inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACE-936: Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
85515: Merged DEV to HEAD-BUG-FIX (5.0/Cloud).
      63635: ALF-20865 Consumers should not be able to share/unshare a document
                Unshare action can perform consumer/contributer who performed Share action or a user with another role.
      84859: ACE-936 Consumers should not be able to share/unshare a document
                In QuickShareRestApiTest was added testUnshareContributer() test. 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85533 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2014-09-23 16:11:26 +00:00
parent 485794202c
commit a7766b82d9
3 changed files with 174 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
source/java/org/alfresco/repo/web/scripts/quickshare/UnshareContentDelete.java
View File

@@ -23,7 +23,14 @@ import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.model.ContentModel;
import org.alfresco.model.QuickShareModel;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.site.SiteService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Cache;
@@ -46,6 +53,21 @@ public class UnshareContentDelete extends AbstractQuickShareContent
{
private static final Log logger = LogFactory.getLog(ShareContentPost.class);
private NodeService nodeService;
private SiteService siteService;
private AuthenticationService authenticationService;
public void setNodeService(NodeService nodeService) {
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService) {
this.siteService = siteService;
}
public void setAuthenticationService(AuthenticationService authenticationService) {
this.authenticationService = authenticationService;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
@@ -63,6 +85,20 @@ public class UnshareContentDelete extends AbstractQuickShareContent
throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
}
NodeRef nodeRef = quickShareService.getTenantNodeRefFromSharedId(sharedId).getSecond();
String currentUser = authenticationService.getCurrentUserName();
String siteName = getSiteName(nodeRef);
String sharedBy = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDBY);
if (!currentUser.equals(sharedBy) && siteName != null)
{
String role = siteService.getMembersRole(siteName, currentUser);
if (role.equals(SiteModel.SITE_CONSUMER) || role.equals(SiteModel.SITE_CONTRIBUTOR))
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Can't perform unshare action: "+sharedId);
}
}
try
{
quickShareService.unshareContent(sharedId);
@@ -77,4 +113,24 @@ public class UnshareContentDelete extends AbstractQuickShareContent
throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
}
}
private String getSiteName(NodeRef nodeRef)
{
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
while (parent != null && !nodeService.getType(parent).equals(SiteModel.TYPE_SITE))
{
String parentName = (String) nodeService.getProperty(parent, ContentModel.PROP_NAME);
if (nodeService.getPrimaryParent(nodeRef) != null)
{
parent = nodeService.getPrimaryParent(parent).getParentRef();
}
}
if (parent == null)
{
return null;
}
return nodeService.getProperty(parent, ContentModel.PROP_NAME).toString();
}
}