RM-1000: Internal Error if open details page of record referenced to record the user have no permissions to

* users will only see references when they have ViewRecords capability on both ends git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56133 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-09-29 03:15:11 +00:00
parent 3e79550acb
commit 87574612dd
4 changed files with 77 additions and 9 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
@@ -91,6 +91,7 @@
      parent="rmBaseWebscript">
      <property name="recordsManagementAdminService" ref="RecordsManagementAdminService" />
      <property name="dictionaryService" ref="DictionaryService" />
+      <property name="capabilityService" ref="CapabilityService" />
   </bean>

   <!-- REST impl for POST Custom Reference Instance -->
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java
@@ -1113,6 +1113,9 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
        invokeOnCreateReference(fromNode, toNode, refId);
 	}

+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#removeCustomReference(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
+	 */
 	public void removeCustomReference(NodeRef fromNode, NodeRef toNode, QName assocId)
 	{
 		Map<QName, AssociationDefinition> availableAssocs = this.getCustomReferenceDefinitions();
@@ -1147,24 +1150,36 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
 		invokeOnRemoveReference(fromNode, toNode, assocId);
 	}

+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesFrom(org.alfresco.service.cmr.repository.NodeRef)
+	 */
 	public List<AssociationRef> getCustomReferencesFrom(NodeRef node)
 	{
    	List<AssociationRef> retrievedAssocs = nodeService.getTargetAssocs(node, RegexQNamePattern.MATCH_ALL);
    	return retrievedAssocs;
 	}

+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomChildReferences(org.alfresco.service.cmr.repository.NodeRef)
+	 */
 	public List<ChildAssociationRef> getCustomChildReferences(NodeRef node)
 	{
    	List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(node);
    	return childAssocs;
 	}

+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesTo(org.alfresco.service.cmr.repository.NodeRef)
+	 */
    public List<AssociationRef> getCustomReferencesTo(NodeRef node)
    {
        List<AssociationRef> retrievedAssocs = nodeService.getSourceAssocs(node, RegexQNamePattern.MATCH_ALL);
        return retrievedAssocs;
    }

+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomParentReferences(org.alfresco.service.cmr.repository.NodeRef)
+     */
    public List<ChildAssociationRef> getCustomParentReferences(NodeRef node)
    {
        List<ChildAssociationRef> result = nodeService.getParentAssocs(node);
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java
@@ -25,6 +25,9 @@ import org.alfresco.service.cmr.repository.NodeRef;

 public final class ViewRecordsCapability extends DeclarativeCapability
 {
+    /** capability name */
+    public static final String NAME = "ViewRecords";
+    
    /**
     * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
     */
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java
@@ -25,17 +25,21 @@ import java.util.Map;

 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
 import org.alfresco.service.cmr.dictionary.AssociationDefinition;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.AssociationRef;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.namespace.QName;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.extensions.webscripts.Cache;
 import org.springframework.extensions.webscripts.Status;
 import org.springframework.extensions.webscripts.WebScriptRequest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;

 /**
 * This class provides the implementation for the customrefs.get webscript.
@@ -58,20 +62,45 @@ public class CustomRefsGet extends AbstractRmWebScript
    private static final String NODE_NAME = "nodeName";
    private static final String NODE_TITLE = "nodeTitle";

+    /** logger */
    private static Log logger = LogFactory.getLog(CustomRefsGet.class);
+    
+    /** records management admin service */
    private RecordsManagementAdminService rmAdminService;
+    
+    /** dictionary service */
    private DictionaryService dictionaryService;
    
+    /** capability service */
+    private CapabilityService capabilityService;
+    
+    /**
+     * @param rmAdminService    records management admin service
+     */
    public void setRecordsManagementAdminService(RecordsManagementAdminService rmAdminService)
    {
        this.rmAdminService = rmAdminService;
    }

+    /**
+     * @param dictionaryService dictionary service
+     */
    public void setDictionaryService(DictionaryService dictionaryService)
    {
        this.dictionaryService = dictionaryService;
    }
    
+    /**
+     * @param capabilityService capability service
+     */
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
+
+    /**
+     * @see org.springframework.extensions.webscripts.DeclarativeWebScript#executeImpl(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.Status, org.springframework.extensions.webscripts.Cache)
+     */
    @Override
    public Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
    {
@@ -123,8 +152,7 @@ public class CustomRefsGet extends AbstractRmWebScript
     * @param listOfReferenceData
     * @param assocs
     */
-    private void addParentChildReferenceData(List<Map<String, String>> listOfReferenceData,
-            List<ChildAssociationRef> childAssocs)
+    private void addParentChildReferenceData(List<Map<String, String>> listOfReferenceData,List<ChildAssociationRef> childAssocs)
    {
        for (ChildAssociationRef childAssRef : childAssocs)
    	{
@@ -137,7 +165,9 @@ public class CustomRefsGet extends AbstractRmWebScript

            AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);

-            if (assDef != null)
+            if (assDef != null &&
+                hasView(childAssRef.getParentRef()) == true &&   
+                hasView(childAssRef.getChildRef()) == true)
            {
                String compoundTitle = assDef.getTitle(dictionaryService);

@@ -161,8 +191,7 @@ public class CustomRefsGet extends AbstractRmWebScript
     * @param listOfReferenceData
     * @param assocs
     */
-    private void addBidirectionalReferenceData(List<Map<String, String>> listOfReferenceData,
-            List<AssociationRef> assocs)
+    private void addBidirectionalReferenceData(List<Map<String, String>> listOfReferenceData, List<AssociationRef> assocs)
    {
        for (AssociationRef assRef : assocs)
    	{
@@ -171,7 +200,9 @@ public class CustomRefsGet extends AbstractRmWebScript
    		QName typeQName = assRef.getTypeQName();
            AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);

-            if (assDef != null)
+            if (assDef != null && 
+                hasView(assRef.getTargetRef()) == true &&
+                hasView(assRef.getSourceRef()) == true)
            {
                data.put(LABEL, assDef.getTitle(dictionaryService));
                data.put(REF_ID, typeQName.getLocalName());
@@ -183,4 +214,22 @@ public class CustomRefsGet extends AbstractRmWebScript
            }
        }
    }
+    
+    /**
+     * Determine whether the current user has view capabilities on the given node.
+     * 
+     * @param  nodeRef   node reference
+     * @return boolean   true if current user has view capability, false otherwise
+     */
+    private boolean hasView(NodeRef nodeRef)
+    {
+        boolean result = false;
+        
+        Capability viewRecordCapability = capabilityService.getCapability(ViewRecordsCapability.NAME);
+        if (AccessStatus.ALLOWED.equals(viewRecordCapability.hasPermission(nodeRef)) == true)
+        {
+            result = true;
+        }
+        return result;
+    }
 }