inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for https://issues.alfresco.com/jira/browse/SLNG-1114

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10631 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2008-09-02 11:54:30 +00:00
parent 66f4e402dc
commit 61c93d6758
5 changed files with 184 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java
View File

@@ -375,8 +375,10 @@ public abstract class AbstractPermissionsDaoComponentImpl implements Permissions
{
case FIXED:
case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case SHARED:
// Nothing to do
break;
case DEFINING:
case LAYERED:
case OLD:

88
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java
View File

@@ -119,9 +119,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
private enum WriteMode
{
/**
* Remove inherited ACEs after that set
* Remove inherited ACEs after that set
*/
TRUNCATE_INHERITED,
TRUNCATE_INHERITED,
/**
* Add inherited ACEs
*/
@@ -129,19 +129,19 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* The source of inherited ACEs is changing
*/
CHANGE_INHERITED,
CHANGE_INHERITED,
/**
* Remove all inherited ACEs
*/
REMOVE_INHERITED,
REMOVE_INHERITED,
/**
* Insert inherited ACEs
*/
INSERT_INHERITED,
INSERT_INHERITED,
/**
* Copy ACLs and update ACEs and inheritance
* Copy ACLs and update ACEs and inheritance
*/
COPY_UPDATE_AND_INHERIT,
COPY_UPDATE_AND_INHERIT,
/**
* Simlpe copy
*/
@@ -160,7 +160,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Set the DAO for accessing QName entities
* @param qnameDAO
*
* @param qnameDAO
*/
public void setQnameDAO(QNameDAO qnameDAO)
{
@@ -169,6 +170,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Set the ACL cache
*
* @param aclCache
*/
public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
@@ -903,23 +905,26 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
@SuppressWarnings("unchecked")
public List<AclChange> deleteAccessControlList(final Long id)
{
HibernateCallback check = new HibernateCallback()
if (logger.isDebugEnabled())
{
public Object doInHibernate(Session session)
HibernateCallback check = new HibernateCallback()
{
Criteria criteria = getSession().createCriteria(NodeImpl.class, "node");
criteria.createAlias("node.accessControlList", "acl");
criteria.add(Restrictions.eq("acl.id", id));
criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY);
return criteria.list();
public Object doInHibernate(Session session)
{
Criteria criteria = getSession().createCriteria(NodeImpl.class, "node");
criteria.createAlias("node.accessControlList", "acl");
criteria.add(Restrictions.eq("acl.id", id));
criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY);
return criteria.list();
}
};
List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check);
for (Node node : nodes)
{
logger.debug("Found " + node.getId() + " " + node.getUuid() + " " + node.getAccessControlList());
}
};
List<Node> nodes = (List<Node>) getHibernateTemplate().execute(check);
for(Node node : nodes)
{
logger.error("Found "+node.getId() +" "+node.getUuid() + " "+node.getAccessControlList() );
}
List<AclChange> acls = new ArrayList<AclChange>();
final DbAccessControlList acl = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id);
@@ -929,7 +934,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
}
if (acl.getAclType() == ACLType.SHARED)
{
throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with teh defining acl");
throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl");
}
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED))
@@ -1074,6 +1079,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Search for access control lists
*
* @param pattern
* @return the ids of the ACLs found
*/
@@ -1130,12 +1136,12 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
for (Object[] result : results)
// for (DbAccessControlListMember member : members)
{
Boolean aceIsAllowed = (Boolean)result[0];
Integer aceType = (Integer)result[1];
String authority = (String)result[2];
Long permissionId = (Long)result[3];
Integer position = (Integer)result[4];
Boolean aceIsAllowed = (Boolean) result[0];
Integer aceType = (Integer) result[1];
String authority = (String) result[2];
Long permissionId = (Long) result[3];
Integer position = (Integer) result[4];
SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
sacEntry.setAceType(ACEType.getACETypeFromId(aceType));
@@ -1146,9 +1152,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
// context.setClassContext(entry.getContext().getClassContext());
// context.setKVPContext(entry.getContext().getKvpContext());
// context.setPropertyContext(entry.getContext().getPropertyContext());
// sacEntry.setContext(context);
// }
DbPermission perm = (DbPermission)getSession().get(DbPermissionImpl.class, permissionId);
// sacEntry.setContext(context);
// }
DbPermission perm = (DbPermission) getSession().get(DbPermissionImpl.class, permissionId);
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(perm.getTypeQName().getQName(), perm.getName());
sacEntry.setPermission(permissionRefernce);
sacEntry.setPosition(position);
@@ -1325,7 +1331,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
@SuppressWarnings("unchecked")
public List<AclChange> setAccessControlEntry(final Long id, final AccessControlEntry ace)
{
{
DbAccessControlList target = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, id);
if (target.getAclType() == ACLType.SHARED)
{
@@ -1785,7 +1791,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
DbAccessControlListMember member = (DbAccessControlListMember) result.get("member");
DbAccessControlEntry entry = (DbAccessControlEntry) result.get("ace");
if (pattern.getAccessStatus() != null)
{
if (pattern.getAccessStatus() != (entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED))
@@ -1993,6 +1999,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Get the max acl id
*
* @return - max acl id
*/
public Long getMaxAclId()
@@ -2040,6 +2047,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Get the acl count canges so far for progress tracking
*
* @param above
* @return - the count
*/
@@ -2070,6 +2078,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* How many nodes are noew in store (approximate)
*
* @return - the number fo new nodes - approximate
*/
public Long getNewInStore()
@@ -2086,10 +2095,9 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
return count;
}
/**
* Find layered directories
* Used to imporove performance during patching and cascading the effect fo permission changes between layers
* Find layered directories Used to imporove performance during patching and cascading the effect fo permission
* changes between layers
*
* @return - layered directories
*/
@@ -2117,9 +2125,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
}
/**
* Find layered files
*
* Used to imporove performance during patching and cascading the effect fo permission changes between layers
* Find layered files Used to imporove performance during patching and cascading the effect fo permission changes
* between layers
*
* @return - layerd files
*/
@@ -2163,8 +2170,8 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* Support to describe AVM indirections for permission performance improvements when permissions are set.
*
* @author andyh
*
*/
public static class Indirection
{
@@ -2239,6 +2246,7 @@ public class AclDaoComponentImpl extends HibernateDaoSupport implements AclDaoCo
/**
* How many DM nodes are three with new ACls (to track patch progress)
*
* @param above
* @return - the count
*/

70
source/java/org/alfresco/repo/domain/hibernate/DMPermissionsDaoComponentImpl.java
View File

@@ -116,34 +116,52 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
System.out.println("Deleting "+acl+" on "+nodeRef);
if (acl != null)
{
if (acl.getInheritsFrom() != null)
switch (acl.getAclType())
{
@SuppressWarnings("unused")
Long deleted = acl.getId();
Long inheritsFrom = acl.getInheritsFrom();
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
else
{
// TODO: could just cear out existing
@SuppressWarnings("unused")
Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
properties.setVersioned(false);
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
if (acl.getInheritsFrom() != null)
{
@SuppressWarnings("unused")
Long deleted = acl.getId();
Long inheritsFrom = acl.getInheritsFrom();
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
else
{
// TODO: could just cear out existing
@SuppressWarnings("unused")
Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
properties.setVersioned(false);
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
}
}

71
source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
View File

@@ -39,8 +39,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
/**
* Old permissions dao component impl
*
* @author andyh
*
*/
public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
{
@@ -144,32 +144,51 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
}
if (acl != null)
{
if (acl.getInheritsFrom() != null)
switch (acl.getAclType())
{
@SuppressWarnings("unused")
Long deleted = acl.getId();
Long inheritsFrom = acl.getInheritsFrom();
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
else
{
// TODO: could just cear out existing
@SuppressWarnings("unused")
Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
// Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
if (acl.getInheritsFrom() != null)
{
@SuppressWarnings("unused")
Long deleted = acl.getId();
Long inheritsFrom = acl.getInheritsFrom();
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
else
{
// TODO: could just cear out existing
@SuppressWarnings("unused")
Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
// Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
break;
case FIXED:
throw new IllegalStateException("Delete not supported for fixed permissions");
case GLOBAL:
throw new IllegalStateException("Delete not supported for global permissions");
case SHARED:
// nothing to do
return;
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + acl.getAclType());
}
}
}

44
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

@@ -96,6 +96,50 @@ public class PermissionServiceTest extends AbstractPermissionTest
allowAndyReadChildren = new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED);
}
public void testDelete()
{
runAs("admin");
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), ContentModel.TYPE_FOLDER).getChildRef();
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(0, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
permissionService.deletePermissions(n2);
permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n2);
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.WRITE), "andy", AccessStatus.ALLOWED));
assertEquals(1, permissionService.getAllSetPermissions(n1).size());
assertEquals(2, permissionService.getAllSetPermissions(n2).size());
permissionService.deletePermissions(n1);
assertEquals(0, permissionService.getAllSetPermissions(n1).size());
assertEquals(1, permissionService.getAllSetPermissions(n2).size());
}
public void test_AR_2055()
{
runAs("admin");