Merged V3.0 to HEAD

11943: Fix for ETHREEOH-879 & ETHREEOH-783: Multi-valued properties not allowed in Alfresco 3.0 (due to java.lang.UnsupportedOperationException)
   11944: Fix for ETHREEOH-865
   11947: Build fix for site service unit test failures.  This will be reviewed since it works round the issue rather than tackle why runAs is now failing.
   11952: ETHREEOH-845, ETHREEOH-871, ETHREEOH-853, ETHREEOH-839
   11953: ETHREEOH-483 Unable to upload files [with Flash 10 installed] Fixed to fit into yui 2.6.0
   11954: Added missing 'protocolOrder' configuration value.
   11956: Fix for ETHREEOH-895
   11957: Fix for ETHREEOH-891.
   11958: Readded generated source line for RemoteAPI project.
   11959: ETHREEOH-483 Unable to upload files [with Flash 10 installed] Missed to add this image
   11960: Removed JDK6 specific method.
   11962: Fixed missing setup of the share mapper class name when the <class> config tag is used. ALFCOM-2060.
   11964: fix for ETHREEOH-266 - restrict length of webapp to 150 chars.
   11965: Merged 2.2 to 3.0
      11926: Fox for ETHREEOH-725 User doesn't receive email to his box when rule 'Send an Email to specified users' is created 
   11966: ETHREEOH-872: Editing Email-notify-rules fails w/ ClassCastException
   11967: MT - test fixes (post runAs merge)
   11968: Changed Windows x64 NetBIOS warning message to be a debug message. ETHREEOH-897.
   11971: ETHREEOH-829 Case issue when inserting Document Share links into a discussion using richtext editor
   11973: Fix for ETHREEOH-890 - users with apostrophe in their login name can now login to Alfresco Explorer (and Share).

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12490 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/script-services-context.xml

@@ -101,7 +101,10 @@
     <bean id="peopleScript" parent="baseJavaScriptExtension" class="org.alfresco.repo.jscript.People">
         <property name="extensionName">
             <value>people</value>
-        </property>        
+        </property>
+        <property name="storeUrl">
+            <value>${spaces.store}</value>
+        </property>
         <property name="serviceRegistry">
             <ref bean="ServiceRegistry"/>
         </property>

config/alfresco/site-services-context.xml

@@ -59,7 +59,7 @@
        <property name="personService" ref="PersonService"/>
        <property name="activityService" ref="activityService"/>
        <property name="taggingService" ref="TaggingService"/>
-       <property name="authorityService" ref="AuthorityService"/>
+       <property name="authorityService" ref="authorityService"/>
     </bean>
     
     <bean id="siteServiceScript" parent="baseJavaScriptExtension" class="org.alfresco.repo.site.script.ScriptSiteService">

source/java/org/alfresco/filesys/ServerConfigurationBean.java

@@ -108,9 +108,6 @@ import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 import net.sf.acegisecurity.AuthenticationManager;
 
@@ -123,7 +120,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
 
   // Debug logging
 
-  private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol");
+  protected static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol");
 
   // Filesystem configuration constants
   
@@ -643,7 +640,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * 
    * @param config Config
    */
-  private final void processCIFSServerConfig(Config config)
+  protected void processCIFSServerConfig(Config config)
   {
       // If the configuration section is not valid then CIFS is disabled
       
@@ -1331,9 +1328,10 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
             
             if ( cifsConfig.useWinsockNetBIOS() == true && X64.isWindows64())
             {
-                // Log a warning
+                // Debug
                 
-                logger.warn("Using older Netbios() API code");
+            	if ( logger.isDebugEnabled())
+            		logger.debug("Using older Netbios() API code");
                 
                 // Use the older NetBIOS API code
                 
@@ -1592,7 +1590,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * 
    * @param config Config
    */
-  private final void processFTPServerConfig(Config config)
+  protected void processFTPServerConfig(Config config)
   {
       // If the configuration section is not valid then FTP is disabled
       
@@ -1857,7 +1855,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * 
    * @param config Config
    */
-  private final void processNFSServerConfig(Config config)
+  protected void processNFSServerConfig(Config config)
   {
       // If the configuration section is not valid then NFS is disabled
       
@@ -2076,7 +2074,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * 
    * @param config Config
    */
-  private final void processFilesystemsConfig(Config config)
+  protected void processFilesystemsConfig(Config config)
   {
       // Get the top level filesystems configuration element
       
@@ -2284,7 +2282,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * 
    * @param config Config
    */
-  private final void processSecurityConfig(Config config)
+  protected void processSecurityConfig(Config config)
   {
       // Create the security configuration section
     
@@ -2342,6 +2340,8 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
 	          ConfigElement classElem = mapperElem.getChild( "class");
 	          if ( classElem == null)
 	            throw new InvalidConfigurationException("Share mapper class not specified");
+	          
+	          mapperClass = classElem.getValue();
           }
           
           //  Initialize the share mapper
@@ -2439,7 +2439,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * @param config Config
    * @exception InvalidConfigurationException
    */
-  private final void processCoreServerConfig(Config config)
+  protected void processCoreServerConfig(Config config)
   	throws InvalidConfigurationException
   {
 		// Create the core server configuration section
@@ -2690,7 +2690,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * @param secConfig SecurityConfigSection
    * @param aclsElem ConfigElement
    */
-  private final AccessControlList processAccessControlList(SecurityConfigSection secConfig, ConfigElement aclsElem)
+  protected AccessControlList processAccessControlList(SecurityConfigSection secConfig, ConfigElement aclsElem)
   {
 
       // Check if there is an access control manager configured
@@ -2782,7 +2782,7 @@ public class ServerConfigurationBean extends ServerConfiguration implements Appl
    * @param deskActionElem ConfigElement
    * @param fileSys DiskSharedDevice
    */
-  private final DesktopActionTable processDesktopActions(ConfigElement deskActionElem, DiskSharedDevice fileSys)
+  protected DesktopActionTable processDesktopActions(ConfigElement deskActionElem, DiskSharedDevice fileSys)
   {
       // Get the desktop action configuration elements
 

source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java

@@ -28,6 +28,7 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.StringTokenizer;
 
 import javax.transaction.Status;
 import javax.transaction.UserTransaction;
@@ -48,6 +49,7 @@ import org.alfresco.jlan.server.auth.ntlm.TargetInfo;
 import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage;
 import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage;
 import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage;
+import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory;
 import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
 import org.alfresco.jlan.server.auth.passthru.PassthruDetails;
 import org.alfresco.jlan.server.auth.passthru.PassthruServers;
@@ -55,6 +57,7 @@ import org.alfresco.jlan.server.config.InvalidConfigurationException;
 import org.alfresco.jlan.server.config.ServerConfiguration;
 import org.alfresco.jlan.server.core.SharedDevice;
 import org.alfresco.jlan.smb.Capability;
+import org.alfresco.jlan.smb.Protocol;
 import org.alfresco.jlan.smb.SMBStatus;
 import org.alfresco.jlan.smb.dcerpc.UUID;
 import org.alfresco.jlan.smb.server.SMBServer;
@@ -1263,6 +1266,65 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
             }
         }
 
+		// Check if a protocol order has been set
+		
+		ConfigElement protoOrderElem = params.getChild("ProtocolOrder");
+
+		if ( protoOrderElem != null && protoOrderElem.getValue().length() > 0)
+		{
+	    	// Parse the protocol order list
+	    	
+	    	StringTokenizer tokens = new StringTokenizer( protoOrderElem.getValue(), ",");
+	    	int primaryProto = Protocol.None;
+	    	int secondaryProto = Protocol.None;
+	
+	    	// There should only be one or two tokens
+	    	
+	    	if ( tokens.countTokens() > 2)
+	    		throw new AlfrescoRuntimeException("Invalid protocol order list, " + protoOrderElem.getValue());
+	    	
+	    	// Get the primary protocol
+	    	
+	    	if ( tokens.hasMoreTokens())
+	    	{
+	    		// Parse the primary protocol
+	    		
+	    		String primaryStr = tokens.nextToken();
+	    		
+	    		if ( primaryStr.equalsIgnoreCase( "TCPIP"))
+	    			primaryProto = Protocol.NativeSMB;
+	    		else if ( primaryStr.equalsIgnoreCase( "NetBIOS"))
+	    			primaryProto = Protocol.TCPNetBIOS;
+	    		else
+	    			throw new AlfrescoRuntimeException("Invalid protocol type, " + primaryStr);
+	    		
+	    		// Check if there is a secondary protocol, and validate
+	    		
+	    		if ( tokens.hasMoreTokens())
+	    		{
+	    			// Parse the secondary protocol
+	    			
+	    			String secondaryStr = tokens.nextToken();
+	    			
+	    			if ( secondaryStr.equalsIgnoreCase( "TCPIP") && primaryProto != Protocol.NativeSMB)
+	    				secondaryProto = Protocol.NativeSMB;
+	    			else if ( secondaryStr.equalsIgnoreCase( "NetBIOS") && primaryProto != Protocol.TCPNetBIOS)
+	    				secondaryProto = Protocol.TCPNetBIOS;
+	    			else
+	    				throw new AlfrescoRuntimeException("Invalid secondary protocol, " + secondaryStr);
+	    		}
+	    	}
+	    	
+	    	// Set the protocol order used for passthru authentication sessions
+	    	
+	    	AuthSessionFactory.setProtocolOrder( primaryProto, secondaryProto);
+	    	
+	    	// DEBUG
+	    	
+	    	if (logger.isDebugEnabled())
+	    		logger.debug("Protocol order primary=" + Protocol.asString(primaryProto) + ", secondary=" + Protocol.asString(secondaryProto));
+		}
+		
         // Check if we have an authentication server
 
         if (m_passthruServers.getTotalServerCount() == 0)

source/java/org/alfresco/repo/action/executer/MailActionExecuter.java

@@ -24,6 +24,7 @@
  */
 package org.alfresco.repo.action.executer;
 
+import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -224,6 +225,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
         // Create the mime mail message
         MimeMessagePreparator mailPreparer = new MimeMessagePreparator()
         {
+            @SuppressWarnings("unchecked")
             public void prepare(MimeMessage mimeMessage) throws MessagingException
             {
                 if (logger.isDebugEnabled())
@@ -248,7 +250,21 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
                 else
                 {
                     // see if multiple recipients have been supplied - as a list of authorities
-                    List<String> authorities = (List<String>)ruleAction.getParameterValue(PARAM_TO_MANY);
+                    Serializable authoritiesValue = ruleAction.getParameterValue(PARAM_TO_MANY);
+                    List<String> authorities = null;
+                    if (authoritiesValue != null)
+                    {
+                        if (authoritiesValue instanceof String)
+                        {
+                            authorities = new ArrayList<String>(1);
+                            authorities.add((String)authoritiesValue);
+                        }
+                        else
+                        {
+                            authorities = (List<String>)authoritiesValue;
+                        }
+                    }
+                    
                     if (authorities != null && authorities.size() != 0)
                     {
                         List<String> recipients = new ArrayList<String>(authorities.size());
@@ -407,7 +423,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
     protected void addParameterDefinitions(List<ParameterDefinition> paramList) 
     {
         paramList.add(new ParameterDefinitionImpl(PARAM_TO, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_TO)));
-        paramList.add(new ParameterDefinitionImpl(PARAM_TO_MANY, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_TO_MANY), true));
+        paramList.add(new ParameterDefinitionImpl(PARAM_TO_MANY, DataTypeDefinition.ANY, false, getParamDisplayLabel(PARAM_TO_MANY), true));
         paramList.add(new ParameterDefinitionImpl(PARAM_SUBJECT, DataTypeDefinition.TEXT, true, getParamDisplayLabel(PARAM_SUBJECT)));
         paramList.add(new ParameterDefinitionImpl(PARAM_TEXT, DataTypeDefinition.TEXT, true, getParamDisplayLabel(PARAM_TEXT)));
         paramList.add(new ParameterDefinitionImpl(PARAM_FROM, DataTypeDefinition.TEXT, false, getParamDisplayLabel(PARAM_FROM)));

source/java/org/alfresco/repo/importer/ImporterBootstrap.java

@@ -39,11 +39,11 @@ import java.util.Locale;
 import java.util.Properties;
 import java.util.ResourceBundle;
 
-import net.sf.acegisecurity.Authentication;
-
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.i18n.I18NUtil;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
@@ -311,34 +311,31 @@ public class ImporterBootstrap extends AbstractLifecycleBean
             }
             return;
         }
-
+        
-        // note: in MT case, this will run in System context of tenant domain
-        Authentication authentication = authenticationComponent.getCurrentAuthentication();
-        if (authenticationComponent.getCurrentUserName() == null)
-        {
-            authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName());
-        }
-
-        RetryingTransactionCallback<Object> doImportCallback = new RetryingTransactionCallback<Object>()
-        {
-            public Object execute() throws Throwable
-            {
-                doImport();
-                return null;
-            }
-        };
         try
         {
-            transactionService.getRetryingTransactionHelper().doInTransaction(doImportCallback, transactionService.isReadOnly(), false);
+            // import the content - note: in MT case, this will run in System context of tenant domain
+            RunAsWork<Object> importRunAs = new RunAsWork<Object>()
+            {
+                public Object doWork() throws Exception
+                {
+                    RetryingTransactionCallback<Object> doImportCallback = new RetryingTransactionCallback<Object>()
+                    {
+                        public Object execute() throws Throwable
+                        {   
+                            doImport();
+                            return null;
+                        }
+                    };
+                    return transactionService.getRetryingTransactionHelper().doInTransaction(doImportCallback, transactionService.isReadOnly(), false);
+                }
+            };
+            AuthenticationUtil.runAs(importRunAs, authenticationComponent.getSystemUserName());
         }
         catch(Throwable e)
         {
             throw new AlfrescoRuntimeException("Bootstrap failed", e);
         }
-        finally
-        {
-            try {authenticationComponent.setCurrentAuthentication(authentication); } catch (Throwable ex) {}
-        }
     }
     
     /**

source/java/org/alfresco/repo/jscript/People.java

@@ -25,17 +25,24 @@
 package org.alfresco.repo.jscript;
 
 import java.util.Set;
+import java.util.StringTokenizer;
 
 import org.alfresco.model.ContentModel;
+import org.alfresco.repo.search.impl.lucene.QueryParser;
 import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
 import org.alfresco.repo.security.authentication.PasswordGenerator;
 import org.alfresco.repo.security.authentication.UserNameGenerator;
 import org.alfresco.repo.security.authority.AuthorityDAO;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
+import org.alfresco.service.cmr.search.ResultSet;
+import org.alfresco.service.cmr.search.SearchParameters;
+import org.alfresco.service.cmr.search.SearchService;
 import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.AuthorityType;
 import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.util.ParameterCheck;
 import org.alfresco.util.PropertyMap;
 import org.mozilla.javascript.Context;
@@ -56,6 +63,23 @@ public final class People extends BaseScopableProcessorExtension
     private MutableAuthenticationDao mutableAuthenticationDao;
     private UserNameGenerator usernameGenerator;
     private PasswordGenerator passwordGenerator;
+    private StoreRef storeRef;
+    
+    
+    /**
+     * Set the default store reference
+     * 
+     * @param   storeRef the default store reference
+     */
+    public void setStoreUrl(String storeRef)
+    {
+        // ensure this is not set again by a script instance
+        if (this.storeRef != null)
+        {
+            throw new IllegalStateException("Default store URL can only be set once.");
+        }
+        this.storeRef = new StoreRef(storeRef);
+    }
     
     /**
      * Set the mutable authentication dao
@@ -221,9 +245,12 @@ public final class People extends BaseScopableProcessorExtension
         return person;
     }
     
+        
     /**
      * Get the collection of people stored in the repository.
      * An optional filter query may be provided by which to filter the people collection.
+     * Space separate the query terms i.e. "john bob" will find all users who's first or
+     * second names contain the strings "john" or "bob".
      * 
      * @param filter filter query string by which to filter the collection of people.
      *          If <pre>null</pre> then all people stored in the repository are returned
@@ -232,10 +259,78 @@ public final class People extends BaseScopableProcessorExtension
      */
     public Scriptable getPeople(String filter)
     {
-        Object[] people = personService.getAllPeople().toArray();
+        return getPeople(filter, 0);
+    }
+    
+    /**
+     * Get the collection of people stored in the repository.
+     * An optional filter query may be provided by which to filter the people collection.
+     * Space separate the query terms i.e. "john bob" will find all users who's first or
+     * second names contain the strings "john" or "bob".
+     * 
+     * @param filter filter query string by which to filter the collection of people.
+     *          If <pre>null</pre> then all people stored in the repository are returned
+     * @param maxResults maximum results to return or all if <= 0
+     * 
+     * @return people collection as a JavaScript array
+     */
+    public Scriptable getPeople(String filter, int maxResults)
+    {
+        Object[] people = null;
         
-        // TODO glen.johnson@alfresco.com - if filterQuery parameter provided, then filter the collection
+        if (filter == null)
-        // of people
+        {
+            people = personService.getAllPeople().toArray();
+        }
+        else
+        {
+            filter = filter.trim();
+            if (filter.length() != 0)
+            {
+                // define the query to find people by their first or last name
+                StringBuilder query = new StringBuilder(128);
+                for (StringTokenizer t = new StringTokenizer(filter, " "); t.hasMoreTokens(); /**/)
+                {
+                    String term = QueryParser.escape(t.nextToken());
+                    query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
+                    query.append(term);
+                    query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
+                    query.append(term);
+                    query.append("*\" ");
+                }
+                
+                // define the search parameters
+                SearchParameters params = new SearchParameters();
+                params.setLanguage(SearchService.LANGUAGE_LUCENE);
+                params.addStore(this.storeRef);
+                params.setQuery(query.toString());
+                
+                ResultSet results = null;
+                try
+                {
+                    results = services.getSearchService().query(params);
+                    people = results.getNodeRefs().toArray();
+                }
+                finally
+                {
+                    if (results != null)
+                    {
+                        results.close();
+                    }
+                }
+            }
+        }
+        
+        if (people == null)
+        {
+            people = new Object[0];
+        }
+        else if (maxResults > 0 && people.length > maxResults)
+        {
+            Object[] copy = new Object[maxResults];
+            System.arraycopy(people, 0, copy, 0, maxResults);
+            people = copy;
+        }
         
         return Context.getCurrentContext().newArray(getScope(), people);
     }

source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java

@@ -565,17 +565,30 @@ public abstract class AuthenticationUtil
         R result = null;
         try
         {
-
+            if (isMtEnabled() && uid.equals(AuthenticationUtil.getSystemUserName()))
-            if ((realUser != null) && (isMtEnabled()))
             {
-                int idx = realUser.indexOf(TenantService.SEPARATOR);
+                // Running as System in MT-enabled env - check to see if System should run with MT domain context
-                if ((idx != -1) && (idx < (realUser.length() - 1)))
+                int effectiveIdx = -1;
+                int realIdx = -1;
+                
+                if (effectiveUser != null)
                 {
-                    if (uid.equals(AuthenticationUtil.getSystemUserName()))
+                    effectiveIdx = effectiveUser.indexOf(TenantService.SEPARATOR);
-                    {
-                        uid = uid + TenantService.SEPARATOR + realUser.substring(idx + 1);
-                    }
                 }
+                
+                if (realUser != null)
+                {
+                    realIdx = realUser.indexOf(TenantService.SEPARATOR);
+                }
+                
+                if ((effectiveIdx != -1) && (effectiveIdx < (effectiveUser.length() - 1)))
+                {
+                    uid = uid + TenantService.SEPARATOR + effectiveUser.substring(effectiveIdx + 1);
+                }
+                else if ((realIdx != -1) && (realIdx < (realUser.length() - 1)))
+                {
+                    uid = uid + TenantService.SEPARATOR + realUser.substring(realIdx + 1);
+                }
             }
 
             if (realUser == null)

source/java/org/alfresco/repo/template/PropertyConverter.java

@@ -25,6 +25,7 @@
 package org.alfresco.repo.template;
 
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.List;
 
 import org.alfresco.service.ServiceRegistry;
@@ -57,12 +58,15 @@ public class PropertyConverter
         {
             // recursively convert each value in the collection
             List<Serializable> list = (List<Serializable>)value;
+            List<Serializable> result = new ArrayList<Serializable>(list.size());
             for (int i=0; i<list.size(); i++)
             {
-                list.set(i, convertProperty(list.get(i), name, services, resolver));
+                // add each item to a new list as the repo can return unmodifiable lists
+                result.add(convertProperty(list.get(i), name, services, resolver));
             }
+            value = (Serializable)result;
         }
         
         return value;
     }
-}
+}

source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java

@@ -725,8 +725,8 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
     {
         // Bootstrap Tenant-Specific System Store
         StoreRef bootstrapStoreRef = systemImporterBootstrap.getStoreRef();
-        bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
+        StoreRef tenantBootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
-        systemImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
+        systemImporterBootstrap.setStoreUrl(tenantBootstrapStoreRef.toString());
     
         // override default property (workspace://SpacesStore)        
         List<String> mustNotExistStoreUrls = new ArrayList<String>();
@@ -735,7 +735,10 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
                 
         systemImporterBootstrap.bootstrap();
         
-        logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
+        // reset since systemImporter is singleton (hence reused)
+        systemImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
+        
+        logger.debug("Bootstrapped store: " + tenantService.getBaseName(tenantBootstrapStoreRef));
     }
     
     private void importBootstrapUserTenantStore(String tenantDomain, File directorySource)

source/java/org/alfresco/repo/tenant/MultiTDemoTest.java

@@ -255,6 +255,9 @@ public class MultiTDemoTest extends TestCase
                         {
                             String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME); 
                             assertTrue(userName.endsWith(tenantDomain));
+                            
+                            NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
+                            assertNotNull(homeSpaceRef);
                         }
                         
                         return null;                      
@@ -579,6 +582,9 @@ public class MultiTDemoTest extends TestCase
             // ensure the user can access their own Person object
             this.permissionService.setPermission(personNodeRef, userName, permissionService.getAllPermission(), true);
             
+            NodeRef checkHomeSpaceRef = (NodeRef)nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
+            assertNotNull(checkHomeSpaceRef);
+            
             logger.info("Created user " + userName);
         }
         else
@@ -599,7 +605,8 @@ public class MultiTDemoTest extends TestCase
         // set the user name as stored by the back end 
         username = authenticationService.getCurrentUserName();
         
-        NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personService.getPerson(username), ContentModel.PROP_HOMEFOLDER);
+        NodeRef personRef = personService.getPerson(username);
+        NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
         
         // check that the home space node exists - else user cannot login
         if (nodeService.exists(homeSpaceRef) == false)

source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java

@@ -232,7 +232,7 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep
                 {
                     if (tenantService.isEnabled())
                     {
-                        String currentUser = AuthenticationUtil.getCurrentUserName();
+                        String currentUser = AuthenticationUtil.getCurrentEffectiveUserName();
 
                         // MT: return tenant stores only (although for super System return all stores - as used by
                         // ConfigurationChecker, IndexRecovery, IndexBackup etc)

source/java/org/alfresco/repo/tenant/TenantInterpreter.java

@@ -75,19 +75,28 @@ public class TenantInterpreter extends BaseInterpreter
         // must be super "admin" for tenant administrator
         return ((username != null) && (username.equals(BaseInterpreter.DEFAULT_ADMIN)));
     }
-
+    
     public String interpretCommand(final String line) throws IOException
     {
-        String currentUser = AuthenticationUtil.getCurrentUserName();
+        String currentUserName = getCurrentUserName();
-        try
+        if (hasAuthority(currentUserName))
         {
-            return super.interpretCommand(line);
+           try
+           {
+               AuthenticationUtil.setSystemUserAsCurrentUser();
+               return executeCommand(line);
+           }
+           finally
+           {
+               AuthenticationUtil.setCurrentUser(currentUserName);
+           }
         }
-        finally
+        else
         {
-            AuthenticationUtil.setCurrentUser(currentUser);
+            return("Error: User '"+ currentUserName + "' not authorised");
         }
     }
+    
     /**
      * Execute a single command using the BufferedReader passed in for any data needed.
      *