diff --git a/config/alfresco/script-services-context.xml b/config/alfresco/script-services-context.xml index dd17c8b969..c9354bed04 100644 --- a/config/alfresco/script-services-context.xml +++ b/config/alfresco/script-services-context.xml @@ -101,7 +101,10 @@ people - + + + ${spaces.store} + diff --git a/config/alfresco/site-services-context.xml b/config/alfresco/site-services-context.xml index 8f717f0520..11493bcc2f 100644 --- a/config/alfresco/site-services-context.xml +++ b/config/alfresco/site-services-context.xml @@ -59,7 +59,7 @@ - + diff --git a/source/java/org/alfresco/filesys/ServerConfigurationBean.java b/source/java/org/alfresco/filesys/ServerConfigurationBean.java index 817172c15b..6662fa79a6 100644 --- a/source/java/org/alfresco/filesys/ServerConfigurationBean.java +++ b/source/java/org/alfresco/filesys/ServerConfigurationBean.java @@ -108,9 +108,6 @@ import org.springframework.context.ApplicationContextAware; import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; import net.sf.acegisecurity.AuthenticationManager; @@ -123,7 +120,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl // Debug logging - private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol"); + protected static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol"); // Filesystem configuration constants @@ -643,7 +640,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * * @param config Config */ - private final void processCIFSServerConfig(Config config) + protected void processCIFSServerConfig(Config config) { // If the configuration section is not valid then CIFS is disabled @@ -1331,9 +1328,10 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl if ( cifsConfig.useWinsockNetBIOS() == true && X64.isWindows64()) { - // Log a warning + // Debug - logger.warn("Using older Netbios() API code"); + if ( logger.isDebugEnabled()) + logger.debug("Using older Netbios() API code"); // Use the older NetBIOS API code @@ -1592,7 +1590,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * * @param config Config */ - private final void processFTPServerConfig(Config config) + protected void processFTPServerConfig(Config config) { // If the configuration section is not valid then FTP is disabled @@ -1857,7 +1855,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * * @param config Config */ - private final void processNFSServerConfig(Config config) + protected void processNFSServerConfig(Config config) { // If the configuration section is not valid then NFS is disabled @@ -2076,7 +2074,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * * @param config Config */ - private final void processFilesystemsConfig(Config config) + protected void processFilesystemsConfig(Config config) { // Get the top level filesystems configuration element @@ -2284,7 +2282,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * * @param config Config */ - private final void processSecurityConfig(Config config) + protected void processSecurityConfig(Config config) { // Create the security configuration section @@ -2342,6 +2340,8 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl ConfigElement classElem = mapperElem.getChild( "class"); if ( classElem == null) throw new InvalidConfigurationException("Share mapper class not specified"); + + mapperClass = classElem.getValue(); } // Initialize the share mapper @@ -2439,7 +2439,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * @param config Config * @exception InvalidConfigurationException */ - private final void processCoreServerConfig(Config config) + protected void processCoreServerConfig(Config config) throws InvalidConfigurationException { // Create the core server configuration section @@ -2690,7 +2690,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * @param secConfig SecurityConfigSection * @param aclsElem ConfigElement */ - private final AccessControlList processAccessControlList(SecurityConfigSection secConfig, ConfigElement aclsElem) + protected AccessControlList processAccessControlList(SecurityConfigSection secConfig, ConfigElement aclsElem) { // Check if there is an access control manager configured @@ -2782,7 +2782,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl * @param deskActionElem ConfigElement * @param fileSys DiskSharedDevice */ - private final DesktopActionTable processDesktopActions(ConfigElement deskActionElem, DiskSharedDevice fileSys) + protected DesktopActionTable processDesktopActions(ConfigElement deskActionElem, DiskSharedDevice fileSys) { // Get the desktop action configuration elements diff --git a/source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java b/source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java index dbb796bf20..55f47587a6 100644 --- a/source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java +++ b/source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java @@ -28,6 +28,7 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Hashtable; import java.util.List; +import java.util.StringTokenizer; import javax.transaction.Status; import javax.transaction.UserTransaction; @@ -48,6 +49,7 @@ import org.alfresco.jlan.server.auth.ntlm.TargetInfo; import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage; import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage; import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage; +import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory; import org.alfresco.jlan.server.auth.passthru.AuthenticateSession; import org.alfresco.jlan.server.auth.passthru.PassthruDetails; import org.alfresco.jlan.server.auth.passthru.PassthruServers; @@ -55,6 +57,7 @@ import org.alfresco.jlan.server.config.InvalidConfigurationException; import org.alfresco.jlan.server.config.ServerConfiguration; import org.alfresco.jlan.server.core.SharedDevice; import org.alfresco.jlan.smb.Capability; +import org.alfresco.jlan.smb.Protocol; import org.alfresco.jlan.smb.SMBStatus; import org.alfresco.jlan.smb.dcerpc.UUID; import org.alfresco.jlan.smb.server.SMBServer; @@ -1263,6 +1266,65 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements } } + // Check if a protocol order has been set + + ConfigElement protoOrderElem = params.getChild("ProtocolOrder"); + + if ( protoOrderElem != null && protoOrderElem.getValue().length() > 0) + { + // Parse the protocol order list + + StringTokenizer tokens = new StringTokenizer( protoOrderElem.getValue(), ","); + int primaryProto = Protocol.None; + int secondaryProto = Protocol.None; + + // There should only be one or two tokens + + if ( tokens.countTokens() > 2) + throw new AlfrescoRuntimeException("Invalid protocol order list, " + protoOrderElem.getValue()); + + // Get the primary protocol + + if ( tokens.hasMoreTokens()) + { + // Parse the primary protocol + + String primaryStr = tokens.nextToken(); + + if ( primaryStr.equalsIgnoreCase( "TCPIP")) + primaryProto = Protocol.NativeSMB; + else if ( primaryStr.equalsIgnoreCase( "NetBIOS")) + primaryProto = Protocol.TCPNetBIOS; + else + throw new AlfrescoRuntimeException("Invalid protocol type, " + primaryStr); + + // Check if there is a secondary protocol, and validate + + if ( tokens.hasMoreTokens()) + { + // Parse the secondary protocol + + String secondaryStr = tokens.nextToken(); + + if ( secondaryStr.equalsIgnoreCase( "TCPIP") && primaryProto != Protocol.NativeSMB) + secondaryProto = Protocol.NativeSMB; + else if ( secondaryStr.equalsIgnoreCase( "NetBIOS") && primaryProto != Protocol.TCPNetBIOS) + secondaryProto = Protocol.TCPNetBIOS; + else + throw new AlfrescoRuntimeException("Invalid secondary protocol, " + secondaryStr); + } + } + + // Set the protocol order used for passthru authentication sessions + + AuthSessionFactory.setProtocolOrder( primaryProto, secondaryProto); + + // DEBUG + + if (logger.isDebugEnabled()) + logger.debug("Protocol order primary=" + Protocol.asString(primaryProto) + ", secondary=" + Protocol.asString(secondaryProto)); + } + // Check if we have an authentication server if (m_passthruServers.getTotalServerCount() == 0) diff --git a/source/java/org/alfresco/repo/action/executer/MailActionExecuter.java b/source/java/org/alfresco/repo/action/executer/MailActionExecuter.java index 666b918b19..17e1cd1e22 100644 --- a/source/java/org/alfresco/repo/action/executer/MailActionExecuter.java +++ b/source/java/org/alfresco/repo/action/executer/MailActionExecuter.java @@ -24,6 +24,7 @@ */ package org.alfresco.repo.action.executer; +import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -224,6 +225,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase // Create the mime mail message MimeMessagePreparator mailPreparer = new MimeMessagePreparator() { + @SuppressWarnings("unchecked") public void prepare(MimeMessage mimeMessage) throws MessagingException { if (logger.isDebugEnabled()) @@ -248,7 +250,21 @@ public class MailActionExecuter extends ActionExecuterAbstractBase else { // see if multiple recipients have been supplied - as a list of authorities - List authorities = (List)ruleAction.getParameterValue(PARAM_TO_MANY); + Serializable authoritiesValue = ruleAction.getParameterValue(PARAM_TO_MANY); + List authorities = null; + if (authoritiesValue != null) + { + if (authoritiesValue instanceof String) + { + authorities = new ArrayList(1); + authorities.add((String)authoritiesValue); + } + else + { + authorities = (List)authoritiesValue; + } + } + if (authorities != null && authorities.size() != 0) { List recipients = new ArrayList(authorities.size()); @@ -407,7 +423,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase protected void addParameterDefinitions(List paramList) { paramList.add(new ParameterDefinitionImpl(PARAM_TO, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_TO))); - paramList.add(new ParameterDefinitionImpl(PARAM_TO_MANY, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_TO_MANY), true)); + paramList.add(new ParameterDefinitionImpl(PARAM_TO_MANY, DataTypeDefinition.ANY, false, getParamDisplayLabel(PARAM_TO_MANY), true)); paramList.add(new ParameterDefinitionImpl(PARAM_SUBJECT, DataTypeDefinition.TEXT, true, getParamDisplayLabel(PARAM_SUBJECT))); paramList.add(new ParameterDefinitionImpl(PARAM_TEXT, DataTypeDefinition.TEXT, true, getParamDisplayLabel(PARAM_TEXT))); paramList.add(new ParameterDefinitionImpl(PARAM_FROM, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_FROM))); diff --git a/source/java/org/alfresco/repo/importer/ImporterBootstrap.java b/source/java/org/alfresco/repo/importer/ImporterBootstrap.java index 0f496919f5..ead48fb615 100644 --- a/source/java/org/alfresco/repo/importer/ImporterBootstrap.java +++ b/source/java/org/alfresco/repo/importer/ImporterBootstrap.java @@ -39,11 +39,11 @@ import java.util.Locale; import java.util.Properties; import java.util.ResourceBundle; -import net.sf.acegisecurity.Authentication; - import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; @@ -311,34 +311,31 @@ public class ImporterBootstrap extends AbstractLifecycleBean } return; } - - // note: in MT case, this will run in System context of tenant domain - Authentication authentication = authenticationComponent.getCurrentAuthentication(); - if (authenticationComponent.getCurrentUserName() == null) - { - authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName()); - } - - RetryingTransactionCallback doImportCallback = new RetryingTransactionCallback() - { - public Object execute() throws Throwable - { - doImport(); - return null; - } - }; + try { - transactionService.getRetryingTransactionHelper().doInTransaction(doImportCallback, transactionService.isReadOnly(), false); + // import the content - note: in MT case, this will run in System context of tenant domain + RunAsWork importRunAs = new RunAsWork() + { + public Object doWork() throws Exception + { + RetryingTransactionCallback doImportCallback = new RetryingTransactionCallback() + { + public Object execute() throws Throwable + { + doImport(); + return null; + } + }; + return transactionService.getRetryingTransactionHelper().doInTransaction(doImportCallback, transactionService.isReadOnly(), false); + } + }; + AuthenticationUtil.runAs(importRunAs, authenticationComponent.getSystemUserName()); } catch(Throwable e) { throw new AlfrescoRuntimeException("Bootstrap failed", e); } - finally - { - try {authenticationComponent.setCurrentAuthentication(authentication); } catch (Throwable ex) {} - } } /** diff --git a/source/java/org/alfresco/repo/jscript/People.java b/source/java/org/alfresco/repo/jscript/People.java index cc074c6e4b..ce3d6c607f 100644 --- a/source/java/org/alfresco/repo/jscript/People.java +++ b/source/java/org/alfresco/repo/jscript/People.java @@ -25,17 +25,24 @@ package org.alfresco.repo.jscript; import java.util.Set; +import java.util.StringTokenizer; import org.alfresco.model.ContentModel; +import org.alfresco.repo.search.impl.lucene.QueryParser; import org.alfresco.repo.security.authentication.MutableAuthenticationDao; import org.alfresco.repo.security.authentication.PasswordGenerator; import org.alfresco.repo.security.authentication.UserNameGenerator; import org.alfresco.repo.security.authority.AuthorityDAO; import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.StoreRef; +import org.alfresco.service.cmr.search.ResultSet; +import org.alfresco.service.cmr.search.SearchParameters; +import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.namespace.NamespaceService; import org.alfresco.util.ParameterCheck; import org.alfresco.util.PropertyMap; import org.mozilla.javascript.Context; @@ -56,6 +63,23 @@ public final class People extends BaseScopableProcessorExtension private MutableAuthenticationDao mutableAuthenticationDao; private UserNameGenerator usernameGenerator; private PasswordGenerator passwordGenerator; + private StoreRef storeRef; + + + /** + * Set the default store reference + * + * @param storeRef the default store reference + */ + public void setStoreUrl(String storeRef) + { + // ensure this is not set again by a script instance + if (this.storeRef != null) + { + throw new IllegalStateException("Default store URL can only be set once."); + } + this.storeRef = new StoreRef(storeRef); + } /** * Set the mutable authentication dao @@ -221,9 +245,12 @@ public final class People extends BaseScopableProcessorExtension return person; } + /** * Get the collection of people stored in the repository. * An optional filter query may be provided by which to filter the people collection. + * Space separate the query terms i.e. "john bob" will find all users who's first or + * second names contain the strings "john" or "bob". * * @param filter filter query string by which to filter the collection of people. * If 
null
then all people stored in the repository are returned @@ -232,10 +259,78 @@ public final class People extends BaseScopableProcessorExtension */ public Scriptable getPeople(String filter) { - Object[] people = personService.getAllPeople().toArray(); + return getPeople(filter, 0); + } + + /** + * Get the collection of people stored in the repository. + * An optional filter query may be provided by which to filter the people collection. + * Space separate the query terms i.e. "john bob" will find all users who's first or + * second names contain the strings "john" or "bob". + * + * @param filter filter query string by which to filter the collection of people. + * If 
null
then all people stored in the repository are returned + * @param maxResults maximum results to return or all if <= 0 + * + * @return people collection as a JavaScript array + */ + public Scriptable getPeople(String filter, int maxResults) + { + Object[] people = null; - // TODO glen.johnson@alfresco.com - if filterQuery parameter provided, then filter the collection - // of people + if (filter == null) + { + people = personService.getAllPeople().toArray(); + } + else + { + filter = filter.trim(); + if (filter.length() != 0) + { + // define the query to find people by their first or last name + StringBuilder query = new StringBuilder(128); + for (StringTokenizer t = new StringTokenizer(filter, " "); t.hasMoreTokens(); /**/) + { + String term = QueryParser.escape(t.nextToken()); + query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*"); + query.append(term); + query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*"); + query.append(term); + query.append("*\" "); + } + + // define the search parameters + SearchParameters params = new SearchParameters(); + params.setLanguage(SearchService.LANGUAGE_LUCENE); + params.addStore(this.storeRef); + params.setQuery(query.toString()); + + ResultSet results = null; + try + { + results = services.getSearchService().query(params); + people = results.getNodeRefs().toArray(); + } + finally + { + if (results != null) + { + results.close(); + } + } + } + } + + if (people == null) + { + people = new Object[0]; + } + else if (maxResults > 0 && people.length > maxResults) + { + Object[] copy = new Object[maxResults]; + System.arraycopy(people, 0, copy, 0, maxResults); + people = copy; + } return Context.getCurrentContext().newArray(getScope(), people); } diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java index f62be058c2..dbd4dcc7ce 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java @@ -565,17 +565,30 @@ public abstract class AuthenticationUtil R result = null; try { - - if ((realUser != null) && (isMtEnabled())) + if (isMtEnabled() && uid.equals(AuthenticationUtil.getSystemUserName())) { - int idx = realUser.indexOf(TenantService.SEPARATOR); - if ((idx != -1) && (idx < (realUser.length() - 1))) + // Running as System in MT-enabled env - check to see if System should run with MT domain context + int effectiveIdx = -1; + int realIdx = -1; + + if (effectiveUser != null) { - if (uid.equals(AuthenticationUtil.getSystemUserName())) - { - uid = uid + TenantService.SEPARATOR + realUser.substring(idx + 1); - } + effectiveIdx = effectiveUser.indexOf(TenantService.SEPARATOR); } + + if (realUser != null) + { + realIdx = realUser.indexOf(TenantService.SEPARATOR); + } + + if ((effectiveIdx != -1) && (effectiveIdx < (effectiveUser.length() - 1))) + { + uid = uid + TenantService.SEPARATOR + effectiveUser.substring(effectiveIdx + 1); + } + else if ((realIdx != -1) && (realIdx < (realUser.length() - 1))) + { + uid = uid + TenantService.SEPARATOR + realUser.substring(realIdx + 1); + } } if (realUser == null) diff --git a/source/java/org/alfresco/repo/template/PropertyConverter.java b/source/java/org/alfresco/repo/template/PropertyConverter.java index 564c458a27..84be686901 100644 --- a/source/java/org/alfresco/repo/template/PropertyConverter.java +++ b/source/java/org/alfresco/repo/template/PropertyConverter.java @@ -25,6 +25,7 @@ package org.alfresco.repo.template; import java.io.Serializable; +import java.util.ArrayList; import java.util.List; import org.alfresco.service.ServiceRegistry; @@ -57,12 +58,15 @@ public class PropertyConverter { // recursively convert each value in the collection List list = (List)value; + List result = new ArrayList(list.size()); for (int i=0; i mustNotExistStoreUrls = new ArrayList(); @@ -735,7 +735,10 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo systemImporterBootstrap.bootstrap(); - logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef)); + // reset since systemImporter is singleton (hence reused) + systemImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString()); + + logger.debug("Bootstrapped store: " + tenantService.getBaseName(tenantBootstrapStoreRef)); } private void importBootstrapUserTenantStore(String tenantDomain, File directorySource) diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java index 284f2f2cf3..22a6021542 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java +++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java @@ -255,6 +255,9 @@ public class MultiTDemoTest extends TestCase { String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME); assertTrue(userName.endsWith(tenantDomain)); + + NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); + assertNotNull(homeSpaceRef); } return null; @@ -579,6 +582,9 @@ public class MultiTDemoTest extends TestCase // ensure the user can access their own Person object this.permissionService.setPermission(personNodeRef, userName, permissionService.getAllPermission(), true); + NodeRef checkHomeSpaceRef = (NodeRef)nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER); + assertNotNull(checkHomeSpaceRef); + logger.info("Created user " + userName); } else @@ -599,7 +605,8 @@ public class MultiTDemoTest extends TestCase // set the user name as stored by the back end username = authenticationService.getCurrentUserName(); - NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personService.getPerson(username), ContentModel.PROP_HOMEFOLDER); + NodeRef personRef = personService.getPerson(username); + NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); // check that the home space node exists - else user cannot login if (nodeService.exists(homeSpaceRef) == false) diff --git a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java index d39e07f697..48a38e15be 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java +++ b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java @@ -232,7 +232,7 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep { if (tenantService.isEnabled()) { - String currentUser = AuthenticationUtil.getCurrentUserName(); + String currentUser = AuthenticationUtil.getCurrentEffectiveUserName(); // MT: return tenant stores only (although for super System return all stores - as used by // ConfigurationChecker, IndexRecovery, IndexBackup etc) diff --git a/source/java/org/alfresco/repo/tenant/TenantInterpreter.java b/source/java/org/alfresco/repo/tenant/TenantInterpreter.java index 8c28c1a0e4..5e43430e2a 100755 --- a/source/java/org/alfresco/repo/tenant/TenantInterpreter.java +++ b/source/java/org/alfresco/repo/tenant/TenantInterpreter.java @@ -75,19 +75,28 @@ public class TenantInterpreter extends BaseInterpreter // must be super "admin" for tenant administrator return ((username != null) && (username.equals(BaseInterpreter.DEFAULT_ADMIN))); } - + public String interpretCommand(final String line) throws IOException { - String currentUser = AuthenticationUtil.getCurrentUserName(); - try + String currentUserName = getCurrentUserName(); + if (hasAuthority(currentUserName)) { - return super.interpretCommand(line); + try + { + AuthenticationUtil.setSystemUserAsCurrentUser(); + return executeCommand(line); + } + finally + { + AuthenticationUtil.setCurrentUser(currentUserName); + } } - finally + else { - AuthenticationUtil.setCurrentUser(currentUser); + return("Error: User '"+ currentUserName + "' not authorised"); } } + /** * Execute a single command using the BufferedReader passed in for any data needed. *