inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added check to PUT task-instance REST API to ensure that the user claiming a task has the authority to do so i.e. they are a member of one of the pooled actor groups assigned to task.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@21736 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Gavin Cornwell
2010-08-11 13:58:20 +00:00
parent af204372ec
commit 5f04340129
3 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/web-scripts-application-context.xml
View File

@@ -786,6 +786,7 @@
<property name="personService" ref="PersonService" /> <property name="personService" ref="PersonService" />
<property name="dictionaryService" ref="DictionaryService" /> <property name="dictionaryService" ref="DictionaryService" />
<property name="authenticationService" ref="AuthenticationService" /> <property name="authenticationService" ref="AuthenticationService" />
<property name="authorityService" ref="AuthorityService" />
<property name="workflowService" ref="WorkflowService" /> <property name="workflowService" ref="WorkflowService" />
</bean> </bean>

7
source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java
View File

@@ -23,6 +23,7 @@ import java.util.Map;
import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.workflow.WorkflowService; import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.NamespaceService;
@@ -43,6 +44,7 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript
protected PersonService personService; protected PersonService personService;
protected DictionaryService dictionaryService; protected DictionaryService dictionaryService;
protected AuthenticationService authenticationService; protected AuthenticationService authenticationService;
protected AuthorityService authorityService;
protected WorkflowService workflowService; protected WorkflowService workflowService;
@Override @Override
@@ -77,6 +79,11 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript
this.authenticationService = authenticationService; this.authenticationService = authenticationService;
} }
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setWorkflowService(WorkflowService workflowService) public void setWorkflowService(WorkflowService workflowService)
{ {
this.workflowService = workflowService; this.workflowService = workflowService;

23
source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java
View File

@@ -25,14 +25,17 @@ import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.workflow.WorkflowModel; import org.alfresco.repo.workflow.WorkflowModel;
import org.alfresco.service.cmr.dictionary.PropertyDefinition; import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.workflow.WorkflowTask; import org.alfresco.service.cmr.workflow.WorkflowTask;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.json.JSONArray; import org.json.JSONArray;
@@ -191,13 +194,27 @@ public class TaskInstancePut extends AbstractWorkflowWebscript
{ {
boolean result = false; boolean result = false;
Collection<?> actors = (Collection<?>)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS); // get groups that the current user has to belong (at least one of them)
final Collection<?> actors = (Collection<?>)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS);
if (actors != null && !actors.isEmpty()) if (actors != null && !actors.isEmpty())
{ {
// TODO: determine whether the user is in any of the groups, for now allow for (Object actor : actors)
// pooled tasks to be updated. {
// retrieve the name of the group
Map<QName, Serializable> props = nodeService.getProperties((NodeRef)actor);
String name = (String)props.get(ContentModel.PROP_AUTHORITY_NAME);
// retrieve the users of the group
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, name, true);
// see if the user is one of the users in the group
if (users != null && !users.isEmpty() && users.contains(currentUser))
{
// they are a member of the group so stop looking!
result = true; result = true;
break;
}
}
} }
return result; return result;