mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-764 (In-Place roles should not appear when managing users and groups)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@52207 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
@@ -51,14 +51,26 @@ public interface FilePlanRoleService
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all the available roles for the given records management root node
|
* Get all the available roles for the given records management root node
|
||||||
|
* includes also the system roles
|
||||||
*
|
*
|
||||||
* @param filePlan file plan
|
* @param filePlan file plan
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
Set<Role> getRoles(NodeRef filePlan);
|
Set<Role> getRoles(NodeRef filePlan);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get all the available roles for the given records management root node
|
||||||
|
* System roles can be filtered
|
||||||
|
*
|
||||||
|
* @param filePlan file plan
|
||||||
|
* @param includeSystemRoles system roles
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
Set<Role> getRoles(NodeRef filePlan, boolean includeSystemRoles);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the roles for a given user
|
* Gets the roles for a given user
|
||||||
|
* includes also the system roles
|
||||||
*
|
*
|
||||||
* @param filePlan file plan
|
* @param filePlan file plan
|
||||||
* @param user user
|
* @param user user
|
||||||
@@ -66,6 +78,17 @@ public interface FilePlanRoleService
|
|||||||
*/
|
*/
|
||||||
Set<Role> getRolesByUser(NodeRef filePlan, String user);
|
Set<Role> getRolesByUser(NodeRef filePlan, String user);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the roles for a given user
|
||||||
|
* System roles can be filtered
|
||||||
|
*
|
||||||
|
* @param filePlan file plan
|
||||||
|
* @param user user
|
||||||
|
* @param includeSystemRoles system roles
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
Set<Role> getRolesByUser(NodeRef filePlan, String user, boolean includeSystemRoles);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a role by name
|
* Get a role by name
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ import java.io.InputStream;
|
|||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.alfresco.error.AlfrescoRuntimeException;
|
import org.alfresco.error.AlfrescoRuntimeException;
|
||||||
@@ -50,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityService;
|
|||||||
import org.alfresco.service.cmr.security.AuthorityType;
|
import org.alfresco.service.cmr.security.AuthorityType;
|
||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.util.ParameterCheck;
|
import org.alfresco.util.ParameterCheck;
|
||||||
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.json.JSONArray;
|
import org.json.JSONArray;
|
||||||
@@ -400,38 +402,55 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
|||||||
return sb.toString();
|
return sb.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method for retrieving the system roles
|
||||||
|
*
|
||||||
|
* @return Returns the system roles
|
||||||
|
*/
|
||||||
|
private List<String> getSystemRoles()
|
||||||
|
{
|
||||||
|
return Arrays.asList(
|
||||||
|
FilePlanRoleService.ROLE_EXTENDED_READERS,
|
||||||
|
FilePlanRoleService.ROLE_EXTENDED_WRITERS
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method to check whether the current authority is a system role or not
|
||||||
|
*
|
||||||
|
* @param roleAuthority The role to check
|
||||||
|
* @return Returns true if roleAuthority is a system role, false otherwise
|
||||||
|
*/
|
||||||
|
private boolean isSystemRole(String roleAuthority)
|
||||||
|
{
|
||||||
|
boolean isSystemRole = false;
|
||||||
|
List<String> systemRoles = getSystemRoles();
|
||||||
|
|
||||||
|
for (String systemRole : systemRoles)
|
||||||
|
{
|
||||||
|
if (StringUtils.contains(roleAuthority, systemRole))
|
||||||
|
{
|
||||||
|
isSystemRole = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return isSystemRole;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
|
||||||
*/
|
*/
|
||||||
public Set<Role> getRoles(final NodeRef rmRootNode)
|
public Set<Role> getRoles(final NodeRef rmRootNode)
|
||||||
{
|
{
|
||||||
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
|
return getRoles(rmRootNode, true);
|
||||||
{
|
|
||||||
public Set<Role> doWork() throws Exception
|
|
||||||
{
|
|
||||||
Set<Role> result = new HashSet<Role>(13);
|
|
||||||
|
|
||||||
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
|
|
||||||
for (String roleAuthority : roleAuthorities)
|
|
||||||
{
|
|
||||||
String groupShortName = authorityService.getShortName(roleAuthority);
|
|
||||||
String name = getShortRoleName(groupShortName, rmRootNode);
|
|
||||||
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
|
|
||||||
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
|
|
||||||
|
|
||||||
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
|
|
||||||
result.add(role);
|
|
||||||
}
|
|
||||||
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
}, AuthenticationUtil.getSystemUserName());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
|
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRoles(NodeRef, boolean)
|
||||||
*/
|
*/
|
||||||
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
|
@Override
|
||||||
|
public Set<Role> getRoles(final NodeRef rmRootNode, final boolean includeSystemRoles)
|
||||||
{
|
{
|
||||||
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
|
||||||
{
|
{
|
||||||
@@ -442,8 +461,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
|||||||
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
|
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
|
||||||
for (String roleAuthority : roleAuthorities)
|
for (String roleAuthority : roleAuthorities)
|
||||||
{
|
{
|
||||||
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
|
if (includeSystemRoles == true || isSystemRole(roleAuthority) == false)
|
||||||
if (users.contains(user) == true)
|
|
||||||
{
|
{
|
||||||
String groupShortName = authorityService.getShortName(roleAuthority);
|
String groupShortName = authorityService.getShortName(roleAuthority);
|
||||||
String name = getShortRoleName(groupShortName, rmRootNode);
|
String name = getShortRoleName(groupShortName, rmRootNode);
|
||||||
@@ -460,6 +478,47 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
|||||||
}, AuthenticationUtil.getSystemUserName());
|
}, AuthenticationUtil.getSystemUserName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
|
||||||
|
*/
|
||||||
|
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
|
||||||
|
{
|
||||||
|
return getRolesByUser(rmRootNode, user, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getRolesByUser(NodeRef, String, boolean)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user, final boolean includeSystemRoles)
|
||||||
|
{
|
||||||
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
|
||||||
|
{
|
||||||
|
public Set<Role> doWork() throws Exception
|
||||||
|
{
|
||||||
|
Set<Role> result = new HashSet<Role>(13);
|
||||||
|
|
||||||
|
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
|
||||||
|
for (String roleAuthority : roleAuthorities)
|
||||||
|
{
|
||||||
|
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
|
||||||
|
if (users.contains(user) == true && (includeSystemRoles == true || isSystemRole(roleAuthority) == false))
|
||||||
|
{
|
||||||
|
String groupShortName = authorityService.getShortName(roleAuthority);
|
||||||
|
String name = getShortRoleName(groupShortName, rmRootNode);
|
||||||
|
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
|
||||||
|
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
|
||||||
|
|
||||||
|
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
|
||||||
|
result.add(role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
}, AuthenticationUtil.getSystemUserName());
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @param rmRootNode
|
* @param rmRootNode
|
||||||
|
|||||||
@@ -62,11 +62,11 @@ public class RmRolesGet extends RoleDeclarativeWebScript
|
|||||||
String user = req.getParameter("user");
|
String user = req.getParameter("user");
|
||||||
if (user != null && user.length() != 0)
|
if (user != null && user.length() != 0)
|
||||||
{
|
{
|
||||||
roles = filePlanRoleService.getRolesByUser(filePlan, user);
|
roles = filePlanRoleService.getRolesByUser(filePlan, user, false);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
roles = filePlanRoleService.getRoles(filePlan);
|
roles = filePlanRoleService.getRoles(filePlan, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get the auths parameter
|
// get the auths parameter
|
||||||
|
|||||||
@@ -23,10 +23,8 @@ import java.util.Set;
|
|||||||
|
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
|
|
||||||
import org.alfresco.module.org_alfresco_module_rm.role.Role;
|
import org.alfresco.module.org_alfresco_module_rm.role.Role;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||||
import org.alfresco.service.cmr.security.AuthorityType;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* File plan role service unit test
|
* File plan role service unit test
|
||||||
@@ -66,6 +64,11 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
|
|||||||
assertNotNull(roles);
|
assertNotNull(roles);
|
||||||
assertTrue(roles.size() != 0);
|
assertTrue(roles.size() != 0);
|
||||||
|
|
||||||
|
Set<Role> rolesIncludingSystemRoles = filePlanRoleService.getRoles(filePlan, true);
|
||||||
|
assertNotNull(rolesIncludingSystemRoles);
|
||||||
|
assertTrue(roles.size() != 0);
|
||||||
|
assertTrue(roles.size() == rolesIncludingSystemRoles.size());
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@@ -81,6 +84,11 @@ public class FilePlanRoleServiceImplTest extends BaseRMTestCase
|
|||||||
assertNotNull(roles);
|
assertNotNull(roles);
|
||||||
assertEquals(1, roles.size());
|
assertEquals(1, roles.size());
|
||||||
|
|
||||||
|
Set<Role> rolesIncludingSystemRoles = filePlanRoleService.getRolesByUser(filePlan, rmUserName, true);
|
||||||
|
assertNotNull(rolesIncludingSystemRoles);
|
||||||
|
assertEquals(1, rolesIncludingSystemRoles.size());
|
||||||
|
assertEquals(roles.size(), rolesIncludingSystemRoles.size());
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user