inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

[RM-900] MT: Impossible to create RM site as tenant. Now looks to see if MT is enabled and formats the rmadmin's name in the proper format. Also handles the super tenant which requires no domain name for the user name. Added private method (using RMv2RMAdminUserPatch as example) to create the user if it was not already created during bootstrapDefaultRoles. onCreateRootNode now calls BootstrapImporterModuleComponent.execute() to test for and create rm_config_folder if needed.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54946 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jared Ottley
2013-09-04 20:27:20 +00:00
parent 5c9bc850e3
commit af2af21b79
3 changed files with 103 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -22,11 +22,16 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
@@ -35,6 +40,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.policy.JavaBehaviour;
@@ -48,7 +54,10 @@ import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
@@ -86,6 +95,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** mutable authenticaiton service */
private MutableAuthenticationService authenticationService;
/** person service */
private PersonService personService;
private BootstrapImporterModuleComponent bootstrapImporterModule;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -148,6 +165,31 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @param personService person service
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* @param authenticationService mutable authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
*
* @param bootstrapImporterModuleComponent
*/
public void setBootstrapImporterModuleComponent(BootstrapImporterModuleComponent bootstrapImporterModuleComponent)
{
this.bootstrapImporterModule = bootstrapImporterModuleComponent;
}
/**
* Initialisation method
@@ -179,13 +221,16 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
// This is not the spaces store - probably the archive store
return;
}
if (nodeService.exists(rmRootNode) == true)
{
NodeRef unfiledContainer = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
{
public NodeRef doWork()
{
//In a multi tenant store we need to initialize the rm config if it has been done yet
bootstrapImporterModule.execute();
// Create "all" role group for root node
String allRoles = authorityService.createAuthority(
AuthorityType.GROUP,
@@ -351,6 +396,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false)
{
// Create the RM Admin User if it does not already exist
createRMAdminUser();
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
}
@@ -848,4 +896,32 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
{
return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
}
/**
* Create the RMAdmin user if it does not already exist
*/
private void createRMAdminUser()
{
/** default rm admin password */
String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
String user = filePlanAuthenticationService.getRmAdminUserName();
String firstName = filePlanAuthenticationService.getRmAdminFirstName();
String lastName = filePlanAuthenticationService.getRmAdminLastName();
if (authenticationService.authenticationExists(user) == false)
{
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(user, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, user);
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
properties.put(ContentModel.PROP_LASTNAME, lastName);
personService.createPerson(properties);
}
}
}

19
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantService;
/**
* @author Roy Wetherall
@@ -36,6 +37,18 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME;
private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME;
private TenantService tenantService;
/**
* The Tenant Service
*
* @param tenantService
*/
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
/**
* @param rmAdminUserName rm admin user name
@@ -51,7 +64,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
@Override
public String getRmAdminUserName()
{
return rmAdminUserName;
// Build the tenant domain string
String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : "";
// if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name
return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
}
/**