From aceef2fa2f82d79858942eab028b820d2032e329 Mon Sep 17 00:00:00 2001 From: Tuna Aksoy Date: Sat, 18 May 2013 15:54:37 +0000 Subject: [PATCH] RM-690 (A records admin is able to add a user or group to a role from the management console) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@50134 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco/rma/admin/rmrole/rmrole.lib.ftl | 3 + .../role/FilePlanRoleServiceImpl.java | 80 ++++++++--------- .../org_alfresco_module_rm/role/Role.java | 32 ++++++- .../admin/RoleDeclarativeWebScript.java | 85 ++++++++++--------- 4 files changed, 119 insertions(+), 81 deletions(-) diff --git a/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/admin/rmrole/rmrole.lib.ftl b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/admin/rmrole/rmrole.lib.ftl index cc454571ba..26e75ed4eb 100644 --- a/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/admin/rmrole/rmrole.lib.ftl +++ b/rm-server/config/alfresco/templates/webscripts/org/alfresco/rma/admin/rmrole/rmrole.lib.ftl @@ -30,6 +30,9 @@ }<#if group_has_next>, ] + <#if role.groupShortName??> + ,"groupShortName": "${role.groupShortName}" + } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java index 4c9968ef50..e5a298ee82 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java @@ -56,7 +56,7 @@ import org.json.JSONObject; /** * Role service implementation - * + * * @author Roy Wetherall * @since 2.1 */ @@ -65,7 +65,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { /** Capability service */ private CapabilityService capabilityService; - + /** Authority service */ private AuthorityService authorityService; @@ -74,13 +74,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, /** Policy component */ private PolicyComponent policyComponent; - + /** File plan service */ private FilePlanService filePlanService; /** Node service */ private NodeService nodeService; - + /** File plan authentication service */ private FilePlanAuthenticationService filePlanAuthenticationService; @@ -89,7 +89,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, /** Logger */ private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class); - + /** * @param capabilityService capability service */ @@ -97,7 +97,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.capabilityService = capabilityService; } - + /** * @param authorityService authority service */ @@ -105,7 +105,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.authorityService = authorityService; } - + /** * @param permissionService permission service */ @@ -113,7 +113,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.permissionService = permissionService; } - + /** * @param policyComponent policy component */ @@ -121,7 +121,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.policyComponent = policyComponent; } - + /** * @param nodeService node service */ @@ -129,7 +129,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.nodeService = nodeService; } - + /** * @param filePlanService file plan service */ @@ -137,7 +137,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.filePlanService = filePlanService; } - + /** * @param filePlanAuthenticationService file plan authentication service */ @@ -145,7 +145,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { this.filePlanAuthenticationService = filePlanAuthenticationService; } - + /** * Initialisation method */ @@ -160,7 +160,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, TYPE_FILE_PLAN, new JavaBehaviour(this, "onDeleteRootNode", NotificationFrequency.TRANSACTION_COMMIT)); } - + /** * Create root node behaviour * @@ -195,7 +195,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, // set the capabilities // permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true); // permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.EDIT_NON_RECORD_METADATA, true); - + // Create the unfiled record container return filePlanService.createUnfiledContainer(rmRootNode); } @@ -236,7 +236,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, } }, AuthenticationUtil.getSystemUserName()); } - + /** * Get all the roles by short name * @@ -249,7 +249,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, } /** - * + * * @param rmRootNode * @param unfiledContainer */ @@ -345,7 +345,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, // Add the creating user to the administration group String user = AuthenticationUtil.getFullyAuthenticatedUser(); authorityService.addAuthority(role.getRoleGroupName(), user); - + if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false) { // add the dynamic admin authority @@ -441,10 +441,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, Set users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false); if (users.contains(user) == true) { - String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode); + String groupShortName = authorityService.getShortName(roleAuthority); + String name = getShortRoleName(groupShortName, rmRootNode); String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority); - - Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority); + Set capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority); + + Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName); result.add(role); } } @@ -612,22 +614,22 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, // TODO .. we should be creating a permission set containing all the capabilities and then assigning that // single permission group to the file plan .. would be tidier - + // Assign the various capabilities to the group on the root records management node if (capabilities != null) { for (Capability capability : capabilities) { permissionService.setPermission(rmRootNode, roleGroup, capability.getName(), true); - } + } } return new Role(role, roleDisplayLabel, capabilities, roleGroup); } }, AuthenticationUtil.getSystemUserName()); } - - + + /** * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set) @@ -642,7 +644,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { throw new AlfrescoRuntimeException("Unable to update role " + role + ", because it does not exist."); } - + String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode)); // Reset the role display name @@ -672,10 +674,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { // ensure that we are not trying to delete the admin role if (ROLE_ADMIN.equals(role) == true) - { + { throw new AlfrescoRuntimeException("Can not delete the records management administration role."); } - + AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { public Boolean doWork() throws Exception @@ -687,7 +689,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, } }, AuthenticationUtil.getSystemUserName()); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getUsersAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @@ -696,13 +698,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { ParameterCheck.mandatory("filePlan", filePlan); ParameterCheck.mandatory("roleName", roleName); - + return getAuthoritiesAssignedToRole(filePlan, roleName, AuthorityType.USER); } - + /** * Gets all the authorities of a given type directly assigned to the given role in the file plan. - * + * * @param filePlan file plan * @param roleName role name * @param authorityType authority type @@ -714,17 +716,17 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { public Set doWork() throws Exception { - Role role = getRole(filePlan, roleName); + Role role = getRole(filePlan, roleName); if (role == null) { throw new AlfrescoRuntimeException("Can not get authorities for role " + roleName + ", because it does not exist. (filePlan=" + filePlan.toString() + ")"); } - return authorityService.getContainedAuthorities(authorityType, role.getRoleGroupName(), false); + return authorityService.getContainedAuthorities(authorityType, role.getRoleGroupName(), false); } }, AuthenticationUtil.getSystemUserName()); - + } - + /** * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getGroupsAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @@ -733,10 +735,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { ParameterCheck.mandatory("filePlan", filePlan); ParameterCheck.mandatory("roleName", roleName); - + return getAuthoritiesAssignedToRole(filePlan, roleName, AuthorityType.GROUP); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getAllAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) */ @@ -745,7 +747,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, { ParameterCheck.mandatory("filePlan", filePlan); ParameterCheck.mandatory("roleName", role); - + Set result = new HashSet(21); result.addAll(getUsersAssignedToRole(filePlan, role)); result.addAll(getGroupsAssignedToRole(filePlan, role)); @@ -771,7 +773,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService, } }, AuthenticationUtil.getSystemUserName()); } - + /** * @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#unassignRoleFromAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java index 943a7eb361..02102f16ec 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java @@ -31,20 +31,24 @@ public class Role { /** Role name */ private String name; - + /** Role label */ private String displayLabel; - + /** Role capabilities */ private Set capabilities; - + /** Role group name */ private String roleGroupName; + /** Role group short name */ + private String groupShortName; + /** * @param name * @param displayLabel * @param capabilities + * @param roleGroupName */ public Role(String name, String displayLabel, Set capabilities, String roleGroupName) { @@ -54,6 +58,19 @@ public class Role this.roleGroupName = roleGroupName; } + /** + * @param name + * @param displayLabel + * @param capabilities + * @param roleGroupName + * @param groupShortName + */ + public Role(String name, String displayLabel, Set capabilities, String roleGroupName, String groupShortName) + { + this(name, displayLabel, capabilities, roleGroupName); + this.groupShortName = groupShortName; + } + /** * @return the name */ @@ -85,4 +102,13 @@ public class Role { return roleGroupName; } + + /** + * @return the groupShortName + */ + public String getGroupShortName() + { + return this.groupShortName; + } + } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RoleDeclarativeWebScript.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RoleDeclarativeWebScript.java index b75fb080f9..819615b5f5 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RoleDeclarativeWebScript.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RoleDeclarativeWebScript.java @@ -35,7 +35,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest; /** * Base declarative web script for role API. - * + * * @author Roy Wetherall * @since 2.1 */ @@ -43,13 +43,13 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { /** File plan service */ protected FilePlanService filePlanService; - + /** File plan role service */ protected FilePlanRoleService filePlanRoleService; - + /** Authority service */ protected AuthorityService authorityService; - + /** * @param filePlanService file plan service */ @@ -57,7 +57,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { this.filePlanService = filePlanService; } - + /** * @param filePlanRoleService file plan role service */ @@ -65,7 +65,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { this.filePlanRoleService = filePlanRoleService; } - + /** * @param authorityService authority service */ @@ -73,10 +73,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { this.authorityService = authorityService; } - + /** * Utility method to get the file plan from the passed parameters. - * + * * @param req * @return */ @@ -90,12 +90,12 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { filePlan = filePlanService.getFilePlanBySiteId(siteId); } - + if (filePlan == null) { - String storeType = templateVars.get("store_type"); - String storeId = templateVars.get("store_id"); - String id = templateVars.get("id"); + String storeType = templateVars.get("store_type"); + String storeId = templateVars.get("store_id"); + String id = templateVars.get("id"); if (StringUtils.isEmpty(storeType) == false && StringUtils.isEmpty(storeId) == false && @@ -107,9 +107,9 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { filePlan = nodeRef; } - } + } } - + if (filePlan == null) { // Assume we are in a legacy repository and we will grab the default file plan @@ -118,10 +118,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript return filePlan; } - + /** * Create role items - * + * * @param filePlan * @param roles * @return @@ -130,10 +130,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { return createRoleItems(filePlan, roles, false); } - + /** * Create role items - * + * * @param filePlan * @param roles * @param showAuths @@ -147,7 +147,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript RoleItem item = null; if (showAuths == true) { - item = new RoleItem(role, + item = new RoleItem(role, createAuthorityItems(filePlanRoleService.getUsersAssignedToRole(filePlan, role.getName())), createAuthorityItems(filePlanRoleService.getGroupsAssignedToRole(filePlan, role.getName()))); } @@ -159,92 +159,99 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript } return items; } - + /** * Create authority items - * + * * @param authorities * @return */ private Set createAuthorityItems(Set authorities) { Set result = new HashSet(authorities.size()); - + for (String authority : authorities) { String displayLabel = authorityService.getAuthorityDisplayName(authority); result.add(new AuthorityItem(authority, displayLabel)); } - + return result; } - + /** * Role Item Helper Class - * + * * @author Roy Wetherall * @since 2.1 */ public class RoleItem { private String name; + private String groupShortName; private String displayLabel; private Set capabilities; private boolean showAuths = false; private Set assignedUsers; private Set assignedGroups; - + public RoleItem(Role role) { this.name = role.getName(); this.displayLabel = role.getDisplayLabel(); this.capabilities = role.getCapabilities(); } - + public RoleItem(Role role, Set assignedUsers, Set assignedGroups) { this.name = role.getName(); + this.groupShortName = role.getGroupShortName(); this.displayLabel = role.getDisplayLabel(); this.capabilities = role.getCapabilities(); this.showAuths = true; this.assignedUsers = assignedUsers; this.assignedGroups = assignedGroups; } - + public String getName() { return name; } - + + public String getGroupShortName() + { + return groupShortName; + } + public String getDisplayLabel() { return displayLabel; } - + public Set getCapabilities() { return capabilities; } - + public boolean getShowAuths() { return showAuths; } - + public Set getAssignedGroups() { return assignedGroups; } - + public Set getAssignedUsers() { return assignedUsers; } } - + /** * Authority Item Helper Class - * + * * @author Roy Wetherall * @since 2.1 */ @@ -252,21 +259,21 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript { private String name; private String displayLabel; - + public AuthorityItem(String name, String displayLabel) { this.name = name; this.displayLabel = displayLabel; } - + public String getName() { return name; } - + public String getDisplayLabel() { return displayLabel; - } + } } } \ No newline at end of file