inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Humongous merge. It is incomplete, however; faces-config-navigation.xml and ClientConfigElement

Browse Source 
were both beyond me, and are just the raw conflict merge data.  If Kev can't figure out how they should
go together by tomorrow AM (for me) I'll dig back in.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@4306 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-11-08 05:17:40 +00:00
parent 2c20af6d2b
commit b2f9df29d1
140 changed files with 20060 additions and 16456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1580
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

File diff suppressed because it is too large Load Diff

684
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -1,342 +1,342 @@
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private Map<String, String> attributeDefaults;
private boolean errorOnMissingUID;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAttributeDefaults(Map<String, String> attributeDefaults)
{
this.attributeDefaults = attributeDefaults;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
if(errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
else
{
s_logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
continue;
}
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private Map<String, String> attributeDefaults;
private boolean errorOnMissingUID;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAttributeDefaults(Map<String, String> attributeDefaults)
{
this.attributeDefaults = attributeDefaults;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
if(errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
else
{
s_logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
continue;
}
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}

12
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthority.java
View File

@@ -16,6 +16,8 @@
*/
package org.alfresco.repo.security.permissions.dynamic;
import java.io.Serializable;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.service.cmr.lock.LockService;
@@ -44,9 +46,13 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
}
if (nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY))
{
NodeRef original = DefaultTypeConverter.INSTANCE.convert(
NodeRef.class, nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE));
if (nodeService.exists(original))
NodeRef original = null;
Serializable reference = nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE);
if (reference != null)
{
original = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, reference);
}
if (original != null && nodeService.exists(original))
{
return (lockService.getLockStatus(original) == LockStatus.LOCK_OWNER);
}

2264
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

File diff suppressed because it is too large Load Diff

3678
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

File diff suppressed because it is too large Load Diff

48
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
View File

@@ -44,7 +44,6 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
/**
*
* @author andyh
*/
@@ -165,14 +164,11 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
}
/**
* This implementation supports only <code>MethodSecurityInterceptor</code>,
* because it queries the presented <code>MethodInvocation</code>.
* This implementation supports only <code>MethodSecurityInterceptor</code>, because it queries the presented <code>MethodInvocation</code>.
*
* @param clazz
* the secure object
*
* @return <code>true</code> if the secure object is
* <code>MethodInvocation</code>, <code>false</code> otherwise
* @return <code>true</code> if the secure object is <code>MethodInvocation</code>, <code>false</code> otherwise
*/
public boolean supports(Class clazz)
{
@@ -253,7 +249,15 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
testNodeRef = (NodeRef) invocation.getArguments()[cad.parameter];
if (log.isDebugEnabled())
{
log.debug("\tPermission test on node " + nodeService.getPath(testNodeRef));
if (nodeService.exists(testNodeRef))
{
log.debug("\tPermission test on node " + nodeService.getPath(testNodeRef));
}
else
{
log.debug("\tPermission test on non-existing node " +testNodeRef);
}
}
}
else if (ChildAssociationRef.class.isAssignableFrom(params[cad.parameter]))
@@ -263,7 +267,14 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
testNodeRef = ((ChildAssociationRef) invocation.getArguments()[cad.parameter]).getChildRef();
if (log.isDebugEnabled())
{
log.debug("\tPermission test on node " + nodeService.getPath(testNodeRef));
if (nodeService.exists(testNodeRef))
{
log.debug("\tPermission test on node " + nodeService.getPath(testNodeRef));
}
else
{
log.debug("\tPermission test on non-existing node " + testNodeRef);
}
}
}
}
@@ -284,6 +295,14 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
testNodeRef = nodeService.getPrimaryParent(child).getParentRef();
if (log.isDebugEnabled())
{
if (nodeService.exists(testNodeRef))
{
log.debug("\tPermission test for parent on node " + nodeService.getPath(testNodeRef));
}
else
{
log.debug("\tPermission test for parent on non-existing node " + testNodeRef);
}
log.debug("\tPermission test for parent on node " + nodeService.getPath(testNodeRef));
}
}
@@ -295,8 +314,17 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
testNodeRef = ((ChildAssociationRef) invocation.getArguments()[cad.parameter]).getParentRef();
if (log.isDebugEnabled())
{
log.debug("\tPermission test for parent on child assoc ref for node "
+ nodeService.getPath(testNodeRef));
if (nodeService.exists(testNodeRef))
{
log.debug("\tPermission test for parent on child assoc ref for node "
+ nodeService.getPath(testNodeRef));
}
else
{
log.debug("\tPermission test for parent on child assoc ref for non existing node "
+ testNodeRef);
}
}
}

1932
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModel.java
View File

File diff suppressed because it is too large Load Diff

776
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -1,388 +1,388 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
public class PersonServiceImpl implements PersonService
{
public static final String SYSTEM_FOLDER = "/sys:system";
public static final String PEOPLE_FOLDER = SYSTEM_FOLDER + "/sys:people";
// IOC
private StoreRef storeRef;
private NodeService nodeService;
private SearchService searchService;
private AuthorityService authorityService;
private PermissionServiceSPI permissionServiceSPI;
private NamespacePrefixResolver namespacePrefixResolver;
private boolean createMissingPeople;
private static Set<QName> mutableProperties;
private boolean userNamesAreCaseSensitive = false;
private String defaultHomeFolderProvider;
static
{
Set<QName> props = new HashSet<QName>();
props.add(ContentModel.PROP_HOMEFOLDER);
props.add(ContentModel.PROP_FIRSTNAME);
// Middle Name
props.add(ContentModel.PROP_LASTNAME);
props.add(ContentModel.PROP_EMAIL);
props.add(ContentModel.PROP_ORGID);
mutableProperties = Collections.unmodifiableSet(props);
}
public PersonServiceImpl()
{
super();
}
public boolean getUserNamesAreCaseSensitive()
{
return userNamesAreCaseSensitive;
}
public void setUserNamesAreCaseSensitive(boolean userNamesAreCaseSensitive)
{
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
{
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
}
public NodeRef getPerson(String userName)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
return createMissingPerson(userName);
}
else
{
throw new NoSuchPersonException(userName);
}
}
else
{
return personNode;
}
}
public boolean personExists(String caseSensitiveUserName)
{
return getPersonOrNull(caseSensitiveUserName) != null;
}
public NodeRef getPersonOrNull(String searchUserName)
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + searchUserName
+ "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME));
if (userNamesAreCaseSensitive)
{
if (realUserName.equals(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
public boolean createMissingPeople()
{
return createMissingPeople;
}
public Set<QName> getMutableProperties()
{
return mutableProperties;
}
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
personNode = createMissingPerson(userName);
}
else
{
throw new PersonException("No person found for user name " + userName);
}
}
else
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode,
ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
nodeService.setProperties(personNode, properties);
}
public boolean isMutable()
{
return true;
}
private NodeRef createMissingPerson(String userName)
{
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
return createPerson(properties);
}
private HashMap<QName, Serializable> getDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, "");
properties.put(ContentModel.PROP_EMAIL, "");
properties.put(ContentModel.PROP_ORGID, "");
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
return properties;
}
public NodeRef createPerson(Map<QName, Serializable> properties)
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, userName);
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON, properties).getChildRef();
}
public NodeRef getPeopleContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
List<NodeRef> results = searchService.selectNodes(rootNodeRef, PEOPLE_FOLDER, null, namespacePrefixResolver,
false);
if (results.size() == 0)
{
throw new AlfrescoRuntimeException("Required people system path not found: " + PEOPLE_FOLDER);
}
else
{
return results.get(0);
}
}
public void deletePerson(String userName)
{
NodeRef personNodeRef = getPersonOrNull(userName);
// delete the person
if (personNodeRef != null)
{
nodeService.deleteNode(personNodeRef);
}
// remove user from any containing authorities
Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
for (String containerAuthority : containerAuthorities)
{
authorityService.removeAuthority(containerAuthority, userName);
}
// remove any user permissions
permissionServiceSPI.deletePermissions(userName);
}
public Set<NodeRef> getAllPeople()
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"" + ContentModel.TYPE_PERSON + "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
LinkedHashSet<NodeRef> nodes = new LinkedHashSet<NodeRef>();
ResultSet rs = null;
try
{
rs = searchService.query(sp);
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
nodes.add(nodeRef);
}
}
}
finally
{
if (rs != null)
{
rs.close();
}
}
return nodes;
}
public void setCreateMissingPeople(boolean createMissingPeople)
{
this.createMissingPeople = createMissingPeople;
}
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
{
this.namespacePrefixResolver = namespacePrefixResolver;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
{
this.permissionServiceSPI = permissionServiceSPI;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSearchService(SearchService searchService)
{
this.searchService = searchService;
}
public void setStoreUrl(String storeUrl)
{
this.storeRef = new StoreRef(storeUrl);
}
public String getUserIdentifier(String caseSensitiveUserName)
{
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
if ((nodeRef != null) && nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME));
return realUserName;
}
return null;
}
// IOC Setters
}
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
public class PersonServiceImpl implements PersonService
{
public static final String SYSTEM_FOLDER = "/sys:system";
public static final String PEOPLE_FOLDER = SYSTEM_FOLDER + "/sys:people";
// IOC
private StoreRef storeRef;
private NodeService nodeService;
private SearchService searchService;
private AuthorityService authorityService;
private PermissionServiceSPI permissionServiceSPI;
private NamespacePrefixResolver namespacePrefixResolver;
private boolean createMissingPeople;
private static Set<QName> mutableProperties;
private boolean userNamesAreCaseSensitive = false;
private String defaultHomeFolderProvider;
static
{
Set<QName> props = new HashSet<QName>();
props.add(ContentModel.PROP_HOMEFOLDER);
props.add(ContentModel.PROP_FIRSTNAME);
// Middle Name
props.add(ContentModel.PROP_LASTNAME);
props.add(ContentModel.PROP_EMAIL);
props.add(ContentModel.PROP_ORGID);
mutableProperties = Collections.unmodifiableSet(props);
}
public PersonServiceImpl()
{
super();
}
public boolean getUserNamesAreCaseSensitive()
{
return userNamesAreCaseSensitive;
}
public void setUserNamesAreCaseSensitive(boolean userNamesAreCaseSensitive)
{
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
{
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
}
public NodeRef getPerson(String userName)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
return createMissingPerson(userName);
}
else
{
throw new NoSuchPersonException(userName);
}
}
else
{
return personNode;
}
}
public boolean personExists(String caseSensitiveUserName)
{
return getPersonOrNull(caseSensitiveUserName) != null;
}
public NodeRef getPersonOrNull(String searchUserName)
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + searchUserName
+ "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME));
if (userNamesAreCaseSensitive)
{
if (realUserName.equals(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
public boolean createMissingPeople()
{
return createMissingPeople;
}
public Set<QName> getMutableProperties()
{
return mutableProperties;
}
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
personNode = createMissingPerson(userName);
}
else
{
throw new PersonException("No person found for user name " + userName);
}
}
else
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode,
ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
nodeService.setProperties(personNode, properties);
}
public boolean isMutable()
{
return true;
}
private NodeRef createMissingPerson(String userName)
{
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
return createPerson(properties);
}
private HashMap<QName, Serializable> getDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, "");
properties.put(ContentModel.PROP_EMAIL, "");
properties.put(ContentModel.PROP_ORGID, "");
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
return properties;
}
public NodeRef createPerson(Map<QName, Serializable> properties)
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, userName);
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON, properties).getChildRef();
}
public NodeRef getPeopleContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
List<NodeRef> results = searchService.selectNodes(rootNodeRef, PEOPLE_FOLDER, null, namespacePrefixResolver,
false);
if (results.size() == 0)
{
throw new AlfrescoRuntimeException("Required people system path not found: " + PEOPLE_FOLDER);
}
else
{
return results.get(0);
}
}
public void deletePerson(String userName)
{
NodeRef personNodeRef = getPersonOrNull(userName);
// delete the person
if (personNodeRef != null)
{
nodeService.deleteNode(personNodeRef);
}
// remove user from any containing authorities
Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
for (String containerAuthority : containerAuthorities)
{
authorityService.removeAuthority(containerAuthority, userName);
}
// remove any user permissions
permissionServiceSPI.deletePermissions(userName);
}
public Set<NodeRef> getAllPeople()
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"" + ContentModel.TYPE_PERSON + "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
LinkedHashSet<NodeRef> nodes = new LinkedHashSet<NodeRef>();
ResultSet rs = null;
try
{
rs = searchService.query(sp);
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
nodes.add(nodeRef);
}
}
}
finally
{
if (rs != null)
{
rs.close();
}
}
return nodes;
}
public void setCreateMissingPeople(boolean createMissingPeople)
{
this.createMissingPeople = createMissingPeople;
}
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
{
this.namespacePrefixResolver = namespacePrefixResolver;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
{
this.permissionServiceSPI = permissionServiceSPI;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSearchService(SearchService searchService)
{
this.searchService = searchService;
}
public void setStoreUrl(String storeUrl)
{
this.storeRef = new StoreRef(storeUrl);
}
public String getUserIdentifier(String caseSensitiveUserName)
{
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
if ((nodeRef != null) && nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME));
return realUserName;
}
return null;
}
// IOC Setters
}