inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1644 (Possible to create "report" records and copy records without Create Record capability)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@96905 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2015-02-12 11:08:43 +00:00
parent c5d9f3c43f
commit 798d7f7cb9
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -80,10 +80,6 @@ public class CreateCapability extends DeclarativeCapability
*/ */
public int evaluate(NodeRef destination, NodeRef linkee, QName assocType) public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
{ {
//if the user doesn't have Create Record capability deny access
if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
return AccessDecisionVoter.ACCESS_DENIED;
if (linkee != null) if (linkee != null)
{ {
int state = checkRead(linkee, true); int state = checkRead(linkee, true);
@@ -98,7 +94,7 @@ public class CreateCapability extends DeclarativeCapability
{ {
if (linkee == null) if (linkee == null)
{ {
if (recordService.isRecord(destination) && if (recordService.isRecord(destination) &&
!recordService.isDeclared(destination) && !recordService.isDeclared(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{ {
@@ -124,14 +120,14 @@ public class CreateCapability extends DeclarativeCapability
conditions.put("capabilityCondition.frozen", Boolean.FALSE); conditions.put("capabilityCondition.frozen", Boolean.FALSE);
conditions.put("capabilityCondition.closed", Boolean.FALSE); conditions.put("capabilityCondition.closed", Boolean.FALSE);
conditions.put("capabilityCondition.cutoff", Boolean.FALSE); conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
// if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record // if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
!recordFolderService.isRecordFolder(destination) ) !recordFolderService.isRecordFolder(destination) )
{ {
return AccessDecisionVoter.ACCESS_GRANTED; return AccessDecisionVoter.ACCESS_GRANTED;
} }
if (checkConditions(destination, conditions) && if (checkConditions(destination, conditions) &&
recordFolderService.isRecordFolder(destination) && recordFolderService.isRecordFolder(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)