RM-2129 (Check classification before method execution)

+review RM-69

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ENFORCE@105565 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/interceptor/ClassificationMethodInterceptor.java

@@ -18,8 +18,11 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.classification.interceptor;
 
+import static org.codehaus.plexus.util.StringUtils.isNotBlank;
+
 import java.lang.reflect.Method;
 
+import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
 import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
 import org.alfresco.module.org_alfresco_module_rm.util.AlfrescoTransactionSupport;
@@ -27,6 +30,7 @@ import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
+import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.transaction.TransactionService;
@@ -93,6 +97,11 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
         return (NodeService)applicationContext.getBean("dbNodeService");
     }
 
+    protected DictionaryService getDictionaryService()
+    {
+        return (DictionaryService)applicationContext.getBean("dictionaryService");
+    }
+
     /**
      * Check that the current user is cleared to see the items passed as parameters to the current
      * method invocation.
@@ -113,10 +122,6 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
                     // check that we are not already processing a classification check
                     Object value = getAlfrescoTransactionSupport().getResource(KEY_PROCESSING);
                     if (value == null)
-            	    {
-            	        // check that we have an authenticated user and that they aren't "system"
-            	        if (getAuthenticationUtil().getFullyAuthenticatedUser() != null &&
-                	        !getAuthenticationUtil().isRunAsUserTheSystemUser())
                     {
                         Method method = invocation.getMethod();
                         Class[] params = method.getParameterTypes();
@@ -135,12 +140,7 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
                                     NodeRef testNodeRef = (NodeRef) invocation.getArguments()[position];
 
                                     // if node exists then see if the current user has clearance
-                                        if (getNodeService().exists(testNodeRef) &&
+                                    checkNode(testNodeRef);
-                                            !getContentClassificaitonService().hasClearance(testNodeRef))
-                                        {
-                                            // throw exception
-                                            throw new AccessDeniedException("You do not have clearance!");
-                                        }
                                 }
                                 finally
                                 {
@@ -153,27 +153,59 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
                         }
                     }
                 }
-                }
 
                 return null;
             }
         }, true);
     }
 
+    private boolean validUser()
+    {
+        boolean result = false;
+
+        // check that we have an authenticated user and that they aren't "system"
+        if (isNotBlank(getAuthenticationUtil().getFullyAuthenticatedUser()) &&
+            !getAuthenticationUtil().isRunAsUserTheSystemUser())
+        {
+            result = true;
+        }
+
+        return result;
+    }
+
+    private void checkNode(NodeRef testNodeRef)
+    {
+        if (getNodeService().exists(testNodeRef) &&
+                getDictionaryService().isSubClass(getNodeService().getType(testNodeRef), ContentModel.TYPE_CONTENT) &&
+                !getContentClassificaitonService().hasClearance(testNodeRef))
+        {
+            // throw exception
+            throw new AccessDeniedException("You do not have clearance!");
+        }
+    }
+
     /**
      * @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation)
      */
     @Override
     public Object invoke(MethodInvocation invocation) throws Throwable
+    {
+        boolean isValidUser = validUser();
+
+        if (isValidUser)
         {
             // pre method invocation check
             checkClassification(invocation);
+        }
 
         // method proceed
         Object result = invocation.proceed();
 
+        if (isValidUser)
+        {
             // post method invocation processing
          // TODO
+        }
 
         return result;
     }