RM-2129 (Check classification before method execution)

+review RM-117 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@107676 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2015-07-03 14:41:53 +00:00
parent 536b842d40
commit a6ab82152d
4 changed files with 126 additions and 47 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ClassificationEnforcementException.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/ClassificationEnforcementException.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor;
+
+import org.alfresco.error.AlfrescoRuntimeException;
+
+/**
+ * Classification enforcement exception
+ *
+ * @author Tuna Aksoy
+ * @since 3.0
+ */
+public class ClassificationEnforcementException extends AlfrescoRuntimeException
+{
+    /** Serial version uid */
+    private static final long serialVersionUID = -1546218007029075883L;
+
+    /**
+     * Constructor
+     *
+     * @param key The key of the exception to be localized
+     */
+    public ClassificationEnforcementException(String key)
+    {
+        super(key);
+    }
+}
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/PreMethodInvocationProcessor.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/processor/PreMethodInvocationProcessor.java
@@ -18,15 +18,14 @@
 */
 package org.alfresco.module.org_alfresco_module_rm.classification.interceptor.processor;

-import static com.google.common.collect.Lists.newArrayList;
 import static org.alfresco.model.ContentModel.TYPE_CONTENT;
 import static org.alfresco.util.ParameterCheck.mandatory;

 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.List;

 import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
-import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -44,6 +43,9 @@ import org.springframework.context.ApplicationContextAware;
 */
 public class PreMethodInvocationProcessor implements ApplicationContextAware
 {
+    /** List of method names to check before invocation */
+    private List<String> methodNames = new ArrayList<>();
+
    /** Application context */
    private ApplicationContext applicationContext;

@@ -86,6 +88,29 @@ public class PreMethodInvocationProcessor implements ApplicationContextAware
        return (DictionaryService) applicationContext.getBean("dictionaryService");
    }

+    /**
+     * Returns a list of method names to check before invocation
+     *
+     * @return List of method names to check before invocation
+     */
+    protected List<String> getMethodNames()
+    {
+        return this.methodNames;
+    }
+
+    /**
+     * Init method to populate the list of method names which will be checked before invocation
+     */
+    public void init()
+    {
+        getMethodNames().add("NodeService.setProperty");
+        getMethodNames().add("NodeService.setProperties");
+        //getMethodNames().add("NodeService.getProperty");
+        getMethodNames().add("NodeService.getProperties");
+        getMethodNames().add("FileFolderService.copy");
+        getMethodNames().add("FileFolderService.move");
+    }
+
    /**
     * Checks if the current user is cleared to see the items
     * passed as parameters to the current method invocation.
@@ -114,20 +139,6 @@ public class PreMethodInvocationProcessor implements ApplicationContextAware
        }
    }

-    /**
-     * Returns a list of method names to check before invocation
-     *
-     * @return List of method names to check before invocation
-     */
-    private List<String> getMethodNames()
-    {
-        return newArrayList(
-            "NodeService.setProperty",
-            //"NodeService.getProperty",
-            "FileFolderService.copy"
-        );
-    }
-
    /**
     * Checks if the given node exists, if it is a content and if
     * the currently logged in user is cleared to see it.
@@ -141,7 +152,7 @@ public class PreMethodInvocationProcessor implements ApplicationContextAware
                getDictionaryService().isSubClass(getNodeService().getType(nodeRef), TYPE_CONTENT) &&
                !getContentClassificationService().hasClearance(nodeRef))
        {
-            throw new AccessDeniedException("The method '" + name  + "' was called, but you are not cleared for the node.");
+            throw new ClassificationEnforcementException("The method '" + name  + "' was called, but you are not cleared for the node.");
        }
    }
 }