From 5e1a56c59516fdffe7b56cf90eeed3f177c0937a Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Wed, 23 May 2012 02:27:02 +0000 Subject: [PATCH] RM-190: RM groups are dupliacated when RM site is re-created * automatically delete assiciated roles (ie groups) when a file plan (ie the RM site) is deleted * add the user that created the RM site into the Records Administrator group (a convenience improvement) * fixed knock on issue with getting FilePlans and ignoring those in the archive store! git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@36749 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- rm-server/.classpath | 2 +- .../RecordsManagementServiceImpl.java | 7 +- .../script/admin/RmRolesGet.java | 2 +- .../RecordsManagementSecurityServiceImpl.java | 73 +++++++++++++------ 4 files changed, 60 insertions(+), 24 deletions(-) diff --git a/rm-server/.classpath b/rm-server/.classpath index a1241c105e..2506b4b9cc 100644 --- a/rm-server/.classpath +++ b/rm-server/.classpath @@ -272,7 +272,7 @@ - + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java index 27c93456c8..655d1beccd 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceImpl.java @@ -697,7 +697,12 @@ public class RecordsManagementServiceImpl implements RecordsManagementService, @Override public boolean handle(Pair nodePair) { - results.add(nodePair.getSecond()); + NodeRef nodeRef = nodePair.getSecond(); + if (StoreRef.STORE_REF_ARCHIVE_SPACESSTORE.equals(nodeRef.getStoreRef()) == false) + { + results.add(nodeRef); + } + return true; } }); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java index 76d108c124..71f004e46b 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java @@ -35,7 +35,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** - * + * Get information about record management roles * * @author Roy Wetherall */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java index 12064125d2..4df7d7ae26 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java @@ -169,16 +169,24 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe */ public void init() { - policyComponent.bindClassBehaviour(NodeServicePolicies.OnCreateNodePolicy.QNAME, + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnCreateNodePolicy.QNAME, TYPE_FILE_PLAN, new JavaBehaviour(this, "onCreateRootNode", NotificationFrequency.TRANSACTION_COMMIT)); - policyComponent.bindClassBehaviour(NodeServicePolicies.OnCreateNodePolicy.QNAME, + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnDeleteNodePolicy.QNAME, + TYPE_FILE_PLAN, + new JavaBehaviour(this, "onDeleteRootNode", NotificationFrequency.TRANSACTION_COMMIT)); + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnCreateNodePolicy.QNAME, TYPE_RECORD_CATEGORY, new JavaBehaviour(this, "onCreateRMContainer", NotificationFrequency.TRANSACTION_COMMIT)); - policyComponent.bindClassBehaviour(NodeServicePolicies.OnCreateNodePolicy.QNAME, + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnCreateNodePolicy.QNAME, TYPE_RECORD_FOLDER, new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT)); - policyComponent.bindClassBehaviour(NodeServicePolicies.BeforeDeleteNodePolicy.QNAME, + policyComponent.bindClassBehaviour( + NodeServicePolicies.BeforeDeleteNodePolicy.QNAME, ASPECT_FROZEN, new JavaBehaviour(this, "beforeDeleteFrozenNode", NotificationFrequency.TRANSACTION_COMMIT)); } @@ -220,9 +228,10 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe // Set the permissions permissionService.setInheritParentPermissions(rmRootNode, false); permissionService.setPermission(rmRootNode, allRoles, RMPermissionModel.READ_RECORDS, true); + return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); // Bootstrap in the default set of roles for the newly created root node bootstrapDefaultRoles(rmRootNode); @@ -234,9 +243,30 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe * * @param childAssocRef */ - public void onDeleteRootNode(NodeRef rmRootNode) + public void onDeleteRootNode(ChildAssociationRef childAssocRef, boolean isNodeArchived) { logger.debug("onDeleteRootNode called"); + + // get the deleted node + final NodeRef rmRootNode = childAssocRef.getChildRef(); + + AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() + { + public Object doWork() + { + // cascade delete the 'all' roles group for the site + String allRolesGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode)); + Set groups = authorityService.getContainedAuthorities(AuthorityType.GROUP, allRolesGroup, true); + for (String group : groups) + { + authorityService.deleteAuthority(group); + } + + authorityService.deleteAuthority(allRolesGroup, false); + + return null; + } + }, AuthenticationUtil.getSystemUserName()); } /** @@ -292,7 +322,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } } @@ -313,7 +343,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } } @@ -420,8 +450,9 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe { permissionService.setPermission(rmRootNode, role.getRoleGroupName(), RMPermissionModel.FILING, true); - // Add the owner of the root node into the admin group - //authorityService.addAuthority(role.getRoleGroupName(), ownableService.getOwner(rmRootNode)); + // Add the creating user to the administration group + String user = AuthenticationUtil.getFullyAuthenticatedUser(); + authorityService.addAuthority(role.getRoleGroupName(), user); } } } @@ -432,7 +463,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } public String convertStreamToString(InputStream is) throws IOException @@ -486,7 +517,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return result; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -517,7 +548,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return result; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -577,7 +608,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return result; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } private Set getCapabilitiesImpl(NodeRef rmRootNode, String roleAuthority) @@ -616,7 +647,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe Set roles = authorityService.getAllAuthoritiesInZone(zone, AuthorityType.GROUP); return new Boolean(roles.contains(fullRoleName)); } - }, AuthenticationUtil.getAdminUserName()).booleanValue(); + }, AuthenticationUtil.getSystemUserName()).booleanValue(); } /* @@ -687,7 +718,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return new Role(role, roleDisplayLabel, capStrings, roleGroup); } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -723,7 +754,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return new Role(role, roleDisplayLabel, capStrings, roleAuthority); } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -740,7 +771,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -757,7 +788,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -794,7 +825,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } /** @@ -885,6 +916,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe return null; } - }, AuthenticationUtil.getAdminUserName()); + }, AuthenticationUtil.getSystemUserName()); } }