inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for https://issues.alfresco.com/jira/browse/SLNG-1114

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10631 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2008-09-02 11:54:30 +00:00
parent 66f4e402dc
commit 61c93d6758
5 changed files with 184 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java
View File

@@ -375,8 +375,10 @@ public abstract class AbstractPermissionsDaoComponentImpl implements Permissions
{ {
case FIXED: case FIXED:
case GLOBAL: case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType()); throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case SHARED:
// Nothing to do
break;
case DEFINING: case DEFINING:
case LAYERED: case LAYERED:
case OLD: case OLD:

26
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java
View File

@@ -160,6 +160,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Set the DAO for accessing QName entities * Set the DAO for accessing QName entities
*
* @param qnameDAO * @param qnameDAO
*/ */
public void setQnameDAO(QNameDAO qnameDAO) public void setQnameDAO(QNameDAO qnameDAO)
@@ -169,6 +170,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Set the ACL cache * Set the ACL cache
*
* @param aclCache * @param aclCache
*/ */
public void setAclCache(SimpleCache<Long, AccessControlList> aclCache) public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
@@ -902,6 +904,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public List<AclChange> deleteAccessControlList(final Long id) public List<AclChange> deleteAccessControlList(final Long id)
{
if (logger.isDebugEnabled())
{ {
HibernateCallback check = new HibernateCallback() HibernateCallback check = new HibernateCallback()
{ {
@@ -917,7 +921,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check); List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check);
for (Node node : nodes) for (Node node : nodes)
{ {
logger.error("Found "+node.getId() +" "+node.getUuid() + " "+node.getAccessControlList() ); logger.debug("Found " + node.getId() + " " + node.getUuid() + " " + node.getAccessControlList());
}
} }
List<AclChange> acls = new ArrayList<AclChange>(); List<AclChange> acls = new ArrayList<AclChange>();
@@ -929,7 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
} }
if (acl.getAclType() == ACLType.SHARED) if (acl.getAclType() == ACLType.SHARED)
{ {
throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with teh defining acl"); throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl");
} }
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED)) if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED))
@@ -1074,6 +1079,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Search for access control lists * Search for access control lists
*
* @param pattern * @param pattern
* @return the ids of the ACLs found * @return the ids of the ACLs found
*/ */
@@ -1993,6 +1999,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Get the max acl id * Get the max acl id
*
* @return - max acl id * @return - max acl id
*/ */
public Long getMaxAclId() public Long getMaxAclId()
@@ -2040,6 +2047,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Get the acl count canges so far for progress tracking * Get the acl count canges so far for progress tracking
*
* @param above * @param above
* @return - the count * @return - the count
*/ */
@@ -2070,6 +2078,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* How many nodes are noew in store (approximate) * How many nodes are noew in store (approximate)
*
* @return - the number fo new nodes - approximate * @return - the number fo new nodes - approximate
*/ */
public Long getNewInStore() public Long getNewInStore()
@@ -2086,10 +2095,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
return count; return count;
} }
/** /**
* Find layered directories * Find layered directories Used to imporove performance during patching and cascading the effect fo permission
* Used to imporove performance during patching and cascading the effect fo permission changes between layers * changes between layers
* *
* @return - layered directories * @return - layered directories
*/ */
@@ -2117,9 +2125,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
} }
/** /**
* Find layered files * Find layered files Used to imporove performance during patching and cascading the effect fo permission changes
* * between layers
* Used to imporove performance during patching and cascading the effect fo permission changes between layers
* *
* @return - layerd files * @return - layerd files
*/ */
@@ -2163,8 +2170,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Support to describe AVM indirections for permission performance improvements when permissions are set. * Support to describe AVM indirections for permission performance improvements when permissions are set.
* @author andyh
* *
* @author andyh
*/ */
public static class Indirection public static class Indirection
{ {
@@ -2239,6 +2246,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* How many DM nodes are three with new ACls (to track patch progress) * How many DM nodes are three with new ACls (to track patch progress)
*
* @param above * @param above
* @return - the count * @return - the count
*/ */

18
source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java
View File

@@ -116,6 +116,11 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
System.out.println("Deleting "+acl+" on "+nodeRef); System.out.println("Deleting "+acl+" on "+nodeRef);
if (acl != null) if (acl != null)
{ {
switch (acl.getAclType())
{
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
if (acl.getInheritsFrom() != null) if (acl.getInheritsFrom() != null)
{ {
@SuppressWarnings("unused") @SuppressWarnings("unused")
@@ -145,6 +150,19 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId()); aclDaoComponent.deleteAccessControlList(acl.getId());
} }
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
}
} }
} }

21
source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
View File

@@ -39,8 +39,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
/** /**
* Old permissions dao component impl * Old permissions dao component impl
* @author andyh
* *
* @author andyh
*/ */
public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
{ {
@@ -144,6 +144,12 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
} }
if (acl != null) if (acl != null)
{ {
switch (acl.getAclType())
{
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
if (acl.getInheritsFrom() != null) if (acl.getInheritsFrom() != null)
{ {
@SuppressWarnings("unused") @SuppressWarnings("unused")
@@ -171,6 +177,19 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId()); aclDaoComponent.deleteAccessControlList(acl.getId());
} }
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
}
} }
} }
} }

44
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -96,6 +96,50 @@ public class PermissionServiceTest extends AbstractPermissionTest
allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED); allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED);
} }
public void testDelete()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(0, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
permissionService.deletePermissions(n2);
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
}
public void test_AR_2055() public void test_AR_2055()
{ {
runAs("admin"); runAs("admin");