mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Fix for ALF-2609: CMIS ACL mapping improvements
- missing changes to the permission model git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20052 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -159,4 +159,11 @@ public interface ModelDAO
|
||||
*/
|
||||
public Set<PermissionReference> getAllPermissions();
|
||||
|
||||
/**
|
||||
* Does this permission allow full control?
|
||||
* @param permissionReference
|
||||
* @return
|
||||
*/
|
||||
public boolean hasFull(PermissionReference permissionReference);
|
||||
|
||||
}
|
||||
|
||||
@@ -167,7 +167,6 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the {@link #setModel(String) model}.
|
||||
*/
|
||||
@@ -520,9 +519,9 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
|
||||
public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference)
|
||||
{
|
||||
if(permissionReference == null)
|
||||
if (permissionReference == null)
|
||||
{
|
||||
return Collections.<PermissionReference>emptySet();
|
||||
return Collections.<PermissionReference> emptySet();
|
||||
}
|
||||
// Cache the results
|
||||
Set<PermissionReference> granters = grantingPermissions.get(permissionReference);
|
||||
@@ -602,9 +601,9 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
|
||||
public synchronized Set<PermissionReference> getGranteePermissions(PermissionReference permissionReference)
|
||||
{
|
||||
if(permissionReference == null)
|
||||
if (permissionReference == null)
|
||||
{
|
||||
return Collections.<PermissionReference>emptySet();
|
||||
return Collections.<PermissionReference> emptySet();
|
||||
}
|
||||
// Cache the results
|
||||
Set<PermissionReference> grantees = granteePermissions.get(permissionReference);
|
||||
@@ -1054,12 +1053,14 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
|
||||
private ConcurrentHashMap<RequiredKey, Set<PermissionReference>> requiredPermissionsCache = new ConcurrentHashMap<RequiredKey, Set<PermissionReference>>(1024);
|
||||
|
||||
private PermissionGroup group;
|
||||
|
||||
public Set<PermissionReference> getRequiredPermissions(PermissionReference required, QName qName, Set<QName> aspectQNames, RequiredPermission.On on)
|
||||
{
|
||||
// Cache lookup as this is static
|
||||
if((required == null) || (qName == null))
|
||||
if ((required == null) || (qName == null))
|
||||
{
|
||||
return Collections.<PermissionReference>emptySet();
|
||||
return Collections.<PermissionReference> emptySet();
|
||||
}
|
||||
|
||||
RequiredKey key = generateKey(required, qName, aspectQNames, on);
|
||||
@@ -1325,7 +1326,8 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.permissions.impl.ModelDAO#getAllExposedPermissions()
|
||||
*/
|
||||
public Set<PermissionReference> getAllExposedPermissions()
|
||||
@@ -1335,14 +1337,14 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
{
|
||||
for (PermissionGroup pg : ps.getPermissionGroups())
|
||||
{
|
||||
if(pg.isExposed())
|
||||
if (pg.isExposed())
|
||||
{
|
||||
permissions.add(SimplePermissionReference.getPermissionReference(pg.getQName(), pg.getName()));
|
||||
}
|
||||
}
|
||||
for (Permission p : ps.getPermissions())
|
||||
{
|
||||
if(p.isExposed())
|
||||
if (p.isExposed())
|
||||
{
|
||||
permissions.add(SimplePermissionReference.getPermissionReference(p.getQName(), p.getName()));
|
||||
}
|
||||
@@ -1351,4 +1353,66 @@ public class PermissionModel extends AbstractLifecycleBean implements ModelDAO
|
||||
return permissions;
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @seeorg.alfresco.repo.security.permissions.impl.ModelDAO#hasFull(org.alfresco.repo.security.permissions.
|
||||
* PermissionReference)
|
||||
*/
|
||||
private static PermissionReference ALL = SimplePermissionReference.getPermissionReference(QName.createQName(NamespaceService.SECURITY_MODEL_1_0_URI,
|
||||
PermissionService.ALL_PERMISSIONS), PermissionService.ALL_PERMISSIONS);
|
||||
|
||||
public boolean hasFull(PermissionReference permissionReference)
|
||||
{
|
||||
if (permissionReference == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if(permissionReference.equals(ALL))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
group = getPermissionGroupOrNull(permissionReference);
|
||||
if (group == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (group.isAllowFullControl())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(group.isExtends())
|
||||
{
|
||||
if (group.getTypeQName() != null)
|
||||
{
|
||||
return hasFull(SimplePermissionReference.getPermissionReference(group.getTypeQName(), group.getName()));
|
||||
}
|
||||
else
|
||||
{
|
||||
ClassDefinition classDefinition = dictionaryService.getClass(group.getQName());
|
||||
QName parent;
|
||||
while ((parent = classDefinition.getParentName()) != null)
|
||||
{
|
||||
classDefinition = dictionaryService.getClass(parent);
|
||||
PermissionGroup attempt = getPermissionGroupOrNull(SimplePermissionReference.getPermissionReference(parent, group.getName()));
|
||||
if ((attempt != null) && (attempt.isAllowFullControl()))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user