From af2af21b79d273e0284ae4641e48faee66efe8d0 Mon Sep 17 00:00:00 2001
From: Jared Ottley <jared.ottley@alfresco.com>
Date: Wed, 4 Sep 2013 20:27:20 +0000
Subject: [PATCH] [RM-900] MT: Impossible to create RM site as tenant. Now
 looks to see if MT is enabled and formats the rmadmin's name in the proper
 format. Also handles the super tenant which requires no domain name for the
 user name.  Added private method (using RMv2RMAdminUserPatch as example) to
 create the user if it was not already created during bootstrapDefaultRoles. 
 onCreateRootNode now calls BootstrapImporterModuleComponent.execute() to test
 for and create rm_config_folder if needed.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54946 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../rm-service-context.xml                    |  8 ++
 .../role/FilePlanRoleServiceImpl.java         | 78 ++++++++++++++++++-
 .../FilePlanAuthenticationServiceImpl.java    | 19 ++++-
 3 files changed, 103 insertions(+), 2 deletions(-)

diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
index c81aae76ae..3c5f8c49e6 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -567,6 +567,11 @@
         <property name="policyComponent" ref="policyComponent"/>
         <property name="filePlanService" ref="FilePlanService" />
         <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
+        <property name="authenticationService" ref="AuthenticationService" />
+        <property name="personService" ref="PersonService" />
+        
+        <!-- init repo for when a tenant is created -->
+        <property name="bootstrapImporterModuleComponent" ref="org_alfresco_module_rm_bootstrapData"/>
 
     </bean>
 
@@ -1188,6 +1193,9 @@
      	<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
      	<property name="rmAdminFirstName" value="${bootstrap.rmadmin.firstName}" />
      	<property name="rmAdminLastName" value="${bootstrap.rmadmin.lastName}" />
+        <property name="tenantService">
+            <ref bean="tenantService"/>
+        </property>
     </bean>
 
     <bean id="FilePlanAuthenticationService" class="org.springframework.aop.framework.ProxyFactoryBean">
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
index 9df1eb5564..feffed40a2 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
@@ -22,11 +22,16 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.Serializable;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.model.ContentModel;
+import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent;
 import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
 import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
@@ -35,6 +40,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.JavaBehaviour;
@@ -48,7 +54,10 @@ import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.AuthorityType;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.util.ParameterCheck;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
@@ -86,6 +95,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
 
     /** File plan authentication service */
     private FilePlanAuthenticationService filePlanAuthenticationService;
+    
+    /** mutable authenticaiton service */
+    private MutableAuthenticationService authenticationService;
+    
+    /** person service */
+    private PersonService personService;
+    
+    private BootstrapImporterModuleComponent bootstrapImporterModule;
 
     /** Records management role zone */
     public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -148,6 +165,31 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
     {
         this.filePlanAuthenticationService = filePlanAuthenticationService;
     }
+    
+    /**     
+     * @param personService person service
+     */
+    public void setPersonService(PersonService personService)
+    {
+        this.personService = personService;
+    }
+    
+    /**
+     * @param authenticationService mutable authentication service
+     */
+    public void setAuthenticationService(MutableAuthenticationService authenticationService)
+    {
+        this.authenticationService = authenticationService;
+    }
+    
+    /**
+     * 
+     * @param bootstrapImporterModuleComponent
+     */
+    public void setBootstrapImporterModuleComponent(BootstrapImporterModuleComponent bootstrapImporterModuleComponent)
+    {
+        this.bootstrapImporterModule = bootstrapImporterModuleComponent;
+    }
 
     /**
      * Initialisation method
@@ -179,13 +221,16 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
             // This is not the spaces store - probably the archive store
             return;
         }
-
+        
         if (nodeService.exists(rmRootNode) == true)
         {
             NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
             {
                 public NodeRef doWork()
                 {
+                    //In a multi tenant store we need to initialize the rm config if it has been done yet
+                    bootstrapImporterModule.execute();
+                    
                     // Create "all" role group for root node
                     String allRoles = authorityService.createAuthority(
                     						AuthorityType.GROUP, 
@@ -351,6 +396,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
 
                             if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false)
                             {
+                                // Create the RM Admin User if it does not already exist
+                                createRMAdminUser();
+                                
                                 // add the dynamic admin authority
                                 authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
                             }
@@ -848,4 +896,32 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
     {
         return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
     }
+    
+    /**
+     * Create the RMAdmin user if it does not already exist
+     */
+    private void createRMAdminUser()
+    {
+        /** default rm admin password */
+        String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
+        
+        String user = filePlanAuthenticationService.getRmAdminUserName();
+        String firstName = filePlanAuthenticationService.getRmAdminFirstName();
+        String lastName = filePlanAuthenticationService.getRmAdminLastName();
+        
+        if (authenticationService.authenticationExists(user) == false)
+        {
+            if (logger.isDebugEnabled() == true)
+            {
+                logger.debug("   ... creating RM Admin user");
+            }
+            
+            authenticationService.createAuthentication(user, password.toCharArray());
+            Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
+            properties.put(ContentModel.PROP_USERNAME, user);
+            properties.put(ContentModel.PROP_FIRSTNAME, firstName);
+            properties.put(ContentModel.PROP_LASTNAME, lastName);
+            personService.createPerson(properties);
+        }
+    }
 }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
index dbc485069a..68ea87b338 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.security;
 
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.tenant.TenantService;
 
 /**
  * @author Roy Wetherall
@@ -36,6 +37,18 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
     private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
     private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME;
     private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME;
+    
+    private TenantService tenantService;
+    
+    /**
+     * The Tenant Service
+     * 
+     * @param tenantService
+     */
+    public void setTenantService(TenantService tenantService)
+    {
+        this.tenantService = tenantService;
+    }
 
     /**
      * @param rmAdminUserName   rm admin user name
@@ -51,7 +64,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
     @Override
     public String getRmAdminUserName()
     {
-        return rmAdminUserName;
+        // Build the tenant domain string
+        String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : "";
+        
+        // if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name
+        return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
     }
 
     /**