inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-690 (A records admin is able to add a user or group to a role from the management console)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@50134 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2013-05-18 15:54:37 +00:00
parent b3120dddff
commit aceef2fa2f
4 changed files with 119 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -56,7 +56,7 @@ import org.json.JSONObject;
/**
* Role service implementation
*
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -65,7 +65,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
/** Capability service */
private CapabilityService capabilityService;
/** Authority service */
private AuthorityService authorityService;
@@ -74,13 +74,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Policy component */
private PolicyComponent policyComponent;
/** File plan service */
private FilePlanService filePlanService;
/** Node service */
private NodeService nodeService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
@@ -89,7 +89,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Logger */
private static Log logger = LogFactory.getLog(FilePlanRoleServiceImpl.class);
/**
* @param capabilityService capability service
*/
@@ -97,7 +97,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.capabilityService = capabilityService;
}
/**
* @param authorityService authority service
*/
@@ -105,7 +105,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.authorityService = authorityService;
}
/**
* @param permissionService permission service
*/
@@ -113,7 +113,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.permissionService = permissionService;
}
/**
* @param policyComponent policy component
*/
@@ -121,7 +121,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.policyComponent = policyComponent;
}
/**
* @param nodeService node service
*/
@@ -129,7 +129,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.nodeService = nodeService;
}
/**
* @param filePlanService file plan service
*/
@@ -137,7 +137,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.filePlanService = filePlanService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
@@ -145,7 +145,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* Initialisation method
*/
@@ -160,7 +160,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
TYPE_FILE_PLAN,
new JavaBehaviour(this, "onDeleteRootNode", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
* Create root node behaviour
*
@@ -195,7 +195,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// set the capabilities
// permissionService.setPermission(rmRootNode, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.VIEW_RECORDS, true);
// permissionService.setPermission(rmRootNode, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.EDIT_NON_RECORD_METADATA, true);
// Create the unfiled record container
return filePlanService.createUnfiledContainer(rmRootNode);
}
@@ -236,7 +236,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* Get all the roles by short name
*
@@ -249,7 +249,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}
/**
*
*
* @param rmRootNode
* @param unfiledContainer
*/
@@ -345,7 +345,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// Add the creating user to the administration group
String user = AuthenticationUtil.getFullyAuthenticatedUser();
authorityService.addAuthority(role.getRoleGroupName(), user);
if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false)
{
// add the dynamic admin authority
@@ -441,10 +441,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
Set<String> users = authorityService.getContainedAuthorities(AuthorityType.USER, roleAuthority, false);
if (users.contains(user) == true)
{
String name = getShortRoleName(authorityService.getShortName(roleAuthority), rmRootNode);
String groupShortName = authorityService.getShortName(roleAuthority);
String name = getShortRoleName(groupShortName, rmRootNode);
String displayLabel = authorityService.getAuthorityDisplayName(roleAuthority);
Role role = new Role(name, displayLabel, getCapabilitiesImpl(rmRootNode, roleAuthority), roleAuthority);
Set<Capability> capabilities = getCapabilitiesImpl(rmRootNode, roleAuthority);
Role role = new Role(name, displayLabel, capabilities, roleAuthority, groupShortName);
result.add(role);
}
}
@@ -612,22 +614,22 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// TODO .. we should be creating a permission set containing all the capabilities and then assigning that
// single permission group to the file plan .. would be tidier
// Assign the various capabilities to the group on the root records management node
if (capabilities != null)
{
for (Capability capability : capabilities)
{
permissionService.setPermission(rmRootNode, roleGroup, capability.getName(), true);
}
}
}
return new Role(role, roleDisplayLabel, capabilities, roleGroup);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
@@ -642,7 +644,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
throw new AlfrescoRuntimeException("Unable to update role " + role + ", because it does not exist.");
}
String roleAuthority = authorityService.getName(AuthorityType.GROUP, getFullRoleName(role, rmRootNode));
// Reset the role display name
@@ -672,10 +674,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
// ensure that we are not trying to delete the admin role
if (ROLE_ADMIN.equals(role) == true)
{
{
throw new AlfrescoRuntimeException("Can not delete the records management administration role.");
}
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Boolean doWork() throws Exception
@@ -687,7 +689,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getUsersAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@@ -696,13 +698,13 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
ParameterCheck.mandatory("filePlan", filePlan);
ParameterCheck.mandatory("roleName", roleName);
return getAuthoritiesAssignedToRole(filePlan, roleName, AuthorityType.USER);
}
/**
* Gets all the authorities of a given type directly assigned to the given role in the file plan.
*
*
* @param filePlan file plan
* @param roleName role name
* @param authorityType authority type
@@ -714,17 +716,17 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
public Set<String> doWork() throws Exception
{
Role role = getRole(filePlan, roleName);
Role role = getRole(filePlan, roleName);
if (role == null)
{
throw new AlfrescoRuntimeException("Can not get authorities for role " + roleName + ", because it does not exist. (filePlan=" + filePlan.toString() + ")");
}
return authorityService.getContainedAuthorities(authorityType, role.getRoleGroupName(), false);
return authorityService.getContainedAuthorities(authorityType, role.getRoleGroupName(), false);
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getGroupsAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@@ -733,10 +735,10 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
ParameterCheck.mandatory("filePlan", filePlan);
ParameterCheck.mandatory("roleName", roleName);
return getAuthoritiesAssignedToRole(filePlan, roleName, AuthorityType.GROUP);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#getAllAssignedToRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@@ -745,7 +747,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
ParameterCheck.mandatory("filePlan", filePlan);
ParameterCheck.mandatory("roleName", role);
Set<String> result = new HashSet<String>(21);
result.addAll(getUsersAssignedToRole(filePlan, role));
result.addAll(getGroupsAssignedToRole(filePlan, role));
@@ -771,7 +773,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService#unassignRoleFromAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/

32
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/Role.java
View File

@@ -31,20 +31,24 @@ public class Role
{
/** Role name */
private String name;
/** Role label */
private String displayLabel;
/** Role capabilities */
private Set<Capability> capabilities;
/** Role group name */
private String roleGroupName;
/** Role group short name */
private String groupShortName;
/**
* @param name
* @param displayLabel
* @param capabilities
* @param roleGroupName
*/
public Role(String name, String displayLabel, Set<Capability> capabilities, String roleGroupName)
{
@@ -54,6 +58,19 @@ public class Role
this.roleGroupName = roleGroupName;
}
/**
* @param name
* @param displayLabel
* @param capabilities
* @param roleGroupName
* @param groupShortName
*/
public Role(String name, String displayLabel, Set<Capability> capabilities, String roleGroupName, String groupShortName)
{
this(name, displayLabel, capabilities, roleGroupName);
this.groupShortName = groupShortName;
}
/**
* @return the name
*/
@@ -85,4 +102,13 @@ public class Role
{
return roleGroupName;
}
/**
* @return the groupShortName
*/
public String getGroupShortName()
{
return this.groupShortName;
}
}

85
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/admin/RoleDeclarativeWebScript.java
View File

@@ -35,7 +35,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* Base declarative web script for role API.
*
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -43,13 +43,13 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
/** File plan service */
protected FilePlanService filePlanService;
/** File plan role service */
protected FilePlanRoleService filePlanRoleService;
/** Authority service */
protected AuthorityService authorityService;
/**
* @param filePlanService file plan service
*/
@@ -57,7 +57,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
this.filePlanService = filePlanService;
}
/**
* @param filePlanRoleService file plan role service
*/
@@ -65,7 +65,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* @param authorityService authority service
*/
@@ -73,10 +73,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
this.authorityService = authorityService;
}
/**
* Utility method to get the file plan from the passed parameters.
*
*
* @param req
* @return
*/
@@ -90,12 +90,12 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
filePlan = filePlanService.getFilePlanBySiteId(siteId);
}
if (filePlan == null)
{
String storeType = templateVars.get("store_type");
String storeId = templateVars.get("store_id");
String id = templateVars.get("id");
String storeType = templateVars.get("store_type");
String storeId = templateVars.get("store_id");
String id = templateVars.get("id");
if (StringUtils.isEmpty(storeType) == false &&
StringUtils.isEmpty(storeId) == false &&
@@ -107,9 +107,9 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
filePlan = nodeRef;
}
}
}
}
if (filePlan == null)
{
// Assume we are in a legacy repository and we will grab the default file plan
@@ -118,10 +118,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
return filePlan;
}
/**
* Create role items
*
*
* @param filePlan
* @param roles
* @return
@@ -130,10 +130,10 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
return createRoleItems(filePlan, roles, false);
}
/**
* Create role items
*
*
* @param filePlan
* @param roles
* @param showAuths
@@ -147,7 +147,7 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
RoleItem item = null;
if (showAuths == true)
{
item = new RoleItem(role,
item = new RoleItem(role,
createAuthorityItems(filePlanRoleService.getUsersAssignedToRole(filePlan, role.getName())),
createAuthorityItems(filePlanRoleService.getGroupsAssignedToRole(filePlan, role.getName())));
}
@@ -159,92 +159,99 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
}
return items;
}
/**
* Create authority items
*
*
* @param authorities
* @return
*/
private Set<AuthorityItem> createAuthorityItems(Set<String> authorities)
{
Set<AuthorityItem> result = new HashSet<AuthorityItem>(authorities.size());
for (String authority : authorities)
{
String displayLabel = authorityService.getAuthorityDisplayName(authority);
result.add(new AuthorityItem(authority, displayLabel));
}
return result;
}
/**
* Role Item Helper Class
*
*
* @author Roy Wetherall
* @since 2.1
*/
public class RoleItem
{
private String name;
private String groupShortName;
private String displayLabel;
private Set<Capability> capabilities;
private boolean showAuths = false;
private Set<AuthorityItem> assignedUsers;
private Set<AuthorityItem> assignedGroups;
public RoleItem(Role role)
{
this.name = role.getName();
this.displayLabel = role.getDisplayLabel();
this.capabilities = role.getCapabilities();
}
public RoleItem(Role role, Set<AuthorityItem> assignedUsers, Set<AuthorityItem> assignedGroups)
{
this.name = role.getName();
this.groupShortName = role.getGroupShortName();
this.displayLabel = role.getDisplayLabel();
this.capabilities = role.getCapabilities();
this.showAuths = true;
this.assignedUsers = assignedUsers;
this.assignedGroups = assignedGroups;
}
public String getName()
{
return name;
}
public String getGroupShortName()
{
return groupShortName;
}
public String getDisplayLabel()
{
return displayLabel;
}
public Set<Capability> getCapabilities()
{
return capabilities;
}
public boolean getShowAuths()
{
return showAuths;
}
public Set<AuthorityItem> getAssignedGroups()
{
return assignedGroups;
}
public Set<AuthorityItem> getAssignedUsers()
{
return assignedUsers;
}
}
/**
* Authority Item Helper Class
*
*
* @author Roy Wetherall
* @since 2.1
*/
@@ -252,21 +259,21 @@ public class RoleDeclarativeWebScript extends DeclarativeWebScript
{
private String name;
private String displayLabel;
public AuthorityItem(String name, String displayLabel)
{
this.name = name;
this.displayLabel = displayLabel;
}
public String getName()
{
return name;
}
public String getDisplayLabel()
{
return displayLabel;
}
}
}
}