From 91eed305bd458161b9761497e47a6d023779cfaf Mon Sep 17 00:00:00 2001 From: Steven Glover Date: Thu, 22 Sep 2011 09:36:34 +0000 Subject: [PATCH] Fix for ALF-8176 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@30694 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco/messages/avm-messages.properties | 1 + .../repo/avm/AVMLockingAwareService.java | 22 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/config/alfresco/messages/avm-messages.properties b/config/alfresco/messages/avm-messages.properties index 793ac11fa6..6a67c7ce11 100644 --- a/config/alfresco/messages/avm-messages.properties +++ b/config/alfresco/messages/avm-messages.properties @@ -2,6 +2,7 @@ expiredcontent.workflow.title=Expired Content In ''{0}'' avmlockservice.locked=You do not have access to ''{0}''; it is currently locked by user ''{1}''. +avmlockservice.accessdenied=User ''{0}'' tried to lock node in workflow store without Write permission. testserver.taken=The test server ''{0}'' you selected has been allocated to another user, if possible, select a different server and try again. avm.cycle.create=Cycle would be created. diff --git a/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java b/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java index 64529248de..ade71a363b 100644 --- a/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java +++ b/source/java/org/alfresco/repo/avm/AVMLockingAwareService.java @@ -30,6 +30,7 @@ import java.util.SortedMap; import org.alfresco.repo.avm.util.AVMUtil; import org.alfresco.repo.domain.PropertyValue; import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.permissions.AccessDeniedException; import org.alfresco.service.cmr.avm.AVMNodeDescriptor; import org.alfresco.service.cmr.avm.AVMService; import org.alfresco.service.cmr.avm.AVMStoreDescriptor; @@ -41,12 +42,16 @@ import org.alfresco.service.cmr.avm.locking.AVMLockingService.LockState; import org.alfresco.service.cmr.repository.ContentData; import org.alfresco.service.cmr.repository.ContentReader; import org.alfresco.service.cmr.repository.ContentWriter; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.QName; import org.alfresco.util.Pair; import org.alfresco.wcm.util.WCMUtil; import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; +import org.springframework.extensions.surf.util.I18NUtil; /** * An AVMLockingService aware implementation of AVMService. @@ -56,10 +61,14 @@ public class AVMLockingAwareService implements AVMService, ApplicationContextAwa { public static final String STORE_SEPARATOR = "--"; + public static final String STORE_WORKFLOW = "workflow"; + private AVMService fService; private AVMLockingService fLockingService; + private PermissionService permissionService; + private ApplicationContext fContext; public AVMLockingAwareService() @@ -75,6 +84,7 @@ public class AVMLockingAwareService implements AVMService, ApplicationContextAwa { fService = (AVMService)fContext.getBean("avmService"); fLockingService = (AVMLockingService)fContext.getBean("avmLockingService"); + permissionService = (PermissionService) fContext.getBean("PermissionService"); } public void addAspect(String path, QName aspectName) @@ -640,7 +650,17 @@ public class AVMLockingAwareService implements AVMService, ApplicationContextAwa // Don't do locking in staging. return; } - if (webProject != null) + if (avmStore.indexOf(STORE_SEPARATOR + STORE_WORKFLOW) != -1) + { + //Allow lock in workflow store if user has "Write" permission + NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, path); + if (permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED) + { + String errorMessage = I18NUtil.getMessage("avmlockservice.accessdenied", AuthenticationUtil.getFullyAuthenticatedUser()); + throw new AccessDeniedException(errorMessage); + } + } + else if (webProject != null) { String userName = AuthenticationUtil.getFullyAuthenticatedUser(); LockState lockState = fLockingService.getLockState(webProject, storePath[1], userName);