From 8f6d6328f2f35f05306dc048fdc6de22fcfef097 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Thu, 18 Sep 2014 23:57:43 +0000 Subject: [PATCH] Improvements to extended dynamic authorities * requiredFor set * direct access to extended permission information, not via service git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@84678 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-public-services-security-context.xml | 2 +- .../ExtendedReaderDynamicAuthority.java | 31 +++++++++++++++-- .../ExtendedSecurityBaseDynamicAuthority.java | 34 ++++++++++++------- .../ExtendedWriterDynamicAuthority.java | 31 +++++++++++++++-- 4 files changed, 80 insertions(+), 18 deletions(-) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml index b219f60cf6..0fc7572862 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-public-services-security-context.xml @@ -45,7 +45,7 @@ - + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java index f3d4a8b6a6..469b8bd6d4 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedReaderDynamicAuthority.java @@ -18,8 +18,12 @@ */ package org.alfresco.module.org_alfresco_module_rm.security; +import java.util.Collections; +import java.util.Map; import java.util.Set; +import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; +import org.alfresco.repo.security.permissions.PermissionReference; import org.alfresco.service.cmr.repository.NodeRef; /** @@ -40,14 +44,37 @@ public class ExtendedReaderDynamicAuthority extends ExtendedSecurityBaseDynamicA public String getAuthority() { return EXTENDED_READER; + } + + /** + * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor() + */ + @Override + public Set requiredFor() + { + if (requiredFor == null) + { + requiredFor = Collections.singleton(getModelDAO().getPermissionReference(null, RMPermissionModel.READ_RECORDS)); + } + + return requiredFor; } /** * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef) */ - protected Set getAuthorites(NodeRef nodeRef) + @SuppressWarnings("unchecked") + protected Set getAuthorites(NodeRef nodeRef) { - return getExtendedSecurityService().getExtendedReaders(nodeRef); + Set result = null; + + Map readerMap = (Map)getNodeService().getProperty(nodeRef, PROP_READERS); + if (readerMap != null) + { + result = readerMap.keySet(); + } + + return result; } /** diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java index c1627476a8..b8a6f89136 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityBaseDynamicAuthority.java @@ -24,6 +24,7 @@ import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.repo.security.permissions.DynamicAuthority; import org.alfresco.repo.security.permissions.PermissionReference; +import org.alfresco.repo.security.permissions.impl.ModelDAO; import org.alfresco.repo.transaction.TransactionalResourceHelper; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; @@ -55,6 +56,12 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut /** Application context */ protected ApplicationContext applicationContext; + /** model DAO */ + protected ModelDAO modelDAO; + + /** permission reference */ + protected Set requiredFor; + // NOTE: we get the services directly from the application context in this way to avoid // cyclic relationships and issues when loading the application context @@ -89,11 +96,23 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut { if (nodeService == null) { - nodeService = (NodeService)applicationContext.getBean("nodeService"); + nodeService = (NodeService)applicationContext.getBean("dbNodeService"); } return nodeService; } + /** + * @return model DAO + */ + protected ModelDAO getModelDAO() + { + if (modelDAO == null) + { + modelDAO = (ModelDAO)applicationContext.getBean("permissionsModelDAO"); + } + return modelDAO; + } + /** * @return String transaction cache name */ @@ -160,16 +179,5 @@ public abstract class ExtendedSecurityBaseDynamicAuthority implements DynamicAut } return result; - } - - /** - * Base implementation - * - * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor() - */ - @Override - public Set requiredFor() - { - return null; - } + } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java index af4eb53ad7..f53c3ffe41 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedWriterDynamicAuthority.java @@ -18,8 +18,12 @@ */ package org.alfresco.module.org_alfresco_module_rm.security; +import java.util.Collections; +import java.util.Map; import java.util.Set; +import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; +import org.alfresco.repo.security.permissions.PermissionReference; import org.alfresco.service.cmr.repository.NodeRef; /** @@ -41,13 +45,36 @@ public class ExtendedWriterDynamicAuthority extends ExtendedSecurityBaseDynamicA { return EXTENDED_WRITER; } + + /** + * @see org.alfresco.repo.security.permissions.DynamicAuthority#requiredFor() + */ + @Override + public Set requiredFor() + { + if (requiredFor == null) + { + requiredFor = Collections.singleton(getModelDAO().getPermissionReference(null, RMPermissionModel.FILE_RECORDS)); + } + + return requiredFor; + } /** * @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityBaseDynamicAuthority#getAuthorites(org.alfresco.service.cmr.repository.NodeRef) */ - protected Set getAuthorites(NodeRef nodeRef) + @SuppressWarnings("unchecked") + protected Set getAuthorites(NodeRef nodeRef) { - return getExtendedSecurityService().getExtendedWriters(nodeRef); + Set result = null; + + Map map = (Map)getNodeService().getProperty(nodeRef, PROP_WRITERS); + if (map != null) + { + result = map.keySet(); + } + + return result; } /**