inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-672: Permissions should be maintained when moving a record

Browse Source 
* add move behaviour to file plan permission service .. inherited permissions are adjusted, any set directly on the record are kept
  * added missing unit test for file plan permission service
    * test add/remove
    * test record move



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@49535 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-04-24 07:44:51 +00:00
parent b8bc8bab73
commit 5d69f6aec7
4 changed files with 635 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -18,6 +18,7 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -26,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -66,6 +68,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
/** File plan service */
private FilePlanService filePlanService;
/** Record service */
private RecordService recordService;
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
@@ -87,6 +92,10 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
@@ -128,6 +137,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
{
this.filePlanService = filePlanService;
}
/**
* @param recordService record service
*/
public void setRecordService(RecordService recordService)
{
this.recordService = recordService;
}
/**
* @param childAssocRef
@@ -238,35 +255,98 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
{
if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true)
{
NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
setUpPermissions(record);
Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
initialiseRecordPermissions(record, recordFolder);
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}, AuthenticationUtil.getSystemUserName());
}
/**
* Initialise the record permissions for the given record folder.
*
* @param record record
* @param recordFolder record folder
*/
private void initialiseRecordPermissions(NodeRef record, NodeRef recordFolder)
{
setUpPermissions(record);
Set<AccessPermission> perms = permissionService.getAllSetPermissions(recordFolder);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
}
/**
* onMoveRecord behaviour
*
* @param sourceAssocRef source association reference
* @param destinationAssocRef destination association reference
*/
public void onMoveRecord(final ChildAssociationRef sourceAssocRef, final ChildAssociationRef destinationAssocRef)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
{
public Void doWork()
{
NodeRef record = sourceAssocRef.getChildRef();
if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true)
{
Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
// record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent)
Set<AccessPermission> origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef());
Set<AccessPermission> origionalRecordPerms= permissionService.getAllSetPermissions(record);
for (AccessPermission perm : origionalRecordPerms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{
if ((perm.getPermission().equals(RMPermissionModel.FILING) == true ||
perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) &&
origionalParentPerms.contains(perm) == false)
{
// then we can assume this is a permission we want to preserve
keepPerms.add(perm);
}
}
}
// clear all existing permissions and start again
permissionService.deletePermissions(record);
// re-setup the records permissions
initialiseRecordPermissions(record, destinationAssocRef.getParentRef());
// re-add keep'er permissions
for (AccessPermission keeper : keepPerms)
{
setPermission(record, keeper.getAuthority(), keeper.getPermission());
}
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
@@ -313,7 +393,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
}
else if (recordsManagementService.isRecordsManagementContainer(nodeRef) == true ||
recordsManagementService.isRecordFolder(nodeRef) == true ||
recordsManagementService.isRecord(nodeRef) == true)
recordService.isRecord(nodeRef) == true)
{
setReadPermissionUp(nodeRef, authority);
setPermissionDown(nodeRef, authority, permission);
@@ -367,7 +447,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
recordsManagementService.isRecord(child) == true)
recordService.isRecord(child) == true)
{
setPermissionDown(child, authority, permission);
}
@@ -414,7 +494,7 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
NodeRef child = assoc.getChildRef();
if (recordsManagementService.isRecordsManagementContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
recordsManagementService.isRecord(child) == true)
recordService.isRecord(child) == true)
{
deletePermission(child, authority, permission);
}
@@ -425,5 +505,4 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
}
}, AuthenticationUtil.getSystemUserName());
}
}