Merge branch 'feature/RM-7063_UserWithNoReadCanSeeAudit' into 'master'

RM-7063: User with no Read on active content can see Add To Hold/Remove From Hold audit entries Closes RM-7063 See merge request records-management/records-management!1312
2025-07-31 17:39:05 +00:00 · 2019-11-28 11:04:15 +00:00
parent 81ab6da25d 26ed36d312
commit 6249537356
2 changed files with 16 additions and 3 deletions
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -940,6 +940,7 @@
        <property name="filePlanService" ref="FilePlanService" />
        <property name="namespaceService" ref="NamespaceService" />
        <property name="capabilityService" ref="CapabilityService" />
+        <property name="permissionService" ref="PermissionService" />
        <property name="ignoredAuditProperties">
            <list>
                <value>cm:lastThumbnailModification</value>
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java
@@ -81,6 +81,7 @@ import org.alfresco.service.cmr.repository.MLText;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.site.SiteInfo;
 import org.alfresco.service.cmr.site.SiteService;
 import org.alfresco.service.namespace.NamespaceService;
@@ -205,6 +206,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
    private FilePlanService filePlanService;
    private NamespaceService namespaceService;
    protected CapabilityService capabilityService;
+    protected PermissionService permissionService;

    private boolean shutdown = false;

@@ -321,6 +323,15 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
        this.ignoredAuditProperties = ignoredAuditProperties;
    }

+    /**
+     *
+     * @param permissionService
+     */
+    public void setPermissionService(PermissionService permissionService)
+    {
+        this.permissionService = permissionService;
+    }
+
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService#registerAuditEvent(java.lang.String, java.lang.String)
     */
@@ -987,9 +998,10 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
                }

                if (nodeRef != null && nodeService.exists(nodeRef) &&
-                        filePlanService.isFilePlanComponent(nodeRef) &&
-                        !AccessStatus.ALLOWED.equals(
-                                capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY)))
+                        ((filePlanService.isFilePlanComponent(nodeRef) &&
+                                !AccessStatus.ALLOWED.equals(
+                                        capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY)))
+                                || (!AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.READ)))))
                {
                    return true;
                }