2021 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
@@ -90,7 +90,8 @@ public abstract class CMISServletDispatcher implements CMISDispatcher
 	protected CmisVersion cmisVersion;
 	protected TenantAdminService tenantAdminService;

-    private Set<String> nonAttachContentTypes = Collections.emptySet(); // pre-configured whitelist, eg. images & pdf
+	// pre-configured allow list of media/mime types, eg. specific types of images & also pdf
+    private Set<String> nonAttachContentTypes = Collections.emptySet();

 	public void setTenantAdminService(TenantAdminService tenantAdminService)
 	{
@@ -137,9 +138,12 @@ public abstract class CMISServletDispatcher implements CMISDispatcher
        this.cmisVersion = CmisVersion.fromValue(cmisVersion);
    }

-    public void setNonAttachContentTypes(Set<String> nonAttachWhiteList)
+    public void setNonAttachContentTypes(String nonAttachAllowListStr)
    {
-        this.nonAttachContentTypes = nonAttachWhiteList;
+		if ((nonAttachAllowListStr != null) && (! nonAttachAllowListStr.isEmpty()))
+		{
+			nonAttachContentTypes = Set.of(nonAttachAllowListStr.trim().split("\\s*,\\s*"));
+		}
    }

    protected synchronized Descriptor getCurrentDescriptor()
--- a/remote-api/src/main/java/org/alfresco/rest/api/impl/NodesImpl.java
+++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/NodesImpl.java
@@ -239,11 +239,15 @@ public class NodesImpl implements Nodes

    private ConcurrentHashMap<String,NodeRef> ddCache = new ConcurrentHashMap<>();

-    private Set<String> nonAttachContentTypes = Collections.emptySet(); // pre-configured whitelist, eg. images & pdf
+    // pre-configured allow list of media/mime types, eg. specific types of images & also pdf
+    private Set<String> nonAttachContentTypes = Collections.emptySet(); 

-    public void setNonAttachContentTypes(Set<String> nonAttachWhiteList)
+    public void setNonAttachContentTypes(String nonAttachAllowListStr)
    {
-        this.nonAttachContentTypes = nonAttachWhiteList;
+        if ((nonAttachAllowListStr != null) && (! nonAttachAllowListStr.isEmpty()))
+        {
+            nonAttachContentTypes = Set.of(nonAttachAllowListStr.trim().split("\\s*,\\s*"));
+        }
    }

    public void init()
--- a/remote-api/src/main/resources/alfresco/public-rest-context.xml
+++ b/remote-api/src/main/resources/alfresco/public-rest-context.xml
@@ -508,19 +508,6 @@
        </property>
    </bean>

-    <bean id="nodes.nonAttachContentTypes" class="org.springframework.beans.factory.config.SetFactoryBean">
-        <property name="sourceSet">
-            <set>
-                <value>application/pdf</value>
-                <value>image/jpeg</value>
-                <value>image/gif</value>
-                <value>image/png</value>
-                <value>image/tiff</value>
-                <value>image/bmp</value>
-            </set>
-        </property>
-    </bean>
-
    <bean id="nodes.personLookupProperties" class="org.springframework.beans.factory.config.SetFactoryBean">
        <property name="sourceSet">
            <set>
@@ -541,7 +528,7 @@
        <property name="quickShareLinks" ref="QuickShareLinks"/>
        <property name="behaviourFilter" ref="policyBehaviourFilter"/>
        <property name="ignoreTypes" ref="nodes.ignoreTypes"/>
-        <property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
+        <property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
        <property name="personLookupProperties" ref="nodes.personLookupProperties"/>
        <property name="poster" ref="activitiesPoster" />
        <property name="smartStore" ref="smartStore"/>
@@ -1113,7 +1100,7 @@
        <property name="version"            value="1.0"/>
        <property name="cmisVersion"        value="1.0"/>
        <property name="tenantAdminService" ref="tenantAdminService"/>
-        <property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
+        <property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
    </bean>

    <bean   id="cmisAtomPubDispatcher1.1" class="org.alfresco.opencmis.PublicApiAtomPubCMISDispatcher" init-method="init">
@@ -1125,7 +1112,7 @@
        <property name="version"            value="1.1"/>
        <property name="cmisVersion"        value="1.1"/>
        <property name="tenantAdminService" ref="tenantAdminService"/>
-        <property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
+        <property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
    </bean>

    <bean   id="cmisBrowserDispatcher1.1" class="org.alfresco.opencmis.PublicApiBrowserCMISDispatcher" init-method="init">
@@ -1137,7 +1124,7 @@
        <property name="version"            value="1.1"/>
        <property name="cmisVersion"        value="1.1"/>
        <property name="tenantAdminService" ref="tenantAdminService"/>
-        <property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
+        <property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
    </bean>

    <bean   id="webscript.org.alfresco.api.opencmis.OpenCMIS.get" 
--- a/repository/src/main/java/org/alfresco/repo/content/ContentServiceImpl.java
+++ b/repository/src/main/java/org/alfresco/repo/content/ContentServiceImpl.java
@@ -28,6 +28,7 @@ package org.alfresco.repo.content;
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.HashSet;
+import java.util.Collections;
 import java.util.Map;
 import java.util.Set;

@@ -102,6 +103,9 @@ public class ContentServiceImpl implements ContentService, ApplicationContextAwa
    private boolean ignoreEmptyContent;

    private SystemWideDirectUrlConfig systemWideDirectUrlConfig;
+    
+    /** pre-configured allow list of media/mime types, eg. specific types of images & also pdf */
+    private Set<String> nonAttachContentTypes = Collections.emptySet();

    /**
     * The policy component
@@ -150,6 +154,14 @@ public class ContentServiceImpl implements ContentService, ApplicationContextAwa
        this.systemWideDirectUrlConfig = systemWideDirectUrlConfig;
    }

+    public void setNonAttachContentTypes(String nonAttachAllowListStr) 
+    {
+        if ((nonAttachAllowListStr != null) && (! nonAttachAllowListStr.isEmpty()))
+        {
+            nonAttachContentTypes = Set.of(nonAttachAllowListStr.trim().split("\\s*,\\s*"));
+        }
+    }
+
    public void setPolicyComponent(PolicyComponent policyComponent)
    {
        this.policyComponent = policyComponent;
@@ -621,9 +633,19 @@ public class ContentServiceImpl implements ContentService, ApplicationContextAwa
            throw new DirectAccessUrlDisabledException("Direct access url isn't available.");
        }

-        String contentUrl = getContentUrl(nodeRef);
+        ContentData contentData = getContentData(nodeRef, ContentModel.PROP_CONTENT);
+        // check that the content & URL is available
+        if (contentData == null || contentData.getContentUrl() == null)
+        {
+            throw new IllegalArgumentException("The supplied nodeRef " + nodeRef + " has no content.");
+        }
+
+        String contentUrl = contentData.getContentUrl();
+        String contentMimetype = contentData.getMimetype();
        String fileName = getFileName(nodeRef);
+
        validFor = adjustValidFor(validFor);
+        attachment = adjustAttachment(nodeRef, contentMimetype, attachment);

        DirectAccessUrl directAccessUrl = null;
        if (store.isContentDirectUrlEnabled())
@@ -676,4 +698,21 @@ public class ContentServiceImpl implements ContentService, ApplicationContextAwa
        }
         return validFor;
    }
-}
+
+    private boolean adjustAttachment(NodeRef nodeRef, String mimeType, boolean attachmentIn)
+    {
+        boolean attachment = true;
+        if (! attachmentIn)
+        {
+            if ((nonAttachContentTypes != null) && (nonAttachContentTypes.contains(mimeType)))
+            {
+                attachment = false;
+            }
+            else
+            {
+                logger.warn("Ignored attachment=false for " + nodeRef.getId() + " since " + mimeType + " is not in the whitelist for non-attach content types");
+            }
+        }
+        return attachment;
+    }
+}
--- a/repository/src/main/resources/alfresco/content-services-context.xml
+++ b/repository/src/main/resources/alfresco/content-services-context.xml
@@ -164,6 +164,9 @@
      <property name="systemWideDirectUrlConfig" >
         <ref bean="systemWideDirectUrlConfig" />
      </property>
+      <property name="nonAttachContentTypes">
+         <value>${content.nonAttach.mimetypes}</value>
+      </property>
   </bean>
   
   <bean id="contentService" parent="baseContentService">
--- a/repository/src/main/resources/alfresco/repository.properties
+++ b/repository/src/main/resources/alfresco/repository.properties
@@ -1308,3 +1308,6 @@ system.tempFileCleaner.maxTimeToRun=

 # Property to long running migration to remove alf_server in v7+ patch.db-V7.1.0-remove-alf_server-table
 system.remove-alf_server-table-from-db.ignored=true
+
+# pre-configured allow list of media/mime types to allow inline instead of attachment (via Content-Disposition response header)
+content.nonAttach.mimetypes=application/pdf,image/jpeg,image/gif,image/png,image/tiff,image/bmp