inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-571 - Refactor: Role Service

Browse Source 
* deprecated approprite methods on old service
 * deprecated and moved role to new package loaction
 * fallout
 * also repackaged Record and RecordFolder services
 * TODO remove deprecation warnings



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44828 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-12-19 06:10:57 +00:00
parent 1c16e38f33
commit a2d46ff862
29 changed files with 1275 additions and 758 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -416,18 +416,85 @@
<!-- Records Management Security Service -->
<bean id="recordsManagementSecurityService"
class="org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityServiceImpl"
depends-on="org_alfresco_module_rm_dictionaryBootstrap"
<bean id="filePlanRoleService"
class="org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleServiceImpl"
init-method="init">
<property name="capabilityService" ref="CapabilityService"/>
<property name="authorityService" ref="AuthorityService"/>
<property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="recordService" ref="RecordService" />
</bean>
<bean id="FilePlanRoleService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService</value>
</property>
<property name="target">
<ref bean="filePlanRoleService"/>
</property>
<property name="interceptorNames">
<list>
<idref local="FilePlanRoleService_transaction"/>
<idref bean="exceptionTranslator"/>
<idref local="FilePlanRoleService_security"/>
</list>
</property>
</bean>
<bean id="FilePlanRoleService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager">
<ref bean="transactionManager"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="FilePlanRoleService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref bean="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.getRoles=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.getRolesByUser=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.getRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.existsRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.hasRMAdminRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.createRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.updateRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.deleteRole=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.assignRoleToAuthority=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.getAllRolesContainerGroup=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.*=RM_DENY
]]>
</value>
</property>
</bean>
<!-- Records Management Security Service -->
<bean id="recordsManagementSecurityService"
class="org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityServiceImpl"
depends-on="org_alfresco_module_rm_dictionaryBootstrap"
init-method="init">
<property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="modelSecurityService" ref="modelSecurityService" />
<property name="recordService" ref="RecordService" />
<property name="filePlanRoleService" ref="FilePlanRoleService" />
</bean>
<bean id="RecordsManagementSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -970,7 +1037,7 @@
<!-- Record Folder Service -->
<bean id="recordFolderService" class="org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordFolderServiceImpl" init-method="init">
<bean id="recordFolderService" class="org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderServiceImpl" init-method="init">
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent" />
<property name="dispositionService" ref="DispositionService" />
@@ -978,7 +1045,7 @@
<!-- Record Service -->
<bean id="recordService" class="org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordServiceImpl" init-method="init">
<bean id="recordService" class="org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl" init-method="init">
<property name="nodeService" ref="NodeService"/>
<property name="dictionaryService" ref="DictionaryService"/>
<property name="identifierService" ref="recordsManagementIdentifierService"/>
@@ -991,7 +1058,7 @@
<bean id="RecordService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService</value>
<value>org.alfresco.module.org_alfresco_module_rm.record.RecordService</value>
</property>
<property name="target">
<ref bean="recordService"/>
@@ -1029,13 +1096,13 @@
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.getRecordMetaDataAspects=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.isRecord=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.isDeclared=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.isFiled=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.createRecord=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.getUnfiledContainer=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService.*=RM_DENY
org.alfresco.module.org_alfresco_module_rm.record.RecordService.getRecordMetaDataAspects=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.isRecord=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.isDeclared=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.record.RecordService.isFiled=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.record.RecordService.createRecord=RM_ALLOW
org.alfresco.module.org_alfresco_module_rm.record.RecordService.getUnfiledContainer=RM.Read.0
org.alfresco.module.org_alfresco_module_rm.record.RecordService.*=RM_DENY
]]>
</value>
</property>

64
rm-server/source/compatibility/org/alfresco/module/org_alfresco_module_rm/security/Role.java Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
/**
* Records management role class
*
* @author Roy Wetherall
*
* @deprecated As of release 2.1, see {@link org.alfresco.module.org_alfresco_module_rm.role.Role}
*/
public class Role extends org.alfresco.module.org_alfresco_module_rm.role.Role
{
/**
* Compatibility method
*/
public static Role toRole(org.alfresco.module.org_alfresco_module_rm.role.Role role)
{
return new Role(role.getName(), role.getDisplayLabel(), role.getCapabilities(), role.getRoleGroupName());
}
/**
* Compatibility method
*/
public static Set<Role> toRoleSet(Set<org.alfresco.module.org_alfresco_module_rm.role.Role> roles)
{
Set<Role> result = new HashSet<Role>(roles.size());
for (org.alfresco.module.org_alfresco_module_rm.role.Role role : roles)
{
result.add(Role.toRole(role));
}
return result;
}
/**
* Constructor
*/
@Deprecated
public Role(String name, String displayLabel, Set<Capability> capabilities, String roleGroupName)
{
super(name, displayLabel, capabilities, roleGroupName);
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementService.java
View File

@@ -23,8 +23,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -21,10 +21,11 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.service.NotAuditable;
@@ -51,6 +52,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName RECORD_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordService");
static final QName FREEZE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FreezeService");
static final QName EXTENDED_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "ExtendedSecurityService");
static final QName FILE_PLAN_ROLE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanRoleService");
/**
* @return records management service
@@ -117,4 +119,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
ExtendedSecurityService getExtendedSecurityService();
/**
* @return file plan role service
*/
@NotAuditable
FilePlanRoleService getFilePlanRoleService();
}

174
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -21,10 +21,11 @@ package org.alfresco.module.org_alfresco_module_rm;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.service.ServiceDescriptorRegistry;
@@ -37,101 +38,110 @@ import org.alfresco.repo.service.ServiceDescriptorRegistry;
public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegistry
implements RecordsManagementServiceRegistry
{
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementActionService()
*/
@Override
public RecordsManagementActionService getRecordsManagementActionService()
{
return (RecordsManagementActionService)getService(RECORDS_MANAGEMENT_ACTION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementActionService()
*/
@Override
public RecordsManagementActionService getRecordsManagementActionService()
{
return (RecordsManagementActionService) getService(RECORDS_MANAGEMENT_ACTION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementAdminService()
*/
@Override
public RecordsManagementAdminService getRecordsManagementAdminService()
{
return (RecordsManagementAdminService)getService(RECORDS_MANAGEMENT_ADMIN_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementAdminService()
*/
@Override
public RecordsManagementAdminService getRecordsManagementAdminService()
{
return (RecordsManagementAdminService) getService(RECORDS_MANAGEMENT_ADMIN_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementEventService()
*/
@Override
public RecordsManagementEventService getRecordsManagementEventService()
{
return (RecordsManagementEventService)getService(RECORDS_MANAGEMENT_EVENT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementEventService()
*/
@Override
public RecordsManagementEventService getRecordsManagementEventService()
{
return (RecordsManagementEventService) getService(RECORDS_MANAGEMENT_EVENT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementService()
*/
@Override
public RecordsManagementService getRecordsManagementService()
{
return (RecordsManagementService)getService(RECORDS_MANAGEMENT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementService()
*/
@Override
public RecordsManagementService getRecordsManagementService()
{
return (RecordsManagementService) getService(RECORDS_MANAGEMENT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordService()
*/
public RecordService getRecordService()
{
return (RecordService)getService(RECORD_SERVICE);
return (RecordService) getService(RECORD_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementSecurityService()
*/
@Override
public RecordsManagementSecurityService getRecordsManagementSecurityService()
{
return (RecordsManagementSecurityService)getService(RECORDS_MANAGEMENT_SECURITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementSecurityService()
*/
@Override
public RecordsManagementSecurityService getRecordsManagementSecurityService()
{
return (RecordsManagementSecurityService) getService(RECORDS_MANAGEMENT_SECURITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementAuditService()
*/
@Override
public RecordsManagementAuditService getRecordsManagementAuditService()
{
return (RecordsManagementAuditService)getService(RECORDS_MANAGEMENT_AUDIT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getRecordsManagementAuditService()
*/
@Override
public RecordsManagementAuditService getRecordsManagementAuditService()
{
return (RecordsManagementAuditService) getService(RECORDS_MANAGEMENT_AUDIT_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getDictionaryService()
*/
@Override
public DispositionService getDispositionService()
{
return (DispositionService)getService(DISPOSITION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getDictionaryService()
*/
@Override
public DispositionService getDispositionService()
{
return (DispositionService) getService(DISPOSITION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getCapabilityService()
*/
@Override
public CapabilityService getCapabilityService()
{
return (CapabilityService)getService(CAPABILITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getCapabilityService()
*/
@Override
public CapabilityService getCapabilityService()
{
return (CapabilityService) getService(CAPABILITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFreezeService()
*/
@Override
public FreezeService getFreezeService()
{
return (FreezeService)getService(FREEZE_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFreezeService()
*/
@Override
public FreezeService getFreezeService()
{
return (FreezeService) getService(FREEZE_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getExtendedSecurityService()
*/
@Override
public ExtendedSecurityService getExtendedSecurityService()
{
return (ExtendedSecurityService)getService(EXTENDED_SECURITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getExtendedSecurityService()
*/
@Override
public ExtendedSecurityService getExtendedSecurityService()
{
return (ExtendedSecurityService) getService(EXTENDED_SECURITY_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanRoleService()
*/
@Override
public FilePlanRoleService getFilePlanRoleService()
{
return (FilePlanRoleService) getService(FILE_PLAN_ROLE_SERVICE);
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java
View File

@@ -27,7 +27,6 @@ import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
@@ -38,6 +37,7 @@ import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventSe
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventType;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
import org.alfresco.repo.action.executer.ActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/dm/CreateRecordAction.java
View File

@@ -23,8 +23,8 @@ import java.util.List;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.action.ParameterDefinitionImpl;
import org.alfresco.repo.action.executer.ActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/AbstractCapabilityCondition.java
View File

@@ -19,9 +19,9 @@
package org.alfresco.module.org_alfresco_module_rm.capability.declarative;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PermissionService;
import org.springframework.beans.factory.BeanNameAware;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -26,7 +26,7 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/dataset/DataSetServiceImpl.java
View File

@@ -17,11 +17,11 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordFolderServiceImpl;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RecordsManagementSearchBehaviour;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderServiceImpl;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.repo.security.authentication.AuthenticationUtil;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/forms/RecordsManagementFormFilter.java
View File

@@ -25,7 +25,7 @@ import java.util.Map;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.forms.Field;
import org.alfresco.repo.forms.FieldGroup;
import org.alfresco.repo.forms.Form;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/BaseEvaluator.java
View File

@@ -27,9 +27,9 @@ import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessStatus;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/JSONConversionComponent.java
View File

@@ -25,7 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.model.FileInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;

5
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv21InPlacePatch.java
View File

@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleServiceImpl;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityServiceImpl;
@@ -144,13 +145,13 @@ public class RMv21InPlacePatch extends AbstractModuleComponent
// create the properties map
Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1);
properties.put(ContentModel.PROP_NAME, RecordsManagementSecurityServiceImpl.NAME_UNFILED_CONTAINER);
properties.put(ContentModel.PROP_NAME, FilePlanRoleServiceImpl.NAME_UNFILED_CONTAINER);
// create the unfiled container
NodeRef container = nodeService.createNode(
filePlan,
ASSOC_UNFILED_RECORDS,
QName.createQName(RM_URI, RecordsManagementSecurityServiceImpl.NAME_UNFILED_CONTAINER),
QName.createQName(RM_URI, FilePlanRoleServiceImpl.NAME_UNFILED_CONTAINER),
TYPE_UNFILED_RECORD_CONTAINER,
properties).getChildRef();

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposableitem/RecordService.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordService.java
View File

@@ -17,7 +17,7 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.disposableitem;
package org.alfresco.module.org_alfresco_module_rm.record;
import java.util.Set;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposableitem/RecordServiceImpl.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.disposableitem;
package org.alfresco.module.org_alfresco_module_rm.record;
import java.util.Calendar;
import java.util.Collection;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposableitem/RecordFolderService.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/recordfolder/RecordFolderService.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.disposableitem;
package org.alfresco.module.org_alfresco_module_rm.recordfolder;
/**
* Record folder service interface

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/disposableitem/RecordFolderServiceImpl.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/recordfolder/RecordFolderServiceImpl.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.disposableitem;
package org.alfresco.module.org_alfresco_module_rm.recordfolder;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;

124
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.role;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Role service interface
*
* @author Roy Wetherall
* @since 2.1
*/
public interface FilePlanRoleService
{
/**
* Returns the name of the container group for all roles of a specified file
* plan.
*
* @param filePlan file plan node reference
* @return String group name
*/
String getAllRolesContainerGroup(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
*
* @param filePlan file plan
* @return
*/
Set<Role> getRoles(NodeRef filePlan);
/**
* Gets the roles for a given user
*
* @param filePlan file plan
* @param user user
* @return
*/
Set<Role> getRolesByUser(NodeRef filePlan, String user);
/**
* Get a role by name
*
* @param filePlan file plan
* @param role role
* @return
*/
Role getRole(NodeRef filePlan, String role);
/**
* Indicate whether a role exists for a given records management root node
* @param filePlan file plan
* @param role role
* @return
*/
boolean existsRole(NodeRef filePlan, String role);
/**
* Determines whether the given user has the RM Admin role
*
* @param filePlan filePlan
* @param user user name to check
* @return true if the user has the RM Admin role, false otherwise
*/
boolean hasRMAdminRole(NodeRef filePlan, String user);
/**
* Create a new role
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
* @param capabilities
* @return
*/
Role createRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Update an existing role
*
* @param filePlan file plan
* @param role
* @param roleDisplayLabel
* @param capabilities
* @return
*/
Role updateRole(NodeRef filePlan, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Delete a role
*
* @param filePlan file plan
* @param role role
*/
void deleteRole(NodeRef filePlan, String role);
/**
* Assign a role to an authority
*
* @param filePlan file plan
* @param role role
* @param authorityName authority name
*/
void assignRoleToAuthority(NodeRef filePlan, String role, String authorityName);
}

719
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java Normal file
View File

@@ -0,0 +1,719 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.role;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
/**
* Role service implementation
*
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanRoleServiceImpl implements FilePlanRoleService,
RecordsManagementModel
{
/** Capability service */
private CapabilityService capabilityService;
/** Authority service */
private AuthorityService authorityService;
/** Permission service */
private PermissionService permissionService;
/** Policy component */
private PolicyComponent policyComponent;
/** Record service */
private RecordService recordService;
/** Node service */
private NodeService nodeService;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
/** Unfiled record container name */
public static final String NAME_UNFILED_CONTAINER = "Unfiled Records";
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class);
/**
* @param capabilityService capability service
*/
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
/**
* @param authorityService authority service
*/
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/**
* @param permissionService permission service
*/
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
/**
* @param policyComponent policy component
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* @param nodeService node service
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* @param recordService record service
*/
public void setRecordService(RecordService recordService)
{
this.recordService = recordService;
}
/**
* Initialisation method
*/
public void init()
{
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_FILE_PLAN,
new JavaBehaviour(this, "onCreateRootNode", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnDeleteNodePolicy.QNAME,
TYPE_FILE_PLAN,
new JavaBehaviour(this, "onDeleteRootNode", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
* Create root node behaviour
*
* @param childAssocRef
*/
public void onCreateRootNode(ChildAssociationRef childAssocRef)
{
final NodeRef rmRootNode = childAssocRef.getChildRef();
// Do not execute behaviour if this has been created in the archive store
if(rmRootNode.getStoreRef().equals(StoreRef.STORE_REF_ARCHIVE_SPACESSTORE) == true)
{
// This is not the spaces store - probably the archive store
return;
}
if (nodeService.exists(rmRootNode) == true)
{
NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
{
public NodeRef doWork()
{
// Create "all" role group for root node
String allRoles = authorityService.createAuthority(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode), "All Roles", null);
// Set the permissions
permissionService.setInheritParentPermissions(rmRootNode, false);
permissionService.setPermission(rmRootNode, allRoles, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true);
// Create the unfiled record container
return createUnfiledContainer(rmRootNode, allRoles);
}
}, AuthenticationUtil.getSystemUserName());
// Bootstrap in the default set of roles for the newly created root node
bootstrapDefaultRoles(rmRootNode, unfiledContainer);
}
}
/**
* Creates unfiled container node and sets up permissions
*
* @param rmRootNode
* @param allRoles
*/
private NodeRef createUnfiledContainer(NodeRef rmRootNode, String allRoles)
{
NodeRef container = recordService.getUnfiledContainer(rmRootNode);
if (container == null)
{
// create the properties map
Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1);
properties.put(ContentModel.PROP_NAME, NAME_UNFILED_CONTAINER);
// create the unfiled container
container = nodeService.createNode(
rmRootNode,
ASSOC_UNFILED_RECORDS,
QName.createQName(RM_URI, NAME_UNFILED_CONTAINER),
TYPE_UNFILED_RECORD_CONTAINER,
properties).getChildRef();
// set inheritance to false
permissionService.setInheritParentPermissions(container, false);
permissionService.setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
}
return container;
}
/**
* Delete root node behaviour
*
* @param childAssocRef
*/
public void onDeleteRootNode(ChildAssociationRef childAssocRef, boolean isNodeArchived)
{
logger.debug("onDeleteRootNode called");
// get the deleted node
final NodeRef rmRootNode = childAssocRef.getChildRef();
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
// cascade delete the 'all' roles group for the site
String allRolesGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode));
Set<String> groups = authorityService.getContainedAuthorities(AuthorityType.GROUP, allRolesGroup, true);
for (String group : groups)
{
authorityService.deleteAuthority(group);
}
authorityService.deleteAuthority(allRolesGroup, false);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Get all the roles by short name
*
* @param rmRootNode
* @return
*/
private String getAllRolesGroupShortName(NodeRef rmRootNode)
{
return "AllRoles" + rmRootNode.getId();
}
/**
*
* @param rmRootNode
* @param unfiledContainer
*/
private void bootstrapDefaultRoles(final NodeRef rmRootNode, final NodeRef unfiledContainer)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
try
{
JSONArray array = null;
try
{
// Load up the default roles from JSON
InputStream is = getClass().getClassLoader().getResourceAsStream("alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json");
if (is == null)
{
throw new AlfrescoRuntimeException("Could not load default bootstrap roles configuration");
}
array = new JSONArray(convertStreamToString(is));
}
catch (IOException ioe)
{
throw new AlfrescoRuntimeException("Unable to load rm-default-roles-bootstrap.json configuration file.", ioe);
}
// Add each role to the rm root node
for (int i = 0; i < array.length(); i++)
{
JSONObject object = array.getJSONObject(i);
// Get the name of the role
String name = null;
if (object.has("name") == true)
{
name = object.getString("name");
if (existsRole(rmRootNode, name) == true)
{
throw new AlfrescoRuntimeException("The bootstrap role " + name + " already exists on the rm root node " + rmRootNode.toString());
}
}
else
{
throw new AlfrescoRuntimeException("No name given to default bootstrap role. Check json configuration file.");
}
// Get the role's display label
String displayLabel = name;
if (object.has("displayLabel") == true)
{
displayLabel = object.getString("displayLabel");
}
// Determine whether the role is an admin role or not
boolean isAdmin = false;
if (object.has("isAdmin") == true)
{
isAdmin = object.getBoolean("isAdmin");
}
// Get the roles capabilities
Set<Capability> capabilities = new HashSet<Capability>(30);
if (object.has("capabilities") == true)
{
JSONArray arrCaps = object.getJSONArray("capabilities");
for (int index = 0; index < arrCaps.length(); index++)
{
String capName = arrCaps.getString(index);
Capability capability = capabilityService.getCapability(capName);
if (capability == null)
{
throw new AlfrescoRuntimeException("The capability '" + capName + "' configured for the deafult boostrap role '" + name + "' is invalid.");
}
capabilities.add(capability);
}
}
// Create the role
Role role = createRole(rmRootNode, name, displayLabel, capabilities);
// Add any additional admin permissions
if (isAdmin == true)
{
// Admin has filing
permissionService.setPermission(rmRootNode, role.getRoleGroupName(), RMPermissionModel.FILING, true);
if (unfiledContainer != null)
{
permissionService.setPermission(unfiledContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true);
}
// Add the creating user to the administration group
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
}
}
}
catch (JSONException exception)
{
throw new AlfrescoRuntimeException("Error loading json configuration file rm-default-roles-bootstrap.json", exception);
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Helper method to convert a stream to a string.
*
* @param is input stream
* @return {@link String} string
* @throws IOException
*/
public String convertStreamToString(InputStream is) throws IOException
{
/*
* To convert the InputStream to String we use the BufferedReader.readLine()
* method. We iterate until the BufferedReader return null which means
* there's no more data to read. Each line will appended to a StringBuilder
* and returned as String.
*/
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
StringBuilder sb = new StringBuilder();
String line = null;
try
{
while ((line = reader.readLine()) != null)
{
sb.append(line + "\n");
}
}
finally
{
try {is.close();} catch (IOException e) {}
}
return sb.toString();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
*/
public Set<Role> getRoles(final NodeRef rmRootNode)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority);
result.add(role);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority);
result.add(role);
}
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
*
* @param rmRootNode
* @return
*/
private String getZoneName(NodeRef rmRootNode)
{
return RM_ROLE_ZONE_PREFIX + rmRootNode.getId();
}
/**
* Get the full role name
*
* @param role
* @param rmRootNode
* @return
*/
private String getFullRoleName(String role, NodeRef rmRootNode)
{
return role + rmRootNode.getId();
}
/**
* Get the short role name
*
* @param fullRoleName
* @param rmRootNode
* @return
*/
private String getShortRoleName(String fullRoleName, NodeRef rmRootNode)
{
return fullRoleName.replaceAll(rmRootNode.getId(), "");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Role getRole(final NodeRef rmRootNode, final String role)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
Role result = null;
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
if (authorityService.authorityExists(roleAuthority) == true)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
result = new Role(name, displayLabel, capabilities, roleAuthority);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
*
* @param rmRootNode
* @param roleAuthority
* @return
*/
private Set<Capability> getCapabilitiesImpl(NodeRef rmRootNode, String roleAuthority)
{
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(rmRootNode);
Set<Capability> capabilities = new HashSet<Capability>(52);
for (AccessPermission permission : permissions)
{
if (permission.getAuthority().equals(roleAuthority) == true)
{
String capabilityName = permission.getPermission();
Capability capability = capabilityService.getCapability(capabilityName);
if (capability != null)
{
capabilities.add(capability);
}
}
}
return capabilities;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#existsRole(java.lang.String)
*/
public boolean existsRole(final NodeRef rmRootNode, final String role)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
{
public Boolean doWork() throws Exception
{
String fullRoleName = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
String zone = getZoneName(rmRootNode);
Set<String> roles = authorityService.getAllAuthoritiesInZone(zone, AuthorityType.GROUP);
return new Boolean(roles.contains(fullRoleName));
}
}, AuthenticationUtil.getSystemUserName()).booleanValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*
* TODO .. change this to check a property of the role its self
*/
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
boolean isRMAdmin = false;
Set<Role> userRoles = this.getRolesByUser(rmRootNode, user);
if (userRoles != null)
{
for (Role role : userRoles)
{
if (role.getName().equals("Administrator"))
{
isRMAdmin = true;
break;
}
}
}
return isRMAdmin;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#createRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
public Role createRole(final NodeRef rmRootNode, final String role, final String roleDisplayLabel, final Set<Capability> capabilities)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
String fullRoleName = getFullRoleName(role, rmRootNode);
// Check that the role does not already exist for the rm root node
if (authorityService.authorityExists(authorityService.getName(AuthorityType.GROUP, fullRoleName)))
{
throw new AlfrescoRuntimeException("The role " + role + " already exists for root rm node " + rmRootNode.getId());
}
// Create a group that relates to the records management role
Set<String> zones = new HashSet<String>(2);
zones.add(getZoneName(rmRootNode));
zones.add(AuthorityService.ZONE_APP_DEFAULT);
String roleGroup = authorityService.createAuthority(AuthorityType.GROUP, fullRoleName, roleDisplayLabel, zones);
// Add the roleGroup to the "all" role group
String allRoleGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode));
authorityService.addAuthority(allRoleGroup, roleGroup);
// Assign the various capabilities to the group on the root records management node
if (capabilities != null)
{
for (Capability capability : capabilities)
{
permissionService.setPermission(rmRootNode, roleGroup, capability.getName(), true);
}
}
return new Role(role, roleDisplayLabel, capabilities, roleGroup);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
public Role updateRole(final NodeRef rmRootNode, final String role, final String roleDisplayLabel, final Set<Capability> capabilities)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
// Reset the role display name
authorityService.setAuthorityDisplayName(roleAuthority, roleDisplayLabel);
// TODO this needs to be improved, removing all and reading is not ideal
// Clear the current capabilities
permissionService.clearPermission(rmRootNode, roleAuthority);
// Re-add the provided capabilities
for (Capability capability : capabilities)
{
permissionService.setPermission(rmRootNode, roleAuthority, capability.getName(), true);
}
return new Role(role, roleDisplayLabel, capabilities, roleAuthority);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deleteRole(java.lang.String)
*/
public void deleteRole(final NodeRef rmRootNode, final String role)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
authorityService.deleteAuthority(roleAuthority);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/
public void assignRoleToAuthority(final NodeRef rmRootNode, final String role, final String authorityName)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
authorityService.addAuthority(roleAuthority, authorityName);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getAllRolesContainerGroup(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public String getAllRolesContainerGroup(NodeRef filePlan)
{
return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/Role.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java
View File

@@ -16,7 +16,7 @@
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
package org.alfresco.module.org_alfresco_module_rm.role;
import java.util.Set;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/BootstrapTestDataGet.java
View File

@@ -30,12 +30,12 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordFolderServiceImpl;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RecordsManagementSearchBehaviour;
import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RmSiteType;
import org.alfresco.module.org_alfresco_module_rm.recordfolder.RecordFolderServiceImpl;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.Role;
import org.alfresco.repo.security.authentication.AuthenticationUtil;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/RecordMetaDataAspectsGet.java
View File

@@ -24,7 +24,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.dictionary.AspectDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.namespace.NamespaceService;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/slingshot/RMSearchPropertiesGet.java
View File

@@ -25,7 +25,7 @@ import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.service.cmr.dictionary.AspectDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.dictionary.PropertyDefinition;

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
View File

@@ -26,8 +26,8 @@ import java.util.Set;
import org.alfresco.model.RenditionModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;

40
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -22,6 +22,7 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
@@ -35,8 +36,11 @@ public interface RecordsManagementSecurityService
/**
* Creates the initial set of default roles for a root records management node
*
* @param rmRootNode
* @param rmRootNode root node
*
* @deprecatedAs of release 2.1, operation no longer supported
*/
@Deprecated
void bootstrapDefaultRoles(NodeRef rmRootNode);
/**
@@ -45,15 +49,21 @@ public interface RecordsManagementSecurityService
*
* @param filePlan file plan node reference
* @return String group name
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getAllRolesContainerGroup(NodeRef)}
*/
@Deprecated
String getAllRolesContainerGroup(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
*
* @param rmRootNode
* @return
* @param rmRootNode root node
* @return {@link Set}<{@link Role}> all roles for a given root node
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRoles(NodeRef)}
*/
@Deprecated
Set<Role> getRoles(NodeRef rmRootNode);
/**
@@ -62,7 +72,10 @@ public interface RecordsManagementSecurityService
* @param rmRootNode
* @param user
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRolesByUser(NodeRef, String)}
*/
@Deprecated
Set<Role> getRolesByUser(NodeRef rmRootNode, String user);
/**
@@ -71,7 +84,10 @@ public interface RecordsManagementSecurityService
* @param rmRootNode
* @param role
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRole(NodeRef, String)}
*/
@Deprecated
Role getRole(NodeRef rmRootNode, String role);
/**
@@ -79,7 +95,10 @@ public interface RecordsManagementSecurityService
* @param rmRootNode
* @param role
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#existsRole(NodeRef, String)}
*/
@Deprecated
boolean existsRole(NodeRef rmRootNode, String role);
/**
@@ -88,7 +107,10 @@ public interface RecordsManagementSecurityService
* @param rmRootNode RM root node
* @param user user name to check
* @return true if the user has the RM Admin role, false otherwise
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#hasRMAdminRole(NodeRef, String)}
*/
@Deprecated
boolean hasRMAdminRole(NodeRef rmRootNode, String user);
/**
@@ -99,7 +121,10 @@ public interface RecordsManagementSecurityService
* @param roleDisplayLabel
* @param capabilities
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#createRole(NodeRef, String, String, Set)}
*/
@Deprecated
Role createRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
@@ -110,7 +135,10 @@ public interface RecordsManagementSecurityService
* @param roleDisplayLabel
* @param capabilities
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#updateRole(NodeRef, String, String, Set)}
*/
@Deprecated
Role updateRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
@@ -118,7 +146,10 @@ public interface RecordsManagementSecurityService
*
* @param rmRootNode
* @param role
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#deleteRole(NodeRef, String)}
*/
@Deprecated
void deleteRole(NodeRef rmRootNode, String role);
/**
@@ -127,7 +158,10 @@ public interface RecordsManagementSecurityService
* @param authorityName
* @param rmRootNode
* @param role
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#assignRoleToAuthority(NodeRef, String, String)}
*/
@Deprecated
void assignRoleToAuthority(NodeRef rmRootNode, String role, String authorityName);
/**

756
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -18,26 +18,16 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -46,20 +36,14 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
/**
* Records management permission service implementation
@@ -68,14 +52,7 @@ import org.json.JSONObject;
*/
public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService,
RecordsManagementModel
{
/** Capability service */
private CapabilityService capabilityService;
/** Authority service */
private AuthorityService authorityService;
/** Permission service */
private PermissionService permissionService;
@@ -88,41 +65,15 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Model security service */
private ModelSecurityService modelSecurityService;
/** Record service */
private RecordService recordService;
/** Node service */
private NodeService nodeService;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
/** Unfiled record container name */
public static final String NAME_UNFILED_CONTAINER = "Unfiled Records";
/** File plan role service */
private FilePlanRoleService filePlanRoleService;
/** Logger */
private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class);
/**
* Set the capability service
*
* @param capabilityService
*/
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
/**
* Set the authortiy service
*
* @param authorityService
*/
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/**
* Set the permission service
*
@@ -153,16 +104,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.recordsManagementService = recordsManagementService;
}
/**
* Set record service
*
* @param recordService record service
*/
public void setRecordService(RecordService recordService)
{
this.recordService = recordService;
}
/**
* Set the node service
*
@@ -181,19 +122,19 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
this.modelSecurityService = modelSecurityService;
}
/**
* @param filePlanRoleService file plan role service
*/
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* Initialisation method
*/
public void init()
{
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_FILE_PLAN,
new JavaBehaviour(this, "onCreateRootNode", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnDeleteNodePolicy.QNAME,
TYPE_FILE_PLAN,
new JavaBehaviour(this, "onDeleteRootNode", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_RECORD_CATEGORY,
@@ -204,122 +145,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
* Create root node behaviour
*
* @param childAssocRef
*/
public void onCreateRootNode(ChildAssociationRef childAssocRef)
{
final NodeRef rmRootNode = childAssocRef.getChildRef();
// Do not execute behaviour if this has been created in the archive store
if(rmRootNode.getStoreRef().equals(StoreRef.STORE_REF_ARCHIVE_SPACESSTORE) == true)
{
// This is not the spaces store - probably the archive store
return;
}
if (nodeService.exists(rmRootNode) == true)
{
NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
{
public NodeRef doWork()
{
// Create "all" role group for root node
String allRoles = authorityService.createAuthority(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode), "All Roles", null);
// Set the permissions
permissionService.setInheritParentPermissions(rmRootNode, false);
permissionService.setPermission(rmRootNode, allRoles, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true);
// Create the unfiled record container
return createUnfiledContainer(rmRootNode, allRoles);
}
}, AuthenticationUtil.getSystemUserName());
// Bootstrap in the default set of roles for the newly created root node
bootstrapDefaultRoles(rmRootNode, unfiledContainer);
}
}
/**
* Creates unfiled container node and sets up permissions
*
* @param rmRootNode
* @param allRoles
*/
private NodeRef createUnfiledContainer(NodeRef rmRootNode, String allRoles)
{
NodeRef container = recordService.getUnfiledContainer(rmRootNode);
if (container == null)
{
// create the properties map
Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1);
properties.put(ContentModel.PROP_NAME, NAME_UNFILED_CONTAINER);
// create the unfiled container
container = nodeService.createNode(
rmRootNode,
ASSOC_UNFILED_RECORDS,
QName.createQName(RM_URI, NAME_UNFILED_CONTAINER),
TYPE_UNFILED_RECORD_CONTAINER,
properties).getChildRef();
// set inheritance to false
permissionService.setInheritParentPermissions(container, false);
permissionService.setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
permissionService.setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
}
return container;
}
/**
* Delete root node behaviour
*
* @param childAssocRef
*/
public void onDeleteRootNode(ChildAssociationRef childAssocRef, boolean isNodeArchived)
{
logger.debug("onDeleteRootNode called");
// get the deleted node
final NodeRef rmRootNode = childAssocRef.getChildRef();
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
// cascade delete the 'all' roles group for the site
String allRolesGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode));
Set<String> groups = authorityService.getContainedAuthorities(AuthorityType.GROUP, allRolesGroup, true);
for (String group : groups)
{
authorityService.deleteAuthority(group);
}
authorityService.deleteAuthority(allRolesGroup, false);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Get all the roles by short name
*
* @param rmRootNode
* @return
*/
private String getAllRolesGroupShortName(NodeRef rmRootNode)
{
return "AllRoles" + rmRootNode.getId();
}
/**
* @param childAssocRef
*/
@@ -434,453 +259,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#bootstrapDefaultRoles(org.alfresco.service.cmr.repository.NodeRef)
*/
public void bootstrapDefaultRoles(NodeRef rmRootNode)
{
bootstrapDefaultRoles(rmRootNode, null);
}
private void bootstrapDefaultRoles(final NodeRef rmRootNode, final NodeRef unfiledContainer)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork()
{
try
{
JSONArray array = null;
try
{
// Load up the default roles from JSON
InputStream is = getClass().getClassLoader().getResourceAsStream("alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json");
if (is == null)
{
throw new AlfrescoRuntimeException("Could not load default bootstrap roles configuration");
}
array = new JSONArray(convertStreamToString(is));
}
catch (IOException ioe)
{
throw new AlfrescoRuntimeException("Unable to load rm-default-roles-bootstrap.json configuration file.", ioe);
}
// Add each role to the rm root node
for (int i = 0; i < array.length(); i++)
{
JSONObject object = array.getJSONObject(i);
// Get the name of the role
String name = null;
if (object.has("name") == true)
{
name = object.getString("name");
if (existsRole(rmRootNode, name) == true)
{
throw new AlfrescoRuntimeException("The bootstrap role " + name + " already exists on the rm root node " + rmRootNode.toString());
}
}
else
{
throw new AlfrescoRuntimeException("No name given to default bootstrap role. Check json configuration file.");
}
// Get the role's display label
String displayLabel = name;
if (object.has("displayLabel") == true)
{
displayLabel = object.getString("displayLabel");
}
// Determine whether the role is an admin role or not
boolean isAdmin = false;
if (object.has("isAdmin") == true)
{
isAdmin = object.getBoolean("isAdmin");
}
// Get the roles capabilities
Set<Capability> capabilities = new HashSet<Capability>(30);
if (object.has("capabilities") == true)
{
JSONArray arrCaps = object.getJSONArray("capabilities");
for (int index = 0; index < arrCaps.length(); index++)
{
String capName = arrCaps.getString(index);
Capability capability = capabilityService.getCapability(capName);
if (capability == null)
{
throw new AlfrescoRuntimeException("The capability '" + capName + "' configured for the deafult boostrap role '" + name + "' is invalid.");
}
capabilities.add(capability);
}
}
// Create the role
Role role = createRole(rmRootNode, name, displayLabel, capabilities);
// Add any additional admin permissions
if (isAdmin == true)
{
// Admin has filing
permissionService.setPermission(rmRootNode, role.getRoleGroupName(), RMPermissionModel.FILING, true);
if (unfiledContainer != null)
{
permissionService.setPermission(unfiledContainer, role.getRoleGroupName(), RMPermissionModel.FILING, true);
}
// Add the creating user to the administration group
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
}
}
}
catch (JSONException exception)
{
throw new AlfrescoRuntimeException("Error loading json configuration file rm-default-roles-bootstrap.json", exception);
}
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Helper method to convert a stream to a string.
*
* @param is input stream
* @return {@link String} string
* @throws IOException
*/
public String convertStreamToString(InputStream is) throws IOException
{
/*
* To convert the InputStream to String we use the BufferedReader.readLine()
* method. We iterate until the BufferedReader return null which means
* there's no more data to read. Each line will appended to a StringBuilder
* and returned as String.
*/
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
StringBuilder sb = new StringBuilder();
String line = null;
try
{
while ((line = reader.readLine()) != null)
{
sb.append(line + "\n");
}
}
finally
{
try {is.close();} catch (IOException e) {}
}
return sb.toString();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles()
*/
public Set<Role> getRoles(final NodeRef rmRootNode)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority);
result.add(role);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Set<Role> getRolesByUser(final NodeRef rmRootNode, final String user)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Set<Role>>()
{
public Set<Role> doWork() throws Exception
{
Set<Role> result = new HashSet<Role>(13);
Set<String> roleAuthorities = authorityService.getAllAuthoritiesInZone(getZoneName(rmRootNode), AuthorityType.GROUP);
for (String roleAuthority : roleAuthorities)
{
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority);
result.add(role);
}
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
*
* @param rmRootNode
* @return
*/
private String getZoneName(NodeRef rmRootNode)
{
return RM_ROLE_ZONE_PREFIX + rmRootNode.getId();
}
/**
* Get the full role name
*
* @param role
* @param rmRootNode
* @return
*/
private String getFullRoleName(String role, NodeRef rmRootNode)
{
return role + rmRootNode.getId();
}
/**
* Get the short role name
*
* @param fullRoleName
* @param rmRootNode
* @return
*/
private String getShortRoleName(String fullRoleName, NodeRef rmRootNode)
{
return fullRoleName.replaceAll(rmRootNode.getId(), "");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
public Role getRole(final NodeRef rmRootNode, final String role)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
Role result = null;
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
if (authorityService.authorityExists(roleAuthority) == true)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
result = new Role(name, displayLabel, capabilities, roleAuthority);
}
return result;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
*
* @param rmRootNode
* @param roleAuthority
* @return
*/
private Set<Capability> getCapabilitiesImpl(NodeRef rmRootNode, String roleAuthority)
{
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(rmRootNode);
Set<Capability> capabilities = new HashSet<Capability>(52);
for (AccessPermission permission : permissions)
{
if (permission.getAuthority().equals(roleAuthority) == true)
{
String capabilityName = permission.getPermission();
Capability capability = capabilityService.getCapability(capabilityName);
if (capability != null)
{
capabilities.add(capability);
}
}
}
return capabilities;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#existsRole(java.lang.String)
*/
public boolean existsRole(final NodeRef rmRootNode, final String role)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
{
public Boolean doWork() throws Exception
{
String fullRoleName = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
String zone = getZoneName(rmRootNode);
Set<String> roles = authorityService.getAllAuthoritiesInZone(zone, AuthorityType.GROUP);
return new Boolean(roles.contains(fullRoleName));
}
}, AuthenticationUtil.getSystemUserName()).booleanValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*
* TODO .. change this to check a property of the role its self
*/
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
boolean isRMAdmin = false;
Set<Role> userRoles = this.getRolesByUser(rmRootNode, user);
if (userRoles != null)
{
for (Role role : userRoles)
{
if (role.getName().equals("Administrator"))
{
isRMAdmin = true;
break;
}
}
}
return isRMAdmin;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#createRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
public Role createRole(final NodeRef rmRootNode, final String role, final String roleDisplayLabel, final Set<Capability> capabilities)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
String fullRoleName = getFullRoleName(role, rmRootNode);
// Check that the role does not already exist for the rm root node
if (authorityService.authorityExists(authorityService.getName(AuthorityType.GROUP, fullRoleName)))
{
throw new AlfrescoRuntimeException("The role " + role + " already exists for root rm node " + rmRootNode.getId());
}
// Create a group that relates to the records management role
Set<String> zones = new HashSet<String>(2);
zones.add(getZoneName(rmRootNode));
zones.add(AuthorityService.ZONE_APP_DEFAULT);
String roleGroup = authorityService.createAuthority(AuthorityType.GROUP, fullRoleName, roleDisplayLabel, zones);
// Add the roleGroup to the "all" role group
String allRoleGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode));
authorityService.addAuthority(allRoleGroup, roleGroup);
// Assign the various capabilities to the group on the root records management node
if (capabilities != null)
{
for (Capability capability : capabilities)
{
permissionService.setPermission(rmRootNode, roleGroup, capability.getName(), true);
}
}
return new Role(role, roleDisplayLabel, capabilities, roleGroup);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getAllRolesContainerGroup(org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
public String getAllRolesContainerGroup(NodeRef filePlan)
{
return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
public Role updateRole(final NodeRef rmRootNode, final String role, final String roleDisplayLabel, final Set<Capability> capabilities)
{
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Role>()
{
public Role doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
// Reset the role display name
authorityService.setAuthorityDisplayName(roleAuthority, roleDisplayLabel);
// TODO this needs to be improved, removing all and readding is not ideal
// Clear the current capabilities
permissionService.clearPermission(rmRootNode, roleAuthority);
// Re-add the provided capabilities
for (Capability capability : capabilities)
{
permissionService.setPermission(rmRootNode, roleAuthority, capability.getName(), true);
}
return new Role(role, roleDisplayLabel, capabilities, roleAuthority);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deleteRole(java.lang.String)
*/
public void deleteRole(final NodeRef rmRootNode, final String role)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
authorityService.deleteAuthority(roleAuthority);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/
public void assignRoleToAuthority(final NodeRef rmRootNode, final String role, final String authorityName)
{
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception
{
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
authorityService.addAuthority(roleAuthority, authorityName);
return null;
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, boolean)
*/
@@ -1012,6 +390,8 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}, AuthenticationUtil.getSystemUserName());
}
/** Deprecated method implementations */
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
*/
@@ -1031,4 +411,114 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
{
return modelSecurityService.getProtectedProperties();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/
@Deprecated
@Override
public void assignRoleToAuthority(NodeRef rmRootNode, String role, String authorityName)
{
filePlanRoleService.assignRoleToAuthority(rmRootNode, role, authorityName);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#bootstrapDefaultRoles(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public void bootstrapDefaultRoles(NodeRef rmRootNode)
{
throw new UnsupportedOperationException("This method is no longer supported.");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#createRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
@Deprecated
@Override
public Role createRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities)
{
return Role.toRole(filePlanRoleService.createRole(rmRootNode, role, roleDisplayLabel, capabilities));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deleteRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public void deleteRole(NodeRef rmRootNode, String role)
{
filePlanRoleService.deleteRole(rmRootNode, role);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#existsRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public boolean existsRole(NodeRef rmRootNode, String role)
{
return filePlanRoleService.existsRole(rmRootNode, role);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getAllRolesContainerGroup(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public String getAllRolesContainerGroup(NodeRef filePlan)
{
return filePlanRoleService.getAllRolesContainerGroup(filePlan);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public Role getRole(NodeRef rmRootNode, String role)
{
return Role.toRole(filePlanRoleService.getRole(rmRootNode, role));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public Set<Role> getRoles(NodeRef rmRootNode)
{
return Role.toRoleSet(filePlanRoleService.getRoles(rmRootNode));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public Set<Role> getRolesByUser(NodeRef rmRootNode, String user)
{
return Role.toRoleSet(filePlanRoleService.getRolesByUser(rmRootNode, user));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
return filePlanRoleService.hasRMAdminRole(rmRootNode, user);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
@Deprecated
@Override
public Role updateRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities)
{
return updateRole(rmRootNode, role, roleDisplayLabel, capabilities);
}
}

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
View File

@@ -23,8 +23,8 @@ import java.util.List;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.dod5015.DOD5015Model;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;

2
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -29,13 +29,13 @@ import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.dataset.DataSetService;
import org.alfresco.module.org_alfresco_module_rm.disposableitem.RecordService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
import org.alfresco.module.org_alfresco_module_rm.event.RecordsManagementEventService;
import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RmSiteType;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;