diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml index 15c74fc114..cc7b91c8de 100644 --- a/config/alfresco/public-services-security-context.xml +++ b/config/alfresco/public-services-security-context.xml @@ -680,10 +680,6 @@ org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=ACL_NODE.0.sys:base.ChangePermissions org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=ACL_ALLOW org.alfresco.service.cmr.security.PermissionService.clearPermission=ACL_NODE.0.sys:base.ChangePermissions - org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermission=ACL_METHOD.ROLE_ADMINISTRATOR - org.alfresco.service.cmr.security.PermissionService.findNodesByAssignedPermissionForCurrentUser=ACL_ALLOW - org.alfresco.service.cmr.security.PermissionService.getAllSetPermissionsForAuthority=ACL_METHOD.ROLE_ADMINISTRATOR - org.alfresco.service.cmr.security.PermissionService.getAllSetPermissionsForCurrentUser=ACL_ALLOW org.alfresco.service.cmr.security.PermissionService.*=ACL_DENY diff --git a/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java index fbef544a46..a4f4f4b364 100644 --- a/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java +++ b/source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java @@ -22,7 +22,6 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.repo.domain.AccessControlListDAO; import org.alfresco.repo.domain.DbAccessControlList; @@ -45,18 +44,17 @@ import org.alfresco.repo.transaction.TransactionalDao; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.security.AccessPermission; import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.util.GUID; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** - * Common suppot for permisisons dao + * Common support for permissions DAO * - * Sub classes deteremine how ACLs are cascaded to children and how changes may COW/version children as ACLs are pushed down. + * Sub classes determine how ACLs are cascaded to children and how changes may COW/version children as ACLs are pushed down. * - * TODO: remove the protocol to dao mapping + * TODO: remove the protocol to DAO mapping * * @author andyh * @@ -254,16 +252,6 @@ public abstract class AbstractPermissionsDaoComponentImpl implements Permissions return npe; } - @SuppressWarnings("unchecked") - public Map> getAllSetPermissions(final String authority) - { - throw new UnsupportedOperationException(); - } - - public Set findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow) - { - throw new UnsupportedOperationException(); - } // Utility methods to create simple detached objects for the outside world // We do not pass out the hibernate objects diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java index 6499eff270..a532cc91cf 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java @@ -1833,56 +1833,6 @@ public class PermissionServiceImpl extends AbstractLifecycleBean implements Perm return value; } } - - public Map> getAllSetPermissionsForCurrentUser() - { - String currentUser = AuthenticationUtil.getRunAsUser(); - return getAllSetPermissionsForAuthority(currentUser); - } - - public Map> getAllSetPermissionsForAuthority(String authority) - { - return permissionsDaoComponent.getAllSetPermissions(authority); - } - - public Set findNodesByAssignedPermissionForCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, boolean exactPermissionMatch) - { - String currentUser = AuthenticationUtil.getRunAsUser(); - return findNodesByAssignedPermission(currentUser, permission, allow, includeContainingAuthorities, exactPermissionMatch); - } - - public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, boolean includeContainingAuthorities, boolean includeContainingPermissions) - { - // TODO: owned nodes and add owner rights ?? - // Does not include dynamic permissions (they would have to be done by query - e.g. owership and OWNER rights) - // Does not include ACEGI auth object authorities - Set authorities = new HashSet(); - authorities.add(authority); - if (includeContainingAuthorities) - { - authorities.addAll(authorityService.getAuthoritiesForUser(authority)); - } - - HashSet answer = new HashSet(); - - PermissionReference pr = getPermissionReference(permission); - Set permissions = new HashSet(); - permissions.add(pr); - - if (includeContainingPermissions) - { - permissions.addAll(modelDAO.getGrantingPermissions(pr)); - } - - for (PermissionReference perm : permissions) - { - for (String auth : authorities) - { - answer.addAll(permissionsDaoComponent.findNodeByPermission(auth, perm, allow)); - } - } - return answer; - } /** * This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store) diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java index ffbb85533f..70c8a38bc3 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java @@ -107,26 +107,6 @@ public interface PermissionsDaoComponent */ public boolean getInheritParentPermissions(NodeRef nodeRef); - /** - * Get all the permissions set for the given authority - * - * @return - the permissions set on all nodes for the given authority. - */ - public Map> getAllSetPermissions(String authority); - - /** - * Find nodes which have the given permisson for the given authority - * - * @param authority - - * the authority to match - * @param permission - - * the permission to match - * @param allow - - * true to match allow, false to match deny - * @return - the set of matching nodes - */ - public Set findNodeByPermission(String authority, PermissionReference permission, boolean allow); - /** * Delete entries from a permission mask on a store by authority */ diff --git a/source/java/org/alfresco/service/cmr/security/PermissionService.java b/source/java/org/alfresco/service/cmr/security/PermissionService.java index a78b21ec70..9e94e028be 100644 --- a/source/java/org/alfresco/service/cmr/security/PermissionService.java +++ b/source/java/org/alfresco/service/cmr/security/PermissionService.java @@ -311,63 +311,7 @@ public interface PermissionService @Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" }) public boolean getInheritParentPermissions(NodeRef nodeRef); - /** - * Get all permissions set for the current user. - * - * @return - A map of noderefs to permissions set - * @deprecated - */ - @Auditable - public Map> getAllSetPermissionsForCurrentUser(); - - /** - * Get all the permissions set for the given authority - * - * @param authority - * @return - A map of noderefs to permissions set - * @deprecated - */ - @Auditable(parameters = { "authority" }) - public Map> getAllSetPermissionsForAuthority(String authority); - - /** - * Find all the nodes where the current user has explicitly been assigned the specified permission. - * - * @param permission - - * the permission to find - * @param allow - * -search for allow (true) or deny - * @param includeContainingAuthorities - - * include permissions for authorities that contain the current user in the list - * @param includeContainingPermissions - - * true; do an exact match: false; search for any permission that woudl imply the one given - * @return - the set of nodes where the user is assigned the permission - * @deprecated - */ - @Auditable(parameters = { "permission", "allow", "includeContainingAuthorities", "includeContainingPermissions" }) - public Set findNodesByAssignedPermissionForCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities, - boolean includeContainingPermissions); - - /** - * Find all the nodes where the current user has explicitly been assigned the specified permission. - * - * @param permission - - * the permission to find - * @param allow - * -search for allow (true) or deny - * @param includeContainingAuthorities - - * include permissions for authorities that contain the current user in the list - * @param exactPermissionMatch - - * true; do an exact match: false; search for any permission that woudl imply the one given - * @return - the set of nodes where the user is assigned the permission - * @deprecated - */ - @Auditable(parameters = { "authority", "permission", "allow", "includeContainingAuthorities", - "exactPermissionMatch" }) - public Set findNodesByAssignedPermission(String authority, String permission, boolean allow, - boolean includeContainingAuthorities, boolean exactPermissionMatch); - - + /** * Add a permission mask to a store *