mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-1008: It's possible to Edit Hold Details by user with suitable rights BUT with Read Only permissions in File Plan
* hold and transfer container permissions are set up the same as unfiled .. they can not be explicitly set .. instead they inherit from file plan * holds and transfers inherit permissions from the containers .. in turn they are effected by changes to overall fileplan permissions * in the future explicit permissions will be able to be set or implied but the held or transfered records * edit freeze details capability requires filling permission * unit test for the various scenarios git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56187 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -450,7 +450,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
*/
|
||||
public NodeRef createUnfiledContainer(NodeRef filePlan)
|
||||
{
|
||||
return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER, false);
|
||||
return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -459,7 +459,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
@Override
|
||||
public NodeRef createHoldContainer(NodeRef filePlan)
|
||||
{
|
||||
return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER, true);
|
||||
return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -468,7 +468,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
@Override
|
||||
public NodeRef createTransferContainer(NodeRef filePlan)
|
||||
{
|
||||
return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER, true);
|
||||
return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -479,7 +479,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
* @param inheritPermissions
|
||||
* @return
|
||||
*/
|
||||
private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName, boolean inheritPermissions)
|
||||
private NodeRef createFilePlanRootContainer(NodeRef filePlan, QName containerType, String containerName)
|
||||
{
|
||||
ParameterCheck.mandatory("filePlan", filePlan);
|
||||
if (isFilePlan(filePlan) == false)
|
||||
@@ -502,23 +502,24 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
|
||||
properties).getChildRef();
|
||||
|
||||
|
||||
if (inheritPermissions == false)
|
||||
{
|
||||
// if (inheritPermissions == false)
|
||||
// {
|
||||
// set inheritance to false
|
||||
getPermissionService().setInheritParentPermissions(container, false);
|
||||
getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
|
||||
getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
|
||||
getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
|
||||
getPermissionService().setPermission(container, "Administrator", RMPermissionModel.FILING, true);
|
||||
|
||||
// TODO set the admin users to have filing permissions on the unfiled container!!!
|
||||
// TODO we will need to be able to get a list of the admin roles from the service
|
||||
}
|
||||
else
|
||||
{
|
||||
// }
|
||||
// else
|
||||
// {
|
||||
// just inherit eveything
|
||||
// TODO will change this when we are able to set permissions on holds and transfers!
|
||||
getPermissionService().setInheritParentPermissions(container, true);
|
||||
}
|
||||
// getPermissionService().setInheritParentPermissions(container, true);
|
||||
// }
|
||||
|
||||
return container;
|
||||
}
|
||||
|
||||
@@ -29,7 +29,6 @@ import java.util.Set;
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
||||
@@ -161,7 +160,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl
|
||||
{
|
||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||
{
|
||||
|
||||
@Override
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
@@ -616,20 +614,6 @@ public class FreezeServiceImpl extends ServiceBaseImpl
|
||||
msg.append("Created hold object '").append(holdNodeRef).append("' with name '").append(holdQName).append("'.");
|
||||
logger.debug(msg.toString());
|
||||
}
|
||||
|
||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
// set inherit to false
|
||||
permissionService.setInheritParentPermissions(holdNodeRef, false);
|
||||
String allGroup = filePlanRoleService.getAllRolesContainerGroup(root);
|
||||
permissionService.setPermission(holdNodeRef, allGroup, RMPermissionModel.FILING, true);
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
// Bind the hold node reference to the transaction
|
||||
AlfrescoTransactionSupport.bindResource(KEY_HOLD_NODEREF, holdNodeRef);
|
||||
|
||||
@@ -23,9 +23,11 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.Serializable;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
@@ -238,10 +240,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
|
||||
if (nodeService.exists(rmRootNode) == true)
|
||||
{
|
||||
NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
||||
List<NodeRef> systemContainers = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<List<NodeRef>>()
|
||||
{
|
||||
public NodeRef doWork()
|
||||
public List<NodeRef> doWork()
|
||||
{
|
||||
List<NodeRef> systemContainers = new ArrayList<NodeRef>(3);
|
||||
|
||||
//In a multi tenant store we need to initialize the rm config if it has been done yet
|
||||
NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, CONFIG_NODEID);
|
||||
if (nodeService.exists(nodeRef) == false)
|
||||
@@ -263,17 +267,18 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
|
||||
|
||||
// Create the transfer and hold containers
|
||||
// NOTE: don't need to worry about the admin permissions as for now we just inherit all
|
||||
filePlanService.createHoldContainer(rmRootNode);
|
||||
filePlanService.createTransferContainer(rmRootNode);
|
||||
systemContainers.add(filePlanService.createHoldContainer(rmRootNode));
|
||||
systemContainers.add(filePlanService.createTransferContainer(rmRootNode));
|
||||
|
||||
// Create the unfiled record container
|
||||
return filePlanService.createUnfiledContainer(rmRootNode);
|
||||
systemContainers.add(filePlanService.createUnfiledContainer(rmRootNode));
|
||||
|
||||
return systemContainers;
|
||||
}
|
||||
}, AuthenticationUtil.getSystemUserName());
|
||||
|
||||
// Bootstrap in the default set of roles for the newly created root node
|
||||
bootstrapDefaultRoles(rmRootNode, unfiledContainer);
|
||||
bootstrapDefaultRoles(rmRootNode, systemContainers);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -324,7 +329,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
* @param rmRootNode
|
||||
* @param unfiledContainer
|
||||
*/
|
||||
private void bootstrapDefaultRoles(final NodeRef filePlan, final NodeRef unfiledContainer)
|
||||
private void bootstrapDefaultRoles(final NodeRef filePlan, final List<NodeRef> systemContainers)
|
||||
{
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
@@ -408,9 +413,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
{
|
||||
// Admin has filing
|
||||
permissionService.setPermission(filePlan, role.getRoleGroupName(), RMPermissionModel.FILING, true);
|
||||
if (unfiledContainer != null)
|
||||
if (systemContainers != null)
|
||||
{
|
||||
permissionService.setPermission(unfiledContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true);
|
||||
for (NodeRef systemContainer : systemContainers)
|
||||
{
|
||||
permissionService.setPermission(systemContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true);
|
||||
}
|
||||
}
|
||||
|
||||
// Add the creating user to the administration group
|
||||
|
||||
@@ -28,10 +28,11 @@ import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
|
||||
import org.alfresco.repo.node.NodeServicePolicies;
|
||||
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||
import org.alfresco.repo.policy.JavaBehaviour;
|
||||
import org.alfresco.repo.policy.PolicyComponent;
|
||||
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
@@ -51,29 +52,27 @@ import org.apache.commons.logging.LogFactory;
|
||||
* @author Roy Wetherall
|
||||
* @since 2.1
|
||||
*/
|
||||
public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
|
||||
implements FilePlanPermissionService,
|
||||
RecordsManagementModel
|
||||
{
|
||||
/** Permission service */
|
||||
private PermissionService permissionService;
|
||||
protected PermissionService permissionService;
|
||||
|
||||
/** Policy component */
|
||||
private PolicyComponent policyComponent;
|
||||
protected PolicyComponent policyComponent;
|
||||
|
||||
/** Records management service */
|
||||
private RecordsManagementService recordsManagementService;
|
||||
|
||||
/** Node service */
|
||||
private NodeService nodeService;
|
||||
protected RecordsManagementService recordsManagementService;
|
||||
|
||||
/** File plan service */
|
||||
private FilePlanService filePlanService;
|
||||
protected FilePlanService filePlanService;
|
||||
|
||||
/** Record service */
|
||||
private RecordService recordService;
|
||||
protected RecordService recordService;
|
||||
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
|
||||
protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
|
||||
|
||||
/**
|
||||
* Initialisation method
|
||||
@@ -96,6 +95,14 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
NodeServicePolicies.OnMoveNodePolicy.QNAME,
|
||||
ASPECT_RECORD,
|
||||
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
|
||||
policyComponent.bindClassBehaviour(
|
||||
NodeServicePolicies.OnCreateNodePolicy.QNAME,
|
||||
TYPE_HOLD,
|
||||
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
|
||||
policyComponent.bindClassBehaviour(
|
||||
NodeServicePolicies.OnCreateNodePolicy.QNAME,
|
||||
TYPE_TRANSFER,
|
||||
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -264,6 +271,49 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
}, AuthenticationUtil.getSystemUserName());
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets up permissions for transfer and hold objects
|
||||
*
|
||||
* @param childAssocRef
|
||||
*/
|
||||
public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef)
|
||||
{
|
||||
AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork()
|
||||
{
|
||||
NodeRef nodeRef = childAssocRef.getChildRef();
|
||||
if (nodeService.exists(nodeRef) == true)
|
||||
{
|
||||
setUpPermissions(nodeRef);
|
||||
|
||||
NodeRef parent = childAssocRef.getParentRef();
|
||||
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
|
||||
for (AccessPermission perm : perms)
|
||||
{
|
||||
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false &&
|
||||
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
|
||||
{
|
||||
AccessStatus accessStatus = perm.getAccessStatus();
|
||||
boolean allow = false;
|
||||
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
|
||||
{
|
||||
allow = true;
|
||||
}
|
||||
permissionService.setPermission(
|
||||
nodeRef,
|
||||
perm.getAuthority(),
|
||||
perm.getPermission(),
|
||||
allow);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialise the record permissions for the given parent.
|
||||
*
|
||||
@@ -469,7 +519,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
NodeRef child = assoc.getChildRef();
|
||||
if (filePlanService.isFilePlanContainer(child) == true ||
|
||||
recordsManagementService.isRecordFolder(child) == true ||
|
||||
recordService.isRecord(child) == true)
|
||||
recordService.isRecord(child) == true ||
|
||||
instanceOf(child, TYPE_HOLD) == true ||
|
||||
instanceOf(child, TYPE_TRANSFER) == true)
|
||||
{
|
||||
setPermissionDown(child, authority, permission);
|
||||
}
|
||||
@@ -520,7 +572,9 @@ public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
|
||||
NodeRef child = assoc.getChildRef();
|
||||
if (filePlanService.isFilePlanContainer(child) == true ||
|
||||
recordsManagementService.isRecordFolder(child) == true ||
|
||||
recordService.isRecord(child) == true)
|
||||
recordService.isRecord(child) == true||
|
||||
instanceOf(child, TYPE_HOLD) == true ||
|
||||
instanceOf(child, TYPE_TRANSFER) == true)
|
||||
{
|
||||
deletePermission(child, authority, permission);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user