managers)
+ /**
+ * Update the permissions for the list of sandbox managers applied to a user sandbox.
+ *
+ * Ensures that all managers in the list have full WRITE access to the specified user stores.
+ *
+ * @param storeId
+ * The store id of the sandbox to update
+ * @param managers
+ * The list of authorities who have ContentManager role in the web project
+ */
+ public void updateSandboxManagers(final String storeId, final List managers)
{
- // walk existing user sandboxes and reapply manager permissions to include new managers
- List sbInfos = AuthenticationUtil.runAs(new RunAsWork>()
- {
- public List doWork() throws Exception
- {
- return listSandboxes(wpStoreId, AuthenticationUtil.getSystemUserName());
- }
- }, AuthenticationUtil.getSystemUserName());
-
- for (SandboxInfo sbInfo : sbInfos)
- {
- if (sbInfo.getSandboxType().equals(SandboxConstants.PROP_SANDBOX_AUTHOR_MAIN))
- {
- String username = sbInfo.getName();
- updateUserSandboxManagers(wpStoreId, managers, username);
- }
- }
-
- updateStagingAreaManagers(wpStoreId, managers);
+ String stagingStoreName = WCMUtil.buildStagingStoreName(storeId);
+
+ updateStagingAreaManagers(stagingStoreName, managers);
}
/**
@@ -960,75 +1117,16 @@ public final class SandboxFactory extends WCMUtil
*
* Ensures that all managers in the list have full WRITE access to the specified user stores.
*
- * @param storeId The store id of the sandbox to update
- * @param managers The list of authorities who have ContentManager role in the web project
- * @param username Username of the user sandbox to update
+ * @param storeId
+ * The store id of the sandbox to update
+ * @param managers
+ * The list of authorities who have ContentManager role in the web project
*/
- private void updateUserSandboxManagers(final String storeId, final List managers, final String username)
+ public void removeSandboxManagers(String storeId, List managersToRemove)
{
- final String userStoreName = WCMUtil.buildUserMainStoreName(storeId, username);
- final String previewStoreName = WCMUtil.buildUserPreviewStoreName(storeId, username);
-
- // Apply masks to the stores
-
- // apply the manager role permission to the user main sandbox for each manager
- NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(userStoreName));
- for (String manager : managers)
- {
- permissionService.setPermission(dirRef.getStoreRef(), manager, WCMUtil.ROLE_CONTENT_MANAGER, true);
- }
-
- // apply the manager role permission to the user preview sandbox for each manager
- dirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(previewStoreName));
- for (String manager : managers)
- {
- permissionService.setPermission(dirRef.getStoreRef(), manager, WCMUtil.ROLE_CONTENT_MANAGER, true);
- }
+ removeStagingAreaManagers(storeId, managersToRemove);
}
- public void removeSandboxManagers(final String wpStoreId, List managers)
- {
- // walk existing user sandboxes and remove manager permissions to exclude old managers
- List sbInfos = AuthenticationUtil.runAs(new RunAsWork>()
- {
- public List doWork() throws Exception
- {
- return listSandboxes(wpStoreId, AuthenticationUtil.getSystemUserName());
- }
- }, AuthenticationUtil.getSystemUserName());
-
- for (SandboxInfo sbInfo : sbInfos)
- {
- if (sbInfo.getSandboxType().equals(SandboxConstants.PROP_SANDBOX_AUTHOR_MAIN))
- {
- String username = sbInfo.getName();
- removeUserSandboxManagers(wpStoreId, managers, username);
- }
- }
-
- removeStagingAreaManagers(wpStoreId, managers);
- }
-
- /**
- * Removes the permissions for the list of sandbox ex-managers.
- *
- * @param storeId The store id of the sandbox to update
- * @param managersToRemove The list of authorities who have had ContentManager role in the web project
- * @param username Username of the user sandbox to update
- */
- private void removeUserSandboxManagers(String storeId, List managersToRemove, String username)
- {
- final String userStoreName = WCMUtil.buildUserMainStoreName(storeId, username);
- final String previewStoreName = WCMUtil.buildUserPreviewStoreName(storeId, username);
-
- final NodeRef mainDirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(userStoreName));
- final NodeRef previewDirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(previewStoreName));
- for (String manager : managersToRemove)
- {
- permissionService.deletePermission(mainDirRef.getStoreRef(), manager, WCMUtil.ROLE_CONTENT_MANAGER);
- permissionService.deletePermission(previewDirRef.getStoreRef(), manager, WCMUtil.ROLE_CONTENT_MANAGER);
- }
- }
/**
* Removes the ContentManager role on staging area to ex-managers.
*
@@ -1037,19 +1135,12 @@ public final class SandboxFactory extends WCMUtil
*/
private void removeStagingAreaManagers(String storeId, List managersToRemove)
{
- final String storeName = WCMUtil.buildStagingStoreName(storeId);
-
- final NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(storeName));
- for (String manager : managersToRemove)
+ String storeName = WCMUtil.buildStagingStoreName(storeId);
+
+ for (String remove : managersToRemove)
{
- permissionService.deletePermission(dirRef, manager, WCMUtil.ROLE_CONTENT_MANAGER);
-
- permissionService.deletePermission(dirRef.getStoreRef(), manager,
- PermissionService.CHANGE_PERMISSIONS);
- permissionService.deletePermission(dirRef.getStoreRef(), manager,
- PermissionService.READ_PERMISSIONS);
+ removeFromGroupIfRequired(storeName, remove, PermissionService.WCM_CONTENT_MANAGER);
}
-
}
public void updateSandboxRoles(final String wpStoreId, List usersToUpdate, Set permissionsList)
@@ -1085,11 +1176,7 @@ public final class SandboxFactory extends WCMUtil
*/
private void updateUserSandboxRole(String storeId, String username, List usersToUpdate, Set permissionsList)
{
- final String userStoreName = WCMUtil.buildUserMainStoreName(storeId, username);
- final String previewStoreName = WCMUtil.buildUserPreviewStoreName(storeId, username);
-
- final NodeRef mainDirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(userStoreName));
- final NodeRef previewDirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(previewStoreName));
+ final String storeName = WCMUtil.buildStagingStoreName(storeId);
// If permissionsList is set remove all possible user permissions and set only necessary.
// This will fix previous wrong role changes. (paranoid)
@@ -1101,22 +1188,18 @@ public final class SandboxFactory extends WCMUtil
{
for (String permission : permissionsList)
{
- permissionService.deletePermission(mainDirRef, user.getUserAuth(), permission);
- permissionService.deletePermission(previewDirRef, user.getUserAuth(), permission);
+ removeFromGroupIfRequired(storeName, user.getUserAuth(), permission);
}
-
- permissionService.setPermission(mainDirRef, user.getUserAuth(), user.getNewRole(), true);
- permissionService.setPermission(previewDirRef, user.getUserAuth(), user.getNewRole(), true);
+
+ addToGroupIfRequired(storeName, user.getUserAuth(), user.getNewRole());
}
}
else
{
- for (UserRoleWrapper user: usersToUpdate)
+ for (UserRoleWrapper user : usersToUpdate)
{
- permissionService.deletePermission(mainDirRef, user.getUserAuth(), user.getOldRole());
- permissionService.deletePermission(previewDirRef, user.getUserAuth(), user.getOldRole());
- permissionService.setPermission(mainDirRef, user.getUserAuth(), user.getNewRole(), true);
- permissionService.setPermission(previewDirRef, user.getUserAuth(), user.getNewRole(), true);
+ removeFromGroupIfRequired(storeName, user.getUserAuth(), user.getOldRole());
+ addToGroupIfRequired(storeName, user.getUserAuth(), user.getNewRole());
}
}
}
@@ -1131,25 +1214,29 @@ public final class SandboxFactory extends WCMUtil
private void updateStagingAreaRole(String storeId, List usersToUpdate, Set permissionsList)
{
final String storeName = WCMUtil.buildStagingStoreName(storeId);
- final NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, WCMUtil.buildStoreRootPath(storeName));
-
+
+ // If permissionsList is set remove all possible user permissions and set only necessary.
+ // This will fix previous wrong role changes. (paranoid)
+ // For little better performance just set permissionsList to null.
+ // But in this case it removes only previous permission.
if (permissionsList != null && permissionsList.size() != 0)
{
for (UserRoleWrapper user : usersToUpdate)
{
for (String permission : permissionsList)
{
- permissionService.deletePermission(dirRef, user.getUserAuth(), permission);
+ removeFromGroupIfRequired(storeName, user.getUserAuth(), permission);
}
- permissionService.setPermission(dirRef, user.getUserAuth(), user.getNewRole(), true);
+
+ addToGroupIfRequired(storeName, user.getUserAuth(), user.getNewRole());
}
}
else
{
for (UserRoleWrapper user : usersToUpdate)
{
- permissionService.deletePermission(dirRef, user.getUserAuth(), user.getOldRole());
- permissionService.setPermission(dirRef, user.getUserAuth(), user.getNewRole(), true);
+ removeFromGroupIfRequired(storeName, user.getUserAuth(), user.getOldRole());
+ addToGroupIfRequired(storeName, user.getUserAuth(), user.getNewRole());
}
}
}
diff --git a/source/java/org/alfresco/wcm/util/WCMUtil.java b/source/java/org/alfresco/wcm/util/WCMUtil.java
index e46327a600..350662880c 100644
--- a/source/java/org/alfresco/wcm/util/WCMUtil.java
+++ b/source/java/org/alfresco/wcm/util/WCMUtil.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2008 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General protected License
@@ -42,6 +42,7 @@ import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
@@ -771,10 +772,10 @@ public class WCMUtil
protected final static String SPACE_ICON_WEBSITE = "space-icon-website";
// web user role permissions
- public static final String ROLE_CONTENT_MANAGER = "ContentManager";
- public static final String ROLE_CONTENT_PUBLISHER = "ContentPublisher";
- public static final String ROLE_CONTENT_REVIEWER = "ContentReviewer";
- public static final String ROLE_CONTENT_CONTRIBUTOR = "ContentContributor";
+ public static final String ROLE_CONTENT_MANAGER = PermissionService.WCM_CONTENT_MANAGER;
+ public static final String ROLE_CONTENT_PUBLISHER = PermissionService.WCM_CONTENT_PUBLISHER;
+ public static final String ROLE_CONTENT_CONTRIBUTOR = PermissionService.WCM_CONTENT_CONTRIBUTOR;
+ public static final String ROLE_CONTENT_REVIEWER = PermissionService.WCM_CONTENT_REVIEWER;
private final static Pattern WEBAPP_RELATIVE_PATH_PATTERN =
Pattern.compile("([^:]+:/" + JNDIConstants.DIR_DEFAULT_WWW +