Improvements to extended dynamic authorities

* requiredFor set * direct access to extended permission information, not via service git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@84678 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2014-09-18 23:57:43 +00:00
parent 2de55cb0e9
commit 8f6d6328f2
4 changed files with 80 additions and 18 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml
@@ -45,7 +45,7 @@

    <bean id="RMSecurityCommon" abstract="true">
    	<property name="nodeService" ref="nodeService"/>
-    	<property name="permissionService" ref="permissionService"/>
+    	<property name="permissionService" ref="permissionServiceImpl"/>
    	<property name="recordsManagementService" ref="recordsManagementService"/>
    	<property name="caveatConfigComponent" ref="caveatConfigComponent"/>
    	<property name="filePlanService" ref="filePlanService"/>
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java
@@ -18,8 +18,12 @@
 */
 package org.alfresco.module.org_alfresco_module_rm.security;

+import java.util.Collections;
+import java.util.Map;
 import java.util.Set;

+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.repo.security.permissions.PermissionReference;
 import org.alfresco.service.cmr.repository.NodeRef;

 /**
@@ -40,14 +44,37 @@ public class ExtendedReaderDynamicAuthority extends ExtendedSecurityBaseDynamicA
    public String getAuthority()
    {
        return EXTENDED_READER;
+    }    
+
+    /**
+     * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
+     */
+    @Override
+    public Set<PermissionReference> requiredFor()
+    {
+    	if (requiredFor == null)
+    	{
+    		requiredFor = Collections.singleton(getModelDAO().getPermissionReference(null, RMPermissionModel.READ_RECORDS));
+    	}
+    	
+    	return requiredFor;
    }

    /**
     * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef)
     */
-    protected Set<String> getAuthorites(NodeRef nodeRef) 
+    @SuppressWarnings("unchecked")
+	protected Set<String> getAuthorites(NodeRef nodeRef) 
    {
-        return getExtendedSecurityService().getExtendedReaders(nodeRef);
+        Set<String> result = null;
+        
+        Map<String, Integer> readerMap = (Map<String, Integer>)getNodeService().getProperty(nodeRef, PROP_READERS);
+        if (readerMap != null)
+        {
+            result = readerMap.keySet();
+        }
+        
+        return result;
    }
    
    /**
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java
@@ -24,6 +24,7 @@ import java.util.Set;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.repo.security.permissions.DynamicAuthority;
 import org.alfresco.repo.security.permissions.PermissionReference;
+import org.alfresco.repo.security.permissions.impl.ModelDAO;
 import org.alfresco.repo.transaction.TransactionalResourceHelper;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -55,6 +56,12 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
    /** Application context */
    protected ApplicationContext applicationContext;
    
+    /** model DAO */
+    protected ModelDAO modelDAO;
+    
+    /** permission reference */
+    protected Set<PermissionReference> requiredFor;
+    
    // NOTE: we get the services directly from the application context in this way to avoid
    //       cyclic relationships and issues when loading the application context
    
@@ -89,11 +96,23 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
    {
        if (nodeService == null)
        {
-            nodeService = (NodeService)applicationContext.getBean("nodeService");
+            nodeService = (NodeService)applicationContext.getBean("dbNodeService");
        }
        return nodeService;
    }
    
+    /**
+     * @return	model DAO
+     */
+    protected ModelDAO getModelDAO()
+    {
+    	if (modelDAO == null)
+    	{
+    		modelDAO = (ModelDAO)applicationContext.getBean("permissionsModelDAO");	
+    	}
+    	return modelDAO;
+    }
+    
    /**
     * @return	String transaction cache name
     */
@@ -160,16 +179,5 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut
        }
        
        return result;
-    }    
-    
-    /**
-     * Base implementation
-     * 
-     * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
-     */
-    @Override
-    public Set<PermissionReference> requiredFor()
-    {
-        return null;
-    }
+    }        
 }
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java
@@ -18,8 +18,12 @@
 */
 package org.alfresco.module.org_alfresco_module_rm.security;

+import java.util.Collections;
+import java.util.Map;
 import java.util.Set;

+import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.repo.security.permissions.PermissionReference;
 import org.alfresco.service.cmr.repository.NodeRef;

 /**
@@ -41,13 +45,36 @@ public class ExtendedWriterDynamicAuthority extends ExtendedSecurityBaseDynamicA
    {
        return EXTENDED_WRITER;
    }
+    
+    /**
+     * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor()
+     */
+    @Override
+    public Set<PermissionReference> requiredFor()
+    {
+    	if (requiredFor == null)
+    	{
+    		requiredFor = Collections.singleton(getModelDAO().getPermissionReference(null, RMPermissionModel.FILE_RECORDS));
+    	}
+    	
+    	return requiredFor;
+    }

    /**
     * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef)
     */
-    protected Set<String> getAuthorites(NodeRef nodeRef) 
+    @SuppressWarnings("unchecked")
+	protected Set<String> getAuthorites(NodeRef nodeRef) 
    {
-        return getExtendedSecurityService().getExtendedWriters(nodeRef);
+    	Set<String> result = null;
+        
+        Map<String, Integer> map = (Map<String, Integer>)getNodeService().getProperty(nodeRef, PROP_WRITERS);
+        if (map != null)
+        {
+            result = map.keySet();
+        }
+        
+        return result;
    }  
    
    /**