inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for https://issues.alfresco.com/jira/browse/SLNG-1114

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10631 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2008-09-02 11:54:30 +00:00
parent 66f4e402dc
commit 61c93d6758
5 changed files with 184 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java
View File

@@ -375,8 +375,10 @@ public abstract class AbstractPermissionsDaoComponentImpl implements Permissions
{ {
case FIXED: case FIXED:
case GLOBAL: case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType()); throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case SHARED:
// Nothing to do
break;
case DEFINING: case DEFINING:
case LAYERED: case LAYERED:
case OLD: case OLD:

64
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java
View File

@@ -160,6 +160,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Set the DAO for accessing QName entities * Set the DAO for accessing QName entities
*
* @param qnameDAO * @param qnameDAO
*/ */
public void setQnameDAO(QNameDAO qnameDAO) public void setQnameDAO(QNameDAO qnameDAO)
@@ -169,6 +170,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Set the ACL cache * Set the ACL cache
*
* @param aclCache * @param aclCache
*/ */
public void setAclCache(SimpleCache<Long, AccessControlList> aclCache) public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
@@ -903,21 +905,24 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public List<AclChange> deleteAccessControlList(final Long id) public List<AclChange> deleteAccessControlList(final Long id)
{ {
HibernateCallback check = new HibernateCallback() if (logger.isDebugEnabled())
{ {
public Object doInHibernate(Session session) HibernateCallback check = new HibernateCallback()
{ {
Criteria criteria = getSession().createCriteria(NodeImpl.class, "node"); public Object doInHibernate(Session session)
criteria.createAlias("node.accessControlList", "acl"); {
criteria.add(Restrictions.eq("acl.id", id)); Criteria criteria = getSession().createCriteria(NodeImpl.class, "node");
criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY); criteria.createAlias("node.accessControlList", "acl");
return criteria.list(); criteria.add(Restrictions.eq("acl.id", id));
criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY);
return criteria.list();
}
};
List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check);
for (Node node : nodes)
{
logger.debug("Found " + node.getId() + " " + node.getUuid() + " " + node.getAccessControlList());
} }
};
List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check);
for(Node node : nodes)
{
logger.error("Found "+node.getId() +" "+node.getUuid() + " "+node.getAccessControlList() );
} }
List<AclChange> acls = new ArrayList<AclChange>(); List<AclChange> acls = new ArrayList<AclChange>();
@@ -929,7 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
} }
if (acl.getAclType() == ACLType.SHARED) if (acl.getAclType() == ACLType.SHARED)
{ {
throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with teh defining acl"); throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl");
} }
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED)) if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED))
@@ -1074,6 +1079,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Search for access control lists * Search for access control lists
*
* @param pattern * @param pattern
* @return the ids of the ACLs found * @return the ids of the ACLs found
*/ */
@@ -1130,11 +1136,11 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
for (Object[] result : results) for (Object[] result : results)
// for (DbAccessControlListMember member : members) // for (DbAccessControlListMember member : members)
{ {
Boolean aceIsAllowed = (Boolean)result[0]; Boolean aceIsAllowed = (Boolean) result[0];
Integer aceType = (Integer)result[1]; Integer aceType = (Integer) result[1];
String authority = (String)result[2]; String authority = (String) result[2];
Long permissionId = (Long)result[3]; Long permissionId = (Long) result[3];
Integer position = (Integer)result[4]; Integer position = (Integer) result[4];
SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry(); SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED); sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
@@ -1146,9 +1152,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
// context.setClassContext(entry.getContext().getClassContext()); // context.setClassContext(entry.getContext().getClassContext());
// context.setKVPContext(entry.getContext().getKvpContext()); // context.setKVPContext(entry.getContext().getKvpContext());
// context.setPropertyContext(entry.getContext().getPropertyContext()); // context.setPropertyContext(entry.getContext().getPropertyContext());
// sacEntry.setContext(context); // sacEntry.setContext(context);
// } // }
DbPermission perm = (DbPermission)getSession().get(DbPermissionImpl.class, permissionId); DbPermission perm = (DbPermission) getSession().get(DbPermissionImpl.class, permissionId);
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(perm.getTypeQName().getQName(), perm.getName()); SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(perm.getTypeQName().getQName(), perm.getName());
sacEntry.setPermission(permissionRefernce); sacEntry.setPermission(permissionRefernce);
sacEntry.setPosition(position); sacEntry.setPosition(position);
@@ -1993,6 +1999,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Get the max acl id * Get the max acl id
*
* @return - max acl id * @return - max acl id
*/ */
public Long getMaxAclId() public Long getMaxAclId()
@@ -2040,6 +2047,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Get the acl count canges so far for progress tracking * Get the acl count canges so far for progress tracking
*
* @param above * @param above
* @return - the count * @return - the count
*/ */
@@ -2070,6 +2078,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* How many nodes are noew in store (approximate) * How many nodes are noew in store (approximate)
*
* @return - the number fo new nodes - approximate * @return - the number fo new nodes - approximate
*/ */
public Long getNewInStore() public Long getNewInStore()
@@ -2086,10 +2095,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
return count; return count;
} }
/** /**
* Find layered directories * Find layered directories Used to imporove performance during patching and cascading the effect fo permission
* Used to imporove performance during patching and cascading the effect fo permission changes between layers * changes between layers
* *
* @return - layered directories * @return - layered directories
*/ */
@@ -2117,9 +2125,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
} }
/** /**
* Find layered files * Find layered files Used to imporove performance during patching and cascading the effect fo permission changes
* * between layers
* Used to imporove performance during patching and cascading the effect fo permission changes between layers
* *
* @return - layerd files * @return - layerd files
*/ */
@@ -2163,8 +2170,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* Support to describe AVM indirections for permission performance improvements when permissions are set. * Support to describe AVM indirections for permission performance improvements when permissions are set.
* @author andyh
* *
* @author andyh
*/ */
public static class Indirection public static class Indirection
{ {
@@ -2239,6 +2246,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/** /**
* How many DM nodes are three with new ACls (to track patch progress) * How many DM nodes are three with new ACls (to track patch progress)
*
* @param above * @param above
* @return - the count * @return - the count
*/ */

70
source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java
View File

@@ -116,34 +116,52 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
System.out.println("Deleting "+acl+" on "+nodeRef); System.out.println("Deleting "+acl+" on "+nodeRef);
if (acl != null) if (acl != null)
{ {
if (acl.getInheritsFrom() != null) switch (acl.getAclType())
{ {
@SuppressWarnings("unused") case OLD:
Long deleted = acl.getId(); throw new IllegalStateException("Can not mix old and new style permissions");
Long inheritsFrom = acl.getInheritsFrom(); case DEFINING:
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom)); if (acl.getInheritsFrom() != null)
List<AclChange> changes = new ArrayList<AclChange>(); {
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); @SuppressWarnings("unused")
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); Long deleted = acl.getId();
aclDaoComponent.deleteAccessControlList(acl.getId()); Long inheritsFrom = acl.getInheritsFrom();
} getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
else List<AclChange> changes = new ArrayList<AclChange>();
{ changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
// TODO: could just cear out existing getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
@SuppressWarnings("unused") aclDaoComponent.deleteAccessControlList(acl.getId());
Long deleted = acl.getId(); }
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); else
properties = new SimpleAccessControlListProperties(); {
properties.setAclType(ACLType.DEFINING); // TODO: could just cear out existing
properties.setInherits(Boolean.FALSE); @SuppressWarnings("unused")
properties.setVersioned(false); Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
properties.setVersioned(false);
Long id = aclDaoComponent.createAccessControlList(properties); Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>(); List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId()); aclDaoComponent.deleteAccessControlList(acl.getId());
}
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
} }
} }

71
source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
View File

@@ -39,8 +39,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
/** /**
* Old permissions dao component impl * Old permissions dao component impl
* @author andyh
* *
* @author andyh
*/ */
public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
{ {
@@ -144,32 +144,51 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
} }
if (acl != null) if (acl != null)
{ {
if (acl.getInheritsFrom() != null) switch (acl.getAclType())
{ {
@SuppressWarnings("unused") case OLD:
Long deleted = acl.getId(); throw new IllegalStateException("Can not mix old and new style permissions");
Long inheritsFrom = acl.getInheritsFrom(); case DEFINING:
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
List<AclChange> changes = new ArrayList<AclChange>(); if (acl.getInheritsFrom() != null)
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom)); {
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); @SuppressWarnings("unused")
aclDaoComponent.deleteAccessControlList(acl.getId()); Long deleted = acl.getId();
} Long inheritsFrom = acl.getInheritsFrom();
else getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
{ List<AclChange> changes = new ArrayList<AclChange>();
// TODO: could just cear out existing changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
@SuppressWarnings("unused") getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
Long deleted = acl.getId(); aclDaoComponent.deleteAccessControlList(acl.getId());
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); }
properties.setAclType(ACLType.DEFINING); else
properties.setInherits(Boolean.FALSE); {
// Accept default versioning // TODO: could just cear out existing
Long id = aclDaoComponent.createAccessControlList(properties); @SuppressWarnings("unused")
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id)); Long deleted = acl.getId();
List<AclChange> changes = new ArrayList<AclChange>(); SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id))); properties.setAclType(ACLType.DEFINING);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); properties.setInherits(Boolean.FALSE);
aclDaoComponent.deleteAccessControlList(acl.getId()); // Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
} }
} }
} }

44
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -96,6 +96,50 @@ public class PermissionServiceTest extends AbstractPermissionTest
allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED); allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED);
} }
public void testDelete()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(0, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
permissionService.deletePermissions(n2);
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
}
public void test_AR_2055() public void test_AR_2055()
{ {
runAs("admin"); runAs("admin");