diff --git a/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java index 68713aa4d5..96e8a5026b 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java @@ -375,8 +375,10 @@ public abstract class AbstractPermissionsDaoComponentImpl implements Permissions { case FIXED: case GLOBAL: - case SHARED: throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType()); + case SHARED: + // Nothing to do + break; case DEFINING: case LAYERED: case OLD: diff --git a/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java index 7f9a5a839b..f2dd91752b 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java @@ -119,9 +119,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo private enum WriteMode { /** - * Remove inherited ACEs after that set + * Remove inherited ACEs after that set */ - TRUNCATE_INHERITED, + TRUNCATE_INHERITED, /** * Add inherited ACEs */ @@ -129,19 +129,19 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * The source of inherited ACEs is changing */ - CHANGE_INHERITED, + CHANGE_INHERITED, /** * Remove all inherited ACEs */ - REMOVE_INHERITED, + REMOVE_INHERITED, /** * Insert inherited ACEs */ - INSERT_INHERITED, + INSERT_INHERITED, /** - * Copy ACLs and update ACEs and inheritance + * Copy ACLs and update ACEs and inheritance */ - COPY_UPDATE_AND_INHERIT, + COPY_UPDATE_AND_INHERIT, /** * Simlpe copy */ @@ -160,7 +160,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Set the DAO for accessing QName entities - * @param qnameDAO + * + * @param qnameDAO */ public void setQnameDAO(QNameDAO qnameDAO) { @@ -169,6 +170,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Set the ACL cache + * * @param aclCache */ public void setAclCache(SimpleCache aclCache) @@ -903,23 +905,26 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo @SuppressWarnings("unchecked") public List deleteAccessControlList(final Long id) { - HibernateCallback check = new HibernateCallback() + if (logger.isDebugEnabled()) { - public Object doInHibernate(Session session) + HibernateCallback check = new HibernateCallback() { - Criteria criteria = getSession().createCriteria(NodeImpl.class, "node"); - criteria.createAlias("node.accessControlList", "acl"); - criteria.add(Restrictions.eq("acl.id", id)); - criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY); - return criteria.list(); + public Object doInHibernate(Session session) + { + Criteria criteria = getSession().createCriteria(NodeImpl.class, "node"); + criteria.createAlias("node.accessControlList", "acl"); + criteria.add(Restrictions.eq("acl.id", id)); + criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY); + return criteria.list(); + } + }; + List nodes = (List) getHibernateTemplate().execute(check); + for (Node node : nodes) + { + logger.debug("Found " + node.getId() + " " + node.getUuid() + " " + node.getAccessControlList()); } - }; - List nodes = (List) getHibernateTemplate().execute(check); - for(Node node : nodes) - { - logger.error("Found "+node.getId() +" "+node.getUuid() + " "+node.getAccessControlList() ); } - + List acls = new ArrayList(); final DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id); @@ -929,7 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo } if (acl.getAclType() == ACLType.SHARED) { - throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with teh defining acl"); + throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl"); } if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED)) @@ -1074,6 +1079,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Search for access control lists + * * @param pattern * @return the ids of the ACLs found */ @@ -1130,12 +1136,12 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo for (Object[] result : results) // for (DbAccessControlListMember member : members) { - Boolean aceIsAllowed = (Boolean)result[0]; - Integer aceType = (Integer)result[1]; - String authority = (String)result[2]; - Long permissionId = (Long)result[3]; - Integer position = (Integer)result[4]; - + Boolean aceIsAllowed = (Boolean) result[0]; + Integer aceType = (Integer) result[1]; + String authority = (String) result[2]; + Long permissionId = (Long) result[3]; + Integer position = (Integer) result[4]; + SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry(); sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED); sacEntry.setAceType(ACEType.getACETypeFromId(aceType)); @@ -1146,9 +1152,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo // context.setClassContext(entry.getContext().getClassContext()); // context.setKVPContext(entry.getContext().getKvpContext()); // context.setPropertyContext(entry.getContext().getPropertyContext()); - // sacEntry.setContext(context); - // } - DbPermission perm = (DbPermission)getSession().get(DbPermissionImpl.class, permissionId); + // sacEntry.setContext(context); + // } + DbPermission perm = (DbPermission) getSession().get(DbPermissionImpl.class, permissionId); SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(perm.getTypeQName().getQName(), perm.getName()); sacEntry.setPermission(permissionRefernce); sacEntry.setPosition(position); @@ -1325,7 +1331,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo @SuppressWarnings("unchecked") public List setAccessControlEntry(final Long id, final AccessControlEntry ace) - { + { DbAccessControlList target = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id); if (target.getAclType() == ACLType.SHARED) { @@ -1785,7 +1791,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo DbAccessControlListMember member = (DbAccessControlListMember) result.get("member"); DbAccessControlEntry entry = (DbAccessControlEntry) result.get("ace"); - + if (pattern.getAccessStatus() != null) { if (pattern.getAccessStatus() != (entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED)) @@ -1993,6 +1999,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Get the max acl id + * * @return - max acl id */ public Long getMaxAclId() @@ -2040,6 +2047,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Get the acl count canges so far for progress tracking + * * @param above * @return - the count */ @@ -2070,6 +2078,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * How many nodes are noew in store (approximate) + * * @return - the number fo new nodes - approximate */ public Long getNewInStore() @@ -2086,10 +2095,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo return count; } - /** - * Find layered directories - * Used to imporove performance during patching and cascading the effect fo permission changes between layers + * Find layered directories Used to imporove performance during patching and cascading the effect fo permission + * changes between layers * * @return - layered directories */ @@ -2117,9 +2125,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo } /** - * Find layered files - * - * Used to imporove performance during patching and cascading the effect fo permission changes between layers + * Find layered files Used to imporove performance during patching and cascading the effect fo permission changes + * between layers * * @return - layerd files */ @@ -2163,8 +2170,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * Support to describe AVM indirections for permission performance improvements when permissions are set. + * * @author andyh - * */ public static class Indirection { @@ -2239,6 +2246,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo /** * How many DM nodes are three with new ACls (to track patch progress) + * * @param above * @return - the count */ diff --git a/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java index c449b9005a..b8c634ea5d 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java @@ -116,34 +116,52 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone System.out.println("Deleting "+acl+" on "+nodeRef); if (acl != null) { - if (acl.getInheritsFrom() != null) + switch (acl.getAclType()) { - @SuppressWarnings("unused") - Long deleted = acl.getId(); - Long inheritsFrom = acl.getInheritsFrom(); - getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom)); - List changes = new ArrayList(); - changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); - getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); - aclDaoComponent.deleteAccessControlList(acl.getId()); - } - else - { - // TODO: could just cear out existing - @SuppressWarnings("unused") - Long deleted = acl.getId(); - SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); - properties = new SimpleAccessControlListProperties(); - properties.setAclType(ACLType.DEFINING); - properties.setInherits(Boolean.FALSE); - properties.setVersioned(false); + case OLD: + throw new IllegalStateException("Can not mix old and new style permissions"); + case DEFINING: + if (acl.getInheritsFrom() != null) + { + @SuppressWarnings("unused") + Long deleted = acl.getId(); + Long inheritsFrom = acl.getInheritsFrom(); + getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom)); + List changes = new ArrayList(); + changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); + getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); + aclDaoComponent.deleteAccessControlList(acl.getId()); + } + else + { + // TODO: could just cear out existing + @SuppressWarnings("unused") + Long deleted = acl.getId(); + SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); + properties = new SimpleAccessControlListProperties(); + properties.setAclType(ACLType.DEFINING); + properties.setInherits(Boolean.FALSE); + properties.setVersioned(false); - Long id = aclDaoComponent.createAccessControlList(properties); - getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); - List changes = new ArrayList(); - changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); - getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); - aclDaoComponent.deleteAccessControlList(acl.getId()); + Long id = aclDaoComponent.createAccessControlList(properties); + getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); + List changes = new ArrayList(); + changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); + getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); + aclDaoComponent.deleteAccessControlList(acl.getId()); + } + break; + case FIXED: + throw new IllegalStateException("Delete not supported for fixed permissions"); + case GLOBAL: + throw new IllegalStateException("Delete not supported for global permissions"); + case SHARED: + // nothing to do + return; + case LAYERED: + throw new IllegalStateException("Layering is not supported for DM permissions"); + default: + throw new IllegalStateException("Unknown type " + acl.getAclType()); } } diff --git a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java index 1b96a84aeb..c072ef816b 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java @@ -39,8 +39,8 @@ import org.alfresco.service.cmr.repository.NodeRef; /** * Old permissions dao component impl + * * @author andyh - * */ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl { @@ -144,32 +144,51 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent } if (acl != null) { - if (acl.getInheritsFrom() != null) + switch (acl.getAclType()) { - @SuppressWarnings("unused") - Long deleted = acl.getId(); - Long inheritsFrom = acl.getInheritsFrom(); - getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom)); - List changes = new ArrayList(); - changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); - getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); - aclDaoComponent.deleteAccessControlList(acl.getId()); - } - else - { - // TODO: could just cear out existing - @SuppressWarnings("unused") - Long deleted = acl.getId(); - SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); - properties.setAclType(ACLType.DEFINING); - properties.setInherits(Boolean.FALSE); - // Accept default versioning - Long id = aclDaoComponent.createAccessControlList(properties); - getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); - List changes = new ArrayList(); - changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); - getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); - aclDaoComponent.deleteAccessControlList(acl.getId()); + case OLD: + throw new IllegalStateException("Can not mix old and new style permissions"); + case DEFINING: + + if (acl.getInheritsFrom() != null) + { + @SuppressWarnings("unused") + Long deleted = acl.getId(); + Long inheritsFrom = acl.getInheritsFrom(); + getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom)); + List changes = new ArrayList(); + changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); + getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); + aclDaoComponent.deleteAccessControlList(acl.getId()); + } + else + { + // TODO: could just cear out existing + @SuppressWarnings("unused") + Long deleted = acl.getId(); + SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); + properties.setAclType(ACLType.DEFINING); + properties.setInherits(Boolean.FALSE); + // Accept default versioning + Long id = aclDaoComponent.createAccessControlList(properties); + getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); + List changes = new ArrayList(); + changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); + getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); + aclDaoComponent.deleteAccessControlList(acl.getId()); + } + break; + case FIXED: + throw new IllegalStateException("Delete not supported for fixed permissions"); + case GLOBAL: + throw new IllegalStateException("Delete not supported for global permissions"); + case SHARED: + // nothing to do + return; + case LAYERED: + throw new IllegalStateException("Layering is not supported for DM permissions"); + default: + throw new IllegalStateException("Unknown type " + acl.getAclType()); } } } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java index 088d950178..5b9e303b9a 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java @@ -96,6 +96,50 @@ public class PermissionServiceTest extends AbstractPermissionTest allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED); } + public void testDelete() + { + runAs("admin"); + + NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); + NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef(); + + assertEquals(0, permissionService.getAllSetPermissions(n1).size()); + assertEquals(0, permissionService.getAllSetPermissions(n2).size()); + + permissionService.deletePermissions(n1); + permissionService.deletePermissions(n2); + + permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); + + assertEquals(1, permissionService.getAllSetPermissions(n1).size()); + assertEquals(1, permissionService.getAllSetPermissions(n2).size()); + + permissionService.deletePermissions(n2); + + assertEquals(1, permissionService.getAllSetPermissions(n1).size()); + assertEquals(1, permissionService.getAllSetPermissions(n2).size()); + + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED)); + + assertEquals(1, permissionService.getAllSetPermissions(n1).size()); + assertEquals(2, permissionService.getAllSetPermissions(n2).size()); + + permissionService.deletePermissions(n2); + + assertEquals(1, permissionService.getAllSetPermissions(n1).size()); + assertEquals(1, permissionService.getAllSetPermissions(n2).size()); + + permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED)); + + assertEquals(1, permissionService.getAllSetPermissions(n1).size()); + assertEquals(2, permissionService.getAllSetPermissions(n2).size()); + + permissionService.deletePermissions(n1); + + assertEquals(0, permissionService.getAllSetPermissions(n1).size()); + assertEquals(1, permissionService.getAllSetPermissions(n2).size()); + } + public void test_AR_2055() { runAs("admin");