inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-764 (In-Place roles should not appear when managing users and groups)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@52207 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2013-07-07 08:35:42 +00:00
parent a1f8e2d3e6
commit 89982199e9
4 changed files with 194 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
View File

@@ -24,8 +24,8 @@ import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Role service interface
*
* Role service interface
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -39,42 +39,65 @@ public interface FilePlanRoleService
public static final String ROLE_ADMIN = "Administrator";
public static final String ROLE_EXTENDED_READERS = "ExtendedReaders";
public static final String ROLE_EXTENDED_WRITERS = "ExtendedWriters";
/**
* Returns the name of the container group for all roles of a specified file
* plan.
*
*
* @param filePlan file plan node reference
* @return String group name
*/
String getAllRolesContainerGroup(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
*
* includes also the system roles
*
* @param filePlan file plan
* @return
*/
Set<Role> getRoles(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
* System roles can be filtered
*
* @param filePlan file plan
* @param includeSystemRoles system roles
* @return
*/
Set<Role> getRoles(NodeRef filePlan, boolean includeSystemRoles);
/**
* Gets the roles for a given user
* includes also the system roles
*
* @param filePlan file plan
* @param user user
* @return
*/
Set<Role> getRolesByUser(NodeRef filePlan, String user);
/**
* Gets the roles for a given user
* System roles can be filtered
*
* @param filePlan file plan
* @param user user
* @param includeSystemRoles system roles
* @return
*/
Set<Role> getRolesByUser(NodeRef filePlan, String user, boolean includeSystemRoles);
/**
* Get a role by name
*
*
* @param filePlan file plan
* @param role role
* @return
*/
Role getRole(NodeRef filePlan, String role);
Role getRole(NodeRef filePlan, String role);
/**
* Indicate whether a role exists for a given records management root node
* @param filePlan file plan
@@ -82,19 +105,19 @@ public interface FilePlanRoleService
* @return
*/
boolean existsRole(NodeRef filePlan, String role);
/**
* Determines whether the given user has the RM Admin role
*
*
* @param filePlan filePlan
* @param user user name to check
* @return true if the user has the RM Admin role, false otherwise
*/
boolean hasRMAdminRole(NodeRef filePlan, String user);
/**
* Create a new role
*
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
@@ -102,10 +125,10 @@ public interface FilePlanRoleService
* @return
*/
Role createRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Update an existing role
*
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
@@ -113,58 +136,58 @@ public interface FilePlanRoleService
* @return
*/
Role updateRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Delete a role
*
*
* @param filePlan file plan
* @param role role
*/
void deleteRole(NodeRef filePlan, String role);
/**
* Gets all the users that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of users
*/
Set<String> getUsersAssignedToRole(NodeRef filePlan, String role);
/**
* Gets all the groups that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of groups
*/
Set<String> getGroupsAssignedToRole(NodeRef filePlan, String role);
/**
* Gets all the groups and users that have been directly assigned to a role.
*
*
* @param filePlan file plan
* @param role role
* @return {@link Set}<{@link String}> set of groups and users
*/
Set<String> getAllAssignedToRole(NodeRef filePlan, String role);
/**
* Assign a role to an authority
*
*
* @param filePlan file plan
* @param role role
* @param authorityName authority name
*/
void assignRoleToAuthority(NodeRef filePlan, String role, String authorityName);
/**
* Unassign a role from an authority
*
*
* @param filePlan file plan
* @param role role
* @param authorityName authority name
*/
void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName);
void unassignRoleFromAuthority(NodeRef filePlan, String role, String authorityName);
}

109
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -24,6 +24,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
@@ -50,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
@@ -400,38 +402,55 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
return sb.toString();
}
/**
* Helper method for retrieving the system roles
*
* @return Returns the system roles
*/
private List<String> getSystemRoles()
{
return Arrays.asList(
FilePlanRoleService.ROLE_EXTENDED_READERS,
FilePlanRoleService.ROLE_EXTENDED_WRITERS
);
}
/**
* Helper method to check whether the current authority is a system role or not
*
* @param roleAuthority The role to check
* @return Returns true if roleAuthority is a system role, false otherwise
*/
private boolean isSystemRole(String roleAuthority)
{
boolean isSystemRole = false;
List<String> systemRoles = getSystemRoles();
for (String systemRole : systemRoles)
{
if (StringUtils.contains(roleAuthority, systemRole))
{
isSystemRole = true;
break;
}
}
return isSystemRole;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
*/
public Set<Role> getRoles(final NodeRef rmRootNode)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
result.add(role);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
return getRoles(rmRootNode, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRoles(NodeRef, boolean)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
@Override
public Set<Role> getRoles(final NodeRef rmRootNode, final boolean includeSystemRoles)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
@@ -442,8 +461,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true)
if (includeSystemRoles == true || isSystemRole(roleAuthority) == false)
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
@@ -460,6 +478,47 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
{
return getRolesByUser(rmRootNode, user, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRolesByUser(NodeRef, String, boolean)
*/
@Override
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user, final boolean includeSystemRoles)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true && (includeSystemRoles == true || isSystemRole(roleAuthority) == false))
{
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
result.add(role);
}
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
};
/**
*
* @param rmRootNode

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RmRolesGet.java
View File

@@ -33,7 +33,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* Get information about record management roles
*
*
* @author Roy Wetherall
*/
public class RmRolesGet extends RoleDeclarativeWebScript
@@ -62,13 +62,13 @@ public class RmRolesGet extends RoleDeclarativeWebScript
String user = req.getParameter("user");
if (user != null && user.length() != 0)
{
roles = filePlanRoleService.getRolesByUser(filePlan, user);
roles = filePlanRoleService.getRolesByUser(filePlan, user, false);
}
else
{
roles = filePlanRoleService.getRoles(filePlan);
roles = filePlanRoleService.getRoles(filePlan, false);
}
// get the auths parameter
boolean showAuths = false;
String auths = req.getParameter("auths");
@@ -76,7 +76,7 @@ public class RmRolesGet extends RoleDeclarativeWebScript
{
showAuths = Boolean.parseBoolean(auths);
}
Set<RoleItem> items = createRoleItems(filePlan, roles, showAuths);
model.put("roles", items);
return model;