mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
RM-2129 (Check classification before method execution)
+review RM-69 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ENFORCE@105565 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
@@ -18,8 +18,11 @@
|
|||||||
*/
|
*/
|
||||||
package org.alfresco.module.org_alfresco_module_rm.classification.interceptor;
|
package org.alfresco.module.org_alfresco_module_rm.classification.interceptor;
|
||||||
|
|
||||||
|
import static org.codehaus.plexus.util.StringUtils.isNotBlank;
|
||||||
|
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
|
import org.alfresco.model.ContentModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
|
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceBootstrap;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
|
import org.alfresco.module.org_alfresco_module_rm.classification.ContentClassificationService;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.util.AlfrescoTransactionSupport;
|
import org.alfresco.module.org_alfresco_module_rm.util.AlfrescoTransactionSupport;
|
||||||
@@ -27,6 +30,7 @@ import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
|
|||||||
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
||||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||||
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
||||||
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeService;
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
import org.alfresco.service.transaction.TransactionService;
|
import org.alfresco.service.transaction.TransactionService;
|
||||||
@@ -50,10 +54,10 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
|
|||||||
/** application context */
|
/** application context */
|
||||||
private ApplicationContext applicationContext;
|
private ApplicationContext applicationContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param applicationContext application context
|
* @param applicationContext application context
|
||||||
* @throws BeansException
|
* @throws BeansException
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
||||||
{
|
{
|
||||||
@@ -93,6 +97,11 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
|
|||||||
return (NodeService)applicationContext.getBean("dbNodeService");
|
return (NodeService)applicationContext.getBean("dbNodeService");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected DictionaryService getDictionaryService()
|
||||||
|
{
|
||||||
|
return (DictionaryService)applicationContext.getBean("dictionaryService");
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check that the current user is cleared to see the items passed as parameters to the current
|
* Check that the current user is cleared to see the items passed as parameters to the current
|
||||||
* method invocation.
|
* method invocation.
|
||||||
@@ -100,10 +109,10 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
|
|||||||
* @param invocation method invocation
|
* @param invocation method invocation
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("rawtypes")
|
@SuppressWarnings("rawtypes")
|
||||||
public void checkClassification(final MethodInvocation invocation)
|
public void checkClassification(final MethodInvocation invocation)
|
||||||
{
|
{
|
||||||
// do in transaction
|
// do in transaction
|
||||||
getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>()
|
getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>()
|
||||||
{
|
{
|
||||||
public Void execute() throws Throwable
|
public Void execute() throws Throwable
|
||||||
{
|
{
|
||||||
@@ -111,69 +120,92 @@ public class ClassificationMethodInterceptor implements MethodInterceptor, Appli
|
|||||||
if (getClassificationServiceBootstrap().isInitialised())
|
if (getClassificationServiceBootstrap().isInitialised())
|
||||||
{
|
{
|
||||||
// check that we are not already processing a classification check
|
// check that we are not already processing a classification check
|
||||||
Object value = getAlfrescoTransactionSupport().getResource(KEY_PROCESSING);
|
Object value = getAlfrescoTransactionSupport().getResource(KEY_PROCESSING);
|
||||||
if (value == null)
|
if (value == null)
|
||||||
{
|
{
|
||||||
// check that we have an authenticated user and that they aren't "system"
|
Method method = invocation.getMethod();
|
||||||
if (getAuthenticationUtil().getFullyAuthenticatedUser() != null &&
|
Class[] params = method.getParameterTypes();
|
||||||
!getAuthenticationUtil().isRunAsUserTheSystemUser())
|
|
||||||
{
|
|
||||||
Method method = invocation.getMethod();
|
|
||||||
Class[] params = method.getParameterTypes();
|
|
||||||
|
|
||||||
int position = 0;
|
int position = 0;
|
||||||
for (Class param : params)
|
for (Class param : params)
|
||||||
|
{
|
||||||
|
// if the param is a node reference
|
||||||
|
if (NodeRef.class.isAssignableFrom(param))
|
||||||
{
|
{
|
||||||
// if the param is a node reference
|
// mark the transaction as processing a classification check
|
||||||
if (NodeRef.class.isAssignableFrom(param))
|
getAlfrescoTransactionSupport().bindResource(KEY_PROCESSING, Boolean.TRUE);
|
||||||
|
try
|
||||||
{
|
{
|
||||||
// mark the transaction as processing a classification check
|
// get the value of the parameter
|
||||||
getAlfrescoTransactionSupport().bindResource(KEY_PROCESSING, Boolean.TRUE);
|
NodeRef testNodeRef = (NodeRef) invocation.getArguments()[position];
|
||||||
try
|
|
||||||
{
|
|
||||||
// get the value of the parameter
|
|
||||||
NodeRef testNodeRef = (NodeRef) invocation.getArguments()[position];
|
|
||||||
|
|
||||||
// if node exists then see if the current user has clearance
|
// if node exists then see if the current user has clearance
|
||||||
if (getNodeService().exists(testNodeRef) &&
|
checkNode(testNodeRef);
|
||||||
!getContentClassificaitonService().hasClearance(testNodeRef))
|
}
|
||||||
{
|
finally
|
||||||
// throw exception
|
{
|
||||||
throw new AccessDeniedException("You do not have clearance!");
|
// clear the transaction as processed a classification check
|
||||||
}
|
getAlfrescoTransactionSupport().unbindResource(KEY_PROCESSING);
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
// clear the transaction as processed a classification check
|
|
||||||
getAlfrescoTransactionSupport().unbindResource(KEY_PROCESSING);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
position++;
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
position++;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}, true);
|
}, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
private boolean validUser()
|
||||||
* @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation)
|
{
|
||||||
*/
|
boolean result = false;
|
||||||
|
|
||||||
|
// check that we have an authenticated user and that they aren't "system"
|
||||||
|
if (isNotBlank(getAuthenticationUtil().getFullyAuthenticatedUser()) &&
|
||||||
|
!getAuthenticationUtil().isRunAsUserTheSystemUser())
|
||||||
|
{
|
||||||
|
result = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void checkNode(NodeRef testNodeRef)
|
||||||
|
{
|
||||||
|
if (getNodeService().exists(testNodeRef) &&
|
||||||
|
getDictionaryService().isSubClass(getNodeService().getType(testNodeRef), ContentModel.TYPE_CONTENT) &&
|
||||||
|
!getContentClassificaitonService().hasClearance(testNodeRef))
|
||||||
|
{
|
||||||
|
// throw exception
|
||||||
|
throw new AccessDeniedException("You do not have clearance!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation)
|
||||||
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Object invoke(MethodInvocation invocation) throws Throwable
|
public Object invoke(MethodInvocation invocation) throws Throwable
|
||||||
{
|
{
|
||||||
// pre method invocation check
|
boolean isValidUser = validUser();
|
||||||
checkClassification(invocation);
|
|
||||||
|
if (isValidUser)
|
||||||
|
{
|
||||||
|
// pre method invocation check
|
||||||
|
checkClassification(invocation);
|
||||||
|
}
|
||||||
|
|
||||||
// method proceed
|
// method proceed
|
||||||
Object result = invocation.proceed();
|
Object result = invocation.proceed();
|
||||||
|
|
||||||
// post method invocation processing
|
if (isValidUser)
|
||||||
// TODO
|
{
|
||||||
|
// post method invocation processing
|
||||||
|
// TODO
|
||||||
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user