From bccc560c449f16279b92a9423213aafe5f30a562 Mon Sep 17 00:00:00 2001 From: Derek Hulley Date: Fri, 7 Mar 2008 00:57:50 +0000 Subject: [PATCH] Merged V2.2 to HEAD 7700: Added store level ACLs. 7705: Merged V2.1 to V2.2 7701: Fixes a number of problems with FS deployment. Should work on windows now. 7712: AWC-1473: Fixed rendering of sidebar in Safari 7718: Merged V2.1 to V2.2 7704: Fix for HSQL column name clash - NEXT is reserved, so now NEXT_ID 7719: Build fix after Qname changes 7730: Build fix for email group. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8446 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../org/alfresco/repo/avm/AVMRepository.java | 296 ++++++++++-------- .../repo/avm/AVMServicePermissionsTest.java | 88 +++--- .../java/org/alfresco/repo/avm/AVMStore.java | 104 +++--- .../org/alfresco/repo/avm/AVMStoreImpl.java | 96 +++--- .../repo/avm/LayeredDirectoryNodeImpl.java | 94 +++--- .../org/alfresco/repo/avm/LookupCache.java | 4 +- .../repo/avm/PlainDirectoryNodeImpl.java | 6 +- .../alfresco/repo/avm/hibernate/AVM.hbm.xml | 9 +- .../impl/lucene/ADMLuceneCategoryTest.java | 112 +++---- .../authority/AuthorityServiceTest.java | 4 +- 10 files changed, 443 insertions(+), 370 deletions(-) diff --git a/source/java/org/alfresco/repo/avm/AVMRepository.java b/source/java/org/alfresco/repo/avm/AVMRepository.java index 4095c4ba53..552aca0c17 100644 --- a/source/java/org/alfresco/repo/avm/AVMRepository.java +++ b/source/java/org/alfresco/repo/avm/AVMRepository.java @@ -69,7 +69,7 @@ import org.apache.commons.logging.LogFactory; /** * This or AVMStore are the implementors of the operations specified by AVMService. - * + * * @author britt */ public class AVMRepository @@ -106,7 +106,7 @@ public class AVMRepository * The Lookup Cache instance. */ private LookupCache fLookupCache; - + private QNameDAO qnameDAO; private AVMStoreDAO fAVMStoreDAO; @@ -158,7 +158,7 @@ public class AVMRepository /** * Set the node issuer. For Spring. - * + * * @param nodeIssuer * The issuer. */ @@ -169,7 +169,7 @@ public class AVMRepository /** * Set the layer issuer. For Spring. - * + * * @param layerIssuer * The issuer. */ @@ -188,7 +188,7 @@ public class AVMRepository /** * Set the Lookup Cache instance. - * + * * @param cache * The instance to set. */ @@ -221,7 +221,7 @@ public class AVMRepository { this.qnameDAO = qnameDAO; } - + public void setAvmStoreDAO(AVMStoreDAO dao) { fAVMStoreDAO = dao; @@ -264,7 +264,7 @@ public class AVMRepository /** * Create a file. - * + * * @param path * The path to the containing directory. * @param name @@ -292,7 +292,7 @@ public class AVMRepository /** * Create a file with the given File as content. - * + * * @param path * The path to the containing directory. * @param name @@ -322,7 +322,7 @@ public class AVMRepository /** * Create a new directory. - * + * * @param path * The path to the containing directory. * @param name @@ -351,7 +351,7 @@ public class AVMRepository /** * Create a new directory. This assumes that the parent is already copied and therefore should only be used with * great care. - * + * * @param parent * The parent node. * @param name @@ -369,7 +369,7 @@ public class AVMRepository { throw new AVMWrongTypeException("Not a directory."); } - if (!can(node, PermissionService.CREATE_CHILDREN)) + if (!can(null, node, PermissionService.CREATE_CHILDREN)) { throw new AccessDeniedException("Not allowed to write in: " + parent); } @@ -403,7 +403,7 @@ public class AVMRepository /** * Create a new layered directory. - * + * * @param srcPath * The target indirection for the new layered directory. * @param dstPath @@ -438,7 +438,7 @@ public class AVMRepository /** * Create a new layered file. - * + * * @param srcPath * The target indirection for the new layered file. * @param dstPath @@ -468,7 +468,7 @@ public class AVMRepository /** * Create a new AVMStore. - * + * * @param name * The name to give the new AVMStore. */ @@ -489,7 +489,7 @@ public class AVMRepository /** * Create a new branch. - * + * * @param version * The version to branch off. * @param srcPath @@ -553,7 +553,7 @@ public class AVMRepository throw new AVMNotFoundException("Path not found."); } DirectoryNode dirNode = (DirectoryNode)dPath.getCurrentNode(); - if (!can(dirNode, PermissionService.ADD_CHILDREN)) + if (!can(dstRepo, dirNode, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not permitted to add children: " + dstPath); } @@ -562,9 +562,9 @@ public class AVMRepository // We do different things depending on what kind of thing we're // branching from. I'd be considerably happier if we disallowed // certain scenarios, but Jon won't let me :P (bhp). - + Long parentAcl = dirNode.getAcl() == null ? null : dirNode.getAcl().getId(); - + if (srcNode.getType() == AVMNodeType.PLAIN_DIRECTORY) { dstNode = new PlainDirectoryNodeImpl((PlainDirectoryNode)srcNode, dstRepo, parentAcl, ACLCopyMode.COPY); @@ -614,7 +614,7 @@ public class AVMRepository /** * Get an output stream to a file. - * + * * @param path * The full path to the file. * @return An OutputStream. @@ -642,7 +642,7 @@ public class AVMRepository /** * Get a content reader from a file node. - * + * * @param version * The version of the file. * @param path @@ -670,7 +670,7 @@ public class AVMRepository /** * Get a ContentWriter to a file node. - * + * * @param path * The path to the file. * @return A ContentWriter. @@ -698,7 +698,7 @@ public class AVMRepository /** * Rename a node. - * + * * @param srcPath * Source containing directory. * @param srcName @@ -735,7 +735,7 @@ public class AVMRepository throw new AVMNotFoundException("Path not found."); } srcDir = (DirectoryNode)sPath.getCurrentNode(); - if (!can(srcDir, PermissionService.DELETE_CHILDREN) || !can(srcDir, PermissionService.ADD_CHILDREN)) + if (!can(srcRepo, srcDir, PermissionService.DELETE_CHILDREN) || !can(srcRepo, srcDir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to read or write: " + srcPath); } @@ -766,7 +766,7 @@ public class AVMRepository throw new AVMNotFoundException("Path not found."); } DirectoryNode dstDir = (DirectoryNode)dPath.getCurrentNode(); - if (!can(dstDir, PermissionService.ADD_CHILDREN)) + if (!can(dstRepo, dstDir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + dstPath); } @@ -776,9 +776,9 @@ public class AVMRepository { throw new AVMExistsException("Node exists: " + dstName); } - + Long parentAcl = dstDir.getAcl() == null ? null : dstDir.getAcl().getId(); - + AVMNode dstNode = null; // We've passed the check, so we can go ahead and do the rename. if (srcNode.getType() == AVMNodeType.PLAIN_DIRECTORY) @@ -881,7 +881,7 @@ public class AVMRepository /** * Uncover a deleted name in a layered directory. - * + * * @param dirPath * The path to the layered directory. * @param name @@ -909,7 +909,7 @@ public class AVMRepository /** * Create a snapshot of a single AVMStore. - * + * * @param store * The name of the repository. * @param tag @@ -937,7 +937,7 @@ public class AVMRepository /** * Remove a node and everything underneath it. - * + * * @param path * The path to the containing directory. * @param name @@ -965,7 +965,7 @@ public class AVMRepository /** * Get rid of all content that lives only in the given AVMStore. Also removes the AVMStore. - * + * * @param name * The name of the AVMStore to purge. */ @@ -981,7 +981,7 @@ public class AVMRepository fLookupCache.onDelete(name); AVMNode root = store.getRoot(); // TODO Probably a special PermissionService.PURGE is needed. - if (!can(root, PermissionService.DELETE_CHILDREN)) + if (!can(store, root, PermissionService.DELETE_CHILDREN)) { throw new AccessDeniedException("Not allowed to purge: " + name); } @@ -1007,7 +1007,7 @@ public class AVMRepository /** * Remove all content specific to a AVMRepository and version. - * + * * @param name * The name of the AVMStore. * @param version @@ -1028,7 +1028,7 @@ public class AVMRepository /** * Get an input stream from a file. - * + * * @param version * The version to look under. * @param path @@ -1061,7 +1061,7 @@ public class AVMRepository { throw new AVMWrongTypeException(desc + " is not a File."); } - if (!can(node, PermissionService.READ_CONTENT)) + if (!can(null, node, PermissionService.READ_CONTENT)) { throw new AccessDeniedException("Not allowed to read content: " + desc); } @@ -1077,7 +1077,7 @@ public class AVMRepository /** * Get a listing of a directory. - * + * * @param version * The version to look under. * @param path @@ -1108,7 +1108,7 @@ public class AVMRepository /** * Get the list of nodes directly contained in a directory. - * + * * @param version * The version to look under. * @param path @@ -1137,7 +1137,7 @@ public class AVMRepository /** * Get the list of nodes directly contained in a directory. - * + * * @param dir * The descriptor to the directory node. * @param includeDeleted @@ -1152,7 +1152,7 @@ public class AVMRepository { throw new AVMBadArgumentException("Invalid Node."); } - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read children: " + dir); } @@ -1170,7 +1170,7 @@ public class AVMRepository /** * Get a directory listing from a directory node descriptor. - * + * * @param dir * The directory node descriptor. * @return A SortedMap listing. @@ -1190,7 +1190,7 @@ public class AVMRepository { throw new AVMWrongTypeException("Not a directory."); } - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read children: " + dir); } @@ -1206,7 +1206,7 @@ public class AVMRepository /** * Get the names of deleted nodes in a directory. - * + * * @param version * The version to look under. * @param path @@ -1234,7 +1234,7 @@ public class AVMRepository /** * Get descriptors of all AVMStores. - * + * * @return A list of all descriptors. */ @SuppressWarnings("unchecked") @@ -1251,7 +1251,7 @@ public class AVMRepository /** * Get a descriptor for an AVMStore. - * + * * @param name * The name to get. * @return The descriptor. @@ -1268,7 +1268,7 @@ public class AVMRepository /** * Get all version for a given AVMStore. - * + * * @param name * The name of the AVMStore. * @return A Set will all the version ids. @@ -1285,7 +1285,7 @@ public class AVMRepository /** * Get the set of versions between (inclusive) of the given dates. From or to may be null but not both. - * + * * @param name * The name of the AVMRepository. * @param from @@ -1306,7 +1306,7 @@ public class AVMRepository /** * Issue a node id. - * + * * @return The new id. */ public long issueID() @@ -1316,7 +1316,7 @@ public class AVMRepository /** * Issue a new layer id. - * + * * @return The new id. */ public long issueLayerID() @@ -1326,7 +1326,7 @@ public class AVMRepository /** * Get the indirection path for a layered node. - * + * * @param version * The version to look under. * @param path @@ -1354,7 +1354,7 @@ public class AVMRepository /** * Get the next version id for the given AVMStore. - * + * * @param name * The name of the AVMStore. * @return The next version id. @@ -1371,7 +1371,7 @@ public class AVMRepository /** * Get the latest extant snapshotted version id. - * + * * @param name * The store name. */ @@ -1387,7 +1387,7 @@ public class AVMRepository /** * Get an AVMStore by name. - * + * * @param name * The name of the AVMStore. * @return The AVMStore. @@ -1400,7 +1400,7 @@ public class AVMRepository /** * Get a descriptor for an AVMStore root. - * + * * @param version * The version to get. * @param name @@ -1420,7 +1420,7 @@ public class AVMRepository // TODO Fix this awful mess regarding cycle detection. /** * Lookup a node. - * + * * @param version * The version to look under. * @param path @@ -1465,7 +1465,7 @@ public class AVMRepository /** * Lookup a descriptor from a directory descriptor. - * + * * @param dir * The directory descriptor. * @param name @@ -1488,7 +1488,7 @@ public class AVMRepository throw new AVMWrongTypeException("Not a directory."); } DirectoryNode dirNode = (DirectoryNode)node; - if (!can(dirNode, PermissionService.READ_CHILDREN)) + if (!can(null, dirNode, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read children: " + dir); } @@ -1502,7 +1502,7 @@ public class AVMRepository /** * Get all the paths to a particular node. - * + * * @param desc * The node descriptor. * @return The list of version, paths. @@ -1522,7 +1522,7 @@ public class AVMRepository /** * Get a single valid path for a node. - * + * * @param desc * The node descriptor. * @return A version, path @@ -1544,7 +1544,7 @@ public class AVMRepository /** * Get all paths for a node reachable by HEAD. - * + * * @param desc * The node descriptor. * @return A List of all the version, path Pairs that match. @@ -1564,7 +1564,7 @@ public class AVMRepository /** * Gets all the pass from to the given node starting from the give version root. - * + * * @param version * The version root. * @param node @@ -1581,7 +1581,7 @@ public class AVMRepository /** * Helper to get all version paths. - * + * * @param node * The current node we are examining. * @param components @@ -1595,7 +1595,7 @@ public class AVMRepository */ private void recursiveGetVersionPaths(AVMNode node, List components, List paths, DirectoryNode root, String storeName) { - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { return; } @@ -1617,7 +1617,7 @@ public class AVMRepository /** * Get all paths in a particular store in the head version for a particular node. - * + * * @param desc * The node descriptor. * @param store @@ -1644,7 +1644,7 @@ public class AVMRepository /** * Do the actual work. - * + * * @param node * The current node. * @param components @@ -1655,7 +1655,7 @@ public class AVMRepository private void recursiveGetPaths(AVMNode node, List components, List> paths) { - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { return; } @@ -1686,7 +1686,7 @@ public class AVMRepository /** * Do the work of getting one path for a node. - * + * * @param node * The node to get the path of. * @param components @@ -1695,7 +1695,7 @@ public class AVMRepository */ private Pair recursiveGetAPath(AVMNode node, List components) { - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { return null; } @@ -1742,7 +1742,7 @@ public class AVMRepository /** * Do the actual work. - * + * * @param node * The current node. * @param components @@ -1753,7 +1753,7 @@ public class AVMRepository private void recursiveGetHeadPaths(AVMNode node, List components, List> paths) { - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { return; } @@ -1780,7 +1780,7 @@ public class AVMRepository /** * Do the actual work. - * + * * @param node * The current node. * @param components @@ -1792,7 +1792,7 @@ public class AVMRepository List> paths, DirectoryNode root, String storeName) { - if (!can(node, PermissionService.READ_CHILDREN)) + if (!can(null, node, PermissionService.READ_CHILDREN)) { return; } @@ -1814,7 +1814,7 @@ public class AVMRepository /** * Add a path to the list. - * + * * @param components * The path name components. * @param version @@ -1832,7 +1832,7 @@ public class AVMRepository /** * Alternate version. - * + * * @param components * @param storeName * @param paths @@ -1845,7 +1845,7 @@ public class AVMRepository /** * Helper for generating paths. - * + * * @param components * The path components. * @param storeName @@ -1872,7 +1872,7 @@ public class AVMRepository /** * Get information about layering of a path. - * + * * @param version * The version to look under. * @param path @@ -1895,7 +1895,7 @@ public class AVMRepository { throw new AVMNotFoundException("Path not found."); } - if (!can(lookup.getCurrentNode(), PermissionService.READ_PROPERTIES)) + if (!can(store, lookup.getCurrentNode(), PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + path); } @@ -1911,7 +1911,7 @@ public class AVMRepository /** * Lookup a directory specifically. - * + * * @param version * The version to look under. * @param path @@ -1951,7 +1951,7 @@ public class AVMRepository /** * Utility to split a path, foo:bar/baz into its repository and path parts. - * + * * @param path * The fully qualified path. * @return The repository name and the repository path. @@ -1968,7 +1968,7 @@ public class AVMRepository /** * Make a directory into a primary indirection. - * + * * @param path * The full path. */ @@ -1994,7 +1994,7 @@ public class AVMRepository /** * Change what a layered directory points at. - * + * * @param path * The full path to the layered directory. * @param target @@ -2022,7 +2022,7 @@ public class AVMRepository /** * Get the history chain for a node. - * + * * @param desc * The node to get history of. * @param count @@ -2036,7 +2036,7 @@ public class AVMRepository { throw new AVMNotFoundException("Not found."); } - if (!can(node, PermissionService.READ_PROPERTIES)) + if (!can(null, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + desc); } @@ -2052,7 +2052,7 @@ public class AVMRepository { break; } - if (!can(node, PermissionService.READ_PROPERTIES)) + if (!can(null, node, PermissionService.READ_PROPERTIES)) { break; } @@ -2063,7 +2063,7 @@ public class AVMRepository /** * Set the opacity of a layered directory. An opaque directory hides the things it points to via indirection. - * + * * @param path * The path to the layered directory. * @param opacity @@ -2091,7 +2091,7 @@ public class AVMRepository /** * Set a property on a node. - * + * * @param path * The path to the node. * @param name @@ -2121,7 +2121,7 @@ public class AVMRepository /** * Set a collection of properties at once. - * + * * @param path * The path to the node. * @param properties @@ -2149,7 +2149,7 @@ public class AVMRepository /** * Get a property by name for a node. - * + * * @param version * The version to look under. * @param path @@ -2179,7 +2179,7 @@ public class AVMRepository /** * Get a Map of all the properties of a node. - * + * * @param version * The version to look under. * @param path @@ -2207,7 +2207,7 @@ public class AVMRepository /** * Delete a single property from a node. - * + * * @param path * The path to the node. * @param name @@ -2235,7 +2235,7 @@ public class AVMRepository /** * Delete all properties on a node. - * + * * @param path * The path to the node. */ @@ -2261,7 +2261,7 @@ public class AVMRepository /** * Set a property on a store. Overwrites if property exists. - * + * * @param store * The AVMStore. * @param name @@ -2281,7 +2281,7 @@ public class AVMRepository /** * Set a group of properties on a store. Overwrites any properties that exist. - * + * * @param store * The AVMStore. * @param props @@ -2299,7 +2299,7 @@ public class AVMRepository /** * Get a property from a store. - * + * * @param store * The name of the store. * @param name @@ -2322,7 +2322,7 @@ public class AVMRepository /** * Queries a given store for properties with keys that match a given pattern. - * + * * @param store * The name of the store. * @param keyPattern @@ -2349,7 +2349,7 @@ public class AVMRepository /** * Queries all AVM stores for properties with keys that match a given pattern. - * + * * @param keyPattern * The sql 'like' pattern, inserted into a QName. * @return A List of Pairs of Store name, Map.Entry. @@ -2377,7 +2377,7 @@ public class AVMRepository /** * Get all the properties for a store. - * + * * @param store * The name of the Store. * @return A Map of all the properties. @@ -2398,7 +2398,7 @@ public class AVMRepository /** * Delete a property from a store. - * + * * @param store * The name of the store. * @param name @@ -2417,7 +2417,7 @@ public class AVMRepository /** * Get the common ancestor of two nodes if one exists. Unfortunately this is a quadratic problem, taking time * proportional to the product of the lengths of the left and right history chains. - * + * * @param left * The first node. * @param right @@ -2436,11 +2436,11 @@ public class AVMRepository { throw new AVMNotFoundException("Node not found."); } - if (!can(lNode, PermissionService.READ_PROPERTIES)) + if (!can(null, lNode, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + left); } - if (!can(rNode, PermissionService.READ_PROPERTIES)) + if (!can(null, rNode, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + right); } @@ -2492,7 +2492,7 @@ public class AVMRepository /** * Get the ContentData for a file. - * + * * @param version * The version to look under. * @param path @@ -2516,7 +2516,7 @@ public class AVMRepository /** * Get the ContentData for a file for writing. - * + * * @param path * The path to the file. * @return The ContentData object. @@ -2544,7 +2544,7 @@ public class AVMRepository /** * Set the ContentData on a file. - * + * * @param path * The path to the file. * @param data @@ -2572,7 +2572,7 @@ public class AVMRepository /** * Get the single instance of AVMRepository. - * + * * @return The single instance. */ public static AVMRepository GetInstance() @@ -2607,7 +2607,7 @@ public class AVMRepository /** * Add an aspect to an AVM Node. - * + * * @param path * The path to the node. * @param aspectName @@ -2635,7 +2635,7 @@ public class AVMRepository /** * Get all the aspects on an AVM node. - * + * * @param version * The version to look under. * @param path @@ -2663,7 +2663,7 @@ public class AVMRepository /** * Remove an aspect and all associated properties from a node. - * + * * @param path * The path to the node. * @param aspectName @@ -2691,7 +2691,7 @@ public class AVMRepository /** * Does a node have a particular aspect. - * + * * @param version * The version to look under. * @param path @@ -2721,7 +2721,7 @@ public class AVMRepository /** * Set the ACL on a node. - * + * * @param path * The path to the node. * @param acl @@ -2749,7 +2749,7 @@ public class AVMRepository /** * Get the ACL on a node. - * + * * @param version * The version to look under. * @param path @@ -2777,7 +2777,7 @@ public class AVMRepository /** * Link a node into a directory, directly. - * + * * @param parentPath * The path to the parent. * @param name @@ -2809,7 +2809,7 @@ public class AVMRepository /** * This is the danger version of link. It must be called on a copied and unsnapshotted directory. It blithely * inserts a child without checking if a child exists with a conflicting name. - * + * * @param parent * The parent directory. * @param name @@ -2829,7 +2829,7 @@ public class AVMRepository { throw new AVMException("Directory has not already been copied."); } - if (!can(dir, PermissionService.ADD_CHILDREN)) + if (!can(null, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + parent); } @@ -2838,7 +2838,7 @@ public class AVMRepository /** * Remove name without leaving behind a deleted node. Dangerous if used unwisely. - * + * * @param path * The path to the layered directory. * @param name @@ -2866,7 +2866,7 @@ public class AVMRepository { throw new AVMWrongTypeException("Not a Layered Directory."); } - if (!can(node, PermissionService.DELETE_CHILDREN)) + if (!can(store, node, PermissionService.DELETE_CHILDREN)) { throw new AccessDeniedException("Not allowed to write in: " + path); } @@ -2881,7 +2881,7 @@ public class AVMRepository /** * Force a copy on write. - * + * * @param path * The path to force. */ @@ -2915,7 +2915,7 @@ public class AVMRepository /** * Rename a store. - * + * * @param sourceName * The original name. * @param destName @@ -2951,7 +2951,7 @@ public class AVMRepository /** * Revert a head path to a given version. This works by cloning the version to revert to, and then linking that new * version into head. The reverted version will have the previous head version as ancestor. - * + * * @param path * The path to the parent directory. * @param name @@ -2981,7 +2981,7 @@ public class AVMRepository /** * Set the GUID on a node. - * + * * @param path * @param guid */ @@ -3007,7 +3007,7 @@ public class AVMRepository /** * Set the encoding on a node. - * + * * @param path * @param encoding */ @@ -3033,7 +3033,7 @@ public class AVMRepository /** * Set the mime type on a node. - * + * * @param path * @param encoding */ @@ -3072,7 +3072,7 @@ public class AVMRepository /** * Do the actual work. - * + * * @param node * The current node. * @param components @@ -3083,7 +3083,7 @@ public class AVMRepository private void recursiveGetStoreVersionPaths(String storeName, AVMNode node, int version, List components, List paths) { - if (!can(node, PermissionService.READ)) + if (!can(null, node, PermissionService.READ)) { return; } @@ -3116,7 +3116,7 @@ public class AVMRepository { throw new AVMNotFoundException("Node not found: " + desc); } - if (!can(node, PermissionService.READ_PROPERTIES)) + if (!can(null, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + desc); } @@ -3133,7 +3133,7 @@ public class AVMRepository { throw new AVMNotFoundException("Node not found: " + desc); } - if (!can(node, PermissionService.READ_CONTENT)) + if (!can(null, node, PermissionService.READ_CONTENT)) { throw new AccessDeniedException("Not allowed to read: " + desc); } @@ -3152,7 +3152,7 @@ public class AVMRepository { throw new AVMNotFoundException("Node not found: " + desc); } - if (!can(node, PermissionService.READ_PROPERTIES)) + if (!can(null, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + desc); } @@ -3164,15 +3164,16 @@ public class AVMRepository /** * Evaluate permission on a node. I've got a bad feeling about this... - * + * @param store * @param node * @param permission + * * @return */ - public boolean can(AVMNode node, String permission) + public boolean can(AVMStore store, AVMNode node, String permission) { DbAccessControlList acl = node.getAcl(); - + QName type; if (node.getType() == AVMNodeType.PLAIN_DIRECTORY) { @@ -3223,7 +3224,46 @@ public class AVMRepository { aclId = acl.getId(); } + if (store != null) + { + DbAccessControlList storeAcl = store.getStoreAcl(); + if (storeAcl != null) + { + Long storeAclID = storeAcl.getId(); + context.getAdditionalContext().put("STORE_ACL_ID", storeAclID); + } + } return fPermissionService.hasPermission(aclId, context, permission) == AccessStatus.ALLOWED; } + + /** + * Set the acl on a store. + * @param storeName + * @param acl + */ + public void setStoreAcl(String storeName, DbAccessControlList acl) + { + AVMStore store = getAVMStoreByName(storeName); + if (store == null) + { + throw new AVMNotFoundException("Store not found: " + storeName); + } + store.setStoreAcl(acl); + } + + /** + * Get the ACL on a store. + * @param storeName + * @return + */ + public DbAccessControlList getStoreAcl(String storeName) + { + AVMStore store = getAVMStoreByName(storeName); + if (store == null) + { + throw new AVMNotFoundException("Store not found: " + storeName); + } + return store.getStoreAcl(); + } } diff --git a/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java b/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java index 738009650d..1fca77574a 100644 --- a/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java +++ b/source/java/org/alfresco/repo/avm/AVMServicePermissionsTest.java @@ -75,7 +75,7 @@ import junit.framework.TestCase; /** * Specifically test AVM permissions with the updated ACL schema - * + * * @author andyh */ public class AVMServicePermissionsTest extends TestCase @@ -328,7 +328,7 @@ public class AVMServicePermissionsTest extends TestCase runAs(user); AVMNodeDescriptor desc = avmService.lookup(-1, path); AVMNode node = avmNodeDAO.getByID(desc.getId()); - boolean can = AVMRepository.GetInstance().can(node, permission); + boolean can = AVMRepository.GetInstance().can(null, node, permission); return allowed ? can : !can; } finally @@ -345,11 +345,11 @@ public class AVMServicePermissionsTest extends TestCase runAs(user); AVMNodeDescriptor desc = avmService.lookup(-1, path); AVMNode node = avmNodeDAO.getByID(desc.getId()); - boolean can = AVMRepository.GetInstance().can(node, permission); + boolean can = AVMRepository.GetInstance().can(null, node, permission); long start = System.nanoTime(); for(int i = 0; i < count; i++) { - can = AVMRepository.GetInstance().can(node, permission); + can = AVMRepository.GetInstance().can(null, node, permission); } long end = System.nanoTime(); System.out.println("Can in "+((end-start)/1.0e9f)); @@ -360,7 +360,7 @@ public class AVMServicePermissionsTest extends TestCase runAs(curentUser); } } - + private boolean checkHasPermissionsPerformance(String user, String path, String permission, boolean allowed, int count) { String curentUser = AuthenticationUtil.getCurrentUserName(); @@ -384,8 +384,8 @@ public class AVMServicePermissionsTest extends TestCase } } - - + + public void testSimpleUpdate() throws Exception { runAs("admin"); @@ -395,51 +395,51 @@ public class AVMServicePermissionsTest extends TestCase buildBaseStructure(storeName); avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir"); avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close(); - + AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base"); AVMNode node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList acl = node.getAcl(); assertNotNull(acl); acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId())); assertNotNull(acl); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList dirAcl = node.getAcl(); assertNotNull(dirAcl); assertTrue(acl.getId() == dirAcl.getId()); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList fileAcl = node.getAcl(); assertNotNull(fileAcl); assertTrue(acl.getId() == fileAcl.getId()); - - + + avmService.createSnapshot(storeName, "store", "store"); avmService.createSnapshot(storeName + "-layer-base", "store", "store"); - + List diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null); - + avmSyncService.update(diffs, null, false, false, false, false, "A", "A"); - - + + desc = avmService.lookup(-1, storeName + ":/base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); dirAcl = node.getAcl(); assertNull(dirAcl); - + desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); fileAcl = node.getAcl(); assertNull(fileAcl); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); dirAcl = node.getAcl(); assertNotNull(dirAcl); assertTrue(acl.getId() == dirAcl.getId()); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); fileAcl = node.getAcl(); @@ -457,7 +457,7 @@ public class AVMServicePermissionsTest extends TestCase avmService.purgeStore(storeName + "-layer-layer-layer-base"); } } - + public void testUpdateWithPermissions() throws Exception { runAs("admin"); @@ -465,63 +465,63 @@ public class AVMServicePermissionsTest extends TestCase try { buildBaseStructure(storeName); - + AVMNodeDescriptor nodeDesc = avmService.lookup(-1, storeName + ":/base"); NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, nodeDesc.getPath()); permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.ALL_PERMISSIONS, true); Long baseAcl = avmNodeDAO.getByID(nodeDesc.getId()).getAcl().getId(); Long inheritedBaseAcl = aclDaoComponent.getInheritedAccessControlList(baseAcl); - - + + avmService.createDirectory(storeName + "-layer-base:/layer-to-base", "update-dir"); avmService.createFile(storeName + "-layer-base:/layer-to-base/update-dir", "update-file").close(); - + AVMNodeDescriptor desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base"); AVMNode node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList acl = node.getAcl(); assertNotNull(acl); acl = aclDaoComponent.getDbAccessControlList(aclDaoComponent.getInheritedAccessControlList(acl.getId())); assertNotNull(acl); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList dirAcl = node.getAcl(); assertNotNull(dirAcl); assertTrue(acl.getId() == dirAcl.getId()); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); DbAccessControlList fileAcl = node.getAcl(); assertNotNull(fileAcl); assertTrue(acl.getId() == fileAcl.getId()); - - + + avmService.createSnapshot(storeName, "store", "store"); avmService.createSnapshot(storeName + "-layer-base", "store", "store"); - + List diffs = avmSyncService.compare(-1, storeName + "-layer-base:/layer-to-base", -1, storeName + ":/base", null); - + avmSyncService.update(diffs, null, false, false, false, false, "A", "A"); - - + + desc = avmService.lookup(-1, storeName + ":/base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); dirAcl = node.getAcl(); assertNotNull(dirAcl); assertEquals(inheritedBaseAcl, dirAcl.getId()); - + desc = avmService.lookup(-1, storeName + ":/base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); fileAcl = node.getAcl(); assertNotNull(fileAcl); assertEquals(inheritedBaseAcl, fileAcl.getId()); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir"); node = avmNodeDAO.getByID(desc.getId()); dirAcl = node.getAcl(); assertNotNull(dirAcl); assertTrue(acl.getId() == dirAcl.getId()); - + desc = avmService.lookup(-1, storeName + "-layer-base:/layer-to-base/update-dir/update-file"); node = avmNodeDAO.getByID(desc.getId()); fileAcl = node.getAcl(); @@ -540,7 +540,7 @@ public class AVMServicePermissionsTest extends TestCase avmService.purgeStore(storeName + "-layer-layer-layer-base"); } } - + public void testComplexStore_AlterInheritance() { runAs("admin"); @@ -586,10 +586,10 @@ public class AVMServicePermissionsTest extends TestCase assertTrue(checkPermission("lemur", storeName + "-layer-base:/layer-to-base", PermissionService.ALL_PERMISSIONS, true)); // performance - + checkCanPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000); checkHasPermissionsPerformance("lemur", storeName + ":/base", PermissionService.READ, false, 10000); - + String[] excludeL = new String[] { storeName + "-layer-base:/layer-to-base/d-d/layer-d-a" }; String[] excludeLL = new String[] { storeName + "-layer-layer-base:/layer-to-layer-to-base/d-d/layer-d-a" }; String[] excludeLLL = new String[] { storeName + "-layer-layer-layer-base:/layer-to-layer-to-layer-to-base/d-d/layer-d-a" }; @@ -694,7 +694,7 @@ public class AVMServicePermissionsTest extends TestCase // debugPermissions(storeName + ":/base"); // debugPermissions(storeName + "-layer-base:/layer-to-base"); - // + // // DbAccessControlList acl = avmACLDAO.getAccessControlList(nodeRef); // List nodes = aclDaoComponent.getAvmNodesByACL(acl.getId()); // for (Long id : nodes) @@ -714,7 +714,7 @@ public class AVMServicePermissionsTest extends TestCase // debugPermissions(storeName + ":/base"); // debugPermissions(storeName + "-layer-base:/layer-to-base"); - // + // // acl = avmACLDAO.getAccessControlList(nodeRef); // nodes = aclDaoComponent.getAvmNodesByACL(acl.getId()); // for (Long id : nodes) @@ -729,7 +729,7 @@ public class AVMServicePermissionsTest extends TestCase // "+avmACLDAO.getAccessControlList(testRef)); // } // } - // + // checkHeadPermissionNotSetForPath(storeName + ":/base", "loon", PermissionService.ALL_PERMISSIONS, true, null); String[] excludeL = new String[] { storeName + "-layer-base:/layer-to-base/d-d/layer-d-a" }; @@ -793,7 +793,7 @@ public class AVMServicePermissionsTest extends TestCase // "+avmACLDAO.getAccessControlList(testRef)); // } // } - // + // desc = avmService.lookup(-1, storeName + ":/base"); nodeRef = AVMNodeConverter.ToNodeRef(-1, desc.getPath()); permissionService.setPermission(nodeRef, "base", PermissionService.ALL_PERMISSIONS, true); @@ -1649,7 +1649,7 @@ public class AVMServicePermissionsTest extends TestCase permissionService.setPermission(nodeRef, "publisher", "ContentPublisher", true); permissionService.setPermission(nodeRef, "contributor", "ContentContributor", true); permissionService.setPermission(nodeRef, "reviewer", "ContentReviewer", true); - + assertEquals(permissionService.getSetPermissions(nodeRef).getPermissionEntries().size(), 5); assertEquals(definingId, avmACLDAO.getAccessControlList(nodeRef).getId()); @@ -1861,7 +1861,7 @@ public class AVMServicePermissionsTest extends TestCase { avmService.purgeStore(storeName); avmService.purgeStore(storeName+"-a-"); - + } } diff --git a/source/java/org/alfresco/repo/avm/AVMStore.java b/source/java/org/alfresco/repo/avm/AVMStore.java index 9a0996eae0..97c2dda5cf 100644 --- a/source/java/org/alfresco/repo/avm/AVMStore.java +++ b/source/java/org/alfresco/repo/avm/AVMStore.java @@ -52,13 +52,13 @@ public interface AVMStore * Get the primary key. */ public long getId(); - + /** * This returns the next version in this store that will be snapshotted. * @return The next version to be snapshotted. */ public int getNextVersionID(); - + /** * This gets the last extant version id. */ @@ -70,13 +70,25 @@ public interface AVMStore */ public void setNewRoot(DirectoryNode root); + /** + * Get the Acl associated with this store. + * @return + */ + public DbAccessControlList getStoreAcl(); + + /** + * Set the acl on this store. + * @param acl + */ + public void setStoreAcl(DbAccessControlList acl); + /** * Snapshots this store. This sets all nodes in the * the store to the should be copied state, and creates * a new version root. * @param tag The short description. * @param description The long description. - * @param snapShotMap Keeps track of snapshot ids for all stores that + * @param snapShotMap Keeps track of snapshot ids for all stores that * end up snapshotted, possibly recursively. * @return The map of all implicitely and explicitely snapshotted stores. */ @@ -105,7 +117,7 @@ public interface AVMStore * @return An OutputStream. */ public OutputStream createFile(String path, String name); - + /** * Create a file with the given contents. * @param path The path to the containing directory. @@ -129,15 +141,15 @@ public interface AVMStore * @return An InputStream */ public InputStream getInputStream(int version, String path); - + /** * Get a ContentReader from a file. * @param version The version to look under. * @param path The path to the file. * @return A ContentReader */ - public ContentReader getContentReader(int version, String path); - + public ContentReader getContentReader(int version, String path); + /** * Get a listing of the designated directory. * @param version The version to look under. @@ -145,9 +157,9 @@ public interface AVMStore * @param includeDeleted Whether to see Deleted nodes. * @return A listing. */ - public SortedMap getListing(int version, String path, + public SortedMap getListing(int version, String path, boolean includeDeleted); - + /** * Get the list of nodes directly contained in a directory. * @param version The version to look under. @@ -165,21 +177,21 @@ public interface AVMStore * @return A List of names. */ public List getDeleted(int version, String path); - + /** * Get an output stream to a file. * @param path The path to the file. * @return An OutputStream */ public OutputStream getOutputStream(String path); - + /** * Get a ContentWriter to a file. * @param path The path to the file. * @return A ContentWriter. */ public ContentWriter createContentWriter(String path); - + /** * Remove a node and all of its contents. * @param path The path to the node's parent directory. @@ -196,16 +208,16 @@ public interface AVMStore // TODO This is problematic. As time goes on this returns // larger and larger data sets. Perhaps what we should do is - // provide methods for getting versions by date range, n most + // provide methods for getting versions by date range, n most // recent etc. /** * Get all the version for this AVMStore. * @return A Set of all versions. */ public List getVersions(); - + /** - * Get the versions from between the given dates. From or to + * Get the versions from between the given dates. From or to * may be null but not both. * @param from The earliest date. * @param to The latest date. @@ -258,7 +270,7 @@ public interface AVMStore * @param target The new target path. */ public void retargetLayeredDirectory(String path, String target); - + /** * Get the root directory of this AVMStore. * @return The root directory. @@ -271,31 +283,31 @@ public interface AVMStore * @return The specified root or null. */ public AVMNodeDescriptor getRoot(int version); - + /** * Get the name of this store. * @return The name. */ public String getName(); - + /** * Set the name of the store. * @param name To Set. */ public void setName(String name); - + /** * Purge all the nodes reachable only by the given version. * @param version */ public void purgeVersion(int version); - + /** * Get the descriptor for this. * @return The descriptor. */ public AVMStoreDescriptor getDescriptor(); - + /** * Set the opacity of a layered directory. An opaque directory hides * what is pointed at by its indirection. @@ -303,7 +315,7 @@ public interface AVMStore * @param opacity True is opaque; false is not. */ public void setOpacity(String path, boolean opacity); - + /** * Set a property on a node. * @param path The path to the node. @@ -311,14 +323,14 @@ public interface AVMStore * @param value The value to set. */ public void setNodeProperty(String path, QName name, PropertyValue value); - + /** * Set a collection of properties on a node. * @param path The path to the node. * @param properties The Map of QNames to PropertyValues. */ public void setNodeProperties(String path, Map properties); - + /** * Get a property by name. * @param version The version to look under. @@ -327,20 +339,20 @@ public interface AVMStore * @return A PropertyValue or null if not found. */ public PropertyValue getNodeProperty(int version, String path, QName name); - + /** * Delete a single property from a node. * @param path The path to the node. * @param name The name of the property. */ public void deleteNodeProperty(String path, QName name); - + /** * Delete all properties from a node. * @param path The path to the node. */ public void deleteNodeProperties(String path); - + /** * Get all the properties associated with a node. * @param version The version to look under. @@ -348,39 +360,39 @@ public interface AVMStore * @return A Map of QNames to PropertyValues. */ public Map getNodeProperties(int version, String path); - + /** * Set a property on this store. Replaces if property already exists. * @param name The QName of the property. * @param value The actual PropertyValue. */ public void setProperty(QName name, PropertyValue value); - + /** * Set a group of properties on this store. Replaces any property that exists. * @param properties A Map of QNames to PropertyValues to set. */ public void setProperties(Map properties); - + /** * Get a property by name. * @param name The QName of the property to fetch. * @return The PropertyValue or null if non-existent. */ public PropertyValue getProperty(QName name); - + /** * Get all the properties associated with this node. * @return A Map of the properties. */ public Map getProperties(); - + /** * Delete a property. * @param name The name of the property to delete. */ public void deleteProperty(QName name); - + /** * Get the ContentData on a file. * @param version The version to look under. @@ -388,35 +400,35 @@ public interface AVMStore * @return The ContentData corresponding to the file. */ public ContentData getContentDataForRead(int version, String path); - + /** * Get the ContentData for writing. * @param path The path to the file. * @return The ContentData object. */ public ContentData getContentDataForWrite(String path); - + /** * Set the ContentData for a file. * @param path The path to the file. * @param data The ContentData to set. */ public void setContentData(String path, ContentData data); - + /** * Set meta data, aspects, properties, acls, from another node. * @param path The path to the node to set metadata on. * @param from The node to get the metadata from. */ public void setMetaDataFrom(String path, AVMNode from); - + /** * Add an aspect to a node. * @param path The path to the node. * @param aspectName The name of the aspect. */ public void addAspect(String path, QName aspectName); - + /** * Get all aspects on a given node. * @param version The version to look under. @@ -424,14 +436,14 @@ public interface AVMStore * @return A List of the QNames of the aspects. */ public Set getAspects(int version, String path); - + /** * Remove an aspect and all its properties from a node. * @param path The path to the node. * @param aspectName The name of the aspect. */ public void removeAspect(String path, QName aspectName); - + /** * Does a given node have a given aspect. * @param version The version to look under. @@ -440,14 +452,14 @@ public interface AVMStore * @return Whether the node has the aspect. */ public boolean hasAspect(int version, String path, QName aspectName); - + /** * Set the ACL on a node. * @param path The path to the node. * @param acl The ACL to set. */ public void setACL(String path, DbAccessControlList acl); - + /** * Get the ACL on a node. * @param version The version to look under. @@ -455,7 +467,7 @@ public interface AVMStore * @return The ACL. */ public DbAccessControlList getACL(int version, String path); - + /** * Link a node intro a directory, directly. * @param parentPath The path to the directory. @@ -473,21 +485,21 @@ public interface AVMStore * @param toRevertTo The descriptor of the version to revert to. */ public void revert(String path, String name, AVMNodeDescriptor toRevertTo); - + /** * Set the GUID on a node. * @param path * @param guid */ public void setGuid(String path, String guid); - + /** * Set the encoding of a file. * @param path * @param encoding */ public void setEncoding(String path, String encoding); - + /** * Set the mime type of a file. * @param path diff --git a/source/java/org/alfresco/repo/avm/AVMStoreImpl.java b/source/java/org/alfresco/repo/avm/AVMStoreImpl.java index 493c81088d..bd5c2ce296 100644 --- a/source/java/org/alfresco/repo/avm/AVMStoreImpl.java +++ b/source/java/org/alfresco/repo/avm/AVMStoreImpl.java @@ -101,6 +101,11 @@ public class AVMStoreImpl implements AVMStore, Serializable */ private long fVers; + /** + * Acl for this store. + */ + private DbAccessControlList fACL; + /** * The AVMRepository. */ @@ -337,7 +342,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -454,7 +459,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -496,7 +501,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -563,7 +568,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + dstPath + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + dstPath); } @@ -645,7 +650,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.READ_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -668,7 +673,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.READ_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -715,7 +720,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.READ_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -747,7 +752,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.DELETE_CHILDREN)) + if (!fAVMRepository.can(this, dir, PermissionService.DELETE_CHILDREN)) { throw new AVMNotFoundException("Not allowed to write: " + path); } @@ -776,7 +781,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("Not a layered directory: " + dirPath); } - if (!fAVMRepository.can(node, PermissionService.DELETE_CHILDREN)) + if (!fAVMRepository.can(this, node, PermissionService.DELETE_CHILDREN)) { throw new AccessDeniedException("Not allowed to write: " + dirPath); } @@ -875,7 +880,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { root = AVMDAOs.Instance().fAVMNodeDAO.getAVMStoreRoot(this, version); } - if (!fAVMRepository.can(root, PermissionService.READ_CHILDREN)) + if (!fAVMRepository.can(this, root, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read: " + fName + "@" + version); } @@ -924,7 +929,7 @@ public class AVMStoreImpl implements AVMStore, Serializable return null; } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.READ_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -957,7 +962,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMException("Not in a layered context: " + path); } - if (!fAVMRepository.can(dir, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, dir, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -982,7 +987,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMException("Not in a layered context: " + path); } - if (!fAVMRepository.can(dir, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, dir, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -1008,6 +1013,19 @@ public class AVMStoreImpl implements AVMStore, Serializable return fName; } + /* (non-Javadoc) + * @see org.alfresco.repo.avm.AVMStore#getAcl() + */ + public DbAccessControlList getStoreAcl() + { + return fACL; + } + + public void setStoreAcl(DbAccessControlList acl) + { + fACL = acl; + } + /** * Set the next version id. * @param nextVersionID @@ -1117,7 +1135,7 @@ public class AVMStoreImpl implements AVMStore, Serializable } AVMDAOs.Instance().fVersionLayeredNodeEntryDAO.delete(vRoot); AVMNode root = vRoot.getRoot(); - if (!fAVMRepository.can(root, PermissionService.DELETE_CHILDREN)) + if (!fAVMRepository.can(null, root, PermissionService.DELETE_CHILDREN)) { throw new AccessDeniedException("Not allowed to purge: " + fName + "@" + version); } @@ -1164,7 +1182,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("Not a LayeredDirectoryNode."); } - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -1187,7 +1205,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -1210,7 +1228,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -1244,7 +1262,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.READ_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -1277,7 +1295,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.READ_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -1302,12 +1320,12 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } node.setGuid(GUID.generate()); - + // convert the QName QNameEntity qnameEntity = AVMDAOs.Instance().fQNameDAO.getQNameEntity(name); if (qnameEntity == null) @@ -1332,7 +1350,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } @@ -1425,7 +1443,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("File Expected."); } - if (!fAVMRepository.can(node, PermissionService.READ_CONTENT)) + if (!fAVMRepository.can(this, node, PermissionService.READ_CONTENT)) { throw new AccessDeniedException("Not allowed to read: " + path); } @@ -1452,7 +1470,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("File Expected."); } - if (!fAVMRepository.can(node, PermissionService.WRITE_CONTENT)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_CONTENT)) { throw new AccessDeniedException("Not allowed to write content: " + path); } @@ -1500,7 +1518,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path not found: " + path); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write properties: " + path); } @@ -1521,14 +1539,14 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write: " + path); } // Convert the aspect QNames to entities QNameDAO qnameDAO = AVMDAOs.Instance().fQNameDAO; Long qnameEntityId = qnameDAO.getOrCreateQNameEntity(aspectName).getId(); - // Convert the + // Convert the node.getAspects().add(qnameEntityId); node.setGuid(GUID.generate()); } @@ -1547,7 +1565,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.READ_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + path); } @@ -1570,7 +1588,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write properties: " + path); } @@ -1607,7 +1625,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.READ_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.READ_PROPERTIES)) { throw new AccessDeniedException("Not allowed to read properties: " + path); } @@ -1637,7 +1655,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.CHANGE_PERMISSIONS)) + if (!fAVMRepository.can(this, node, PermissionService.CHANGE_PERMISSIONS)) { throw new AccessDeniedException("Not allowed to change permissions: " + path); } @@ -1658,7 +1676,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMNotFoundException("Path " + path + " not found."); } - if (!fAVMRepository.can(lPath.getCurrentNode(), PermissionService.READ_PERMISSIONS)) + if (!fAVMRepository.can(this, lPath.getCurrentNode(), PermissionService.READ_PERMISSIONS)) { throw new AccessDeniedException("Not allowed to read permissions: " + path + " in "+getName()); } @@ -1679,7 +1697,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + parentPath + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(null, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to add children: " + parentPath); } @@ -1702,8 +1720,8 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path " + path + " not found."); } DirectoryNode dir = (DirectoryNode)lPath.getCurrentNode(); - if (!fAVMRepository.can(dir, PermissionService.DELETE_CHILDREN) || - !fAVMRepository.can(dir, PermissionService.ADD_CHILDREN)) + if (!fAVMRepository.can(null, dir, PermissionService.DELETE_CHILDREN) || + !fAVMRepository.can(null, dir, PermissionService.ADD_CHILDREN)) { throw new AccessDeniedException("Not allowed to revert: " + path); } @@ -1727,7 +1745,7 @@ public class AVMStoreImpl implements AVMStore, Serializable QNameEntity revertedQNameEntity = qnameDAO.getOrCreateQNameEntity(WCMModel.ASPECT_REVERTED); toLink.getAspects().add(revertedQNameEntity.getId()); PropertyValue value = new PropertyValue(null, toRevertTo.getId()); - + QNameEntity qnameEntity = AVMDAOs.Instance().fQNameDAO.getOrCreateQNameEntity(WCMModel.PROP_REVERTED_ID); toLink.setProperty(qnameEntity.getId(), value); } @@ -1743,7 +1761,7 @@ public class AVMStoreImpl implements AVMStore, Serializable throw new AVMNotFoundException("Path not found: " + path); } AVMNode node = lPath.getCurrentNode(); - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write properties: " + path); } @@ -1765,7 +1783,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("Not a File: " + path); } - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write properties: " + path); } @@ -1788,7 +1806,7 @@ public class AVMStoreImpl implements AVMStore, Serializable { throw new AVMWrongTypeException("Not a File: " + path); } - if (!fAVMRepository.can(node, PermissionService.WRITE_PROPERTIES)) + if (!fAVMRepository.can(this, node, PermissionService.WRITE_PROPERTIES)) { throw new AccessDeniedException("Not allowed to write properties: " + path); } diff --git a/source/java/org/alfresco/repo/avm/LayeredDirectoryNodeImpl.java b/source/java/org/alfresco/repo/avm/LayeredDirectoryNodeImpl.java index 109351ce08..3f989c22dd 100644 --- a/source/java/org/alfresco/repo/avm/LayeredDirectoryNodeImpl.java +++ b/source/java/org/alfresco/repo/avm/LayeredDirectoryNodeImpl.java @@ -46,7 +46,7 @@ import org.alfresco.util.Pair; * A layered directory node. A layered directory node points at an underlying directory, which may or may not exist. The * visible contents of a layered directory node is the contents of the underlying node pointed at plus those nodes added * to or modified in the layered directory node minus those nodes which have been deleted in the layered directory node. - * + * * @author britt */ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirectoryNode @@ -87,7 +87,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Make a new one from a specified indirection path. - * + * * @param indirection * The indirection path to set. * @param store @@ -150,7 +150,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Kind of copy constructor, sort of. - * + * * @param other * The LayeredDirectoryNode we are copied from. * @param repos @@ -190,7 +190,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Construct one from a PlainDirectoryNode. Called when a COW is performed in a layered context. - * + * * @param other * The PlainDirectoryNode. * @param store @@ -227,7 +227,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Create a new layered directory based on a directory we are being named from that is in not in the layer of the * source lookup. - * + * * @param dir * The directory * @param store @@ -262,7 +262,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Is this a primary indirection node. - * + * * @return Whether this is a primary indirection. */ public boolean getPrimaryIndirection() @@ -272,7 +272,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Set the primary indirection state of this. - * + * * @param has * Whether this is a primary indirection node. */ @@ -283,7 +283,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the indirection path. - * + * * @return The indirection path. */ public String getIndirection() @@ -293,7 +293,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the underlying path in the Lookup's context. - * + * * @param lPath * The Lookup. * @return The underlying path. @@ -309,7 +309,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the underlying version in the lookup path context. - * + * * @param lPath * The Lookup. * @return The effective underlying version. @@ -329,7 +329,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the layer id. - * + * * @return The layer id. */ public long getLayerID() @@ -339,7 +339,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Set the layer id. - * + * * @param id * The id to set. */ @@ -350,7 +350,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Copy on write logic. - * + * * @param lPath * @return The copy or null. */ @@ -386,7 +386,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Insert a child node without COW. - * + * * @param name * The name to give the child. */ @@ -409,7 +409,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Does this node directly contain the indicated node. - * + * * @param node * The node we are checking. * @return Whether node is directly contained. @@ -421,7 +421,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get a listing of the virtual contents of this directory. - * + * * @param lPath * The Lookup. * @return A Map from names to nodes. This is a sorted Map. @@ -443,7 +443,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (entry.getValue().getType() == AVMNodeType.LAYERED_DIRECTORY || entry.getValue().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(entry.getValue(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(lookup.getAVMStore(), entry.getValue(), PermissionService.READ_CHILDREN)) { continue; } @@ -457,7 +457,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (entry.getChild().getType() == AVMNodeType.LAYERED_DIRECTORY || entry.getChild().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(entry.getChild(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(lPath.getAVMStore(), entry.getChild(), PermissionService.READ_CHILDREN)) { continue; } @@ -476,7 +476,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get a listing of the nodes directly contained by a directory. - * + * * @param lPath * The Lookup to this directory. * @return A Map of names to nodes. @@ -489,7 +489,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (entry.getChild().getType() == AVMNodeType.LAYERED_DIRECTORY || entry.getChild().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(entry.getChild(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(lPath != null ? lPath.getAVMStore() : null, entry.getChild(), PermissionService.READ_CHILDREN)) { continue; } @@ -504,7 +504,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the direct contents of this directory. - * + * * @param dir * The descriptor that describes us. * @param includeDeleted @@ -521,7 +521,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (childNode.getType() == AVMNodeType.LAYERED_DIRECTORY || childNode.getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(childNode, PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, childNode, PermissionService.READ_CHILDREN)) { continue; } @@ -538,7 +538,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get a listing from a directory node descriptor. - * + * * @param dir * The directory node descriptor. * @param includeDeleted @@ -565,7 +565,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (entry.getValue().getType() == AVMNodeType.LAYERED_DIRECTORY || entry.getValue().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(entry.getValue(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, entry.getValue(), PermissionService.READ_CHILDREN)) { continue; } @@ -583,7 +583,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec if (child.getChild().getType() == AVMNodeType.LAYERED_DIRECTORY || child.getChild().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(child.getChild(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, child.getChild(), PermissionService.READ_CHILDREN)) { continue; } @@ -603,7 +603,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the names of nodes deleted in this directory. - * + * * @return A List of names. */ public List getDeletedNames() @@ -622,7 +622,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Lookup a child by name. - * + * * @param lPath * The Lookup. * @param name @@ -673,7 +673,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Lookup a child using a node descriptor as context. - * + * * @param mine * The node descriptor for this, * @param name @@ -722,7 +722,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Directly remove a child. Do not COW. Do not pass go etc. - * + * * @param lPath * The lookup that arrived at this. * @param name @@ -778,7 +778,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the type of this node. - * + * * @return The type of this node. */ public int getType() @@ -788,7 +788,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * For diagnostics. Get a String representation. - * + * * @param lPath * The Lookup. * @return A String representation. @@ -800,7 +800,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Set the primary indirection. No COW. Cascade resetting of acls also does not COW - * + * * @param path * The indirection path. */ @@ -815,7 +815,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec fPrimaryIndirection = true; // Need to change the permission we point to .... if (fIndirection != null) - { + { if ((getAcl() == null) || (getAcl().getAclType() == ACLType.LAYERED)) { DbAccessControlList acl = null; @@ -936,7 +936,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Make this node become a primary indirection. COW. - * + * * @param lPath * The Lookup. */ @@ -952,7 +952,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Make this point at a new target. - * + * * @param lPath * The Lookup. */ @@ -967,7 +967,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Let anything behind name in this become visible. - * + * * @param lPath * The Lookup. * @param name @@ -993,7 +993,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the descriptor for this node. - * + * * @param lPath * The Lookup. * @return A descriptor. @@ -1021,7 +1021,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the descriptor for this node. - * + * * @param lPath * The Lookup. * @return A descriptor. @@ -1038,7 +1038,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get a descriptor for this. - * + * * @param parentPath * The parent path. * @param name @@ -1069,7 +1069,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Set the indirection. - * + * * @param indirection */ public void setIndirection(String indirection) @@ -1079,7 +1079,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Does nothing because LayeredDirectoryNodes can't be roots. - * + * * @param isRoot */ public void setIsRoot(boolean isRoot) @@ -1088,7 +1088,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the opacity of this. - * + * * @return The opacity. */ public boolean getOpacity() @@ -1098,7 +1098,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Set the opacity of this, ie, whether it blocks things normally seen through its indirection. - * + * * @param opacity */ public void setOpacity(boolean opacity) @@ -1108,7 +1108,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Link a node with the given id into this directory. - * + * * @param lPath * The Lookup for this. * @param name @@ -1157,7 +1157,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Remove name without leaving behind a deleted node. - * + * * @param name * The name of the child to flatten. */ @@ -1177,7 +1177,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /* * (non-Javadoc) - * + * * @see org.alfresco.repo.avm.LayeredDirectoryNode#setIndirectionVersion(int) */ public void setIndirectionVersion(Integer version) @@ -1194,7 +1194,7 @@ class LayeredDirectoryNodeImpl extends DirectoryNodeImpl implements LayeredDirec /** * Get the indirection version. - * + * * @return The indirection version. */ public Integer getIndirectionVersion() diff --git a/source/java/org/alfresco/repo/avm/LookupCache.java b/source/java/org/alfresco/repo/avm/LookupCache.java index e4cab06e38..ec2dc7fc89 100644 --- a/source/java/org/alfresco/repo/avm/LookupCache.java +++ b/source/java/org/alfresco/repo/avm/LookupCache.java @@ -132,7 +132,7 @@ public class LookupCache // before the end. for (int i = 0; i < path.size() - 1; i++) { - if (!AVMRepository.GetInstance().can(dir, PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, dir, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read children: " + path.get(i)); } @@ -151,7 +151,7 @@ public class LookupCache dir = (DirectoryNode)result.getCurrentNode(); } // Now look up the last element. - if (!AVMRepository.GetInstance().can(dir, PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, dir, PermissionService.READ_CHILDREN)) { throw new AccessDeniedException("Not allowed to read children: " + path.get(path.size() - 1)); } diff --git a/source/java/org/alfresco/repo/avm/PlainDirectoryNodeImpl.java b/source/java/org/alfresco/repo/avm/PlainDirectoryNodeImpl.java index bddf7a4dbd..aeef8408e6 100644 --- a/source/java/org/alfresco/repo/avm/PlainDirectoryNodeImpl.java +++ b/source/java/org/alfresco/repo/avm/PlainDirectoryNodeImpl.java @@ -116,7 +116,7 @@ class PlainDirectoryNodeImpl extends DirectoryNodeImpl implements PlainDirectory if (child.getChild().getType() == AVMNodeType.LAYERED_DIRECTORY || child.getChild().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(child.getChild(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(lPath.getAVMStore(), child.getChild(), PermissionService.READ_CHILDREN)) { continue; } @@ -170,7 +170,7 @@ class PlainDirectoryNodeImpl extends DirectoryNodeImpl implements PlainDirectory if (child.getChild().getType() == AVMNodeType.LAYERED_DIRECTORY || child.getChild().getType() == AVMNodeType.PLAIN_DIRECTORY) { - if (!AVMRepository.GetInstance().can(child.getChild(), PermissionService.READ_CHILDREN)) + if (!AVMRepository.GetInstance().can(null, child.getChild(), PermissionService.READ_CHILDREN)) { continue; } @@ -316,7 +316,7 @@ class PlainDirectoryNodeImpl extends DirectoryNodeImpl implements PlainDirectory public AVMNode copy(Lookup lPath) { DirectoryNode newMe = null; - + DirectoryNode dir = lPath.getCurrentNodeDirectory(); Long parentAclId = null; if((dir != null) && (dir.getAcl() != null)) diff --git a/source/java/org/alfresco/repo/avm/hibernate/AVM.hbm.xml b/source/java/org/alfresco/repo/avm/hibernate/AVM.hbm.xml index 430aa8789b..6e8540eff6 100644 --- a/source/java/org/alfresco/repo/avm/hibernate/AVM.hbm.xml +++ b/source/java/org/alfresco/repo/avm/hibernate/AVM.hbm.xml @@ -140,6 +140,9 @@ + + @@ -223,7 +226,7 @@ - + @@ -253,11 +256,11 @@ - + - +