Merge BRANCHES/V2.1.0.x to BRANCHES/V2.2:

68559: Change base Alfresco version from 4.2.0-RC4 to 4.2.0
   68568: Merge from HEAD to BRANCHES/V2.1.0.x
   68569: Update module version to 2.1.0.1
   76475: Merge HEAD to BRANCHES/V2.1.0.x:
   76597: Merge HEAD to BRANCHES/V2.1.0.x:
       74932: RM-1461: CLONE - RM slower then standard repo/sites when rendering document details when folder contains 15k documents
   76598: Merged HEAD to BRANCHES/V2.1.0.x:
        75102: RM Performance testing
   76599: Update module version to 2.1.0.2
   76601: Merged HEAD to BRANCHES/V2.1.0.x:
        75186: RM Performance Improvements
   76673: Root container cache to improve unfiled record browse performance
       * relates to RM-1594 and RM-1595
   76850: RM performance enhancements
       * serach improvements
       * in-place record browse improvements
       * saved search via file plan browse improvements
   76851: Additional unit test to check extended security with cache is working as expected.
   76852: Rollback checked in config
   77709: RM-1630: Error on manage references page
       * regression caused by performance improvements
   84337: Update version to 2.1.0.3
   84421: Transaction level cahcing of declarative capability evaluation
   84676: Fix build
   84677: Prevent unnessary repeated creation of QName
   84678: Improvements to extended dynamic authorities
       * requiredFor set
       * direct access to extended permission information, not via service
   84679: Correct requiredFor value
   88087: RM-1661 (Performance on setting permissions at a high category level)
   88092: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests
   88144: RM-1661 (Performance on setting permissions at a high category level)
   88182: RM-1724 (Inheritance is not off for root categories, unfiled records, holds and transfers)
   88192: RM-1661 (Performance on setting permissions at a high category level)
        * Added unit tests
   88193: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests
   88358: RM-1661 (Performance on setting permissions at a high category level)
        * Added unit tests
   88685: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
   88686: RM-1741 (Moved root category doesn't inherit permissions)
   88687: RM-1741 (Moved root category doesn't inherit permissions)
        * Unit test added
   88688: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
        * Unit test added
   88691: RM-1745 (RM Admin role can only be added with read permission on the manage permission page)
   88772: RM-1741 (Moved root category doesn't inherit permissions)
   88860: RM-1661 (Performance on setting permissions at a high category level)
   88864: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests
   88959: RM-1746 (Moved record/category always have the inheritance on)
   88960: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests
   88961: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests
   88962: RM-1661 (Performance on setting permissions at a high category level)
        * Fixed failing unit tests

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.2@89251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java

@@ -18,18 +18,26 @@
  */
 package org.alfresco.repo.security.permissions.impl;
 
+import static org.apache.commons.lang.StringUtils.isNotBlank;
+
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.repo.cache.SimpleCache;
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.AuthorityType;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.util.PropertyCheck;
 import org.springframework.context.ApplicationEvent;
@@ -48,6 +56,29 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
 	/** Writers simple cache */
     protected SimpleCache<Serializable, Set<String>> writersCache;
 
+    /** File plan service */
+    private FilePlanService filePlanService;
+
+    /**
+     * Gets the file plan service
+     *
+     * @return the filePlanService
+     */
+    public FilePlanService getFilePlanService()
+    {
+        return this.filePlanService;
+    }
+
+    /**
+     * Sets the file plan service
+     *
+     * @param filePlanService the filePlanService to set
+     */
+    public void setFilePlanService(FilePlanService filePlanService)
+    {
+        this.filePlanService = filePlanService;
+    }
+
     /**
      * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
      */
@@ -87,15 +118,15 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
     public AccessStatus hasPermission(NodeRef nodeRef, String perm)
     {
         AccessStatus acs = super.hasPermission(nodeRef, perm);
-        if (AccessStatus.DENIED.equals(acs) &&
-            PermissionService.READ.equals(perm) &&
-            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+        if (AccessStatus.DENIED.equals(acs) == true &&
+            PermissionService.READ.equals(perm) == true &&
+            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
         {
             return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
         }
-        else if (AccessStatus.DENIED.equals(acs) &&
-                 PermissionService.WRITE.equals(perm) &&
-                 nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+        else if (AccessStatus.DENIED.equals(acs) == true &&
+                 PermissionService.WRITE.equals(perm) == true &&
+                 nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
         {
             return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
         }
@@ -263,4 +294,50 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
         writersCache.put((Serializable)acl.getProperties(), aclWriters);
         return aclWriters;
     }
+
+    /**
+     * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)
+     */
+    @Override
+    public void setInheritParentPermissions(final NodeRef nodeRef, boolean inheritParentPermissions)
+    {
+        final String adminRole = getAdminRole(nodeRef);
+        if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && isNotBlank(adminRole))
+        {
+            if (inheritParentPermissions)
+            {
+                Set<AccessPermission> accessPermissions = getAllSetPermissions(nodeRef);
+                for (AccessPermission accessPermission : accessPermissions)
+                {
+                    String authority = accessPermission.getAuthority();
+                    String permission = accessPermission.getPermission();
+                    if (accessPermission.isSetDirectly() &&
+                            (RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
+                            (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) || ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority)) || adminRole.equals(authority))
+                    {
+                        // FIXME!!!
+                        //deletePermission(nodeRef, authority, permission);
+                    }
+                }
+            }
+            else
+            {
+                setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
+                setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
+                setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
+            }
+        }
+        super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+    }
+
+    private String getAdminRole(NodeRef nodeRef)
+    {
+        String adminRole = null;
+        NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
+        if (filePlan != null)
+        {
+            adminRole = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
+        }
+        return adminRole;
+    }
 }