RM-4357 - defined allowable operations using RM's capabilities

rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-public-rest-context.xml

@@ -27,6 +27,7 @@
         <property name="quickShareLinks" ref="rm.QuickShareLinks"/>
         <property name="filePlanService" ref="FilePlanService"/>
         <property name="recordsManagementServiceRegistry" ref="RecordsManagementServiceRegistry"/>
+        <property name="capabilityService" ref="CapabilityService"/>
     </bean>
 
     <bean id="rm.Nodes" class="org.springframework.aop.framework.ProxyFactoryBean">

rm-community/rm-community-repo/source/java/org/alfresco/rm/rest/api/impl/RMNodesImpl.java

@@ -37,6 +37,7 @@ import java.util.concurrent.ConcurrentHashMap;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
 import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
@@ -64,6 +65,8 @@ import org.alfresco.service.namespace.QName;
 import org.alfresco.util.Pair;
 import org.alfresco.util.ParameterCheck;
 
+import net.sf.acegisecurity.vote.AccessDecisionVoter;
+
 /**
  * Centralizes access to the repository.
  *
@@ -84,6 +87,7 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
     private Repository repositoryHelper;
     private DictionaryService dictionaryService;
     private DispositionService dispositionService;
+    private CapabilityService capabilityService;
 
     /**
      * TODO to remove this after isSpecialNode is made protected in core implementation(REPO-1459)
@@ -113,6 +117,11 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
         this.filePlanService = filePlanService;
     }
 
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
+
     @Override
     public Node getFolderOrDocument(final NodeRef nodeRef, NodeRef parentNodeRef, QName nodeTypeQName, List<String> includeParam, Map<String, UserInfo> mapUserInfo)
     {
@@ -123,26 +132,6 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
             nodeTypeQName = nodeService.getType(nodeRef);
         }
 
-        //TODO to remove this part of code after isSpecialNode will be made protected on core, will not need this anymore since the right allowed operations will be returned from core(REPO-1459).
-        if (includeParam.contains(PARAM_INCLUDE_ALLOWABLEOPERATIONS) && originalNode.getAllowableOperations() != null)
-        {
-            List<String> allowableOperations = originalNode.getAllowableOperations();
-            List<String> modifiedAllowableOperations = new ArrayList<>();
-            modifiedAllowableOperations.addAll(allowableOperations);
-
-            for (String op : allowableOperations)
-            {
-                if (op.equals(OP_DELETE) && (isSpecialNode(nodeRef, nodeTypeQName)))
-                {
-                    // special case: do not return "delete" (as an allowable op) for specific system nodes
-                    modifiedAllowableOperations.remove(op);
-                }
-            }
-
-            originalNode.setAllowableOperations((modifiedAllowableOperations.size() > 0 )? modifiedAllowableOperations : null);
-        }
-
-
         RMNodeType type = getType(nodeTypeQName, nodeRef);
         FileplanComponentNode node = null;
         if (mapUserInfo == null)
@@ -193,9 +182,56 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
             }
         }
 
+        if (includeParam.contains(PARAM_INCLUDE_ALLOWABLEOPERATIONS))
+        {
+            node.setAllowableOperations(getAllowableOperations(nodeRef, type));
+        }
+
         return node;
     }
 
+    /**
+     * Helper method that generates allowable operation for the provided node
+     * @param nodeRef the node to get the allowable operations for
+     * @param type the type of the provided nodeRef
+     * @return a sublist of [{@link Nodes.OP_DELETE}, {@link Nodes.OP_CREATE}, {@link Nodes.OP_UPDATE}] representing the allowable operations for the provided node
+     */
+    private List<String> getAllowableOperations(NodeRef nodeRef, RMNodeType type)
+    {
+        List<String> allowableOperations = new ArrayList<>();
+
+        NodeRef filePlan = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
+        boolean isFilePlan = nodeRef.equals(filePlan);
+        boolean isTransferContainer = nodeRef.equals(filePlanService.getTransferContainer(filePlan));
+        boolean isUnfiledContainer = nodeRef.equals(filePlanService.getUnfiledContainer(filePlan));
+        boolean isHoldsContainer = nodeRef.equals(filePlanService.getHoldContainer(filePlan)) ;
+        boolean isSpecialContainer = isFilePlan || isTransferContainer || isUnfiledContainer || isHoldsContainer;
+
+        // DELETE
+        if(!isSpecialContainer && 
+                capabilityService.getCapability("Delete").evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
+        {
+            allowableOperations.add(OP_DELETE);
+        }
+
+        // CREATE
+        if(type != RMNodeType.FILE &&  
+                !isFilePlan && 
+                !isTransferContainer &&
+                capabilityService.getCapability("Create").evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
+        {
+            allowableOperations.add(OP_CREATE);
+        }
+
+        // UPDATE
+        if (capabilityService.getCapability("Update").evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
+        {
+            allowableOperations.add(OP_UPDATE);
+        }
+
+        return allowableOperations;
+    }
+
     @Override
     public NodeRef validateNode(String nodeId)
     {