From affce5b315e618dffff871591f63346112f39b11 Mon Sep 17 00:00:00 2001 From: Derek Hulley Date: Fri, 16 Jun 2006 11:01:51 +0000 Subject: [PATCH] Fix AR-191, AR-192: CIFS and other network protocols will now treat everything as read-only when the server is in read-only mode git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3124 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- config/alfresco/domain/transaction.properties | 4 +-- config/alfresco/network-protocol-context.xml | 1 + .../filesys/smb/server/repo/CifsHelper.java | 34 +++++++++++++++++-- .../smb/server/repo/ContentDiskDriver.java | 22 ++++++++++-- .../ExceptionTranslatorMethodInterceptor.java | 17 +++++++--- 5 files changed, 66 insertions(+), 12 deletions(-) diff --git a/config/alfresco/domain/transaction.properties b/config/alfresco/domain/transaction.properties index 43700be23c..f0d6d6d583 100644 --- a/config/alfresco/domain/transaction.properties +++ b/config/alfresco/domain/transaction.properties @@ -3,7 +3,7 @@ # server.transaction.mode.readOnly=PROPAGATION_REQUIRED, readOnly # the properties below should change in tandem -# server.transaction.mode=PROPAGATION_REQUIRED, readOnly -# server.transaction.allow-writes=false +#server.transaction.mode.default=PROPAGATION_REQUIRED, readOnly +#server.transaction.allow-writes=false server.transaction.mode.default=PROPAGATION_REQUIRED server.transaction.allow-writes=true diff --git a/config/alfresco/network-protocol-context.xml b/config/alfresco/network-protocol-context.xml index ed154e3f11..170cd26ba1 100644 --- a/config/alfresco/network-protocol-context.xml +++ b/config/alfresco/network-protocol-context.xml @@ -66,6 +66,7 @@ + ${server.transaction.allow-writes} \ No newline at end of file diff --git a/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java b/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java index ed7823580e..cfcd5522b0 100644 --- a/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java +++ b/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java @@ -64,6 +64,7 @@ public class CifsHelper private FileFolderService fileFolderService; private MimetypeService mimetypeService; private PermissionService permissionService; + private boolean isReadOnly; // Mark locked files as offline @@ -74,6 +75,7 @@ public class CifsHelper */ public CifsHelper() { + isReadOnly = false; } public void setDictionaryService(DictionaryService dictionaryService) @@ -101,6 +103,24 @@ public class CifsHelper this.permissionService = permissionService; } + /** + * @return Returns true if all files/folders should be treated as read-only + */ + public boolean isReadOnly() + { + return isReadOnly; + } + + /** + * Set whether the system allows files to be edited or not. The default is + * to allow writes. + * @param allowWrites true to allow writes, otherwise false for read-only mode + */ + public void setAllowWrites(boolean allowWrites) + { + this.isReadOnly = !allowWrites; + } + /** * Enable marking of locked files as offline * @@ -216,7 +236,7 @@ public class CifsHelper String lockTypeStr = (String) nodeProperties.get(ContentModel.PROP_LOCK_TYPE); - if ( lockTypeStr != null) + if ( lockTypeStr != null ) { // File is locked so mark it as read-only and offline @@ -256,8 +276,16 @@ public class CifsHelper // Read/write access - if ( permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED) - fileInfo.setFileAttributes(fileInfo.getFileAttributes() + FileAttribute.ReadOnly); + boolean hasPermission = permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED; + if (isReadOnly || !hasPermission) + { + int attr = fileInfo.getFileAttributes(); + if (( attr & FileAttribute.ReadOnly) == 0) + { + attr += FileAttribute.ReadOnly; + fileInfo.setFileAttributes(attr); + } + } // Set the normal file attribute if no other attributes are set diff --git a/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java b/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java index e37eab5004..f9d87c1849 100644 --- a/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java +++ b/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java @@ -32,6 +32,7 @@ import org.alfresco.filesys.server.core.DeviceContextException; import org.alfresco.filesys.server.filesys.AccessDeniedException; import org.alfresco.filesys.server.filesys.AccessMode; import org.alfresco.filesys.server.filesys.DiskInterface; +import org.alfresco.filesys.server.filesys.FileAttribute; import org.alfresco.filesys.server.filesys.FileInfo; import org.alfresco.filesys.server.filesys.FileName; import org.alfresco.filesys.server.filesys.FileOpenParams; @@ -467,7 +468,14 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface */ public boolean isReadOnly(SrvSession sess, DeviceContext ctx) throws IOException { - return false; + if (cifsHelper.isReadOnly()) + { + return true; + } + else + { + return false; + } } /** @@ -505,9 +513,19 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface if ( pfile != null) { // DEBUG - if ( logger.isDebugEnabled()) logger.debug("getInfo using pseudo file info for " + path); + + FileInfo pseudoFileInfo = pfile.getFileInfo(); + if (cifsHelper.isReadOnly()) + { + int attr = pseudoFileInfo.getFileAttributes(); + if (( attr & FileAttribute.ReadOnly) == 0) + { + attr += FileAttribute.ReadOnly; + pseudoFileInfo.setFileAttributes(attr); + } + } return pfile.getFileInfo(); } } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java b/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java index e8d1225381..ff6e421707 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java @@ -16,11 +16,14 @@ */ package org.alfresco.repo.security.permissions.impl; -import net.sf.acegisecurity.AccessDeniedException; - +import org.alfresco.repo.security.permissions.AccessDeniedException; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; +import org.springframework.dao.InvalidDataAccessApiUsageException; +/** + * Interceptor to translate and possibly I18Nize exceptions thrown by service calls. + */ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor { private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied"; @@ -36,10 +39,14 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor { return mi.proceed(); } - catch(AccessDeniedException ade) + catch (net.sf.acegisecurity.AccessDeniedException ade) { - throw new org.alfresco.repo.security.permissions.AccessDeniedException(MSG_ACCESS_DENIED, ade); + throw new AccessDeniedException(MSG_ACCESS_DENIED, ade); + } + catch (InvalidDataAccessApiUsageException e) + { + // this usually occurs when the server is in read-only mode + throw new AccessDeniedException(MSG_ACCESS_DENIED, e); } } - }