inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-1661 (Performance on setting permissions at a high category level)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@88087 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-10-14 19:28:09 +00:00
parent a103368d05
commit c2a217211f
4 changed files with 304 additions and 331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
View File

@@ -341,6 +341,7 @@
<property name="kinds"> <property name="kinds">
<set> <set>
<value>FILE_PLAN</value> <value>FILE_PLAN</value>
<value>RECORD</value>
<value>RECORD_CATEGORY</value> <value>RECORD_CATEGORY</value>
<value>RECORD_FOLDER</value> <value>RECORD_FOLDER</value>
<value>UNFILED_RECORD_CONTAINER</value> <value>UNFILED_RECORD_CONTAINER</value>
@@ -758,7 +759,7 @@
</set> </set>
</property> </property>
</bean> </bean>
<bean id="jsonConversionComponent.endRetention" <bean id="jsonConversionComponent.endRetention"
parent="jsonConversionComponent.baseAction"> parent="jsonConversionComponent.baseAction">
<property name="name" value="endRetention"/> <property name="name" value="endRetention"/>

171
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/fileplan/FilePlanServiceImpl.java
View File

@@ -57,12 +57,12 @@ import org.springframework.extensions.surf.util.I18NUtil;
/** /**
* File plan service implementation. * File plan service implementation.
* *
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.1 * @since 2.1
*/ */
public class FilePlanServiceImpl extends ServiceBaseImpl public class FilePlanServiceImpl extends ServiceBaseImpl
implements FilePlanService, implements FilePlanService,
RecordsManagementModel RecordsManagementModel
{ {
/** I18N */ /** I18N */
@@ -74,61 +74,61 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
private final static String MSG_CONTAINER_PARENT_TYPE= "rm.service.container-parent-type"; private final static String MSG_CONTAINER_PARENT_TYPE= "rm.service.container-parent-type";
private final static String MSG_CONTAINER_TYPE = "rm.service.container-type"; private final static String MSG_CONTAINER_TYPE = "rm.service.container-type";
private final static String MSG_CONTAINER_EXPECTED = "rm.service.container-expected"; private final static String MSG_CONTAINER_EXPECTED = "rm.service.container-expected";
/** File plan containers */ /** File plan containers */
private static final String NAME_UNFILED_CONTAINER = "Unfiled Records"; private static final String NAME_UNFILED_CONTAINER = "Unfiled Records";
private static final String NAME_HOLD_CONTAINER = "Holds"; private static final String NAME_HOLD_CONTAINER = "Holds";
private static final String NAME_TRANSFER_CONTAINER = "Transfers"; private static final String NAME_TRANSFER_CONTAINER = "Transfers";
/** RM site file plan container */ /** RM site file plan container */
private static final String FILE_PLAN_CONTAINER = "documentLibrary"; private static final String FILE_PLAN_CONTAINER = "documentLibrary";
/** root container cache */ /** root container cache */
private SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache; private SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache;
/** /**
* NOTE: for some reason spring couldn't cope with the circular references between these two * NOTE: for some reason spring couldn't cope with the circular references between these two
* beans so we need to grab this one manually. * beans so we need to grab this one manually.
* *
* @return file plan role service * @return file plan role service
*/ */
protected FilePlanRoleService getFilePlanRoleService() protected FilePlanRoleService getFilePlanRoleService()
{ {
return (FilePlanRoleService)applicationContext.getBean("FilePlanRoleService"); return (FilePlanRoleService)applicationContext.getBean("FilePlanRoleService");
} }
/** /**
* @return permission service * @return permission service
*/ */
protected PermissionService getPermissionService() protected PermissionService getPermissionService()
{ {
return (PermissionService)applicationContext.getBean("permissionService"); return (PermissionService)applicationContext.getBean("permissionService");
} }
/** /**
* @return node DAO * @return node DAO
*/ */
protected NodeDAO getNodeDAO() protected NodeDAO getNodeDAO()
{ {
return (NodeDAO)applicationContext.getBean("nodeDAO"); return (NodeDAO)applicationContext.getBean("nodeDAO");
} }
/** /**
* @return internal node service * @return internal node service
*/ */
protected NodeService getInternalNodeService() protected NodeService getInternalNodeService()
{ {
return (NodeService)applicationContext.getBean("nodeService"); return (NodeService)applicationContext.getBean("nodeService");
} }
/** /**
* @return site service * @return site service
*/ */
protected SiteService getSiteService() protected SiteService getSiteService()
{ {
return (SiteService)applicationContext.getBean("SiteService"); return (SiteService)applicationContext.getBean("SiteService");
} }
/** /**
* @return record service * @return record service
*/ */
@@ -136,7 +136,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return (RecordService)applicationContext.getBean("RecordService"); return (RecordService)applicationContext.getBean("RecordService");
} }
/** /**
* @return record folder service * @return record folder service
*/ */
@@ -144,7 +144,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return (RecordFolderService)applicationContext.getBean("RecordFolderService"); return (RecordFolderService)applicationContext.getBean("RecordFolderService");
} }
/** /**
* @return freeze service * @return freeze service
*/ */
@@ -152,7 +152,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return (FreezeService)applicationContext.getBean("FreezeService"); return (FreezeService)applicationContext.getBean("FreezeService");
} }
/** /**
* @return records management service * @return records management service
*/ */
@@ -160,7 +160,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return (RecordsManagementService)applicationContext.getBean("RecordsManagementService"); return (RecordsManagementService)applicationContext.getBean("RecordsManagementService");
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans() * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans()
*/ */
@@ -169,15 +169,15 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getFilePlans(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE); return getFilePlans(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
} }
/** /**
* @param rootContainerCache root container cache * @param rootContainerCache root container cache
*/ */
public void setRootContainerCache(SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache) public void setRootContainerCache(SimpleCache<Pair<NodeRef, String>, NodeRef> rootContainerCache)
{ {
this.rootContainerCache = rootContainerCache; this.rootContainerCache = rootContainerCache;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans(org.alfresco.service.cmr.repository.StoreRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlans(org.alfresco.service.cmr.repository.StoreRef)
*/ */
@@ -185,35 +185,35 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
public Set<NodeRef> getFilePlans(final StoreRef storeRef) public Set<NodeRef> getFilePlans(final StoreRef storeRef)
{ {
ParameterCheck.mandatory("storeRef", storeRef); ParameterCheck.mandatory("storeRef", storeRef);
final Set<NodeRef> results = new HashSet<NodeRef>(); final Set<NodeRef> results = new HashSet<NodeRef>();
Set<QName> aspects = new HashSet<QName>(1); Set<QName> aspects = new HashSet<QName>(1);
aspects.add(ASPECT_RECORDS_MANAGEMENT_ROOT); aspects.add(ASPECT_RECORDS_MANAGEMENT_ROOT);
getNodeDAO().getNodesWithAspects(aspects, Long.MIN_VALUE, Long.MAX_VALUE, new NodeDAO.NodeRefQueryCallback() getNodeDAO().getNodesWithAspects(aspects, Long.MIN_VALUE, Long.MAX_VALUE, new NodeDAO.NodeRefQueryCallback()
{ {
@Override @Override
public boolean handle(Pair<Long, NodeRef> nodePair) public boolean handle(Pair<Long, NodeRef> nodePair)
{ {
NodeRef nodeRef = nodePair.getSecond(); NodeRef nodeRef = nodePair.getSecond();
if (storeRef.equals(nodeRef.getStoreRef()) == true) if (storeRef.equals(nodeRef.getStoreRef()) == true)
{ {
results.add(nodeRef); results.add(nodeRef);
} }
return true; return true;
} }
}); });
return results; return results;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlanBySiteId(java.lang.String) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getFilePlanBySiteId(java.lang.String)
*/ */
@Override @Override
public NodeRef getFilePlanBySiteId(String siteId) public NodeRef getFilePlanBySiteId(String siteId)
{ {
NodeRef filePlan = null; NodeRef filePlan = null;
SiteInfo siteInfo = getSiteService().getSite(siteId); SiteInfo siteInfo = getSiteService().getSite(siteId);
if (siteInfo != null) if (siteInfo != null)
{ {
@@ -226,10 +226,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
} }
} }
} }
return filePlan; return filePlan;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#existsUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#existsUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -237,8 +237,8 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
public boolean existsUnfiledContainer(NodeRef filePlan) public boolean existsUnfiledContainer(NodeRef filePlan)
{ {
return (getUnfiledContainer(filePlan) != null); return (getUnfiledContainer(filePlan) != null);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -247,7 +247,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getFilePlanRootContainer(filePlan, NAME_UNFILED_CONTAINER); return getFilePlanRootContainer(filePlan, NAME_UNFILED_CONTAINER);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getHoldContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getHoldContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -256,7 +256,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getFilePlanRootContainer(filePlan, NAME_HOLD_CONTAINER); return getFilePlanRootContainer(filePlan, NAME_HOLD_CONTAINER);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getTransferContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getTransferContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -265,10 +265,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getFilePlanRootContainer(filePlan, NAME_TRANSFER_CONTAINER); return getFilePlanRootContainer(filePlan, NAME_TRANSFER_CONTAINER);
} }
/** /**
* Get the file root container for the given type. * Get the file root container for the given type.
* *
* @param filePlan file plan * @param filePlan file plan
* @param containerName container type * @param containerName container type
* @return {@link NodeRef} file plan container * @return {@link NodeRef} file plan container
@@ -283,7 +283,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
NodeRef result = null; NodeRef result = null;
Pair<NodeRef, String> key = new Pair<NodeRef, String>(filePlan, containerName); Pair<NodeRef, String> key = new Pair<NodeRef, String>(filePlan, containerName);
if (!rootContainerCache.contains(key)) if (!rootContainerCache.contains(key))
{ {
// try and get the unfiled record container // try and get the unfiled record container
@@ -302,18 +302,18 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
result = rootContainerCache.get(key); result = rootContainerCache.get(key);
} }
return result; return result;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createUnfiledContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
public NodeRef createUnfiledContainer(NodeRef filePlan) public NodeRef createUnfiledContainer(NodeRef filePlan)
{ {
return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER); return createFilePlanRootContainer(filePlan, TYPE_UNFILED_RECORD_CONTAINER, NAME_UNFILED_CONTAINER);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createHoldContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createHoldContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -322,7 +322,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER); return createFilePlanRootContainer(filePlan, TYPE_HOLD_CONTAINER, NAME_HOLD_CONTAINER);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createTransferContainer(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createTransferContainer(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -331,9 +331,9 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER); return createFilePlanRootContainer(filePlan, TYPE_TRANSFER_CONTAINER, NAME_TRANSFER_CONTAINER);
} }
/** /**
* *
* @param filePlan * @param filePlan
* @param containerType * @param containerType
* @param containerName * @param containerName
@@ -347,9 +347,9 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
throw new AlfrescoRuntimeException("Unable to create file plan root container, because passed node is not a file plan."); throw new AlfrescoRuntimeException("Unable to create file plan root container, because passed node is not a file plan.");
} }
String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan); String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan);
// create the properties map // create the properties map
Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1); Map<QName, Serializable> properties = new HashMap<QName, Serializable>(1);
properties.put(ContentModel.PROP_NAME, containerName); properties.put(ContentModel.PROP_NAME, containerName);
@@ -362,7 +362,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
containerType, containerType,
properties).getChildRef(); properties).getChildRef();
// if (inheritPermissions == false) // if (inheritPermissions == false)
// { // {
// set inheritance to false // set inheritance to false
@@ -370,8 +370,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, allRoles, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); getPermissionService().setPermission(container, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true); getPermissionService().setPermission(container, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
getPermissionService().setPermission(container, "Administrator", RMPermissionModel.FILING, true);
// TODO set the admin users to have filing permissions on the unfiled container!!! // TODO set the admin users to have filing permissions on the unfiled container!!!
// TODO we will need to be able to get a list of the admin roles from the service // TODO we will need to be able to get a list of the admin roles from the service
// } // }
@@ -384,7 +383,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
return container; return container;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map)
*/ */
@@ -393,21 +392,21 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
ParameterCheck.mandatory("parent", parent); ParameterCheck.mandatory("parent", parent);
ParameterCheck.mandatory("name", name); ParameterCheck.mandatory("name", name);
ParameterCheck.mandatory("type", type); ParameterCheck.mandatory("type", type);
// Check the parent is not already an RM component node // Check the parent is not already an RM component node
// ie: you can't create a rm root in an existing rm hierarchy // ie: you can't create a rm root in an existing rm hierarchy
if (isFilePlanComponent(parent) == true) if (isFilePlanComponent(parent) == true)
{ {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_DUP_ROOT)); throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_DUP_ROOT));
} }
// Check that the passed type is a sub-type of rma:filePlan // Check that the passed type is a sub-type of rma:filePlan
if (TYPE_FILE_PLAN.equals(type) == false && if (TYPE_FILE_PLAN.equals(type) == false &&
dictionaryService.isSubClass(type, TYPE_FILE_PLAN) == false) dictionaryService.isSubClass(type, TYPE_FILE_PLAN) == false)
{ {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_ROOT_TYPE, type.toString())); throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_ROOT_TYPE, type.toString()));
} }
// Build map of properties // Build map of properties
Map<QName, Serializable> rmRootProps = new HashMap<QName, Serializable>(1); Map<QName, Serializable> rmRootProps = new HashMap<QName, Serializable>(1);
if (properties != null && properties.size() != 0) if (properties != null && properties.size() != 0)
@@ -415,7 +414,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
rmRootProps.putAll(properties); rmRootProps.putAll(properties);
} }
rmRootProps.put(ContentModel.PROP_NAME, name); rmRootProps.put(ContentModel.PROP_NAME, name);
// Create the root // Create the root
ChildAssociationRef assocRef = nodeService.createNode( ChildAssociationRef assocRef = nodeService.createNode(
parent, parent,
@@ -423,12 +422,12 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, name), QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, name),
type, type,
rmRootProps); rmRootProps);
// TODO do we need to create role and security groups or is this done automatically? // TODO do we need to create role and security groups or is this done automatically?
return assocRef.getChildRef(); return assocRef.getChildRef();
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map)
*/ */
@@ -436,7 +435,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createFilePlan(parent, name, TYPE_FILE_PLAN, properties); return createFilePlan(parent, name, TYPE_FILE_PLAN, properties);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/ */
@@ -444,7 +443,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createFilePlan(parent, name, TYPE_FILE_PLAN, null); return createFilePlan(parent, name, TYPE_FILE_PLAN, null);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createFilePlan(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName)
*/ */
@@ -453,7 +452,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createFilePlan(parent, name, type, null); return createFilePlan(parent, name, type, null);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getNodeRefPath(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getNodeRefPath(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -470,7 +469,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
} }
return nodeRefPath; return nodeRefPath;
} }
/** /**
* Helper method to build a <b>NodeRef</b> path from the node to the RM root * Helper method to build a <b>NodeRef</b> path from the node to the RM root
*/ */
@@ -500,7 +499,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
getNodeRefPathRecursive(nodeRef, nodeRefPath); getNodeRefPathRecursive(nodeRef, nodeRefPath);
} }
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName, java.util.Map)
*/ */
@@ -509,7 +508,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
ParameterCheck.mandatory("parent", parent); ParameterCheck.mandatory("parent", parent);
ParameterCheck.mandatory("name", name); ParameterCheck.mandatory("name", name);
ParameterCheck.mandatory("type", type); ParameterCheck.mandatory("type", type);
// Check that the parent is a container // Check that the parent is a container
QName parentType = nodeService.getType(parent); QName parentType = nodeService.getType(parent);
if (TYPE_RECORDS_MANAGEMENT_CONTAINER.equals(parentType) == false && if (TYPE_RECORDS_MANAGEMENT_CONTAINER.equals(parentType) == false &&
@@ -517,14 +516,14 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_PARENT_TYPE, parentType.toString())); throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_PARENT_TYPE, parentType.toString()));
} }
// Check that the the provided type is a sub-type of rm:recordCategory // Check that the the provided type is a sub-type of rm:recordCategory
if (TYPE_RECORD_CATEGORY.equals(type) == false && if (TYPE_RECORD_CATEGORY.equals(type) == false &&
dictionaryService.isSubClass(type, TYPE_RECORD_CATEGORY) == false) dictionaryService.isSubClass(type, TYPE_RECORD_CATEGORY) == false)
{ {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_TYPE, type.toString())); throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_TYPE, type.toString()));
} }
// Set the properties for the record category // Set the properties for the record category
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1); Map<QName, Serializable> props = new HashMap<QName, Serializable>(1);
if (properties != null && properties.size() != 0) if (properties != null && properties.size() != 0)
@@ -532,7 +531,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
props.putAll(properties); props.putAll(properties);
} }
props.put(ContentModel.PROP_NAME, name); props.put(ContentModel.PROP_NAME, name);
return nodeService.createNode( return nodeService.createNode(
parent, parent,
ContentModel.ASSOC_CONTAINS, ContentModel.ASSOC_CONTAINS,
@@ -540,7 +539,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
type, type,
props).getChildRef(); props).getChildRef();
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/ */
@@ -548,7 +547,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY); return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.util.Map)
*/ */
@@ -556,7 +555,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY, properties); return createRecordCategory(parent, name, TYPE_RECORD_CATEGORY, properties);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#createRecordCategory(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.service.namespace.QName)
*/ */
@@ -564,7 +563,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return createRecordCategory(parent, name, type, null); return createRecordCategory(parent, name, type, null);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -573,7 +572,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getAllContained(container, false); return getAllContained(container, false);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef, boolean) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getAllContained(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/ */
@@ -582,25 +581,25 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getContained(container, null, deep); return getContained(container, null, deep);
} }
/** /**
* Get contained nodes of a particular type. If null return all. * Get contained nodes of a particular type. If null return all.
* *
* @param container container node reference * @param container container node reference
* @param typeFilter type filter, null if none * @param typeFilter type filter, null if none
* @return {@link List}<{@link NodeRef> list of contained node references * @return {@link List}<{@link NodeRef> list of contained node references
*/ */
private List<NodeRef> getContained(NodeRef container, QName typeFilter, boolean deep) private List<NodeRef> getContained(NodeRef container, QName typeFilter, boolean deep)
{ {
// Parameter check // Parameter check
ParameterCheck.mandatory("container", container); ParameterCheck.mandatory("container", container);
// Check we have a container in our hands // Check we have a container in our hands
if (isRecordCategory(container) == false) if (isRecordCategory(container) == false)
{ {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_EXPECTED)); throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_CONTAINER_EXPECTED));
} }
List<NodeRef> result = new ArrayList<NodeRef>(1); List<NodeRef> result = new ArrayList<NodeRef>(1);
List<ChildAssociationRef> assocs = this.nodeService.getChildAssocs(container, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); List<ChildAssociationRef> assocs = this.nodeService.getChildAssocs(container, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef assoc : assocs) for (ChildAssociationRef assoc : assocs)
@@ -613,7 +612,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
result.add(child); result.add(child);
} }
// Inspect the containers and add children if deep // Inspect the containers and add children if deep
if (deep == true && if (deep == true &&
(TYPE_RECORD_CATEGORY.equals(childType) == true || (TYPE_RECORD_CATEGORY.equals(childType) == true ||
@@ -622,10 +621,10 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
result.addAll(getContained(child, typeFilter, deep)); result.addAll(getContained(child, typeFilter, deep));
} }
} }
return result; return result;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -634,7 +633,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getContainedRecordCategories(container, false); return getContainedRecordCategories(container, false);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef, boolean) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordCategories(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/ */
@@ -643,7 +642,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getContained(container, TYPE_RECORD_CATEGORY, deep); return getContained(container, TYPE_RECORD_CATEGORY, deep);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -652,7 +651,7 @@ public class FilePlanServiceImpl extends ServiceBaseImpl
{ {
return getContainedRecordFolders(container, false); return getContainedRecordFolders(container, false);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef, boolean) * @see org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService#getContainedRecordFolders(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/ */

293
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -18,6 +18,8 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.security; package org.alfresco.module.org_alfresco_module_rm.security;
import static org.apache.commons.lang.BooleanUtils.isTrue;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@@ -48,7 +50,7 @@ import org.apache.commons.logging.LogFactory;
/** /**
* File plan permission service. * File plan permission service.
* *
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.1 * @since 2.1
*/ */
@@ -64,16 +66,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
/** Records management service */ /** Records management service */
protected RecordsManagementService recordsManagementService; protected RecordsManagementService recordsManagementService;
/** File plan service */ /** File plan service */
protected FilePlanService filePlanService; protected FilePlanService filePlanService;
/** Record service */ /** Record service */
protected RecordService recordService; protected RecordService recordService;
/** Logger */ /** Logger */
protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class); protected static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
/** /**
* Initialisation method * Initialisation method
*/ */
@@ -88,23 +90,23 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
TYPE_RECORD_FOLDER, TYPE_RECORD_FOLDER,
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnAddAspectPolicy.QNAME, NodeServicePolicies.OnAddAspectPolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onAddRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnMoveNodePolicy.QNAME, NodeServicePolicies.OnMoveNodePolicy.QNAME,
ASPECT_RECORD, ASPECT_RECORD,
new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onMoveRecord", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME, NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_HOLD, TYPE_HOLD,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
policyComponent.bindClassBehaviour( policyComponent.bindClassBehaviour(
NodeServicePolicies.OnCreateNodePolicy.QNAME, NodeServicePolicies.OnCreateNodePolicy.QNAME,
TYPE_TRANSFER, TYPE_TRANSFER,
new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT)); new JavaBehaviour(this, "onCreateHoldTransfer", NotificationFrequency.TRANSACTION_COMMIT));
} }
/** /**
* @param permissionService permission service * @param permissionService permission service
*/ */
@@ -112,7 +114,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
this.permissionService = permissionService; this.permissionService = permissionService;
} }
/** /**
* @param nodeService node service * @param nodeService node service
*/ */
@@ -120,7 +122,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
this.nodeService = nodeService; this.nodeService = nodeService;
} }
/** /**
* @param policyComponent policy component * @param policyComponent policy component
*/ */
@@ -128,7 +130,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
this.policyComponent = policyComponent; this.policyComponent = policyComponent;
} }
/** /**
* @param recordsManagementService records management service * @param recordsManagementService records management service
*/ */
@@ -136,7 +138,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
this.recordsManagementService = recordsManagementService; this.recordsManagementService = recordsManagementService;
} }
/** /**
* @param filePlanService file plan service * @param filePlanService file plan service
*/ */
@@ -144,7 +146,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
this.filePlanService = filePlanService; this.filePlanService = filePlanService;
} }
/** /**
* @param recordService record service * @param recordService record service
*/ */
@@ -156,48 +158,46 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
/** /**
* @param childAssocRef * @param childAssocRef
*/ */
public void onCreateRMContainer(ChildAssociationRef childAssocRef) public void onCreateRMContainer(final ChildAssociationRef childAssocRef)
{ {
final NodeRef recordCategory = childAssocRef.getChildRef();
setUpPermissions(recordCategory);
// Pull any permissions found on the parent (ie the record category) // Pull any permissions found on the parent (ie the record category)
final NodeRef parentNodeRef = childAssocRef.getParentRef(); final NodeRef parentNodeRef = childAssocRef.getParentRef();
if (parentNodeRef != null && nodeService.exists(parentNodeRef) == true) if (parentNodeRef != null && nodeService.exists(parentNodeRef))
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{ {
public Object doWork() public Object doWork()
{ {
boolean fillingOnly = false; NodeRef recordCategory = childAssocRef.getChildRef();
if (filePlanService.isFilePlan(parentNodeRef) == true) boolean isParentNodeFilePlan = filePlanService.isFilePlan(parentNodeRef);
{ setUpPermissions(recordCategory, isParentNodeFilePlan);
fillingOnly = true;
}
// since this is not a root category, inherit from parent // since this is not a root category, inherit from parent
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parentNodeRef); if (isParentNodeFilePlan)
for (AccessPermission perm : perms)
{ {
if (fillingOnly == false || Set<AccessPermission> perms = permissionService.getAllSetPermissions(parentNodeRef);
RMPermissionModel.FILING.equals(perm.getPermission()) == true) for (AccessPermission perm : perms)
{ {
AccessStatus accessStatus = perm.getAccessStatus(); if (RMPermissionModel.FILING.equals(perm.getPermission()))
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{ {
allow = true; AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus))
{
allow = true;
}
permissionService.setPermission(
recordCategory,
perm.getAuthority(),
perm.getPermission(),
allow);
} }
permissionService.setPermission(
recordCategory,
perm.getAuthority(),
perm.getPermission(),
allow);
} }
} }
return null; return null;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
} }
@@ -208,13 +208,14 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
public void onCreateRecordFolder(ChildAssociationRef childAssocRef) public void onCreateRecordFolder(ChildAssociationRef childAssocRef)
{ {
final NodeRef folderNodeRef = childAssocRef.getChildRef(); final NodeRef folderNodeRef = childAssocRef.getChildRef();
// initialise the permissions // initialise the permissions
setUpPermissions(folderNodeRef); setUpPermissions(folderNodeRef);
// Pull any permissions found on the parent (ie the record category) // Pull any permissions found on the parent (ie the record category)
final NodeRef catNodeRef = childAssocRef.getParentRef(); final NodeRef catNodeRef = childAssocRef.getParentRef();
if (nodeService.exists(catNodeRef) == true) if (!permissionService.getInheritParentPermissions(folderNodeRef) &&
nodeService.exists(catNodeRef))
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{ {
@@ -223,8 +224,8 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef); Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef);
for (AccessPermission perm : perms) for (AccessPermission perm : perms)
{ {
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
{ {
AccessStatus accessStatus = perm.getAccessStatus(); AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false; boolean allow = false;
@@ -245,12 +246,12 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
} }
/** /**
* Sets ups records permission when aspect is added. * Sets ups records permission when aspect is added.
* *
* @see NodeServicePolicies.OnAddAspectPolicy#onAddAspect(NodeRef, QName) * @see NodeServicePolicies.OnAddAspectPolicy#onAddAspect(NodeRef, QName)
* *
* @param record * @param record
* @param aspectTypeQName * @param aspectTypeQName
*/ */
@@ -262,18 +263,18 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true) if (nodeService.exists(record) == true && nodeService.hasAspect(record, aspectTypeQName) == true)
{ {
NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef(); NodeRef recordFolder = nodeService.getPrimaryParent(record).getParentRef();
initialiseRecordPermissions(record, recordFolder); initialiseRecordPermissions(record, recordFolder);
} }
return null; return null;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/** /**
* Sets up permissions for transfer and hold objects * Sets up permissions for transfer and hold objects
* *
* @param childAssocRef * @param childAssocRef
*/ */
public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef) public void onCreateHoldTransfer(final ChildAssociationRef childAssocRef)
@@ -286,7 +287,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
if (nodeService.exists(nodeRef) == true) if (nodeService.exists(nodeRef) == true)
{ {
setUpPermissions(nodeRef); setUpPermissions(nodeRef);
NodeRef parent = childAssocRef.getParentRef(); NodeRef parent = childAssocRef.getParentRef();
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent); Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
for (AccessPermission perm : perms) for (AccessPermission perm : perms)
@@ -308,49 +309,51 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
} }
} }
} }
return null; return null;
} }
}); });
} }
/** /**
* Initialise the record permissions for the given parent. * Initialise the record permissions for the given parent.
* *
* NOTE: method is public so it can be accessed via the associated patch bean. * NOTE: method is public so it can be accessed via the associated patch bean.
* *
* @param record record * @param record record
* @param parent records permission parent * @param parent records permission parent
*/ */
public void initialiseRecordPermissions(NodeRef record, NodeRef parent) public void initialiseRecordPermissions(NodeRef record, NodeRef parent)
{ {
setUpPermissions(record); setUpPermissions(record);
Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent); if (!permissionService.getInheritParentPermissions(record))
for (AccessPermission perm : perms)
{ {
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false && Set<AccessPermission> perms = permissionService.getAllSetPermissions(parent);
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) for (AccessPermission perm : perms)
{ {
AccessStatus accessStatus = perm.getAccessStatus(); if (!ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) &&
boolean allow = false; !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()))
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{ {
allow = true; AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
} }
permissionService.setPermission(
record,
perm.getAuthority(),
perm.getPermission(),
allow);
} }
} }
} }
/** /**
* onMoveRecord behaviour * onMoveRecord behaviour
* *
* @param sourceAssocRef source association reference * @param sourceAssocRef source association reference
* @param destinationAssocRef destination association reference * @param destinationAssocRef destination association reference
*/ */
@@ -364,7 +367,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true) if (nodeService.exists(record) == true && nodeService.hasAspect(record, ASPECT_RECORD) == true)
{ {
Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5); Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
// record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent) // record any permissions specifically set on the record (ie any filling or record_file permisions not on the parent)
Set<AccessPermission> origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef()); Set<AccessPermission> origionalParentPerms = permissionService.getAllSetPermissions(sourceAssocRef.getParentRef());
Set<AccessPermission> origionalRecordPerms= permissionService.getAllSetPermissions(record); Set<AccessPermission> origionalRecordPerms= permissionService.getAllSetPermissions(record);
@@ -374,7 +377,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false) ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(perm.getAuthority()) == false)
{ {
if ((perm.getPermission().equals(RMPermissionModel.FILING) == true || if ((perm.getPermission().equals(RMPermissionModel.FILING) == true ||
perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) && perm.getPermission().equals(RMPermissionModel.FILE_RECORDS) == true) &&
origionalParentPerms.contains(perm) == false) origionalParentPerms.contains(perm) == false)
{ {
// then we can assume this is a permission we want to preserve // then we can assume this is a permission we want to preserve
@@ -382,20 +385,20 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
} }
} }
} }
// clear all existing permissions and start again // clear all existing permissions and start again
permissionService.deletePermissions(record); permissionService.deletePermissions(record);
// re-setup the records permissions // re-setup the records permissions
initialiseRecordPermissions(record, destinationAssocRef.getParentRef()); initialiseRecordPermissions(record, destinationAssocRef.getParentRef());
// re-add keep'er permissions // re-add keep'er permissions
for (AccessPermission keeper : keepPerms) for (AccessPermission keeper : keepPerms)
{ {
setPermission(record, keeper.getAuthority(), keeper.getPermission()); setPermission(record, keeper.getAuthority(), keeper.getPermission());
} }
} }
return null; return null;
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
@@ -407,14 +410,19 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/ */
public void setUpPermissions(final NodeRef nodeRef) public void setUpPermissions(final NodeRef nodeRef)
{ {
if (nodeService.exists(nodeRef) == true) setUpPermissions(nodeRef, null);
}
private void setUpPermissions(final NodeRef nodeRef, final Boolean isParentNodeFilePlan)
{
if (nodeService.exists(nodeRef))
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{ {
public Object doWork() public Object doWork()
{ {
// break inheritance // break inheritance
permissionService.setInheritParentPermissions(nodeRef, false); permissionService.setInheritParentPermissions(nodeRef, isInheritanceAllowed(nodeRef, isParentNodeFilePlan));
// set extended reader permissions // set extended reader permissions
permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true); permissionService.setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
@@ -424,7 +432,12 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
} }
private boolean isInheritanceAllowed(NodeRef nodeRef, Boolean isParentNodeFilePlan)
{
return !(isFilePlan(nodeRef) || isHold(nodeRef) || isTransfer(nodeRef) || (isRecordCategory(nodeRef) && isTrue(isParentNodeFilePlan)));
}
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, boolean) * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, boolean)
@@ -439,20 +452,16 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
public Boolean doWork() throws Exception public Boolean doWork() throws Exception
{ {
if (filePlanService.isFilePlan(nodeRef) == true) if (filePlanService.isFilePlan(nodeRef) ||
filePlanService.isFilePlanContainer(nodeRef) ||
recordsManagementService.isRecordFolder(nodeRef) ||
recordService.isRecord(nodeRef))
{ {
setPermissionDown(nodeRef, authority, permission);
}
else if (filePlanService.isFilePlanContainer(nodeRef) == true ||
recordsManagementService.isRecordFolder(nodeRef) == true ||
recordService.isRecord(nodeRef) == true)
{
setReadPermissionUp(nodeRef, authority);
setPermissionDown(nodeRef, authority, permission); setPermissionDown(nodeRef, authority, permission);
} }
else else
{ {
if (logger.isWarnEnabled() == true) if (logger.isWarnEnabled())
{ {
logger.warn("Setting permissions for this node is not supported. (nodeRef=" + nodeRef + ", authority=" + authority + ", permission=" + permission + ")"); logger.warn("Setting permissions for this node is not supported. (nodeRef=" + nodeRef + ", authority=" + authority + ", permission=" + permission + ")");
} }
@@ -463,38 +472,6 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/**
* Helper method to set the read permission up the hierarchy
*
* @param nodeRef node reference
* @param authority authority
*/
private void setReadPermissionUp(NodeRef nodeRef, String authority)
{
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null && filePlanService.isFilePlanComponent(parent) == true)
{
setReadPermissionUpImpl(parent, authority);
}
}
/**
* Helper method used to set the read permission up the hierarchy
*
* @param nodeRef node reference
* @param authority authority
*/
private void setReadPermissionUpImpl(NodeRef nodeRef, String authority)
{
setPermissionImpl(nodeRef, authority, RMPermissionModel.READ_RECORDS);
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
if (parent != null && filePlanService.isFilePlanComponent(parent) == true)
{
setReadPermissionUpImpl(parent, authority);
}
}
/** /**
* Helper method to set the permission down the hierarchy * Helper method to set the permission down the hierarchy
* *
@@ -504,27 +481,25 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
*/ */
private void setPermissionDown(NodeRef nodeRef, String authority, String permission) private void setPermissionDown(NodeRef nodeRef, String authority, String permission)
{ {
// set permissions
setPermissionImpl(nodeRef, authority, permission);
// skip out node's that inherit (for example hold and transfer) // skip out node's that inherit (for example hold and transfer)
if (permissionService.getInheritParentPermissions(nodeRef) == false) if (!permissionService.getInheritParentPermissions(nodeRef) &&
(filePlanService.isFilePlanContainer(nodeRef) ||
recordsManagementService.isRecordFolder(nodeRef)))
{ {
// set permissions List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
setPermissionImpl(nodeRef, authority, permission); for (ChildAssociationRef assoc : assocs)
{
if (filePlanService.isFilePlanContainer(nodeRef) == true || NodeRef child = assoc.getChildRef();
recordsManagementService.isRecordFolder(nodeRef) == true) if (filePlanService.isFilePlanContainer(child) ||
{ recordsManagementService.isRecordFolder(child) ||
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); recordService.isRecord(child) ||
for (ChildAssociationRef assoc : assocs) instanceOf(child, TYPE_HOLD) ||
instanceOf(child, TYPE_TRANSFER))
{ {
NodeRef child = assoc.getChildRef(); setPermissionDown(child, authority, permission);
if (filePlanService.isFilePlanContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
recordService.isRecord(child) == true ||
instanceOf(child, TYPE_HOLD) == true ||
instanceOf(child, TYPE_TRANSFER) == true)
{
setPermissionDown(child, authority, permission);
}
} }
} }
} }
@@ -557,27 +532,25 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
{ {
public Boolean doWork() throws Exception public Boolean doWork() throws Exception
{ {
// Delete permission on this node
permissionService.deletePermission(nodeRef, authority, permission);
// can't delete permissions if inherited (eg hold and transfer containers) // can't delete permissions if inherited (eg hold and transfer containers)
if (permissionService.getInheritParentPermissions(nodeRef) == false) if (!permissionService.getInheritParentPermissions(nodeRef) &&
(filePlanService.isFilePlanContainer(nodeRef) ||
recordsManagementService.isRecordFolder(nodeRef)))
{ {
// Delete permission on this node List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL);
permissionService.deletePermission(nodeRef, authority, permission); for (ChildAssociationRef assoc : assocs)
if (filePlanService.isFilePlanContainer(nodeRef) == true ||
recordsManagementService.isRecordFolder(nodeRef) == true)
{ {
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ContentModel.ASSOC_CONTAINS, RegexQNamePattern.MATCH_ALL); NodeRef child = assoc.getChildRef();
for (ChildAssociationRef assoc : assocs) if (filePlanService.isFilePlanContainer(child) ||
recordsManagementService.isRecordFolder(child) ||
recordService.isRecord(child)||
instanceOf(child, TYPE_HOLD) ||
instanceOf(child, TYPE_TRANSFER))
{ {
NodeRef child = assoc.getChildRef(); deletePermission(child, authority, permission);
if (filePlanService.isFilePlanContainer(child) == true ||
recordsManagementService.isRecordFolder(child) == true ||
recordService.isRecord(child) == true||
instanceOf(child, TYPE_HOLD) == true ||
instanceOf(child, TYPE_TRANSFER) == true)
{
deletePermission(child, authority, permission);
}
} }
} }
} }

168
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/FilePlanPermissionServiceImplTest.java
View File

@@ -28,7 +28,7 @@ import org.springframework.extensions.webscripts.GUID;
/** /**
* File plan permission service unit test * File plan permission service unit test
* *
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.1 * @since 2.1
*/ */
@@ -42,16 +42,16 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
{ {
return true; return true;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest() * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isRecordTest()
*/ */
@Override @Override
protected boolean isRecordTest() protected boolean isRecordTest()
{ {
return true; return true;
} }
/** /**
* Helper to create test user * Helper to create test user
*/ */
@@ -69,7 +69,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
} }
}, AuthenticationUtil.getSystemUserName()); }, AuthenticationUtil.getSystemUserName());
} }
/** /**
* Helper to set permission * Helper to set permission
*/ */
@@ -83,9 +83,9 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
filePlanPermissionService.setPermission(nodeRef, userName, permission); filePlanPermissionService.setPermission(nodeRef, userName, permission);
return null; return null;
} }
}); });
} }
/** /**
* Helper to delete permission * Helper to delete permission
*/ */
@@ -99,17 +99,17 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
filePlanPermissionService.deletePermission(nodeRef, userName, permission); filePlanPermissionService.deletePermission(nodeRef, userName, permission);
return null; return null;
} }
}); });
} }
/** /**
* test set/delete permissions on file plan * test set/delete permissions on file plan
*/ */
public void testSetDeletePermissionFilePlan() throws Exception public void testSetDeletePermissionFilePlan() throws Exception
{ {
String userName = createTestUser(); String userName = createTestUser();
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -118,10 +118,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
setPermission(filePlan, userName, RMPermissionModel.FILING); setPermission(filePlan, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.ALLOWED, // fileplan file AccessStatus.ALLOWED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.ALLOWED, // category read
@@ -130,10 +130,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
deletePermission(filePlan, userName, RMPermissionModel.FILING); deletePermission(filePlan, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -142,12 +142,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
//what happens if we try and remove READ for a normal user on the file plan ??? //what happens if we try and remove READ for a normal user on the file plan ???
deletePermission(filePlan, userName, RMPermissionModel.READ_RECORDS); deletePermission(filePlan, userName, RMPermissionModel.READ_RECORDS);
// nothing .. user still has read on file plan .. only removing the user from all roles will remove read on file plan // nothing .. user still has read on file plan .. only removing the user from all roles will remove read on file plan
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -157,15 +157,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
} }
/** /**
* Test set/delete permission on record categorty * Test set/delete permission on record categorty
*/ */
public void testSetDeletePermissionRecordCategory() throws Exception public void testSetDeletePermissionRecordCategory() throws Exception
{ {
String userName = createTestUser(); String userName = createTestUser();
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -174,10 +174,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
setPermission(rmContainer, userName, RMPermissionModel.FILING); setPermission(rmContainer, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.ALLOWED, // category read
@@ -186,10 +186,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
deletePermission(rmContainer, userName, RMPermissionModel.FILING); deletePermission(rmContainer, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -199,15 +199,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
} }
/** /**
* Test set/delete permission on record folder * Test set/delete permission on record folder
*/ */
public void testSetDeletePermissionRecordFolder() throws Exception public void testSetDeletePermissionRecordFolder() throws Exception
{ {
String userName = createTestUser(); String userName = createTestUser();
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -216,40 +216,40 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
setPermission(rmFolder, userName, RMPermissionModel.FILING); setPermission(rmFolder, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
deletePermission(rmFolder, userName, RMPermissionModel.FILING); deletePermission(rmFolder, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
} }
/** /**
* Test set/delete permission on record * Test set/delete permission on record
*/ */
public void testSetDeletePermissionRecord() throws Exception public void testSetDeletePermissionRecord() throws Exception
{ {
String userName = createTestUser(); String userName = createTestUser();
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -258,48 +258,48 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
setPermission(recordOne, userName, RMPermissionModel.FILING); setPermission(recordOne, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
deletePermission(recordOne, userName, RMPermissionModel.FILING); deletePermission(recordOne, userName, RMPermissionModel.FILING);
assertPermissions(userName, assertPermissions(userName,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.DENIED, // record read AccessStatus.DENIED, // record read
AccessStatus.DENIED); // record file AccessStatus.DENIED); // record file
} }
public void testMoveRecord() throws Exception public void testMoveRecord() throws Exception
{ {
String userOne = createTestUser(); String userOne = createTestUser();
String userTwo = createTestUser(); String userTwo = createTestUser();
String userThree = createTestUser(); String userThree = createTestUser();
final NodeRef otherFolder = doTestInTransaction(new Test<NodeRef>() final NodeRef otherFolder = doTestInTransaction(new Test<NodeRef>()
{ {
@Override @Override
public NodeRef run() public NodeRef run()
{ {
return rmService.createRecordFolder(rmContainer, "otherFolder"); return rmService.createRecordFolder(rmContainer, "otherFolder");
} }
}); });
assertPermissions(userOne, assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -318,7 +318,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userOne); }, userOne);
assertPermissions(userTwo, assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -337,7 +337,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userTwo); }, userTwo);
assertPermissions(userThree, assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.DENIED, // category read AccessStatus.DENIED, // category read
@@ -356,15 +356,15 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userThree); }, userThree);
setPermission(rmFolder, userOne, RMPermissionModel.FILING); setPermission(rmFolder, userOne, RMPermissionModel.FILING);
setPermission(otherFolder, userTwo, RMPermissionModel.FILING); setPermission(otherFolder, userTwo, RMPermissionModel.FILING);
setPermission(recordOne, userThree, RMPermissionModel.FILING); setPermission(recordOne, userThree, RMPermissionModel.FILING);
assertPermissions(userOne, assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record folder file
@@ -380,10 +380,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userOne); }, userOne);
assertPermissions(userTwo, assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
@@ -399,12 +399,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userTwo); }, userTwo);
assertPermissions(userThree, assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
@@ -418,7 +418,7 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userThree); }, userThree);
// move the record! // move the record!
doTestInTransaction(new Test<Void>() doTestInTransaction(new Test<Void>()
{ {
@@ -429,11 +429,11 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}); });
assertPermissions(userOne, assertPermissions(userOne,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.ALLOWED, // record folder read
AccessStatus.ALLOWED, // record folder file AccessStatus.ALLOWED, // record folder file
@@ -449,10 +449,10 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userOne); }, userOne);
assertPermissions(userTwo, assertPermissions(userTwo,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.DENIED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
@@ -468,12 +468,12 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
return null; return null;
} }
}, userTwo); }, userTwo);
assertPermissions(userThree, assertPermissions(userThree,
AccessStatus.ALLOWED, // fileplan read AccessStatus.ALLOWED, // fileplan read
AccessStatus.DENIED, // fileplan file AccessStatus.DENIED, // fileplan file
AccessStatus.ALLOWED, // category read AccessStatus.DENIED, // category read
AccessStatus.DENIED, // category file AccessStatus.DENIED, // category file
AccessStatus.ALLOWED, // record folder read AccessStatus.DENIED, // record folder read
AccessStatus.DENIED, // record folder file AccessStatus.DENIED, // record folder file
AccessStatus.ALLOWED, // record read AccessStatus.ALLOWED, // record read
AccessStatus.ALLOWED); // record file AccessStatus.ALLOWED); // record file
@@ -482,43 +482,43 @@ public class FilePlanPermissionServiceImplTest extends BaseRMTestCase
@Override @Override
public Void run() public Void run()
{ {
assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING)); assertEquals(AccessStatus.DENIED, permissionService.hasPermission(otherFolder, RMPermissionModel.FILING));
return null; return null;
} }
}, userThree); }, userThree);
} }
/** /**
* Helper to assert permissions for passed user * Helper to assert permissions for passed user
*/ */
private void assertPermissions(final String userName, final AccessStatus ... accessStatus) private void assertPermissions(final String userName, final AccessStatus ... accessStatus)
{ {
assertEquals(8, accessStatus.length); assertEquals(8, accessStatus.length);
doTestInTransaction(new Test<Void>() doTestInTransaction(new Test<Void>()
{ {
@Override @Override
public Void run() public Void run()
{ {
assertEquals("Everyone who has a role has read permissions on the file plan", assertEquals("Everyone who has a role has read permissions on the file plan",
accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS)); accessStatus[0], permissionService.hasPermission(filePlan, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING)); assertEquals(accessStatus[1], permissionService.hasPermission(filePlan, RMPermissionModel.FILING));
assertEquals(accessStatus[2], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[2], permissionService.hasPermission(rmContainer, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[3], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING)); assertEquals(accessStatus[3], permissionService.hasPermission(rmContainer, RMPermissionModel.FILING));
assertEquals(accessStatus[4], permissionService.hasPermission(rmFolder, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[4], permissionService.hasPermission(rmFolder, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[5], permissionService.hasPermission(rmFolder, RMPermissionModel.FILING)); assertEquals(accessStatus[5], permissionService.hasPermission(rmFolder, RMPermissionModel.FILING));
assertEquals(accessStatus[6], permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS)); assertEquals(accessStatus[6], permissionService.hasPermission(recordOne, RMPermissionModel.READ_RECORDS));
assertEquals(accessStatus[7], permissionService.hasPermission(recordOne, RMPermissionModel.FILING)); assertEquals(accessStatus[7], permissionService.hasPermission(recordOne, RMPermissionModel.FILING));
return null; return null;
} }
}, userName); }, userName);
} }
} }