mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-895: Ensure RM actions with side effects don't try and execute if things are frozen
RM-965: Unable to declare a record from the repository view. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55371 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -918,6 +918,7 @@
|
||||
<property name="publicAction" value="true"/>
|
||||
<property name="delegateAction" ref="set-property-value" />
|
||||
<property name="adhocPropertiesAllowed" value="true" />
|
||||
<property name="checkFrozen" value="true" />
|
||||
</bean>
|
||||
|
||||
<!-- add record types -->
|
||||
|
||||
@@ -59,7 +59,9 @@ public class AddRecordTypeAction extends RMActionExecuterAbstractBase
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (recordService.isRecord(actionedUponNodeRef))
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false &&
|
||||
recordService.isRecord(actionedUponNodeRef) == true)
|
||||
{
|
||||
String recordTypes = (String) action.getParameterValue(PARAM_ADD_RECORD_TYPES);
|
||||
String[] types = recordTypes.split(",");
|
||||
|
||||
@@ -49,8 +49,9 @@ public class CloseRecordFolderAction extends RMActionExecuterAbstractBase
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
// TODO check that the user in question has the correct permissions to close a records folder
|
||||
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
if (recordService.isRecord(actionedUponNodeRef))
|
||||
{
|
||||
ChildAssociationRef assocRef = nodeService.getPrimaryParent(actionedUponNodeRef);
|
||||
@@ -75,3 +76,4 @@ public class CloseRecordFolderAction extends RMActionExecuterAbstractBase
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -61,6 +61,9 @@ public class CompleteEventAction extends RMActionExecuterAbstractBase
|
||||
*/
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
String eventName = (String)action.getParameterValue(PARAM_EVENT_NAME);
|
||||
String eventCompletedBy = (String)action.getParameterValue(PARAM_EVENT_COMPLETED_BY);
|
||||
@@ -106,6 +109,7 @@ public class CompleteEventAction extends RMActionExecuterAbstractBase
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the event from the dispostion action
|
||||
|
||||
@@ -61,7 +61,9 @@ public class DeclareRecordAction extends RMActionExecuterAbstractBase
|
||||
@Override
|
||||
protected void executeImpl(final Action action, final NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (recordService.isRecord(actionedUponNodeRef) == true)
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
recordService.isRecord(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
if (recordService.isDeclared(actionedUponNodeRef) == false)
|
||||
{
|
||||
|
||||
@@ -39,6 +39,9 @@ public class DelegateAction extends RMActionExecuterAbstractBase
|
||||
/** Delegate action executer*/
|
||||
private ActionExecuter delegateActionExecuter;
|
||||
|
||||
/** should we check whether the node is frozen */
|
||||
private boolean checkFrozen = false;
|
||||
|
||||
/**
|
||||
* @param delegateActionExecuter delegate action executer
|
||||
*/
|
||||
@@ -47,14 +50,26 @@ public class DelegateAction extends RMActionExecuterAbstractBase
|
||||
this.delegateActionExecuter = delegateActionExecuter;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param checkFrozen true if we check whether the actioned upon node reference is frozen, false otherwise
|
||||
*/
|
||||
public void setCheckFrozen(boolean checkFrozen)
|
||||
{
|
||||
this.checkFrozen = checkFrozen;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef)
|
||||
*/
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
(checkFrozen == false || freezeService.isFrozen(actionedUponNodeRef) == false))
|
||||
{
|
||||
delegateActionExecuter.execute(action, actionedUponNodeRef);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.action.ParameterizedItemAbstractBase#getParameterDefintions()
|
||||
|
||||
@@ -72,7 +72,8 @@ public class FileToAction extends RMActionExecuterAbstractBase
|
||||
@Override
|
||||
protected void executeImpl(final Action action, final NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true)
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
if (recordService.isFiled(actionedUponNodeRef) == false)
|
||||
{
|
||||
|
||||
@@ -36,6 +36,7 @@ public class OpenRecordFolderAction extends RMActionExecuterAbstractBase
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(OpenRecordFolderAction.class);
|
||||
|
||||
/** I18N */
|
||||
private static final String MSG_NO_OPEN_RECORD_FOLDER = "rm.action.no-open-record-folder";
|
||||
|
||||
/** Parameter names */
|
||||
@@ -47,6 +48,9 @@ public class OpenRecordFolderAction extends RMActionExecuterAbstractBase
|
||||
*/
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
// TODO move re-open logic into a service method
|
||||
// TODO check that the user in question has the correct permission to re-open a records folder
|
||||
@@ -75,3 +79,4 @@ public class OpenRecordFolderAction extends RMActionExecuterAbstractBase
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,6 +48,7 @@ public class RejectAction extends RMActionExecuterAbstractBase
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false &&
|
||||
nodeService.getProperty(actionedUponNodeRef, PROP_RECORD_ORIGINATING_LOCATION) != null)
|
||||
{
|
||||
recordService.rejectRecord(actionedUponNodeRef, (String) action.getParameterValue(PARAM_REASON));
|
||||
|
||||
@@ -43,10 +43,14 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase
|
||||
*/
|
||||
@Override
|
||||
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
|
||||
{
|
||||
if (nodeService.exists(actionedUponNodeRef) == true)
|
||||
{
|
||||
if (recordService.isRecord(actionedUponNodeRef) == true)
|
||||
{
|
||||
if (recordService.isDeclared(actionedUponNodeRef) == true)
|
||||
// repoen if already complete and not frozen
|
||||
if (recordService.isDeclared(actionedUponNodeRef) == true &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
// Remove the declared aspect
|
||||
this.nodeService.removeAspect(actionedUponNodeRef, ASPECT_DECLARED_RECORD);
|
||||
@@ -61,3 +65,4 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.alfresco.service.namespace.QName;
|
||||
public interface ModelSecurityService
|
||||
{
|
||||
/**
|
||||
* Sets whether model security is enabled or not.
|
||||
* Sets whether model security is enabled globally or not.
|
||||
*
|
||||
* @param enabled
|
||||
*/
|
||||
@@ -45,6 +45,16 @@ public interface ModelSecurityService
|
||||
*/
|
||||
boolean isEnabled();
|
||||
|
||||
/**
|
||||
* Disable model security checks for the current thread.
|
||||
*/
|
||||
void disable();
|
||||
|
||||
/**
|
||||
* Enable model security checks for the current thread.
|
||||
*/
|
||||
void enable();
|
||||
|
||||
/**
|
||||
* Registers a protected model artifact with the service.
|
||||
*
|
||||
|
||||
@@ -154,6 +154,28 @@ public class ModelSecurityServiceImpl implements ModelSecurityService,
|
||||
onUpdatePropertiesBehaviour);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#disable()
|
||||
*/
|
||||
@Override
|
||||
public void disable()
|
||||
{
|
||||
beforeAddAspectBehaviour.disable();
|
||||
beforeRemoveAspectBehaviour.disable();
|
||||
onUpdatePropertiesBehaviour.disable();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#enable()
|
||||
*/
|
||||
@Override
|
||||
public void enable()
|
||||
{
|
||||
beforeAddAspectBehaviour.enable();
|
||||
beforeRemoveAspectBehaviour.enable();
|
||||
onUpdatePropertiesBehaviour.enable();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#register(org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedModelArtifact)
|
||||
*/
|
||||
|
||||
@@ -271,7 +271,8 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
|
||||
|
||||
for (String authority : authorities)
|
||||
{
|
||||
if (authority.equals(PermissionService.ALL_AUTHORITIES) == false)
|
||||
if (authority.equals(PermissionService.ALL_AUTHORITIES) == false &&
|
||||
authority.equals(PermissionService.OWNER_AUTHORITY) == false)
|
||||
{
|
||||
if (referenceCountMap == null ||
|
||||
referenceCountMap.containsKey(authority) == false)
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.Set;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
@@ -39,36 +40,67 @@ import org.alfresco.service.namespace.QName;
|
||||
*/
|
||||
public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
{
|
||||
/** indicates whether the rules should be run as rmadmin or not */
|
||||
private boolean runAsRmAdmin = true;
|
||||
|
||||
/** ignore types */
|
||||
private Set<QName> ignoredTypes = new HashSet<QName>();
|
||||
|
||||
/** file plan service */
|
||||
private FilePlanService filePlanService;
|
||||
|
||||
/** file plan authentication service */
|
||||
private FilePlanAuthenticationService filePlanAuthenticationService;
|
||||
|
||||
/** node service */
|
||||
protected NodeService nodeService;
|
||||
|
||||
/** model security service */
|
||||
protected ModelSecurityService modelSecurityService;
|
||||
|
||||
/**
|
||||
* @param runAsRmAdmin true if run rules as rmadmin, false otherwise
|
||||
*/
|
||||
public void setRunAsRmAdmin(boolean runAsRmAdmin)
|
||||
{
|
||||
this.runAsRmAdmin = runAsRmAdmin;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param filePlanAuthenticationService file plan authentication service
|
||||
*/
|
||||
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
|
||||
{
|
||||
this.filePlanAuthenticationService = filePlanAuthenticationService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param nodeService node service
|
||||
*/
|
||||
public void setNodeService2(NodeService nodeService)
|
||||
{
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param filePlanService file plan service
|
||||
*/
|
||||
public void setFilePlanService(FilePlanService filePlanService)
|
||||
{
|
||||
this.filePlanService = filePlanService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param modelSecurityService model security service
|
||||
*/
|
||||
public void setModelSecurityService(ModelSecurityService modelSecurityService)
|
||||
{
|
||||
this.modelSecurityService = modelSecurityService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Init method
|
||||
*/
|
||||
@Override
|
||||
public void init()
|
||||
{
|
||||
@@ -81,10 +113,13 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
ignoredTypes.add(RecordsManagementModel.TYPE_EVENT_EXECUTION);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.rule.RuleServiceImpl#saveRule(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.rule.Rule)
|
||||
*/
|
||||
@Override
|
||||
public void saveRule(final NodeRef nodeRef, final Rule rule)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true && runAsRmAdmin == true)
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true)
|
||||
{
|
||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||
{
|
||||
@@ -103,10 +138,13 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.rule.RuleServiceImpl#removeRule(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.rule.Rule)
|
||||
*/
|
||||
@Override
|
||||
public void removeRule(final NodeRef nodeRef, final Rule rule)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true && runAsRmAdmin == true)
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true)
|
||||
{
|
||||
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
|
||||
{
|
||||
@@ -125,26 +163,49 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.repo.rule.RuleServiceImpl#executeRule(org.alfresco.service.cmr.rule.Rule, org.alfresco.service.cmr.repository.NodeRef, java.util.Set)
|
||||
*/
|
||||
@Override
|
||||
public void executeRule(final Rule rule, final NodeRef nodeRef, final Set<ExecutedRuleData> executedRules)
|
||||
{
|
||||
QName typeQName = nodeService.getType(nodeRef);
|
||||
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true
|
||||
&& isFilePlanComponentRule(rule) == true && runAsRmAdmin == true)
|
||||
// check if this is a rm rule on a rm artifact
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true &&
|
||||
isFilePlanComponentRule(rule) == true)
|
||||
{
|
||||
// ignore and
|
||||
if (isIgnoredType(typeQName) == false)
|
||||
{
|
||||
String user = AuthenticationUtil.getFullyAuthenticatedUser();
|
||||
try
|
||||
// disable model security whilst we execute the RM rule
|
||||
//modelSecurityService.disable();
|
||||
//try
|
||||
//{
|
||||
if (runAsRmAdmin == true)
|
||||
{
|
||||
AuthenticationUtil.setFullyAuthenticatedUser(filePlanAuthenticationService.getRmAdminUserName());
|
||||
// run as rmadmin
|
||||
filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
else
|
||||
{
|
||||
// run as current user
|
||||
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
|
||||
}
|
||||
finally
|
||||
{
|
||||
AuthenticationUtil.setFullyAuthenticatedUser(user);
|
||||
}
|
||||
//}
|
||||
//finally
|
||||
//{
|
||||
// enable model security
|
||||
// modelSecurityService.enable();
|
||||
//}
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -154,6 +215,12 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicates whether the rule is a file plan component
|
||||
*
|
||||
* @param rule rule
|
||||
* @return boolean true if rule is set on a file plan component, false otherwise
|
||||
*/
|
||||
private boolean isFilePlanComponentRule(Rule rule)
|
||||
{
|
||||
NodeRef nodeRef = getOwningNodeRef(rule);
|
||||
@@ -161,7 +228,8 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
|
||||
}
|
||||
|
||||
/**
|
||||
* @param typeQName
|
||||
* @param typeQName type qname
|
||||
* @return boolean true if ignore type, false otherwise
|
||||
*/
|
||||
private boolean isIgnoredType(QName typeQName)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user