inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1224 (Rmadmin user is not created if auth chain contains not only ALfrescoNTLM)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@73546 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-06-11 08:53:23 +00:00
parent 249c03c345
commit a2400a047c
27 changed files with 225 additions and 733 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -31,7 +31,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService;
@@ -163,12 +162,6 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
@NotAuditable
FilePlanPermissionService getFilePlanPermissionService();
/**
* @return file plan authentication service
* @since 2.1
*/
FilePlanAuthenticationService getFilePlanAuthenticationService();
/**
* @return identifier service
* @since 2.1

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -30,7 +30,6 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.transfer.TransferService;
@@ -171,15 +170,6 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService()
*/
@Override
public FilePlanAuthenticationService getFilePlanAuthenticationService()
{
return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getIdentifierService()
*/

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java
View File

@@ -26,8 +26,8 @@ import org.alfresco.module.org_alfresco_module_rm.action.AuditableActionExecuter
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.action.ParameterDefinitionImpl;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
@@ -76,9 +76,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
/** Dictionary service */
private DictionaryService dictionaryService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* @param recordService record service
*/
@@ -111,14 +108,6 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
this.dictionaryService = dictionaryService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action, org.alfresco.service.cmr.repository.NodeRef)
*/
@@ -181,14 +170,15 @@ public class CreateRecordAction extends AuditableActionExecuterAbstractBase
if (filePlan == null)
{
// TODO .. eventually make the file plan parameter required
filePlan = filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<NodeRef>()
filePlan = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
{
@Override
public NodeRef doWork()
{
return filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
}
});
}, AuthenticationUtil.getAdminUserName());
// if the file plan is still null, raise an exception
if (filePlan == null)

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposition/DispositionSelectionStrategy.java
View File

@@ -25,7 +25,7 @@ import java.util.SortedSet;
import java.util.TreeSet;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
import org.apache.commons.logging.Log;
@@ -47,9 +47,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
/** Disposition service */
private DispositionService dispositionService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* Set the disposition service
*
@@ -60,14 +57,6 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
this.dispositionService = dispositionService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* Select the disposition schedule to use given there is more than one
*
@@ -130,14 +119,13 @@ public class DispositionSelectionStrategy implements RecordsManagementModel
public int compare(final NodeRef f1, final NodeRef f2)
{
// Run as admin user
return filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<Integer>()
return AuthenticationUtil.runAs(new RunAsWork<Integer>()
{
public Integer doWork()
{
return compareImpl(f1, f2);
}
});
}, AuthenticationUtil.getAdminUserName());
}
private int compareImpl(NodeRef f1, NodeRef f2)

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v20/RMv2FilePlanNodeRefPatch.java
View File

@@ -132,7 +132,7 @@ public class RMv2FilePlanNodeRefPatch extends ModulePatchComponent
nodeService.setProperty(filePlanComponentNodeRef, PROP_ROOT_NODEREF, filePlan);
}
// only set the rmadmin permissions on record categories, record folders and records
// only set the admin permissions on record categories, record folders and records
FilePlanComponentKind kind = filePlanService.getFilePlanComponentKind(filePlanComponentNodeRef);
if (FilePlanComponentKind.RECORD_CATEGORY.equals(kind) ||
FilePlanComponentKind.RECORD_FOLDER.equals(kind) ||

160
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/v21/RMv21RMAdminUserPatch.java
View File

@@ -1,160 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.patch.v21;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.extensions.surf.util.I18NUtil;
/**
* RM v2.1: RM admin user patch
*
* @author Roy Wetherall
*/
@SuppressWarnings("deprecation")
public class RMv21RMAdminUserPatch extends RMv21PatchComponent implements BeanNameAware
{
/** I18N */
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
/** generate rm admin password */
private String password = GUID.generate();
/** mutable authenticaiton service */
private MutableAuthenticationService authenticationService;
/** person service */
private PersonService personService;
/** file plan service */
private FilePlanService filePlanService;
/** file plan role service */
private FilePlanRoleService filePlanRoleService;
/** file plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/**
* @param personService person service
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* @param authenticationService mutable authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
* @param filePlanService file plan service
*/
public void setFilePlanService(FilePlanService filePlanService)
{
this.filePlanService = filePlanService;
}
/**
* @param filePlanRoleService file plan role service
*/
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@Override
protected void executePatch()
{
String user = filePlanAuthenticationService.getRmAdminUserName();
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
if (!authenticationService.authenticationExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(user, password.toCharArray());
if (!personService.personExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin person");
}
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, user);
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
properties.put(ContentModel.PROP_LASTNAME, lastName);
personService.createPerson(properties);
}
else
{
if (logger.isInfoEnabled())
{
logger.debug(" ... RM Admin person already exists");
}
}
if (logger.isDebugEnabled())
{
logger.debug(" ... assigning RM Admin user to file plans");
}
Set<NodeRef> filePlans = filePlanService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
}
}
}
}

90
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -22,18 +22,14 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
@@ -42,7 +38,6 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.RMAuthority;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -51,15 +46,9 @@ import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
@@ -75,8 +64,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
RecordsManagementModel
{
/** I18N */
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
private static final String MSG_ALL_ROLES = "rm.role.all";
/** Location of bootstrap role JSON */
@@ -103,15 +90,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Node service */
private NodeService nodeService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** mutable authenticaiton service */
private MutableAuthenticationService authenticationService;
/** person service */
private PersonService personService;
private BootstrapImporterModuleComponent bootstrapImporterModule;
/** Records management role zone */
@@ -120,9 +98,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Records Management Config Node */
private static final String CONFIG_NODEID = "rm_config_folder";
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class);
/**
* @param capabilityService capability service
*/
@@ -163,30 +138,6 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
this.filePlanService = filePlanService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @param personService person service
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* @param authenticationService mutable authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
*
* @param bootstrapImporterModuleComponent
@@ -391,13 +342,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
if (!filePlanAuthenticationService.getRmAdminUserName().equals(user))
if (!AuthenticationUtil.getAdminUserName().equals(user))
{
// Create the RM Admin User if it does not already exist
createRMAdminUser();
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
authorityService.addAuthority(role.getRoleGroupName(), AuthenticationUtil.getAdminUserName());
}
}
}
@@ -670,7 +618,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
*/
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
boolean isRMAdmin = false;
boolean isAdmin = false;
Set<Role> userRoles = this.getRolesByUser(rmRootNode, user);
if (userRoles != null)
@@ -679,13 +627,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
if (role.getName().equals("Administrator"))
{
isRMAdmin = true;
isAdmin = true;
break;
}
}
}
return isRMAdmin;
return isAdmin;
}
/**
@@ -921,32 +869,4 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
}
/**
* Create the RMAdmin user if it does not already exist
*/
private void createRMAdminUser()
{
/** generate rm admin password */
String password = GUID.generate();
String user = filePlanAuthenticationService.getRmAdminUserName();
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
if (!authenticationService.authenticationExists(user))
{
if (logger.isDebugEnabled())
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(user, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, user);
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
properties.put(ContentModel.PROP_LASTNAME, lastName);
personService.createPerson(properties);
}
}
}

44
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
View File

@@ -1,44 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
/**
* File plan authentication service.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface FilePlanAuthenticationService
{
/**
* @return rm admin user name
*/
String getRmAdminUserName();
/**
* Run provided work as the global rm admin user.
*
* @param <R> return type
* @param runAsWork work to execute as the rm admin user
* @return R result of work execution
*/
<R> R runAsRmAdmin(RunAsWork<R> runAsWork);
}

79
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
View File

@@ -1,79 +0,0 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantService;
/**
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService
{
/** Default rm admin user values */
public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
/** RM admin user name */
private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
/** tennant service */
private TenantService tenantService;
/**
* The Tenant Service
*
* @param tenantService
*/
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
/**
* @param rmAdminUserName rm admin user name
*/
public void setRmAdminUserName(String rmAdminUserName)
{
this.rmAdminUserName = rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName()
*/
@Override
public String getRmAdminUserName()
{
// Build the tenant domain string
String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : "";
// if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name
return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
*/
@Override
public <R> R runAsRmAdmin(RunAsWork<R> runAsWork)
{
return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName());
}
}

53
rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java
View File

@@ -25,7 +25,6 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -41,8 +40,8 @@ import org.alfresco.service.namespace.QName;
*/
public class ExtendedRuleServiceImpl extends RuleServiceImpl
{
/** indicates whether the rules should be run as rmadmin or not */
private boolean runAsRmAdmin = true;
/** indicates whether the rules should be run as admin or not */
private boolean runAsAdmin = true;
/** ignore types */
private Set<QName> ignoredTypes = new HashSet<QName>();
@@ -50,31 +49,12 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
/** file plan service */
private FilePlanService filePlanService;
/** file plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** node service */
protected NodeService nodeService;
/** Record service */
protected RecordService recordService;
/**
* @param runAsRmAdmin true if run rules as rmadmin, false otherwise
*/
public void setRunAsRmAdmin(boolean runAsRmAdmin)
{
this.runAsRmAdmin = runAsRmAdmin;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @param nodeService node service
*/
@@ -99,6 +79,14 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
this.recordService = recordService;
}
/**
* @param runAsAdmin true if run rules as admin, false otherwise
*/
public void setRunAsAdmin(boolean runAsAdmin)
{
this.runAsAdmin = runAsAdmin;
}
/**
* Init method
*/
@@ -181,18 +169,17 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
// ignore and
if (!isIgnoredType(typeQName))
{
if (runAsRmAdmin)
if (runAsAdmin)
{
// run as rmadmin
filePlanAuthenticationService.runAsRmAdmin(new RunAsWork<Void>()
{
@Override
public Void doWork()
{
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
return null;
}
});
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
@Override
public Void doWork()
{
ExtendedRuleServiceImpl.super.executeRule(rule, nodeRef, executedRules);
return null;
}
}, AuthenticationUtil.getAdminUserName());
}
else
{