mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-452: RM seurity context will break core Alfresco if Alfresco's public services change
* ensure the '*' definition is at the end of the updated value * add missing method definitions git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@42897 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -49,6 +49,7 @@ rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getChildAssocs
|
|||||||
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getNodeRef=RM.Read.0
|
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getNodeRef=RM.Read.0
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getChildAssocsByPropertyValue=RM.Read.0,AFTER_RM.FilterNode
|
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getChildAssocsByPropertyValue=RM.Read.0,AFTER_RM.FilterNode
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.countChildAssocs=RM.Read.0
|
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.countChildAssocs=RM.Read.0
|
||||||
|
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.setAssociations=RM_ALLOW
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.*=RM_DENY
|
rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.*=RM_DENY
|
||||||
|
|
||||||
## File Folder Service
|
## File Folder Service
|
||||||
@@ -175,6 +176,7 @@ rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermiss
|
|||||||
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0
|
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW
|
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0
|
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0
|
||||||
|
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getReaders=RM_ALLOW
|
||||||
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY
|
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY
|
||||||
|
|
||||||
# Ownable Service
|
# Ownable Service
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
|
|||||||
PropertyValue beanValue = beanDef.getPropertyValues().getPropertyValue(PROP_OBJECT_DEFINITION_SOURCE);
|
PropertyValue beanValue = beanDef.getPropertyValues().getPropertyValue(PROP_OBJECT_DEFINITION_SOURCE);
|
||||||
String beanStringValue = (String)((TypedStringValue)beanValue.getValue()).getValue();
|
String beanStringValue = (String)((TypedStringValue)beanValue.getValue()).getValue();
|
||||||
String mergedStringValue = merge(beanStringValue);
|
String mergedStringValue = merge(beanStringValue);
|
||||||
beanDef.getPropertyValues().addPropertyValue(PROP_OBJECT_DEFINITION_SOURCE, new TypedStringValue(mergedStringValue));
|
beanDef.getPropertyValues().addPropertyValue(PROP_OBJECT_DEFINITION_SOURCE, new TypedStringValue(mergedStringValue));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -144,6 +144,7 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
|
|||||||
private String merge(String beanStringValue)
|
private String merge(String beanStringValue)
|
||||||
{
|
{
|
||||||
Map<String, String> map = convertToMap(beanStringValue);
|
Map<String, String> map = convertToMap(beanStringValue);
|
||||||
|
String allString = null;
|
||||||
|
|
||||||
for (Map.Entry<String, String> entry : map.entrySet())
|
for (Map.Entry<String, String> entry : map.entrySet())
|
||||||
{
|
{
|
||||||
@@ -151,7 +152,14 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
|
|||||||
String propKey = PROPERTY_PREFIX + key;
|
String propKey = PROPERTY_PREFIX + key;
|
||||||
if (properties.containsKey(propKey) == true)
|
if (properties.containsKey(propKey) == true)
|
||||||
{
|
{
|
||||||
map.put(key, entry.getValue() + "," + properties.getProperty(propKey));
|
if (propKey.endsWith("*") == true)
|
||||||
|
{
|
||||||
|
allString = key + "=" + entry.getValue() + "," + properties.getProperty(propKey);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
map.put(key, entry.getValue() + "," + properties.getProperty(propKey));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -162,7 +170,12 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return convertToString(map);
|
String result = convertToString(map);
|
||||||
|
if (allString != null)
|
||||||
|
{
|
||||||
|
result = result + allString;
|
||||||
|
}
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -190,7 +203,10 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
|
|||||||
StringBuffer buffer = new StringBuffer(256);
|
StringBuffer buffer = new StringBuffer(256);
|
||||||
for (Map.Entry<String, String> entry : map.entrySet())
|
for (Map.Entry<String, String> entry : map.entrySet())
|
||||||
{
|
{
|
||||||
buffer.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
|
if (entry.getKey().endsWith("*") == false)
|
||||||
|
{
|
||||||
|
buffer.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return buffer.toString();
|
return buffer.toString();
|
||||||
|
|||||||
@@ -18,11 +18,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.alfresco.module.org_alfresco_module_rm.test.security;
|
package org.alfresco.module.org_alfresco_module_rm.test.security;
|
||||||
|
|
||||||
import java.net.URL;
|
|
||||||
|
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||||
import org.apache.log4j.PropertyConfigurator;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests method level security of core alfresco services.
|
* Tests method level security of core alfresco services.
|
||||||
@@ -78,4 +75,23 @@ public class MethodSecurityTest extends BaseRMTestCase implements RMPermissionMo
|
|||||||
|
|
||||||
}, rmUserName);
|
}, rmUserName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO helper test that can be uncommented and used to show that methods that don't have
|
||||||
|
// security definitions are defaulting to RM_DENY
|
||||||
|
// public void testMissingMethodSecurity()
|
||||||
|
// {
|
||||||
|
// doTestInTransaction(new FailureTest
|
||||||
|
// (
|
||||||
|
// "Should be denied since method level security is missing."
|
||||||
|
// )
|
||||||
|
// {
|
||||||
|
// @Override
|
||||||
|
// public void run()
|
||||||
|
// {
|
||||||
|
// ((LockService)applicationContext.getBean("LockService")).getLockStatus(rmContainer);
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// }, rmAdminName);
|
||||||
|
//
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user