inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-2388 (User without any clearance should not see the classify action)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@108131 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2015-07-10 15:50:55 +00:00
parent d011b7ec0a
commit 6a8eeda795
6 changed files with 89 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceService.java
View File

@@ -74,4 +74,19 @@ public interface SecurityClearanceService
* and therefore access to the most restricted documents).
*/
List<ClearanceLevel> getClearanceLevels();
/**
* Checks if the current user has any clearance set
*
* @return <code>true</code> if the current user has a clearance set different than "No Clearance", <code>false</code> otherwise
*/
boolean hasCurrentUserClearance();
/**
* Checks if the user with the given id has any clearance set
*
* @param userId {@link String} The user id
* @return <code>true</code> if the user with the given id has a clearance set different than "No Clearance", <code>false</code> otherwise
*/
boolean hasUserClearance(String userId);
}

30
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java
View File

@@ -18,8 +18,10 @@
*/
package org.alfresco.module.org_alfresco_module_rm.classification;
import static org.alfresco.module.org_alfresco_module_rm.classification.ClearanceLevelManager.NO_CLEARANCE;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.ASPECT_SECURITY_CLEARANCE;
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
import static org.alfresco.module.org_alfresco_module_rm.util.RMParameterCheck.checkNotBlank;
import java.util.ArrayList;
import java.util.Collections;
@@ -202,4 +204,32 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
List<ClearanceLevel> subList = allLevels.subList(targetIndex, allLevels.size());
return Collections.unmodifiableList(subList);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasCurrentUserClearance()
*/
@Override
public boolean hasCurrentUserClearance()
{
return hasUserClearance(authenticationUtil.getRunAsUser());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService#hasUserClearance(java.lang.String)
*/
@Override
public boolean hasUserClearance(String userId)
{
checkNotBlank("userId", userId);
boolean hasUserClearance = false;
ClearanceLevel userCleranceLevel = getUserSecurityClearance(userId).getClearanceLevel();
if (userCleranceLevel != null && userCleranceLevel != NO_CLEARANCE)
{
hasUserClearance = true;
}
return hasUserClearance;
}
}

16
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/JSONConversionComponent.java
View File

@@ -30,6 +30,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
import org.alfresco.module.org_alfresco_module_rm.classification.SecurityClearanceService;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
@@ -70,6 +71,7 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
private static final String IS_RECORD_CONTRIBUTOR_GROUP_ENABLED = "isRecordContributorGroupEnabled";
private static final String RECORD_CONTRIBUTOR_GROUP_NAME = "recordContributorGroupName";
public static final String IS_CLASSIFIED = "isClassified";
private static final String HAS_CURRENT_USER_CLEARANCE = "hasCurrentUserClearance";
/** true if record contributor group is enabled, false otherwise */
private boolean isRecordContributorsGroupEnabled = false;
@@ -95,6 +97,9 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
/** Content classification service */
private ContentClassificationService contentClassificationService;
/** Security clearance service */
private SecurityClearanceService securityClearanceService;
/** Indicators */
private List<BaseEvaluator> indicators = new ArrayList<BaseEvaluator>();
@@ -174,6 +179,14 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
this.contentClassificationService = contentClassificationService;
}
/**
* @param securityClearanceService the securityClearanceService to set
*/
public void setSecurityClearanceService(SecurityClearanceService securityClearanceService)
{
this.securityClearanceService = securityClearanceService;
}
/**
* @param indicator registered indicator
*/
@@ -260,6 +273,9 @@ public class JSONConversionComponent extends org.alfresco.repo.jscript.app.JS
// Is the node classified
rootJSONObject.put(IS_CLASSIFIED, contentClassificationService.isClassified(nodeRef));
// Has current user clearance
rootJSONObject.put(HAS_CURRENT_USER_CLEARANCE, securityClearanceService.hasCurrentUserClearance());
if (AccessStatus.ALLOWED.equals(capabilityService.getCapabilityAccessState(nodeRef, ViewRecordsCapability.NAME)))
{
// Indicate whether the node is a RM object or not