inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-953: SOLR searches are not returning results as expected for RM artifacts.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55258 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-09-12 05:47:56 +00:00
parent c0245b05df
commit 97b7774eed
1 changed files with 75 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
View File

@@ -27,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.repo.cache.SimpleCache; import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.security.permissions.AccessControlEntry; import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList; import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.PropertyCheck; import org.alfresco.util.PropertyCheck;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
@@ -42,8 +43,12 @@ import org.springframework.context.ApplicationEvent;
public class RMPermissionServiceImpl extends PermissionServiceImpl public class RMPermissionServiceImpl extends PermissionServiceImpl
implements ExtendedPermissionService implements ExtendedPermissionService
{ {
/** Writers simple cache */
protected SimpleCache<Serializable, Set<String>> writersCache; protected SimpleCache<Serializable, Set<String>> writersCache;
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
*/
@Override @Override
public void setAnyDenyDenies(boolean anyDenyDenies) public void setAnyDenyDenies(boolean anyDenyDenies)
{ {
@@ -59,6 +64,9 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
this.writersCache = writersCache; this.writersCache = writersCache;
} }
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override @Override
protected void onBootstrap(ApplicationEvent event) protected void onBootstrap(ApplicationEvent event)
{ {
@@ -67,11 +75,49 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
} }
/** /**
* Builds the set of authorities who can read the given ACL. No caching is done here. * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#canRead(java.lang.Long)
*
* @return an <b>unmodifiable</b> set of authorities
*/ */
protected Set<String> buildReaders(Long aclId) @Override
protected AccessStatus canRead(Long aclId)
{
Set<String> authorities = getAuthorisations();
// test denied
if(anyDenyDenies)
{
Set<String> aclReadersDenied = getReadersDenied(aclId);
for(String auth : aclReadersDenied)
{
if(authorities.contains(auth))
{
return AccessStatus.DENIED;
}
}
}
// test acl readers
Set<String> aclReaders = getReaders(aclId);
for(String auth : aclReaders)
{
if(authorities.contains(auth))
{
return AccessStatus.ALLOWED;
}
}
return AccessStatus.DENIED;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#getReaders(java.lang.Long)
*/
@Override
public Set<String> getReaders(Long aclId)
{ {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId); AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) if (acl == null)
@@ -79,6 +125,12 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
return Collections.emptySet(); return Collections.emptySet();
} }
Set<String> aclReaders = readersCache.get((Serializable)acl.getProperties());
if (aclReaders != null)
{
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>(); HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>(); HashSet<String> readers = new HashSet<String>();
@@ -96,24 +148,33 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
readers.add(authority); readers.add(authority);
} }
} }
return Collections.unmodifiableSet(readers); aclReaders = Collections.unmodifiableSet(readers);
readersCache.put((Serializable)acl.getProperties(), aclReaders);
return aclReaders;
} }
/** /**
* Override with check for RM read
*
* @param aclId * @param aclId
* @return set of authorities with read permission on the ACL * @return
*/ */
protected Set<String> buildReadersDenied(Long aclId) private Set<String> getReadersDenied(Long aclId)
{ {
HashSet<String> assigned = new HashSet<String>();
HashSet<String> denied = new HashSet<String>();
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId); AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) if (acl == null)
{
return Collections.emptySet();
}
Set<String> denied = readersDeniedCache.get(aclId);
if (denied != null)
{ {
return denied; return denied;
} }
denied = new HashSet<String>();
Set<String> assigned = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) for (AccessControlEntry ace : acl.getEntries())
{ {
@@ -129,9 +190,11 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
denied.add(authority); denied.add(authority);
} }
} }
readersDeniedCache.put((Serializable)acl.getProperties(), denied);
return denied; return denied;
} }
/** /**
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long) * @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)