RM-731: Impossible to add 'read and file' permissions for default categories

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0@55510 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2013-09-19 01:30:25 +00:00
parent b0a375221b
commit 91c2a02b7c
1 changed files with 25 additions and 17 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
@@ -868,12 +868,15 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
    {
        NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
        if (parent != null &&
-            recordsManagementService.isFilePlan(parent) == false)
+        	recordsManagementService.isFilePlanComponent(nodeRef) == true)
        {
            setPermissionImpl(parent, authority, RMPermissionModel.READ_RECORDS);
+            if (recordsManagementService.isFilePlan(parent) == false)
+            {
            	setReadPermissionUp(parent, authority);
            }
        }
+    }
    
    /**
     * Helper method to set the permission down the hierarchy
@@ -910,7 +913,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
     */
    private void setPermissionImpl(NodeRef nodeRef, String authority, String permission)
    {
-        if (RMPermissionModel.FILING.equals(permission) == true)
+        if (RMPermissionModel.FILING.equals(permission) == true &&
+            permissionService.getInheritParentPermissions(nodeRef) == false)
        {
            // Remove record read permission before adding filing permission
            permissionService.deletePermission(nodeRef, authority, RMPermissionModel.READ_RECORDS);
@@ -927,6 +931,9 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
        AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
        {
            public Boolean doWork() throws Exception
+            { 
+                // can't delete permissions if inherited (eg hold and transfer containers)
+                if (permissionService.getInheritParentPermissions(nodeRef) == false)
                {
 	                // Delete permission on this node
 	                permissionService.deletePermission(nodeRef, authority, permission);
@@ -944,6 +951,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
 	                        }
 	                    }
 	                }
+                }
                
                return null;
            }