From 26ed36d3127568640d452f38433ed668f8ae4715 Mon Sep 17 00:00:00 2001 From: Ramona Popa Date: Thu, 28 Nov 2019 11:04:15 +0000 Subject: [PATCH] RM-7063: User with no Read on active content can see Add To Hold/Remove From Hold audit entries - filter entries based on READ permissions too --- .../rm-service-context.xml | 1 + .../RecordsManagementAuditServiceImpl.java | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index a6bb75c2c1..ccaba88ffc 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -940,6 +940,7 @@ + cm:lastThumbnailModification diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java index 692b63ffe6..770d05d3b1 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java @@ -81,6 +81,7 @@ import org.alfresco.service.cmr.repository.MLText; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.site.SiteInfo; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.namespace.NamespaceService; @@ -205,6 +206,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean private FilePlanService filePlanService; private NamespaceService namespaceService; protected CapabilityService capabilityService; + protected PermissionService permissionService; private boolean shutdown = false; @@ -321,6 +323,15 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean this.ignoredAuditProperties = ignoredAuditProperties; } + /** + * + * @param permissionService + */ + public void setPermissionService(PermissionService permissionService) + { + this.permissionService = permissionService; + } + /** * @see org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService#registerAuditEvent(java.lang.String, java.lang.String) */ @@ -987,9 +998,10 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean } if (nodeRef != null && nodeService.exists(nodeRef) && - filePlanService.isFilePlanComponent(nodeRef) && - !AccessStatus.ALLOWED.equals( - capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) + ((filePlanService.isFilePlanComponent(nodeRef) && + !AccessStatus.ALLOWED.equals( + capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) + || (!AccessStatus.ALLOWED.equals(permissionService.hasPermission(nodeRef, PermissionService.READ))))) { return true; }