[RM-900] MT: Impossible to create RM site as tenant. Now looks to see if MT is enabled and formats the rmadmin's name in the proper format. Also handles the super tenant which requires no domain name for the user name. Added private method (using RMv2RMAdminUserPatch as example) to create the user if it was not already created during bootstrapDefaultRoles. onCreateRootNode now calls BootstrapImporterModuleComponent.execute() to test for and create rm_config_folder if needed.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54946 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml

@@ -567,6 +567,11 @@
         <property name="policyComponent" ref="policyComponent"/>
         <property name="filePlanService" ref="FilePlanService" />
         <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
+        <property name="authenticationService" ref="AuthenticationService" />
+        <property name="personService" ref="PersonService" />
+        
+        <!-- init repo for when a tenant is created -->
+        <property name="bootstrapImporterModuleComponent" ref="org_alfresco_module_rm_bootstrapData"/>
 
     </bean>
 
@@ -1188,6 +1193,9 @@
      	<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
      	<property name="rmAdminFirstName" value="${bootstrap.rmadmin.firstName}" />
      	<property name="rmAdminLastName" value="${bootstrap.rmadmin.lastName}" />
+        <property name="tenantService">
+            <ref bean="tenantService"/>
+        </property>
     </bean>
 
     <bean id="FilePlanAuthenticationService" class="org.springframework.aop.framework.ProxyFactoryBean">

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java

@@ -22,11 +22,16 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.Serializable;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.model.ContentModel;
+import org.alfresco.module.org_alfresco_module_rm.bootstrap.BootstrapImporterModuleComponent;
 import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
 import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
@@ -35,6 +40,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.JavaBehaviour;
@@ -48,7 +54,10 @@ import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.AuthorityType;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.util.ParameterCheck;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
@@ -87,6 +96,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
     /** File plan authentication service */
     private FilePlanAuthenticationService filePlanAuthenticationService;
     
+    /** mutable authenticaiton service */
+    private MutableAuthenticationService authenticationService;
+    
+    /** person service */
+    private PersonService personService;
+    
+    private BootstrapImporterModuleComponent bootstrapImporterModule;
+
     /** Records management role zone */
     public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
 
@@ -149,6 +166,31 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
         this.filePlanAuthenticationService = filePlanAuthenticationService;
     }
     
+    /**     
+     * @param personService person service
+     */
+    public void setPersonService(PersonService personService)
+    {
+        this.personService = personService;
+    }
+    
+    /**
+     * @param authenticationService mutable authentication service
+     */
+    public void setAuthenticationService(MutableAuthenticationService authenticationService)
+    {
+        this.authenticationService = authenticationService;
+    }
+    
+    /**
+     * 
+     * @param bootstrapImporterModuleComponent
+     */
+    public void setBootstrapImporterModuleComponent(BootstrapImporterModuleComponent bootstrapImporterModuleComponent)
+    {
+        this.bootstrapImporterModule = bootstrapImporterModuleComponent;
+    }
+
     /**
      * Initialisation method
      */
@@ -186,6 +228,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
             {
                 public NodeRef doWork()
                 {
+                    //In a multi tenant store we need to initialize the rm config if it has been done yet
+                    bootstrapImporterModule.execute();
+                    
                     // Create "all" role group for root node
                     String allRoles = authorityService.createAuthority(
                     						AuthorityType.GROUP, 
@@ -351,6 +396,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
 
                             if (filePlanAuthenticationService.getRmAdminUserName().equals(user) == false)
                             {
+                                // Create the RM Admin User if it does not already exist
+                                createRMAdminUser();
+                                
                                 // add the dynamic admin authority
                                 authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
                             }
@@ -848,4 +896,32 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
     {
         return authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(filePlan));
     }
+    
+    /**
+     * Create the RMAdmin user if it does not already exist
+     */
+    private void createRMAdminUser()
+    {
+        /** default rm admin password */
+        String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
+        
+        String user = filePlanAuthenticationService.getRmAdminUserName();
+        String firstName = filePlanAuthenticationService.getRmAdminFirstName();
+        String lastName = filePlanAuthenticationService.getRmAdminLastName();
+        
+        if (authenticationService.authenticationExists(user) == false)
+        {
+            if (logger.isDebugEnabled() == true)
+            {
+                logger.debug("   ... creating RM Admin user");
+            }
+            
+            authenticationService.createAuthentication(user, password.toCharArray());
+            Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
+            properties.put(ContentModel.PROP_USERNAME, user);
+            properties.put(ContentModel.PROP_FIRSTNAME, firstName);
+            properties.put(ContentModel.PROP_LASTNAME, lastName);
+            personService.createPerson(properties);
+        }
+    }
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.security;
 
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.tenant.TenantService;
 
 /**
  * @author Roy Wetherall
@@ -37,6 +38,18 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
     private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME;
     private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME;
     
+    private TenantService tenantService;
+    
+    /**
+     * The Tenant Service
+     * 
+     * @param tenantService
+     */
+    public void setTenantService(TenantService tenantService)
+    {
+        this.tenantService = tenantService;
+    }
+
     /**
      * @param rmAdminUserName   rm admin user name
      */
@@ -51,7 +64,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
     @Override
     public String getRmAdminUserName()
     {
-        return rmAdminUserName;
+        // Build the tenant domain string
+        String tenantDomain = tenantService.isEnabled() ? "@" + tenantService.getCurrentUserDomain() : "";
+        
+        // if MT is enabled and we are in the non-tenant domain we need use the base rm admin user name
+        return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
     }
 
     /**