RM-1000: Internal Error if open details page of record referenced to record the user have no permissions to

* users will only see references when they have ViewRecords capability on both ends



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@56133 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml

@@ -91,6 +91,7 @@
       parent="rmBaseWebscript">
       <property name="recordsManagementAdminService" ref="RecordsManagementAdminService" />
       <property name="dictionaryService" ref="DictionaryService" />
+      <property name="capabilityService" ref="CapabilityService" />
    </bean>
 
    <!-- REST impl for POST Custom Reference Instance -->

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/admin/RecordsManagementAdminServiceImpl.java

@@ -1113,6 +1113,9 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
         invokeOnCreateReference(fromNode, toNode, refId);
 	}
 
+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#removeCustomReference(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
+	 */
 	public void removeCustomReference(NodeRef fromNode, NodeRef toNode, QName assocId)
 	{
 		Map<QName, AssociationDefinition> availableAssocs = this.getCustomReferenceDefinitions();
@@ -1147,24 +1150,36 @@ public class RecordsManagementAdminServiceImpl implements RecordsManagementAdmin
 		invokeOnRemoveReference(fromNode, toNode, assocId);
 	}
 
+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesFrom(org.alfresco.service.cmr.repository.NodeRef)
+	 */
 	public List<AssociationRef> getCustomReferencesFrom(NodeRef node)
 	{
     	List<AssociationRef> retrievedAssocs = nodeService.getTargetAssocs(node, RegexQNamePattern.MATCH_ALL);
     	return retrievedAssocs;
 	}
 
+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomChildReferences(org.alfresco.service.cmr.repository.NodeRef)
+	 */
 	public List<ChildAssociationRef> getCustomChildReferences(NodeRef node)
 	{
     	List<ChildAssociationRef> childAssocs = nodeService.getChildAssocs(node);
     	return childAssocs;
 	}
 
+	/**
+	 * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomReferencesTo(org.alfresco.service.cmr.repository.NodeRef)
+	 */
     public List<AssociationRef> getCustomReferencesTo(NodeRef node)
     {
         List<AssociationRef> retrievedAssocs = nodeService.getSourceAssocs(node, RegexQNamePattern.MATCH_ALL);
         return retrievedAssocs;
     }
 
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService#getCustomParentReferences(org.alfresco.service.cmr.repository.NodeRef)
+     */
     public List<ChildAssociationRef> getCustomParentReferences(NodeRef node)
     {
         List<ChildAssociationRef> result = nodeService.getParentAssocs(node);

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/ViewRecordsCapability.java

@@ -25,6 +25,9 @@ import org.alfresco.service.cmr.repository.NodeRef;
 
 public final class ViewRecordsCapability extends DeclarativeCapability
 {
+    /** capability name */
+    public static final String NAME = "ViewRecords";
+    
     /**
      * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
      */

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/CustomRefsGet.java

@@ -25,17 +25,21 @@ import java.util.Map;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.admin.RecordsManagementAdminService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
 import org.alfresco.service.cmr.dictionary.AssociationDefinition;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.AssociationRef;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.namespace.QName;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.extensions.webscripts.Cache;
 import org.springframework.extensions.webscripts.Status;
 import org.springframework.extensions.webscripts.WebScriptRequest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 
 /**
  * This class provides the implementation for the customrefs.get webscript.
@@ -58,20 +62,45 @@ public class CustomRefsGet extends AbstractRmWebScript
     private static final String NODE_NAME = "nodeName";
     private static final String NODE_TITLE = "nodeTitle";
 
+    /** logger */
     private static Log logger = LogFactory.getLog(CustomRefsGet.class);
+    
+    /** records management admin service */
     private RecordsManagementAdminService rmAdminService;
+    
+    /** dictionary service */
     private DictionaryService dictionaryService;
-
+    
+    /** capability service */
+    private CapabilityService capabilityService;
+    
+    /**
+     * @param rmAdminService    records management admin service
+     */
     public void setRecordsManagementAdminService(RecordsManagementAdminService rmAdminService)
     {
         this.rmAdminService = rmAdminService;
     }
 
+    /**
+     * @param dictionaryService dictionary service
+     */
     public void setDictionaryService(DictionaryService dictionaryService)
     {
         this.dictionaryService = dictionaryService;
     }
+    
+    /**
+     * @param capabilityService capability service
+     */
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
 
+    /**
+     * @see org.springframework.extensions.webscripts.DeclarativeWebScript#executeImpl(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.Status, org.springframework.extensions.webscripts.Cache)
+     */
     @Override
     public Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
     {
@@ -123,8 +152,7 @@ public class CustomRefsGet extends AbstractRmWebScript
      * @param listOfReferenceData
      * @param assocs
      */
-    private void addParentChildReferenceData(List<Map<String, String>> listOfReferenceData,
-            List<ChildAssociationRef> childAssocs)
+    private void addParentChildReferenceData(List<Map<String, String>> listOfReferenceData,List<ChildAssociationRef> childAssocs)
     {
         for (ChildAssociationRef childAssRef : childAssocs)
     	{
@@ -137,7 +165,9 @@ public class CustomRefsGet extends AbstractRmWebScript
 
             AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);
 
-            if (assDef != null)
+            if (assDef != null &&
+                hasView(childAssRef.getParentRef()) == true &&   
+                hasView(childAssRef.getChildRef()) == true)
             {
                 String compoundTitle = assDef.getTitle(dictionaryService);
 
@@ -161,8 +191,7 @@ public class CustomRefsGet extends AbstractRmWebScript
      * @param listOfReferenceData
      * @param assocs
      */
-    private void addBidirectionalReferenceData(List<Map<String, String>> listOfReferenceData,
-            List<AssociationRef> assocs)
+    private void addBidirectionalReferenceData(List<Map<String, String>> listOfReferenceData, List<AssociationRef> assocs)
     {
         for (AssociationRef assRef : assocs)
     	{
@@ -171,7 +200,9 @@ public class CustomRefsGet extends AbstractRmWebScript
     		QName typeQName = assRef.getTypeQName();
             AssociationDefinition assDef = rmAdminService.getCustomReferenceDefinitions().get(typeQName);
 
-            if (assDef != null)
+            if (assDef != null && 
+                hasView(assRef.getTargetRef()) == true &&
+                hasView(assRef.getSourceRef()) == true)
             {
                 data.put(LABEL, assDef.getTitle(dictionaryService));
                 data.put(REF_ID, typeQName.getLocalName());
@@ -183,4 +214,22 @@ public class CustomRefsGet extends AbstractRmWebScript
             }
         }
     }
+    
+    /**
+     * Determine whether the current user has view capabilities on the given node.
+     * 
+     * @param  nodeRef   node reference
+     * @return boolean   true if current user has view capability, false otherwise
+     */
+    private boolean hasView(NodeRef nodeRef)
+    {
+        boolean result = false;
+        
+        Capability viewRecordCapability = capabilityService.getCapability(ViewRecordsCapability.NAME);
+        if (AccessStatus.ALLOWED.equals(viewRecordCapability.hasPermission(nodeRef)) == true)
+        {
+            result = true;
+        }
+        return result;
+    }
 }