mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-16 17:55:15 +00:00
Removed recursive check for child read permissions.
This can be configured back. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2155 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
parent
779aff6137
commit
aed399f1cd
@ -8,6 +8,10 @@
|
|||||||
<!-- The base permission model for the repository -->
|
<!-- The base permission model for the repository -->
|
||||||
<!-- ============================================ -->
|
<!-- ============================================ -->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- The parent permission checks were removed 20/1/2006 -->
|
||||||
|
|
||||||
|
|
||||||
<permissions>
|
<permissions>
|
||||||
|
|
||||||
<!-- Namespaces used in type references -->
|
<!-- Namespaces used in type references -->
|
||||||
@ -77,7 +81,9 @@
|
|||||||
|
|
||||||
<permission name="ReadProperties" expose="true" >
|
<permission name="ReadProperties" expose="true" >
|
||||||
<grantedToGroup permissionGroup="Read" />
|
<grantedToGroup permissionGroup="Read" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to read the children of a node -->
|
<!-- The permission to read the children of a node -->
|
||||||
@ -88,7 +94,9 @@
|
|||||||
|
|
||||||
<permission name="ReadChildren" expose="true" >
|
<permission name="ReadChildren" expose="true" >
|
||||||
<grantedToGroup permissionGroup="Read" />
|
<grantedToGroup permissionGroup="Read" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to write to the properties of a node -->
|
<!-- The permission to write to the properties of a node -->
|
||||||
@ -99,7 +107,9 @@
|
|||||||
|
|
||||||
<permission name="WriteProperties" expose="true" >
|
<permission name="WriteProperties" expose="true" >
|
||||||
<grantedToGroup permissionGroup="Write" />
|
<grantedToGroup permissionGroup="Write" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to delete a node -->
|
<!-- The permission to delete a node -->
|
||||||
@ -113,7 +123,9 @@
|
|||||||
|
|
||||||
<permission name="DeleteNode" expose="true" >
|
<permission name="DeleteNode" expose="true" >
|
||||||
<grantedToGroup permissionGroup="Delete" />
|
<grantedToGroup permissionGroup="Delete" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
<requiredPermission on="parent" name="DeleteChildren" implies="false"/>
|
<requiredPermission on="parent" name="DeleteChildren" implies="false"/>
|
||||||
<requiredPermission on="node" name="DeleteChildren" implies="false"/>
|
<requiredPermission on="node" name="DeleteChildren" implies="false"/>
|
||||||
<!-- Remove the recursive check for now for performance -->
|
<!-- Remove the recursive check for now for performance -->
|
||||||
@ -129,39 +141,51 @@
|
|||||||
<!-- -->
|
<!-- -->
|
||||||
<permission name="DeleteChildren" expose="true" >
|
<permission name="DeleteChildren" expose="true" >
|
||||||
<grantedToGroup permissionGroup="Delete" />
|
<grantedToGroup permissionGroup="Delete" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to create new nodes -->
|
<!-- The permission to create new nodes -->
|
||||||
|
|
||||||
<permission name="CreateChildren" expose="true" >
|
<permission name="CreateChildren" expose="true" >
|
||||||
<grantedToGroup permissionGroup="AddChildren" />
|
<grantedToGroup permissionGroup="AddChildren" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to link nodes -->
|
<!-- The permission to link nodes -->
|
||||||
|
|
||||||
<permission name="LinkChildren" expose="true" >
|
<permission name="LinkChildren" expose="true" >
|
||||||
<grantedToGroup permissionGroup="AddChildren" />
|
<grantedToGroup permissionGroup="AddChildren" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to delte associations between nodes (not children) -->
|
<!-- The permission to delte associations between nodes (not children) -->
|
||||||
|
|
||||||
<permission name="DeleteAssociations" expose="true" >
|
<permission name="DeleteAssociations" expose="true" >
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to read associations -->
|
<!-- The permission to read associations -->
|
||||||
|
|
||||||
<permission name="ReadAssociations" expose="true" >
|
<permission name="ReadAssociations" expose="true" >
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to create associations -->
|
<!-- The permission to create associations -->
|
||||||
|
|
||||||
<permission name="CreateAssociations" expose="true" >
|
<permission name="CreateAssociations" expose="true" >
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="ReadChildren" implies="false" />
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- ==================================================== -->
|
<!-- ==================================================== -->
|
||||||
@ -171,13 +195,17 @@
|
|||||||
<!-- The permission to read the permissions on a node -->
|
<!-- The permission to read the permissions on a node -->
|
||||||
|
|
||||||
<permission name="ReadPermissions" expose="true" >
|
<permission name="ReadPermissions" expose="true" >
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to the change the permissions associated with a node -->
|
<!-- The permission to the change the permissions associated with a node -->
|
||||||
|
|
||||||
<permission name="ChangePermissions" expose="true" >
|
<permission name="ChangePermissions" expose="true" >
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
@ -243,21 +271,27 @@
|
|||||||
|
|
||||||
<permission name="ReadContent" expose="false">
|
<permission name="ReadContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="Read"/>
|
<grantedToGroup permissionGroup="Read"/>
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to write content. -->
|
<!-- The permission to write content. -->
|
||||||
|
|
||||||
<permission name="WriteContent" expose="false">
|
<permission name="WriteContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="Write" />
|
<grantedToGroup permissionGroup="Write" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- Execute permission on content. -->
|
<!-- Execute permission on content. -->
|
||||||
|
|
||||||
<permission name="ExecuteContent" expose="false">
|
<permission name="ExecuteContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="Execute" />
|
<grantedToGroup permissionGroup="Execute" />
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
|
||||||
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
||||||
@ -280,7 +314,9 @@
|
|||||||
<permission name="SetOwner" expose="false" requiresType="false">
|
<permission name="SetOwner" expose="false" requiresType="false">
|
||||||
<grantedToGroup permissionGroup="TakeOwnership" />
|
<grantedToGroup permissionGroup="TakeOwnership" />
|
||||||
<!-- require to be able to reach the node and set properties in the node -->
|
<!-- require to be able to reach the node and set properties in the node -->
|
||||||
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="ReadChildren" />
|
<requiredPermission on="parent" name="ReadChildren" />
|
||||||
|
-->
|
||||||
<requiredPermission on="node" name="WriteProperties" />
|
<requiredPermission on="node" name="WriteProperties" />
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
|
|||||||
@ -600,7 +600,9 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
|||||||
runAs("andy");
|
runAs("andy");
|
||||||
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
|
assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
|
||||||
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
// Changed ny not enfocing READ
|
||||||
|
//assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
|
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
runAs("lemur");
|
runAs("lemur");
|
||||||
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
@ -1630,9 +1632,13 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
|||||||
|
|
||||||
permissionService.setInheritParentPermissions(n2, true);
|
permissionService.setInheritParentPermissions(n2, true);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
runAs("andy");
|
runAs("andy");
|
||||||
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
|
||||||
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
// Changed by removing permission read parents access
|
||||||
|
//assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
|
assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
|
||||||
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
|
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
|
||||||
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
|
assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
|
||||||
runAs("lemur");
|
runAs("lemur");
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user