Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

73688: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 73548: MNT-10165: Merged DEV to V4.2-BUG-FIX (4.2.3) 61161: MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding - Detect permission to delete for principal and also find and delete all the concomitant basic CMIS permissions. Add unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74803 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2014-06-25 16:07:21 +00:00
parent f8eb3f7f62
commit b1bb208eb8
2 changed files with 165 additions and 1 deletions
--- a/source/java/org/alfresco/opencmis/CMISConnector.java
+++ b/source/java/org/alfresco/opencmis/CMISConnector.java
@@ -2641,6 +2641,7 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
        }

        Set<AccessPermission> currentAces = permissionService.getAllSetPermissions(nodeRef);
+        Acl currentACL = getACL(nodeRef, false);

        // remove all permissions
        permissionService.deletePermissions(nodeRef);
@@ -2654,7 +2655,9 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
                principalId = AuthenticationUtil.getFullyAuthenticatedUser();
            }

-            List<String> permissions = translatePermissionsFromCMIS(ace.getPermissions());
+            List<String> acePermissions = ace.getPermissions();
+            normaliseAcePermissions(currentACL, ace, acePermissions);
+            List<String> permissions = translatePermissionsFromCMIS(acePermissions);
            normalisePermissions(currentAces, permissions);
            for (String permission : permissions)
            {
@@ -2663,6 +2666,38 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
        }
    }

+    /*
+     * MNT-10165: CMIS 1.1 API: Impossible to remove ACL through Atom binding
+     * 
+     * Detect permission to delete for principal and 
+     * also delete all the concomitant basic permissions
+     */
+    private void normaliseAcePermissions(Acl currentACL, Ace newAce, List<String> acePermissions)
+    {
+        for (Ace oldAce : currentACL.getAces())
+        {
+            if (oldAce.getPrincipalId().equals(newAce.getPrincipalId()))
+            {
+                // detect what permissions were deleted for principal
+                Set<String> permissionsDeletedForPrincipal = new HashSet<String>(oldAce.getPermissions());
+                Set<String> newPermissions = new HashSet<String>(newAce.getPermissions());
+                permissionsDeletedForPrincipal.removeAll(newPermissions);
+                for (String permissionDeleted : permissionsDeletedForPrincipal)
+                {
+                    // for deleted permission also delete all attendant basic permissions
+                    List<String> onePermissionList = new ArrayList<String>();
+                    onePermissionList.add(permissionDeleted);
+
+                    List<String> cmisPermissions = translatePermmissionsToCMIS(onePermissionList, false);
+                    for (String cmisPermission : cmisPermissions)
+                    {
+                        acePermissions.remove(cmisPermission);
+                    }
+                }
+            }
+        }
+    }
+
    /*
     * ALF-11868: the cmis client library may incorrectly send READ or WRITE permissions to applyAcl.
     * This method works around this by "normalising" permissions: