diff --git a/source/java/org/alfresco/web/bean/search/AdvancedSearchDialog.java b/source/java/org/alfresco/web/bean/search/AdvancedSearchDialog.java index 57f8737552..d15774c6b9 100644 --- a/source/java/org/alfresco/web/bean/search/AdvancedSearchDialog.java +++ b/source/java/org/alfresco/web/bean/search/AdvancedSearchDialog.java @@ -24,7 +24,6 @@ */ package org.alfresco.web.bean.search; -import java.io.Serializable; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -888,14 +887,12 @@ public class AdvancedSearchDialog extends BaseDialogBean { // attempt to create folder for this user for first time // create the preferences Node for this user - Map props = new HashMap(2, 1.0f); - props.put(ContentModel.PROP_NAME, user.getUserName()); ChildAssociationRef childRef = getNodeService().createNode( globalRef, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.APP_MODEL_1_0_URI, QName.createValidLocalName(user.getUserName())), ContentModel.TYPE_FOLDER, - props); + null); properties.setUserSearchesRef(childRef.getChildRef()); } diff --git a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java index 019db58231..bcea324db3 100644 --- a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java +++ b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java @@ -280,6 +280,9 @@ public class CreateWebsiteWizard extends BaseWizardBean WCMAppModel.ASPECT_WEBAPP); } + // now the sandbox is created set the permissions masks for the store + SandboxFactory.setStagingPermissionMasks(avmStore); + // set the property on the node to reference the root AVM store getNodeService().setProperty(nodeRef, WCMAppModel.PROP_AVMSTORE, avmStore); diff --git a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java index 5a49b165db..8aa140b74c 100644 --- a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java +++ b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java @@ -148,6 +148,13 @@ public class InviteWebsiteUsersWizard extends BaseInviteUsersWizard { this.userGroupRoles.add(new UserGroupRole(currentUser, AVMUtil.ROLE_CONTENT_MANAGER, null)); managers.add(currentUser); + + // assign permissions explicitly for the current user + this.getPermissionService().setPermission( + nodeRef, + currentUser, + AVMUtil.ROLE_CONTENT_MANAGER, + true); } } else @@ -199,6 +206,8 @@ public class InviteWebsiteUsersWizard extends BaseInviteUsersWizard SandboxInfo info = SandboxFactory.createUserSandbox( getAvmStore(), managers, userAuth, userRole.getRole()); + SandboxFactory.addStagingAreaUser(getAvmStore(), userAuth, userRole.getRole()); + this.sandboxInfoList.add(info); // create an app:webuser instance for each authority and assoc to the website node diff --git a/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java b/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java index cf7358146d..08a3fbe6f5 100644 --- a/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java +++ b/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java @@ -45,6 +45,7 @@ import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.util.DNSNameMangler; import org.alfresco.util.GUID; +import org.alfresco.web.app.Application; import org.alfresco.web.bean.repository.Repository; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -185,38 +186,48 @@ public final class SandboxFactory return new SandboxInfo( new String[] { stagingStoreName, previewStoreName } ); } - - + public static void setStagingPermissions(String storeId, NodeRef webProjectNodeRef) { - String storeName = AVMUtil.buildStagingStoreName(storeId); - ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance()); - AVMService avmService = services.getAVMService(); - PermissionService permissionService = services.getPermissionService(); - NodeService nodeService = services.getNodeService(); + ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance()); + PermissionService permissionService = services.getPermissionService(); + NodeService nodeService = services.getNodeService(); + + String storeName = AVMUtil.buildStagingStoreName(storeId); + NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMUtil.buildStoreRootPath(storeName)); - // apply READ permissions for all users - NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMUtil.buildStoreRootPath(storeName)); - permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); - // Set store permission mask - permissionService.setPermission(dirRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); - - // Apply sepcific user permissions as set on the web project - // All these will be masked out - List userInfoRefs = nodeService.getChildAssocs( + // Apply sepcific user permissions as set on the web project + // All these will be masked out + List userInfoRefs = nodeService.getChildAssocs( webProjectNodeRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef ref : userInfoRefs) - { - NodeRef userInfoRef = ref.getChildRef(); - String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); - String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); - - permissionService.setPermission(dirRef, username, userrole, true); - } - + for (ChildAssociationRef ref : userInfoRefs) + { + NodeRef userInfoRef = ref.getChildRef(); + String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); + String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); + + permissionService.setPermission(dirRef, username, userrole, true); + } } + public static void setStagingPermissionMasks(String storeId) + { + FacesContext context = FacesContext.getCurrentInstance(); + ServiceRegistry services = Repository.getServiceRegistry(context); + PermissionService permissionService = services.getPermissionService(); + + String storeName = AVMUtil.buildStagingStoreName(storeId); + NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMUtil.buildStoreRootPath(storeName)); + + // apply READ permissions for all users + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + + // Set store permission masks + String currentUser = Application.getCurrentUser(context).getUserName(); + permissionService.setPermission(dirRef.getStoreRef(), currentUser, PermissionService.CHANGE_PERMISSIONS, true); + permissionService.setPermission(dirRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + } public static void updateStagingAreaManagers(String storeId, NodeRef webProjectNodeRef, final List managers) @@ -230,9 +241,24 @@ public final class SandboxFactory for (String manager : managers) { permissionService.setPermission(dirRef, manager, AVMUtil.ROLE_CONTENT_MANAGER, true); + + // give the manager change permissions permission in the staging area store + permissionService.setPermission(dirRef.getStoreRef(), manager, + PermissionService.CHANGE_PERMISSIONS, true); } } + public static void addStagingAreaUser(String storeId, String authority, String role) + { + // The stores have the mask set in updateSandboxManagers + String storeName = AVMUtil.buildStagingStoreName(storeId); + ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance()); + PermissionService permissionService = services.getPermissionService(); + + NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMUtil.buildStoreRootPath(storeName)); + permissionService.setPermission(dirRef, authority, role, true); + } + /** * Create a user sandbox for the named store. *