Fix AR-191, AR-192: CIFS and other network protocols will now treat everything as read-only when the server is in read-only mode

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3124 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java

@@ -64,6 +64,7 @@ public class CifsHelper
     private FileFolderService fileFolderService;
     private MimetypeService mimetypeService;
     private PermissionService permissionService;
+    private boolean isReadOnly;
     
     // Mark locked files as offline
     
@@ -74,6 +75,7 @@ public class CifsHelper
      */
     public CifsHelper()
     {
+        isReadOnly = false;
     }
     
     public void setDictionaryService(DictionaryService dictionaryService)
@@ -101,6 +103,24 @@ public class CifsHelper
         this.permissionService = permissionService;
     }
 
+    /**
+     * @return Returns true if all files/folders should be treated as read-only
+     */
+    public boolean isReadOnly()
+    {
+        return isReadOnly;
+    }
+
+    /**
+     * Set whether the system allows files to be edited or not.  The default is
+     * to allow writes.
+     * @param allowWrites true to allow writes, otherwise false for read-only mode
+     */
+    public void setAllowWrites(boolean allowWrites)
+    {
+        this.isReadOnly = !allowWrites;
+    }
+
     /**
      * Enable marking of locked files as offline
      * 
@@ -216,7 +236,7 @@ public class CifsHelper
             
             String lockTypeStr = (String) nodeProperties.get(ContentModel.PROP_LOCK_TYPE);
                     
-            if ( lockTypeStr != null)
+            if ( lockTypeStr != null )
             {
                 // File is locked so mark it as read-only and offline
 
@@ -256,8 +276,16 @@ public class CifsHelper
         
         // Read/write access
         
-        if ( permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED)
-            fileInfo.setFileAttributes(fileInfo.getFileAttributes() + FileAttribute.ReadOnly);
+        boolean hasPermission = permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED; 
+        if (isReadOnly || !hasPermission)
+        {
+            int attr = fileInfo.getFileAttributes();
+            if (( attr & FileAttribute.ReadOnly) == 0)
+            {
+                attr += FileAttribute.ReadOnly;
+                fileInfo.setFileAttributes(attr);
+            }
+        }
 
         // Set the normal file attribute if no other attributes are set
         

source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java

@@ -32,6 +32,7 @@ import org.alfresco.filesys.server.core.DeviceContextException;
 import org.alfresco.filesys.server.filesys.AccessDeniedException;
 import org.alfresco.filesys.server.filesys.AccessMode;
 import org.alfresco.filesys.server.filesys.DiskInterface;
+import org.alfresco.filesys.server.filesys.FileAttribute;
 import org.alfresco.filesys.server.filesys.FileInfo;
 import org.alfresco.filesys.server.filesys.FileName;
 import org.alfresco.filesys.server.filesys.FileOpenParams;
@@ -467,7 +468,14 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface
      */
     public boolean isReadOnly(SrvSession sess, DeviceContext ctx) throws IOException
     {
-        return false;
+        if (cifsHelper.isReadOnly())
+        {
+            return true;
+        }
+        else
+        {
+            return false;
+        }
     }
     
     /**
@@ -505,9 +513,19 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface
                 if ( pfile != null)
                 {
                     // DEBUG
-                    
                     if ( logger.isDebugEnabled())
                         logger.debug("getInfo using pseudo file info for " + path);
+                    
+                    FileInfo pseudoFileInfo = pfile.getFileInfo();
+                    if (cifsHelper.isReadOnly())
+                    {
+                        int attr = pseudoFileInfo.getFileAttributes();
+                        if (( attr & FileAttribute.ReadOnly) == 0)
+                        {
+                            attr += FileAttribute.ReadOnly;
+                            pseudoFileInfo.setFileAttributes(attr);
+                        }
+                    }
                     return pfile.getFileInfo();
                 }
             }

source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java

@@ -16,11 +16,14 @@
  */
 package org.alfresco.repo.security.permissions.impl;
 
-import net.sf.acegisecurity.AccessDeniedException;
-
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.dao.InvalidDataAccessApiUsageException;
 
+/**
+ * Interceptor to translate and possibly I18Nize exceptions thrown by service calls. 
+ */
 public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
 {
     private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
@@ -36,10 +39,14 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
         {
             return mi.proceed();
         }
-        catch(AccessDeniedException ade)
+        catch (net.sf.acegisecurity.AccessDeniedException ade)
         {
-            throw new org.alfresco.repo.security.permissions.AccessDeniedException(MSG_ACCESS_DENIED, ade);
+            throw new AccessDeniedException(MSG_ACCESS_DENIED, ade);
+        }
+        catch (InvalidDataAccessApiUsageException e)
+        {
+            // this usually occurs when the server is in read-only mode
+            throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
         }
     }
-
 }