diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
index 0983f1acef..6b6e6da420 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
@@ -91,6 +91,7 @@
parent="rmBaseWebscript">
+
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java
index 8b34004e6c..afe04b98bc 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java
@@ -1113,6 +1113,9 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
invokeOnCreateReference(fromNode, toNode, refId);
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#removeCustomReference(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
+ */
public void removeCustomReference(NodeRef fromNode, NodeRef toNode, QName assocId)
{
Map availableAssocs = this.getCustomReferenceDefinitions();
@@ -1147,24 +1150,36 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
invokeOnRemoveReference(fromNode, toNode, assocId);
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesFrom(org.alfresco.service.cmr.repository.NodeRef)
+ */
public List getCustomReferencesFrom(NodeRef node)
{
List retrievedAssocs = nodeService.getTargetAssocs(node, RegexQNamePattern.MATCH_ALL);
return retrievedAssocs;
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomChildReferences(org.alfresco.service.cmr.repository.NodeRef)
+ */
public List getCustomChildReferences(NodeRef node)
{
List childAssocs = nodeService.getChildAssocs(node);
return childAssocs;
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesTo(org.alfresco.service.cmr.repository.NodeRef)
+ */
public List getCustomReferencesTo(NodeRef node)
{
List retrievedAssocs = nodeService.getSourceAssocs(node, RegexQNamePattern.MATCH_ALL);
return retrievedAssocs;
}
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomParentReferences(org.alfresco.service.cmr.repository.NodeRef)
+ */
public List getCustomParentReferences(NodeRef node)
{
List result = nodeService.getParentAssocs(node);
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java
index 4b5cf7558e..0b72487490 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java
@@ -25,6 +25,9 @@ import org.alfresco.service.cmr.repository.NodeRef;
public final class ViewRecordsCapability extends DeclarativeCapability
{
+ /** capability name */
+ public static final String NAME = "ViewRecords";
+
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
*/
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java
index 647cc88f09..1c5a938886 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java
@@ -25,17 +25,21 @@ import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
import org.alfresco.service.cmr.dictionary.AssociationDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptRequest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
/**
* This class provides the implementation for the customrefs.get webscript.
@@ -58,20 +62,45 @@ public class CustomRefsGet extends AbstractRmWebScript
private static final String NODE_NAME = "nodeName";
private static final String NODE_TITLE = "nodeTitle";
+ /** logger */
private static Log logger = LogFactory.getLog(CustomRefsGet.class);
+
+ /** records management admin service */
private RecordsManagementAdminService rmAdminService;
+
+ /** dictionary service */
private DictionaryService dictionaryService;
-
+
+ /** capability service */
+ private CapabilityService capabilityService;
+
+ /**
+ * @param rmAdminService records management admin service
+ */
public void setRecordsManagementAdminService(RecordsManagementAdminService rmAdminService)
{
this.rmAdminService = rmAdminService;
}
+ /**
+ * @param dictionaryService dictionary service
+ */
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
+
+ /**
+ * @param capabilityService capability service
+ */
+ public void setCapabilityService(CapabilityService capabilityService)
+ {
+ this.capabilityService = capabilityService;
+ }
+ /**
+ * @see org.springframework.extensions.webscripts.DeclarativeWebScript#executeImpl(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.Status, org.springframework.extensions.webscripts.Cache)
+ */
@Override
public Map executeImpl(WebScriptRequest req, Status status, Cache cache)
{
@@ -123,8 +152,7 @@ public class CustomRefsGet extends AbstractRmWebScript
* @param listOfReferenceData
* @param assocs
*/
- private void addParentChildReferenceData(List> listOfReferenceData,
- List childAssocs)
+ private void addParentChildReferenceData(List> listOfReferenceData,List childAssocs)
{
for (ChildAssociationRef childAssRef : childAssocs)
{
@@ -137,7 +165,9 @@ public class CustomRefsGet extends AbstractRmWebScript
AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);
- if (assDef != null)
+ if (assDef != null &&
+ hasView(childAssRef.getParentRef()) == true &&
+ hasView(childAssRef.getChildRef()) == true)
{
String compoundTitle = assDef.getTitle(dictionaryService);
@@ -161,8 +191,7 @@ public class CustomRefsGet extends AbstractRmWebScript
* @param listOfReferenceData
* @param assocs
*/
- private void addBidirectionalReferenceData(List> listOfReferenceData,
- List assocs)
+ private void addBidirectionalReferenceData(List> listOfReferenceData, List assocs)
{
for (AssociationRef assRef : assocs)
{
@@ -171,7 +200,9 @@ public class CustomRefsGet extends AbstractRmWebScript
QName typeQName = assRef.getTypeQName();
AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);
- if (assDef != null)
+ if (assDef != null &&
+ hasView(assRef.getTargetRef()) == true &&
+ hasView(assRef.getSourceRef()) == true)
{
data.put(LABEL, assDef.getTitle(dictionaryService));
data.put(REF_ID, typeQName.getLocalName());
@@ -183,4 +214,22 @@ public class CustomRefsGet extends AbstractRmWebScript
}
}
}
+
+ /**
+ * Determine whether the current user has view capabilities on the given node.
+ *
+ * @param nodeRef node reference
+ * @return boolean true if current user has view capability, false otherwise
+ */
+ private boolean hasView(NodeRef nodeRef)
+ {
+ boolean result = false;
+
+ Capability viewRecordCapability = capabilityService.getCapability(ViewRecordsCapability.NAME);
+ if (AccessStatus.ALLOWED.equals(viewRecordCapability.hasPermission(nodeRef)) == true)
+ {
+ result = true;
+ }
+ return result;
+ }
}
\ No newline at end of file