inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge merge-2.5 into master

Browse Source
This commit is contained in:
Ana Bozianu
2017-03-15 13:17:37 +02:00
parent bb8d1a03e9 adfe76c1a2
commit 9b513b98d7
6 changed files with 345 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/MovableCapabilityCondition.java → rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/MovableRecordFolderCapabilityCondition.java
View File

@@ -36,7 +36,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
* @since 2.4.1
*
*/
public class MovableCapabilityCondition extends AbstractCapabilityCondition
public class MovableRecordFolderCapabilityCondition extends AbstractCapabilityCondition
{
/**
@@ -47,6 +47,6 @@ public class MovableCapabilityCondition extends AbstractCapabilityCondition
{
if (nodeService.hasAspect(nodeRef, ASPECT_GHOSTED) && dispositionService.isDisposableItemCutoff(nodeRef))
return true;
return !dispositionService.isDisposableItemCutoff(nodeRef);
return !(dispositionService.isDisposableItemCutoff(nodeRef) || recordFolderService.isRecordFolderClosed(nodeRef));
}
}

176
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
View File

@@ -85,13 +85,13 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
/** File plan role service */
private FilePlanRoleService filePlanRoleService;
/** authority service */
private AuthorityService authorityService;
/** permission service */
private PermissionService permissionService;
/** transaction service */
private TransactionService transactionService;
@@ -110,7 +110,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @param authorityService authority service
*/
@@ -118,7 +118,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
this.authorityService = authorityService;
}
/**
* @param permissionService permission service
*/
@@ -126,7 +126,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
this.permissionService = permissionService;
}
/**
* @param transactionService transaction service
*/
@@ -134,7 +134,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
this.transactionService = transactionService;
}
/**
* Application context refresh event handler
*/
@@ -165,7 +165,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Get root IPR group name
*/
@@ -191,15 +191,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public Set<String> getReaders(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
Set<String> result = Collections.EMPTY_SET;
Pair<String, String> iprGroups = getIPRGroups(nodeRef);
if (iprGroups != null)
{
result = getAuthorities(iprGroups.getFirst());
}
return result;
return result;
}
/**
@@ -210,20 +210,20 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public Set<String> getWriters(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
Set<String> result = Collections.EMPTY_SET;
Pair<String, String> iprGroups = getIPRGroups(nodeRef);
if (iprGroups != null)
{
result = getAuthorities(iprGroups.getSecond());
}
return result;
return result;
}
/**
* Helper to get authorities for a given group
*
*
* @param group group name
* @return Set<String> immediate authorities
*/
@@ -233,7 +233,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
result.addAll(authorityService.getContainedAuthorities(null, group, true));
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#set(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.util.Pair)
*/
@@ -244,7 +244,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
set(nodeRef, readersAndWriters.getFirst(), readersAndWriters.getSecond());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#set(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set)
*/
@@ -252,21 +252,21 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public void set(NodeRef nodeRef, Set<String> readers, Set<String> writers)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
// remove existing extended security, assuming there is any
remove(nodeRef);
// find groups
Pair<String, String> iprGroups = createOrFindIPRGroups(readers, writers);
// assign groups to correct fileplan roles
NodeRef filePlan = filePlanService.getFilePlan(nodeRef);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_READERS, iprGroups.getFirst());
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_WRITERS, iprGroups.getSecond());
// assign groups to node
assignIPRGroupsToNode(iprGroups, nodeRef);
// apply the readers to any renditions of the content
if (isRecord(nodeRef))
{
@@ -276,14 +276,14 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
NodeRef child = assoc.getChildRef();
assignIPRGroupsToNode(iprGroups, child);
}
}
}
}
/**
* Get the IPR groups associated with a given node reference.
* <p>
* Return null if none found.
*
*
* @param nodeRef node reference
* @return Pair<String, String> where first is the read group and second if the write group, null if none found
*/
@@ -292,7 +292,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
Pair<String, String> result = null;
String iprReaderGroup = null;
String iprWriterGroup = null;
// get all the set permissions
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
for (AccessPermission permission : permissions)
@@ -301,36 +301,36 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
if (permission.getAuthority().startsWith(GROUP_PREFIX + READER_GROUP_PREFIX))
{
iprReaderGroup = permission.getAuthority();
}
}
// look for the presence of the writer group
else if (permission.getAuthority().startsWith(GROUP_PREFIX + WRITER_GROUP_PREFIX))
{
iprWriterGroup = permission.getAuthority();
}
}
// assuming the are both present then return
if (iprReaderGroup != null && iprWriterGroup != null)
{
result = new Pair<String, String>(iprReaderGroup, iprWriterGroup);
}
return result;
}
/**
* Given a set of readers and writers find or create the appropriate IPR groups.
* <p>
* The IPR groups are named with hashes of the authority lists in order to reduce
* The IPR groups are named with hashes of the authority lists in order to reduce
* the set of groups that require exact match. A further index is used to handle
* a situation where there is a hash clash, but a difference in the authority lists.
* <p>
* When no match is found the groups are created. Once created
*
*
* @param filePlan file plan
* @param readers authorities with read
* @param writers authorities with write
* @return Pair<String, String> where first is the full name of the read group and
* @return Pair<String, String> where first is the full name of the read group and
* second is the full name of the write group
*/
private Pair<String, String> createOrFindIPRGroups(Set<String> readers, Set<String> writers)
@@ -339,10 +339,10 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
createOrFindIPRGroup(READER_GROUP_PREFIX, readers),
createOrFindIPRGroup(WRITER_GROUP_PREFIX, writers));
}
/**
* Create or find an IPR group based on the provided prefix and authorities.
*
*
* @param groupPrefix group prefix
* @param authorities authorities
* @return String full group name
@@ -350,10 +350,10 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
private String createOrFindIPRGroup(String groupPrefix, Set<String> authorities)
{
String group = null;
// find group or determine what the next index is if no group exists or there is a clash
// find group or determine what the next index is if no group exists or there is a clash
Pair<String, Integer> groupResult = findIPRGroup(groupPrefix, authorities);
if (groupResult.getFirst() == null)
{
group = createIPRGroup(groupPrefix, authorities, groupResult.getSecond());
@@ -362,16 +362,16 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
group = groupResult.getFirst();
}
return group;
}
/**
* Given a group name prefix and the authorities, finds the exact match existing group.
* <p>
* If the group does not exist then the group returned is null and the index shows the next available
* If the group does not exist then the group returned is null and the index shows the next available
* group index for creation.
*
*
* @param groupPrefix group name prefix
* @param authorities authorities
* @return Pair<String, Integer> where first is the name of the found group, null if none found and second
@@ -383,24 +383,24 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
int nextGroupIndex = 0;
boolean hasMoreItems = true;
int pageCount = 0;
// determine the short name prefix
String groupShortNamePrefix = getIPRGroupPrefixShortName(groupPrefix, authorities);
// iterate over the authorities to find a match
while (hasMoreItems == true)
{
{
// get matching authorities
PagingResults<String> results = authorityService.getAuthorities(AuthorityType.GROUP,
RMAuthority.ZONE_APP_RM,
PagingResults<String> results = authorityService.getAuthorities(AuthorityType.GROUP,
RMAuthority.ZONE_APP_RM,
groupShortNamePrefix,
false,
false,
false,
false,
new PagingRequest(MAX_ITEMS*pageCount, MAX_ITEMS));
// record the total count
nextGroupIndex = nextGroupIndex + results.getPage().size();
// see if any of the matching groups exactly match
for (String group : results.getPage())
{
@@ -409,35 +409,35 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
iprGroup = group;
break;
}
}
}
// determine if there are any more pages to inspect
hasMoreItems = results.hasMoreItems();
pageCount ++;
}
return new Pair<String, Integer>(iprGroup, nextGroupIndex);
}
/**
* Determines whether a group exactly matches a list of authorities.
*
*
* @param authorities list of authorities
* @param group group
* @param group group
* @return
*/
private boolean isIPRGroupTrueMatch(String group, Set<String> authorities)
{
{
Set<String> contained = authorityService.getContainedAuthorities(null, group, true);
return contained.equals(authorities);
}
/**
* Get IPR group prefix short name.
* <p>
* 'package' scope to help testing.
*
*
* @param prefix prefix
* @param authorities authorities
* @return String group prefix short name
@@ -447,17 +447,17 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
StringBuilder builder = new StringBuilder(128)
.append(prefix)
.append(getAuthoritySetHashCode(authorities));
return builder.toString();
}
/**
* Get IPR group short name.
* <p>
* Note this excludes the "GROUP_" prefix.
* <p>
* 'package' scope to help testing.
*
*
* @param prefix prefix
* @param readers read authorities
* @param writers write authorities
@@ -468,12 +468,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
return getIPRGroupShortName(prefix, authorities, Integer.toString(index));
}
/**
* Get IPR group short name.
* <p>
* Note this excludes the "GROUP_" prefix.
*
*
* @param prefix prefix
* @param readers read authorities
* @param writers write authorities
@@ -485,13 +485,13 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
StringBuilder builder = new StringBuilder(128)
.append(getIPRGroupPrefixShortName(prefix, authorities))
.append(index);
return builder.toString();
}
/**
* Gets the hashcode value of a set of authorities.
*
*
* @param authorities set of authorities
* @return int hash code
*/
@@ -500,14 +500,14 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
int result = 0;
if (authorities != null && !authorities.isEmpty())
{
result = StringUtils.join(authorities.toArray(), "").hashCode();
result = StringUtils.join(authorities.toArray(), "").hashCode();
}
return result;
}
/**
* Creates a new IPR group.
*
*
* @param groupNamePrefix group name prefix
* @param children child authorities
* @param index group index
@@ -552,7 +552,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
/**
* Assign IPR groups to a node reference with the correct permissions.
*
*
* @param iprGroups iprGroups, first read and second write
* @param nodeRef node reference
*/
@@ -561,7 +561,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
permissionService.setPermission(nodeRef, iprGroups.getFirst(), RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(nodeRef, iprGroups.getSecond(), RMPermissionModel.FILING, true);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService#remove(org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -569,13 +569,13 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
public void remove(NodeRef nodeRef)
{
ParameterCheck.mandatory("nodeRef", nodeRef);
Pair<String, String> iprGroups = getIPRGroups(nodeRef);
if (iprGroups != null)
{
// remove any extended security that might be present
clearPermissions(nodeRef, iprGroups);
// remove the readers from any renditions of the content
if (isRecord(nodeRef))
{
@@ -591,16 +591,16 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
/**
* Clear the nodes IPR permissions
*
*
* @param nodeRef node reference
*/
private void clearPermissions(NodeRef nodeRef, Pair<String, String> iprGroups)
{
// remove group permissions from node
permissionService.clearPermission(nodeRef, iprGroups.getFirst());
permissionService.clearPermission(nodeRef, iprGroups.getSecond());
}
permissionService.clearPermission(nodeRef, iprGroups.getSecond());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#getExtendedReaders(org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -608,7 +608,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
return getReaders(nodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#getExtendedWriters(org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -616,15 +616,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
return getWriters(nodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#addExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set)
*/
@Override @Deprecated public void addExtendedSecurity(NodeRef nodeRef, Set<String> readers, Set<String> writers)
{
set(nodeRef, readers, writers);
set(nodeRef, readers, writers);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#addExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set, boolean)
*/
@@ -632,7 +632,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
set(nodeRef, readers, writers);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#removeAllExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -640,7 +640,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
{
remove(nodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService#removeExtendedSecurity(org.alfresco.service.cmr.repository.NodeRef, java.util.Set, java.util.Set)
*/
@@ -654,7 +654,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
*/
@Override @Deprecated public void removeExtendedSecurity(NodeRef nodeRef, Set<String> readers, Set<String>writers, boolean applyToParents)
{
remove(nodeRef);
remove(nodeRef);
}
/**
@@ -662,6 +662,6 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
*/
@Override @Deprecated public void removeAllExtendedSecurity(NodeRef nodeRef, boolean applyToParents)
{
remove(nodeRef);
remove(nodeRef);
}
}