inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged up to HEAD.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3129 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-06-16 19:18:30 +00:00
parent 936f6d7021
commit 7f79a2a498
118 changed files with 14354 additions and 843 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

@@ -32,12 +32,16 @@ import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.repo.security.authority.AuthorityDAO;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.GUID;
@@ -86,6 +90,8 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
private QName viewIdRef;
private AuthorityDAO authorityDAO;
public LDAPGroupExportSource()
{
super();
@@ -141,6 +147,11 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
this.errorOnMissingMembers = errorOnMissingMembers;
}
public void setAuthorityDAO(AuthorityDAO authorityDAO)
{
this.authorityDAO = authorityDAO;
}
public void generateExport(XMLWriter writer)
{
HashSet<Group> rootGroups = new HashSet<Group>();
@@ -222,7 +233,8 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
String toId = lookup.get(sl.to).guid;
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(viewIdRef.getNamespaceURI(), viewIdRef.getLocalName(), viewIdRef.toPrefixString(), null, fromId);
attrs.addAttribute(viewIdRef.getNamespaceURI(), viewIdRef.getLocalName(), viewIdRef.toPrefixString(), null,
fromId);
writer.startElement(viewRef.getNamespaceURI(), viewRef.getLocalName(),
viewRef.toPrefixString(namespaceService), attrs);
@@ -234,7 +246,8 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
ContentModel.ASSOC_MEMBER.toPrefixString(namespaceService), new AttributesImpl());
AttributesImpl attrsRef = new AttributesImpl();
attrsRef.addAttribute(viewIdRef.getNamespaceURI(), viewIdRef.getLocalName(), viewIdRef.toPrefixString(), null, toId);
attrsRef.addAttribute(viewIdRef.getNamespaceURI(), viewIdRef.getLocalName(), viewIdRef.toPrefixString(), null,
toId);
attrsRef.addAttribute(childQName.getNamespaceURI(), childQName.getLocalName(), childQName.toPrefixString(),
null, QName.createQName(ContentModel.USER_MODEL_URI, sl.to).toPrefixString(namespaceService));
@@ -255,13 +268,13 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
private void addRootGroup(HashMap<String, Group> lookup, Group group, XMLWriter writer) throws SAXException
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, QName.createQName(ContentModel.USER_MODEL_URI, group.gid).toPrefixString(
namespaceService));
attrs.addAttribute(viewId.getNamespaceURI(), viewId.getLocalName(), viewId
.toPrefixString(), null, group.guid);
attrs.addAttribute(viewId.getNamespaceURI(), viewId.getLocalName(), viewId.toPrefixString(), null, group.guid);
writer.startElement(ContentModel.TYPE_AUTHORITY_CONTAINER.getNamespaceURI(),
ContentModel.TYPE_AUTHORITY_CONTAINER.getLocalName(), ContentModel.TYPE_AUTHORITY_CONTAINER
@@ -301,6 +314,23 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
addgroup(lookup, child, writer);
}
if ((authorityDAO != null ) && authorityDAO.authorityExists(group.gid))
{
NodeRef authNodeRef = authorityDAO.getAuthorityNodeRefOrNull(group.gid);
if (authNodeRef != null)
{
String uguid = authorityDAO.getAuthorityNodeRefOrNull(group.gid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
}
writer.endElement(ContentModel.TYPE_AUTHORITY_CONTAINER.getNamespaceURI(),
ContentModel.TYPE_AUTHORITY_CONTAINER.getLocalName(), ContentModel.TYPE_AUTHORITY_CONTAINER
.toPrefixString(namespaceService));
@@ -337,9 +367,10 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute gidAttribute = attributes.get(groupIdAttributeName);
if(gidAttribute == null)
if (gidAttribute == null)
{
throw new ExportSourceImporterException("Group returned by group search does not have mandatory group id attribute "+attributes);
throw new ExportSourceImporterException(
"Group returned by group search does not have mandatory group id attribute " + attributes);
}
String gid = (String) gidAttribute.get(0);
@@ -421,9 +452,9 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
}
Attributes attributes = result.getAttributes();
Attribute objectclass = attributes.get("objectclass");
if(objectclass == null)
if (objectclass == null)
{
throw new ExportSourceImporterException("Failed to find attribute objectclass for DN "+dn);
throw new ExportSourceImporterException("Failed to find attribute objectclass for DN " + dn);
}
for (int i = 0; i < objectclass.size(); i++)
{
@@ -447,9 +478,10 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
try
{
Attribute groupIdAttribute = attributes.get(groupIdAttributeName);
if(groupIdAttribute == null)
if (groupIdAttribute == null)
{
throw new ExportSourceImporterException("Group missing group id attribute DN ="+dn + " att = "+groupIdAttributeName);
throw new ExportSourceImporterException("Group missing group id attribute DN ="
+ dn + " att = " + groupIdAttributeName);
}
id = (String) groupIdAttribute.get(0);
}
@@ -471,9 +503,10 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
try
{
Attribute userIdAttribute = attributes.get(userIdAttributeName);
if(userIdAttribute == null)
if (userIdAttribute == null)
{
throw new ExportSourceImporterException("User missing user id attribute DN ="+dn + " att = "+userIdAttributeName);
throw new ExportSourceImporterException("User missing user id attribute DN ="
+ dn + " att = " + userIdAttributeName);
}
id = (String) userIdAttribute.get(0);
}
@@ -495,7 +528,7 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
{
if (isGroup == null)
{
throw new ExportSourceImporterException("Type not recognised for DN"+dn);
throw new ExportSourceImporterException("Type not recognised for DN" + dn);
}
else if (isGroup)
{
@@ -580,7 +613,7 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
private Group(String gid)
{
this.gid = "GROUP_" + gid;
this.gid = "GROUP_" + gid;
}
@Override
@@ -613,8 +646,8 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
private SecondaryLink(String from, String to)
{
this.from = from;
this.to = to;
this.from = from;
this.to = to;
}
@Override
@@ -648,17 +681,22 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
}
}
public static void main(String[] args) throws IOException
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapGroupExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)

45
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -19,7 +19,6 @@ package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
@@ -31,6 +30,7 @@ import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
@@ -38,6 +38,7 @@ import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -50,7 +51,7 @@ import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
@@ -149,24 +150,28 @@ public class LDAPPersonExportSource implements ExportSource
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
System.out.println("COUNT "+userSearchCtls.getCountLimit());
System.out.println("TIME "+userSearchCtls.getTimeLimit());
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
String uid = (String) uidAttribute.get(0);
if(s_logger.isDebugEnabled())
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for "+uid);
s_logger.debug("Adding user for " + uid);
}
System.out.println("User "+uid);
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
@@ -199,13 +204,17 @@ public class LDAPPersonExportSource implements ExportSource
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attribute = attributeMapping.get(key);
if (attribute != null)
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
String value = (String) attributes.get(attribute).get(0);
if (value != null)
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
writer.characters(value.toCharArray(), 0, value.length());
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
}
@@ -292,17 +301,21 @@ public class LDAPPersonExportSource implements ExportSource
}
}
public static void main(String[] args) throws IOException
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)

9
source/java/org/alfresco/repo/security/authority/AuthorityDAO.java
View File

@@ -18,6 +18,7 @@ package org.alfresco.repo.security.authority;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthorityType;
public interface AuthorityDAO
@@ -96,4 +97,12 @@ public interface AuthorityDAO
* @return
*/
boolean authorityExists(String name);
/**
* Get a node ref for the authority if one exists
*
* @param name
* @return
*/
NodeRef getAuthorityNodeRefOrNull(String name);
}

58
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -47,14 +47,20 @@ import org.alfresco.util.ISO9075;
public class AuthorityDAOImpl implements AuthorityDAO
{
private static final StoreRef STOREREF_USERS = new StoreRef("user", "alfrescoUserStore");
public static final StoreRef STOREREF_USERS = new StoreRef("user", "alfrescoUserStore");
private NodeService nodeService;
private NamespacePrefixResolver namespacePrefixResolver;
private QName qnameAssocSystem;
private QName qnameAssocAuthorities;
private SearchService searchService;
private DictionaryService dictionaryService;
private SimpleCache<String, ArrayList<NodeRef>> userToAuthorityCache;
public AuthorityDAOImpl()
@@ -91,11 +97,10 @@ public class AuthorityDAOImpl implements AuthorityDAO
public boolean authorityExists(String name)
{
NodeRef ref = getAuthorityOrNull(name);
NodeRef ref = getAuthorityOrNull(name);
return ref != null;
}
}
public void addAuthority(String parentName, String childName)
{
NodeRef parentRef = getAuthorityOrNull(parentName);
@@ -120,11 +125,8 @@ public class AuthorityDAOImpl implements AuthorityDAO
{
throw new UnknownAuthorityException("An authority was not found for " + childName);
}
nodeService.addChild(
parentRef,
childRef,
ContentModel.ASSOC_MEMBER,
QName.createQName("usr", childName, namespacePrefixResolver));
nodeService.addChild(parentRef, childRef, ContentModel.ASSOC_MEMBER, QName.createQName("usr", childName,
namespacePrefixResolver));
}
}
@@ -140,22 +142,14 @@ public class AuthorityDAOImpl implements AuthorityDAO
{
throw new UnknownAuthorityException("An authority was not found for " + parentName);
}
nodeService.createNode(
parentRef,
ContentModel.ASSOC_MEMBER,
QName.createQName("usr", name, namespacePrefixResolver),
ContentModel.TYPE_AUTHORITY_CONTAINER,
props);
nodeService.createNode(parentRef, ContentModel.ASSOC_MEMBER, QName.createQName("usr", name,
namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props);
}
else
{
NodeRef authorityContainerRef = getAuthorityContainer();
nodeService.createNode(
authorityContainerRef,
ContentModel.ASSOC_MEMBER,
QName.createQName("usr", name, namespacePrefixResolver),
ContentModel.TYPE_AUTHORITY_CONTAINER,
props);
nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name,
namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props);
}
}
@@ -430,9 +424,8 @@ public class AuthorityDAOImpl implements AuthorityDAO
{
for (ResultSetRow row : rs)
{
String test = DefaultTypeConverter.INSTANCE.convert(
String.class,
nodeService.getProperty(row.getNodeRef(), ContentModel.PROP_AUTHORITY_NAME));
String test = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(row
.getNodeRef(), ContentModel.PROP_AUTHORITY_NAME));
if (test.equals(name))
{
return row.getNodeRef();
@@ -457,9 +450,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
private NodeRef getAuthorityContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(STOREREF_USERS);
List<ChildAssociationRef> results = nodeService.getChildAssocs(
rootNodeRef,
RegexQNamePattern.MATCH_ALL,
List<ChildAssociationRef> results = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
qnameAssocSystem);
NodeRef sysNodeRef = null;
if (results.size() == 0)
@@ -470,10 +461,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
{
sysNodeRef = results.get(0).getChildRef();
}
results = nodeService.getChildAssocs(
sysNodeRef,
RegexQNamePattern.MATCH_ALL,
qnameAssocAuthorities);
results = nodeService.getChildAssocs(sysNodeRef, RegexQNamePattern.MATCH_ALL, qnameAssocAuthorities);
NodeRef authNodeRef = null;
if (results.size() == 0)
{
@@ -485,4 +473,10 @@ public class AuthorityDAOImpl implements AuthorityDAO
}
return authNodeRef;
}
public NodeRef getAuthorityNodeRefOrNull(String name)
{
return getAuthorityOrNull(name);
}
}

41
source/java/org/alfresco/repo/security/permissions/impl/AllowPermissionServiceImpl.java Normal file
View File

@@ -0,0 +1,41 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.permissions.impl;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
public class AllowPermissionServiceImpl extends PermissionServiceImpl
{
public AllowPermissionServiceImpl()
{
}
@Override
public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference perm)
{
return AccessStatus.ALLOWED;
}
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
return AccessStatus.ALLOWED;
}
}

17
source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
View File

@@ -16,11 +16,14 @@
*/
package org.alfresco.repo.security.permissions.impl;
import net.sf.acegisecurity.AccessDeniedException;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.dao.InvalidDataAccessApiUsageException;
/**
* Interceptor to translate and possibly I18Nize exceptions thrown by service calls.
*/
public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
@@ -36,10 +39,14 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
return mi.proceed();
}
catch(AccessDeniedException ade)
catch (net.sf.acegisecurity.AccessDeniedException ade)
{
throw new org.alfresco.repo.security.permissions.AccessDeniedException(MSG_ACCESS_DENIED, ade);
throw new AccessDeniedException(MSG_ACCESS_DENIED, ade);
}
catch (InvalidDataAccessApiUsageException e)
{
// this usually occurs when the server is in read-only mode
throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
}
}
}

79
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
View File

@@ -33,6 +33,7 @@ import net.sf.acegisecurity.afterinvocation.AfterInvocationProvider;
import org.alfresco.repo.search.SimpleResultSetMetaData;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.service.cmr.model.FileInfo;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -175,6 +176,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
}
return decide(authentication, object, config, (NodeRef) returnedObject);
}
else if (FileInfo.class.isAssignableFrom(returnedObject.getClass()))
{
return decide(authentication, object, config, (FileInfo) returnedObject);
}
else if (ChildAssociationRef.class.isAssignableFrom(returnedObject.getClass()))
{
if (log.isDebugEnabled())
@@ -237,7 +242,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
}
public NodeRef decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public NodeRef decide(
Authentication authentication,
Object object,
ConfigAttributeDefinition config,
NodeRef returnedObject) throws AccessDeniedException
{
@@ -277,6 +285,20 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
return returnedObject;
}
public FileInfo decide(
Authentication authentication,
Object object,
ConfigAttributeDefinition config,
FileInfo returnedObject) throws AccessDeniedException
{
NodeRef nodeRef = returnedObject.getNodeRef();
// this is virtually equivalent to the noderef
decide(authentication, object, config, nodeRef);
// the noderef was allowed
return returnedObject;
}
private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)
{
List<ConfigAttributeDefintion> definitions = new ArrayList<ConfigAttributeDefintion>();
@@ -455,31 +477,23 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
if (StoreRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = nodeService.getRootNode((StoreRef) nextObject);
if (log.isDebugEnabled())
{
log.debug("\tNode Test on store " + nodeService.getPath(testNodeRef));
}
}
else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = (NodeRef) nextObject;
if (log.isDebugEnabled())
{
log.debug("\tNode Test on node " + nodeService.getPath(testNodeRef));
}
}
else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((ChildAssociationRef) nextObject).getChildRef();
if (log.isDebugEnabled())
{
log.debug("\tNode Test on child association ref using " + nodeService.getPath(testNodeRef));
}
}
else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((FileInfo) nextObject).getNodeRef();
}
else
{
throw new ACLEntryVoterException(
"The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
"The specified parameter is not a collection of NodeRefs, ChildAssociationRefs or FileInfos");
}
}
else if (cad.typeString.equals(AFTER_ACL_PARENT))
@@ -488,27 +502,18 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
// Will be allowed
testNodeRef = null;
if (log.isDebugEnabled())
{
log.debug("\tParent Test on store ");
}
}
else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = nodeService.getPrimaryParent((NodeRef) nextObject).getParentRef();
if (log.isDebugEnabled())
{
log.debug("\tParent test on node " + nodeService.getPath(testNodeRef));
}
}
else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((ChildAssociationRef) nextObject).getParentRef();
if (log.isDebugEnabled())
{
log.debug("\tParent Test on child association ref using "
+ nodeService.getPath(testNodeRef));
}
}
else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((FileInfo) nextObject).getNodeRef();
}
else
{
@@ -516,7 +521,12 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
"The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
}
}
if (log.isDebugEnabled())
{
log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + nextObject.getClass().getName());
}
if (allowed
&& (testNodeRef != null)
&& (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
@@ -576,6 +586,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
testNodeRef = ((ChildAssociationRef) current).getChildRef();
}
else if (FileInfo.class.isAssignableFrom(current.getClass()))
{
testNodeRef = ((FileInfo) current).getNodeRef();
}
else
{
throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
@@ -596,12 +610,21 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
testNodeRef = ((ChildAssociationRef) current).getParentRef();
}
else if (FileInfo.class.isAssignableFrom(current.getClass()))
{
testNodeRef = ((FileInfo) current).getNodeRef();
}
else
{
throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
}
}
if (log.isDebugEnabled())
{
log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + current.getClass().getName());
}
if (incudedSet.get(i)
&& (testNodeRef != null)
&& (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))

4
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
View File

@@ -153,8 +153,8 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
if ((attribute.getAttribute() != null)
&& (attribute.getAttribute().startsWith(ACL_NODE)
|| attribute.getAttribute().startsWith(ACL_PARENT)
|| attribute.getAttribute().startsWith(ACL_ALLOW) || attribute.getAttribute().startsWith(
ACL_METHOD)))
|| attribute.getAttribute().startsWith(ACL_ALLOW)
|| attribute.getAttribute().startsWith(ACL_METHOD)))
{
return true;
}