RM-452: RM seurity context will break core Alfresco if Alfresco's public services change

* ensure the '*' definition is at the end of the updated value * add missing method definitions git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@42897 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2012-10-20 02:17:49 +00:00
parent d016261614
commit 6b674b414e
3 changed files with 41 additions and 7 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
@@ -49,6 +49,7 @@ rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getChildAssocs
 rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getNodeRef=RM.Read.0
 rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.getChildAssocsByPropertyValue=RM.Read.0,AFTER_RM.FilterNode 
 rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.countChildAssocs=RM.Read.0
+rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.setAssociations=RM_ALLOW
 rm.methodsecurity.org.alfresco.service.cmr.repository.NodeService.*=RM_DENY 

 ## File Folder Service
@@ -175,6 +176,7 @@ rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermiss
 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0
 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW 
 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0 
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getReaders=RM_ALLOW
 rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY 

 # Ownable Service
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RMMethodSecurityPostProcessor.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RMMethodSecurityPostProcessor.java
@@ -144,6 +144,7 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
    private String merge(String beanStringValue) 
    {
        Map<String, String> map = convertToMap(beanStringValue);
+        String allString = null;
        
        for (Map.Entry<String, String> entry : map.entrySet())
        {
@@ -151,7 +152,14 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
            String propKey = PROPERTY_PREFIX + key;
            if (properties.containsKey(propKey) == true)
            {
-                map.put(key, entry.getValue() + "," + properties.getProperty(propKey));
+                if (propKey.endsWith("*") == true)
+                {   
+                    allString = key + "=" + entry.getValue() + "," + properties.getProperty(propKey);
+                }
+                else
+                {    
+                    map.put(key, entry.getValue() + "," + properties.getProperty(propKey));
+                }
            }
            else
            {
@@ -162,7 +170,12 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
            }
        }
        
-        return convertToString(map);
+        String result = convertToString(map);
+        if (allString != null)
+        {
+            result = result + allString;
+        }
+        return result;
    }
    
    /**
@@ -190,7 +203,10 @@ public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
        StringBuffer buffer = new StringBuffer(256);
        for (Map.Entry<String, String> entry : map.entrySet())
        {
-            buffer.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");            
+            if (entry.getKey().endsWith("*") == false)
+            {
+                buffer.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
+            }
        }    
        
        return buffer.toString();
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/security/MethodSecurityTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/security/MethodSecurityTest.java
@@ -18,11 +18,8 @@
 */
 package org.alfresco.module.org_alfresco_module_rm.test.security;

-import java.net.URL;
-
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
-import org.apache.log4j.PropertyConfigurator;

 /**
 * Tests method level security of core alfresco services.
@@ -78,4 +75,23 @@ public class MethodSecurityTest extends BaseRMTestCase implements RMPermissionMo
            
        }, rmUserName);
    }
+    
+    // TODO helper test that can be uncommented and used to show that methods that don't  have
+    //      security definitions are defaulting to RM_DENY
+//    public void testMissingMethodSecurity()
+//    {
+//        doTestInTransaction(new FailureTest
+//        (
+//                "Should be denied since method level security is missing."
+//        )
+//        {
+//            @Override
+//            public void run()
+//            {
+//                ((LockService)applicationContext.getBean("LockService")).getLockStatus(rmContainer);              
+//            }
+//            
+//        }, rmAdminName);
+//        
+//    }
 }