Merged DEV/ROYTEST to HEAD:

109931: Classification enforcement refactor 110013: Classification enforecment refactor * rename veto as permission pre-processor * add support for permission post-processors * add transaction cache to classification enforcement * add records management permission post processor to remove code from extended permission service 110191: Extended permission service unit test 110301: Classification permission pre-processor unit test git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@110507 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2015-08-20 02:51:23 +00:00
parent 33edc6feb0 2bcebc2abe
commit 95d7013517
37 changed files with 952 additions and 2107 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/classified-content-context.xml
@@ -39,26 +39,17 @@
         </list>
      </property>
   </bean>
-
-   <!-- Classification Method Interceptor -->
-
-   <bean id="preMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PreMethodInvocationProcessor">
+    
+   <!-- Classification Permission Pre Processor -->
+   <bean id="classificationPermissionPreProcessor" 
+         class="org.alfresco.module.org_alfresco_module_rm.classification.permission.ClassificationPermissionPreProcessor" 
+         parent="parentPermissionPreProcessor">
+      <property name="contentClassificationService" ref="contentClassificationService" />      
+      <property name="transactionalResourceHelper" ref="rm.transactionalResourceHelper" />
+      <property name="classificationServiceBootstrap" ref="classificationServiceBootstrap"/>
+      <property name="authenticationUtil" ref="rm.authenticationUtil" />
   </bean>

-   <bean id="postMethodInvocationProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor.PostMethodInvocationProcessor">
-   </bean>
-
-   <bean id="classificationMethodInterceptor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.ClassificationMethodInterceptor">
-      <property name="preMethodInvocationProcessor" ref="preMethodInvocationProcessor" />
-      <property name="postMethodInvocationProcessor" ref="postMethodInvocationProcessor" />
-   </bean>
-
-   <bean id="classificationMethodInterceptorPostProcessor"
-      class="org.alfresco.module.org_alfresco_module_rm.classification.interceptor.ClassificationMethodInterceptorPostProcessor" />
-
   <!-- Classification service DAO -->

   <bean id="classificationServiceDAO" class="org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceDAO">
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
@@ -26,6 +26,7 @@
      <property name="extendingBeanName" value="rm.FileFolderService_security" />
   </bean>

+   <!--  extended quick share implementation -->
   <bean id="rm.quickShareService" abstract="true" class="org.alfresco.repo.quickshare.ExtendedQuickShareServiceImpl">
      <property name="nodeService" ref="NodeService"/>
   </bean>
@@ -34,6 +35,7 @@
      <property name="extendingBeanName" value="rm.quickShareService"/>
   </bean>

+   <!-- Extended permission service interface -->
   <bean id="ExtendedPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.permissions.impl.ExtendedPermissionService</value>
@@ -51,6 +53,7 @@
        </property>
    </bean>

+    <!-- Extended permissions service security bean -->
    <bean id="ExtendedPermissionService_security" class="org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
@@ -77,11 +80,11 @@
        </property>
    </bean>

+   <!-- Writers permission cache -->
   <bean name="writersSharedCache" factory-bean="cacheFactory" factory-method="createCache">
      <constructor-arg value="cache.writersSharedCache"/>
   </bean>
-
-    <bean name="writersCache" class="org.alfresco.repo.cache.TransactionalCache">
+   <bean name="writersCache" class="org.alfresco.repo.cache.TransactionalCache">
      <property name="sharedCache">
         <ref bean="writersSharedCache" />
      </property>
@@ -92,48 +95,25 @@
      <property name="mutable" value="true" />
      <property name="disableSharedCache" value="${system.cache.disableMutableSharedCaches}" />
   </bean>
-
-   <bean id="permissionServiceImpl" class="org.alfresco.repo.security.permissions.impl.RMPermissionServiceImpl" init-method="init">
-      <property name="writersCache" ref="writersCache"/>
-      <property name="nodeService">
-         <ref bean="mtAwareNodeService" />
-      </property>
-      <property name="tenantService">
-         <ref bean="tenantService"/>
-      </property>
-      <property name="dictionaryService">
-         <ref bean="dictionaryService" />
-      </property>
-      <property name="permissionsDaoComponent">
-         <ref bean="permissionsDaoComponent" />
-      </property>
-      <property name="modelDAO">
-         <ref bean="permissionsModelDAO" />
-      </property>
-      <property name="authorityService">
-         <ref bean="authorityService" />
-      </property>
-      <property name="accessCache">
-         <ref bean="permissionsAccessCache" />
-      </property>
-      <property name="readersCache">
-         <ref bean="readersCache" />
-      </property>
-      <property name="readersDeniedCache">
-         <ref bean="readersDeniedCache" />
-      </property>
-      <property name="policyComponent">
-         <ref bean="policyComponent" />
-      </property>
-      <property name="aclDAO">
-         <ref bean="aclDAO" />
-      </property>
-      <property name="ownableService">
-         <ref bean="ownableService" />
-      </property>
-      <property name="anyDenyDenies">
-         <value>${security.anyDenyDenies}</value>
-      </property>
+   
+   <!-- Permission processor registry -->
+   <bean id="permissionProcessorRegistry" class='org.alfresco.repo.security.permissions.processor.PermissionProcessorRegistry'/>
+   
+   <!-- Permission pre-processor base bean -->
+   <bean id="parentPermissionPreProcessor" init-method="init" abstract="true">
+      <property name="permissionProcessorRegistry" ref="permissionProcessorRegistry"/>
+   </bean>
+   
+   <!-- Permission post-processor base bean -->
+   <bean id="parentPermissionPostProcessor" init-method="init" abstract="true">
+      <property name="permissionProcessorRegistry" ref="permissionProcessorRegistry"/>
+   </bean>
+   
+   <!-- Extended permission service implementation bean -->
+   <bean id="rm.permissionServiceImpl" abstract="true" class="org.alfresco.repo.security.permissions.impl.ExtendedPermissionServiceImpl">
+      <property name="writersCache" ref="writersCache"/>	
+      <property name="filePlanService" ref="filePlanService" />
+      <property name="permissionProcessorRegistry" ref="permissionProcessorRegistry"/>
      <property name="dynamicAuthorities">
         <list>
            <ref bean="ownerDynamicAuthority" />
@@ -142,13 +122,14 @@
            <ref bean="extendedReaderDynamicAuthority" />
         </list>
      </property>
-      <property name="filePlanService">
-         <ref bean="filePlanService" />
-      </property>
+   </bean>
+   <bean class="org.alfresco.util.BeanExtender">
+      <property name="beanName" value="permissionServiceImpl"/>
+      <property name="extendingBeanName" value="rm.permissionServiceImpl"/>
   </bean>

+   <!-- In-place reader and writer dynamic authorites -->
   <bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
-
   <bean id="extendedWriterDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority" />

   <!-- Action Service -->
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/module-context.xml
@@ -24,9 +24,8 @@
   <bean name="rm.alfrescoTransactionSupport" class="org.alfresco.module.org_alfresco_module_rm.util.AlfrescoTransactionSupport" />

   <!-- Import extended repository context -->
-
   <import resource="classpath:alfresco/module/org_alfresco_module_rm/extended-repository-context.xml"/>
-
+   
   <!-- Bootstrap records management data -->
   <bean id="org_alfresco_module_rm_bootstrapData"
      class="org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent"
@@ -84,6 +83,12 @@
         </list>
      </property>
   </bean>
+   
+   <!-- Records management permission post processor -->
+   <bean id="recordsManagementPermissionPostProcessor" class="org.alfresco.module.org_alfresco_module_rm.permission.RecordsManagementPermissionPostProcessor" parent="parentPermissionPostProcessor">
+      <property name="nodeService" ref="nodeService"/>
+      <property name="permissionService" ref="permissionService"/>
+   </bean>

   <!-- Import RM model -->
   <import resource="classpath:alfresco/module/org_alfresco_module_rm/rm-model-context.xml"/>