diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml index b2e684b0da..e4acc0def2 100644 --- a/config/alfresco/public-services-security-context.xml +++ b/config/alfresco/public-services-security-context.xml @@ -696,6 +696,7 @@ org.alfresco.service.cmr.security.AuthorityService.getAuthoritiesForUser=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.security.AuthorityService.getAllAuthorities=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.findAuthoritiesByShortName=ACL_ALLOW + org.alfresco.service.cmr.security.AuthorityService.findAuthoritiesByShortNameInZone=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.findAuthorities=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.getAllRootAuthorities=ACL_ALLOW org.alfresco.service.cmr.security.AuthorityService.createAuthority=ACL_METHOD.ROLE_ADMINISTRATOR diff --git a/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java b/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java index 96de1bde77..0e217de3ab 100644 --- a/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java +++ b/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java @@ -56,7 +56,47 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension * Search the root groups, those without a parent group. * @return The root groups (empty if there are no root groups) */ - public ScriptGroup[] searchRootGroups(String shortNamePattern, boolean includeInternal) + public ScriptGroup[] searchRootGroupsInZone(String shortNamePattern, String zone) + { + Set groups = new LinkedHashSet(0); + Set authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, shortNamePattern, zone); + for(String authority : authorities) + { + ScriptGroup group = new ScriptGroup(authority, authorityService); + if(group.isRootGroup()) + { + groups.add(group); + } + + } + return groups.toArray(new ScriptGroup[groups.size()]); + } + + /** + * Search the root groups, those without a parent group. + * @return The root groups (empty if there are no root groups) + */ + public ScriptGroup[] searchRootGroups(String shortNamePattern) + { + Set groups = new LinkedHashSet(0); + Set authorities = authorityService.findAuthoritiesByShortName(AuthorityType.GROUP, shortNamePattern); + for(String authority : authorities) + { + ScriptGroup group = new ScriptGroup(authority, authorityService); + if(group.isRootGroup()) + { + groups.add(group); + } + + } + return groups.toArray(new ScriptGroup[groups.size()]); + } + + /** + * Search the root groups, those without a parent group. Searches in all zones. + * @return The root groups (empty if there are no root groups) + */ + public ScriptGroup[] getAllRootGroups() { Set groups = new LinkedHashSet(0); Set authorities = authorityService.getAllRootAuthorities(AuthorityType.GROUP); @@ -71,12 +111,13 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension /** * Get the root groups, those without a parent group. + * @param zone zone to search in. * @return The root groups (empty if there are no root groups) */ - public ScriptGroup[] getAllRootGroups(boolean includeInternal) + public ScriptGroup[] getAllRootGroupsInZone(String zone) { Set groups = new LinkedHashSet(0); - Set authorities = authorityService.getAllRootAuthoritiesInZone(AuthorityService.ZONE_APP_DEFAULT, AuthorityType.GROUP); + Set authorities = authorityService.getAllRootAuthoritiesInZone(zone, AuthorityType.GROUP); for(String authority : authorities) { ScriptGroup group = new ScriptGroup(authority, authorityService); @@ -123,7 +164,8 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension } /** - * Create a new root group + * Create a new root group in the default application zones + * * @return the new root group. */ public ScriptGroup createRootGroup(String shortName, String displayName) @@ -133,13 +175,12 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension } /** - * Search for groups + * Search for groups in all zones. * * @param shortNameFilter partial match on shortName (* and ?) work. If empty then matches everything. - * @param includeInternal * @return the groups matching the query */ - public ScriptGroup[] searchGroups(String shortNameFilter, boolean includeInternal) + public ScriptGroup[] searchGroups(String shortNameFilter) { String filter = shortNameFilter; @@ -161,4 +202,35 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension } return groups.toArray(new ScriptGroup[groups.size()]); } + + /** + * Search for groups in a specific zone + * + * @param shortNameFilter partial match on shortName (* and ?) work. If empty then matches everything. + * @param zone zone to search in. + * @return the groups matching the query + */ + public ScriptGroup[] searchGroupsInZone(String shortNameFilter, String zone) + { + String filter = shortNameFilter; + + /** + * Modify shortNameFilter to be "shortName*" + */ + if (shortNameFilter.length() > 0) + { + filter = filter.replace("\"", "") + "*"; + } + + + Set groups = new LinkedHashSet(0); + Set authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, filter, zone); + for(String authority : authorities) + { + ScriptGroup group = new ScriptGroup(authority, authorityService); + groups.add(group); + + } + return groups.toArray(new ScriptGroup[groups.size()]); + } } \ No newline at end of file diff --git a/source/java/org/alfresco/repo/security/authority/script/ScriptGroup.java b/source/java/org/alfresco/repo/security/authority/script/ScriptGroup.java index 01528ae64b..75c106369a 100644 --- a/source/java/org/alfresco/repo/security/authority/script/ScriptGroup.java +++ b/source/java/org/alfresco/repo/security/authority/script/ScriptGroup.java @@ -29,7 +29,6 @@ import java.io.Serializable; import java.util.LinkedHashSet; import java.util.Set; -import org.alfresco.repo.security.authority.script.Authority.ScriptAuthorityType; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; @@ -261,15 +260,6 @@ public class ScriptGroup implements Authority, Serializable return this.isAdmin; } - /** - * Is this an internal group? - * @return - */ - public boolean isInternalGroup() - { - //TODO Not yet implemeted - return true; - } /** * Get the number of users contained within this group. diff --git a/source/java/org/alfresco/repo/site/SiteServiceImpl.java b/source/java/org/alfresco/repo/site/SiteServiceImpl.java index c5dc8249a0..0531cc0aca 100644 --- a/source/java/org/alfresco/repo/site/SiteServiceImpl.java +++ b/source/java/org/alfresco/repo/site/SiteServiceImpl.java @@ -363,21 +363,28 @@ public class SiteServiceImpl implements SiteService, SiteModel // Get the current user final String currentUser = authenticationContext.getCurrentUserName(); + + // Create the relevant groups and assign permissions AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { public String doWork() throws Exception { + Set shareZones = new HashSet(2, 1.0f); + shareZones.add(AuthorityService.ZONE_APP_SHARE); + shareZones.add(AuthorityService.ZONE_AUTH_ALFRESCO); + + // Create the site's groups String siteGroup = authorityService - .createAuthority(AuthorityType.GROUP, getSiteGroup(shortName, false)); + .createAuthority(AuthorityType.GROUP, getSiteGroup(shortName, false), shortName, shareZones); Set permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE); for (String permission : permissions) { // Create a group for the permission String permissionGroup = authorityService.createAuthority(AuthorityType.GROUP, getSiteRoleGroup( - shortName, permission, false)); + shortName, permission, false), shortName, shareZones); authorityService.addAuthority(siteGroup, permissionGroup); // Assign the group the relevant permission on the site