From 91c2a02b7cf32da840da37ffcce8ed900e7d7b47 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Thu, 19 Sep 2013 01:30:25 +0000 Subject: [PATCH] RM-731: Impossible to add 'read and file' permissions for default categories git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@55510 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../RecordsManagementSecurityServiceImpl.java | 42 +++++++++++-------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java index 4b5e233a93..c4938c8d5e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java @@ -868,10 +868,13 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe { NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef(); if (parent != null && - recordsManagementService.isFilePlan(parent) == false) + recordsManagementService.isFilePlanComponent(nodeRef) == true) { setPermissionImpl(parent, authority, RMPermissionModel.READ_RECORDS); - setReadPermissionUp(parent, authority); + if (recordsManagementService.isFilePlan(parent) == false) + { + setReadPermissionUp(parent, authority); + } } } @@ -910,7 +913,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe */ private void setPermissionImpl(NodeRef nodeRef, String authority, String permission) { - if (RMPermissionModel.FILING.equals(permission) == true) + if (RMPermissionModel.FILING.equals(permission) == true && + permissionService.getInheritParentPermissions(nodeRef) == false) { // Remove record read permission before adding filing permission permissionService.deletePermission(nodeRef, authority, RMPermissionModel.READ_RECORDS); @@ -928,21 +932,25 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe { public Boolean doWork() throws Exception { - // Delete permission on this node - permissionService.deletePermission(nodeRef, authority, permission); - - if (recordsManagementService.isRecordCategory(nodeRef) == true) + // can't delete permissions if inherited (eg hold and transfer containers) + if (permissionService.getInheritParentPermissions(nodeRef) == false) { - List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef assoc : assocs) - { - NodeRef child = assoc.getChildRef(); - if (recordsManagementService.isRecordCategory(child) == true || - recordsManagementService.isRecordFolder(child) == true) - { - deletePermission(child, authority, permission); - } - } + // Delete permission on this node + permissionService.deletePermission(nodeRef, authority, permission); + + if (recordsManagementService.isRecordCategory(nodeRef) == true) + { + List assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef assoc : assocs) + { + NodeRef child = assoc.getChildRef(); + if (recordsManagementService.isRecordCategory(child) == true || + recordsManagementService.isRecordFolder(child) == true) + { + deletePermission(child, authority, permission); + } + } + } } return null;