inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-22 15:12:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.1.N (5.1.1) to HEAD (5.1)

Browse Source 
- Merges from 5.1.0 (when it was 5.1) that did not make it to HEAD:
     122506,122513,123118-123119
   - RECORD ONLY Merges from HEAD: 119613-119617,119622,119706-119708,
     119752-119753,120076-120078,120116,120166-120178,120182-120183,
     120185-120193,120197-120201,120378-120385,120387,120431,120526,
     120604-120625,120832-120842,120844-120849,120977-120982,121142-121144,
     121313,121347-121348,121410,121412-121417,121684-121687,121802-121805,
     121810-121815,121861,122287,122342,122361,122439-122441,122579,122921
   - RECORD ONLY merges: 119602,119821-119822,119849,120065,120107,
     120159,120260,120295,120339,120342,120371,120411-120412,120524,120527,
     120696-120697,120705,120720,120746,120761,120819,120822,120893,
     120935-120936,120993,121045,121119,121121,121132,121156-121157,
     121299,121301,121309,121394,121408,121442,121481,121624,121626,
     121672,121675,121692,121753,121795,121798,121852,121898,121981,
     122030,122088,122114,122142,122213,122215,122217,122277,122340,
     122343,122426,122487,122552,122554,122607,122654,122734,122861,
     122906,122982,122985,122988,122996,123014,123031,123090,
     123115-123117,123120    
   - Merge from 5.1.N of fix that should have gone into 5.1 (found because of conflict on merge)
     123128: ACE-5155 Garbled message in patch-service.properties


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@123129 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-03-04 18:14:23 +00:00
parent 0845c93af0
commit c6f0ce491f
11 changed files with 392 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/dbscripts/db-schema-context.xml
View File

@@ -88,6 +88,7 @@
<ref bean="patch.db-V5.0-upgrade-to-activiti-5.16.4" />
<ref bean="patch.db-V5.0-remove-columns-after-upgrade-to-activiti-5.16.2" />
<ref bean="patch.db-V5.0-update-activiti-default-timestamp-column" />
<ref bean="patch.db-V5.0-activiti-correct-tenant-id-MSSQL" />
<ref bean="patch.db-V5.1-upgrade-to-activiti-5.19.0" />
</list>
</property>

23
config/alfresco/dbscripts/upgrade/5.0/org.hibernate.dialect.Dialect/activiti-correct-tenant-id-MSSQL.sql Normal file
View File

@@ -0,0 +1,23 @@
--
-- Title: Correct Tenant Id after Patch 8004
-- Database: SQLServer
-- Since: V5.0 Schema 8045
-- Author: Mark Rogers
--
-- Please contact support@alfresco.com if you need assistance with the upgrade.
--
-- Changes the value of TENANT_ID on MS SqlServer after patch 8004
-- No Op on platforms other than SQLServer
--
-- Record script finish
--
DELETE FROM alf_applied_patch WHERE id = 'patch.db-V5.0-activiti-correct-tenant-id-MSSQL';
INSERT INTO alf_applied_patch
(id, description, fixes_from_schema, fixes_to_schema, applied_to_schema, target_schema, applied_on_date, applied_to_server, was_executed, succeeded, report)
VALUES
(
'patch.db-V5.0-activiti-correct-tenant-id-MSSQL', 'Manually executed script upgrade V5.0: patch.db-V5.0-activiti-correct-tenant-id-MSSQL',
0, 8045, -1, 8046, null, 'UNKNOWN', ${TRUE}, ${TRUE}, 'Script completed'
);

5
config/alfresco/messages/patch-service.properties
View File

@@ -372,7 +372,7 @@ patch.downloadsFolder.description=Ensures the Syste Downloads folder exists.
patch.downloadsFolder.result.exists=The System Downloads folder already exists.
patch.downloadsFolder.result.created=The System Downloads folder was created.
patch.db-V5.1-metadata-query-indexes.description=Add additional indexes to support transactional metadata query direct to the database.>>>>>>> .merge-right.r99951
patch.db-V5.1-metadata-query-indexes.description=Add additional indexes to support transactional metadata query direct to the database.
patch.alfrescoModelAdministrators.description=Adds the 'GROUP_ALFRESCO_MODEL_ADMINISTRATORS' group
@@ -387,3 +387,6 @@ patch.addSurfConfigFolders.description=Adds 'cm:extensions' and 'cm:module-deplo
patch.spacesBootstrapSmartDownloadFolder.description=Adds Smart Download Folder in Data Dictionary.
patch.spacesBootstrapSmartTemplatesFolder.description=Adds Smart Templates Folder in Data Dictionary.
patch.spacesBootstrapSmartFolderExample.description=Adds smartFoldersExample.json file in Smart Templates Folder.
patch.db-v4.2-migrate-activiti-workflows.description=Migrated workflow variables into newly created table.
patch.db-V5.0-activiti-correct-tenant-id-MSSQL.description=Update Tenant ID column in Activiti for MSSQL

12
config/alfresco/patch/patch-services-context.xml
View File

@@ -1414,4 +1414,16 @@
</list>
</property>
</bean>
<bean id="patch.db-V5.0-activiti-correct-tenant-id-MSSQL" class="org.alfresco.repo.admin.patch.impl.SchemaUpgradeScriptPatch" parent="basePatch">
<property name="id" value="patch.db-V5.0-activiti-correct-tenant-id-MSSQL" />
<property name="description" value="patch.db-V5.0-activiti-correct-tenant-id-MSSQL.description" />
<property name="fixesFromSchema" value="0" />
<property name="fixesToSchema" value="9028" />
<property name="targetSchema" value="9029" />
<property name="scriptUrl">
<value>classpath:alfresco/dbscripts/upgrade/5.0/${db.script.dialect}/activiti-correct-tenant-id-MSSQL.sql</value>
</property>
</bean>
</beans>

2
config/alfresco/version.properties
View File

@@ -23,4 +23,4 @@ version.build=r@scm-revision@-b@build-number@
# Schema number
version.schema=9016
version.schema=9017

6
source/java/org/alfresco/repo/virtual/ActualEnvironment.java
View File

@@ -102,9 +102,11 @@ public interface ActualEnvironment
FileInfo create(NodeRef parentNodeRef, String name, QName typeQName) throws FileExistsException;
ContentWriter getWriter(NodeRef nodeRef, QName propertyQName, boolean update)
throws InvalidNodeRefException, InvalidTypeException;
ContentWriter getWriter(NodeRef nodeRef, QName propertyQName, boolean update) throws InvalidNodeRefException,
InvalidTypeException;
void addAspect(NodeRef nodeRef, QName aspectTypeQName, Map<QName, Serializable> aspectProperties)
throws InvalidNodeRefException, InvalidAspectException;
boolean hasPermission(NodeRef nodeRef, String perm);
}

8
source/java/org/alfresco/repo/virtual/AlfrescoEnviroment.java
View File

@@ -44,6 +44,7 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.Path;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.QNamePattern;
@@ -299,4 +300,11 @@ public class AlfrescoEnviroment implements ActualEnvironment
Resource resource = resolver.getResource("classpath:" + classpath);
return resource.exists();
}
@Override
public boolean hasPermission(NodeRef nodeRef, String perm)
{
return apiFacet.getPermissionService().hasPermission(nodeRef,
perm).equals(AccessStatus.ALLOWED);
}
}

3
source/java/org/alfresco/repo/virtual/bundle/VirtualPermissionServiceExtension.java
View File

@@ -208,9 +208,12 @@ public class VirtualPermissionServiceExtension extends
NodeRef nodeToAdhereTo = smartStore.adhere(reference,
VirtualStore.FILING_OR_MATERIAL_ADHERENCE);
if (logger.isDebugEnabled())
{
if (nodeToAdhereTo == null)
{
logger.debug("Could not establish permission adherence for " + reference.toString());
}
}
return nodeToAdhereTo;
}

24
source/java/org/alfresco/repo/virtual/template/TemplateFilingRule.java
View File

@@ -33,6 +33,7 @@ import org.alfresco.repo.virtual.config.NodeRefPathExpression;
import org.alfresco.repo.virtual.ref.GetActualNodeRefMethod;
import org.alfresco.repo.virtual.ref.Reference;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.ISO9075;
@@ -59,7 +60,6 @@ public class TemplateFilingRule implements FilingRule
private Map<String, String> stringProperties;
public TemplateFilingRule(ActualEnvironment environment, String path, String type, Set<String> aspects,
Map<String, String> properties)
{
@@ -176,7 +176,6 @@ public class TemplateFilingRule implements FilingRule
}
else
{
String[] pathElements = NodeRefPathExpression.splitAndNormalizePath(path);
for (int i = 0; i < pathElements.length; i++)
{
@@ -185,6 +184,27 @@ public class TemplateFilingRule implements FilingRule
fParentRef = env.findQNamePath(pathElements);
}
boolean noReadPermissions = false;
if (fParentRef != null && !env.hasPermission(fParentRef,
PermissionService.READ_PERMISSIONS))
{
fParentRef = null;
noReadPermissions = true;
}
if (logger.isDebugEnabled())
{
if (fParentRef == null)
{
if (noReadPermissions)
{
logger.debug("Current user does not have READ_PERMISSIONS for filing path" + path + ".");
}
else
{
logger.debug("The filing path " + path + " doesn't exist.");
}
}
}
if (failIfNotFound && fParentRef == null)
{
throw new VirtualizationException("The filing path " + path + " could not be resolved.");

270
source/test-java/org/alfresco/repo/virtual/bundle/VirtualPermissionServiceExtensionTest.java
View File

@@ -27,7 +27,6 @@ import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.jscript.ScriptNode;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
@@ -36,13 +35,13 @@ import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.virtual.VirtualizationIntegrationTest;
import org.alfresco.repo.virtual.store.VirtualStoreImpl;
import org.alfresco.repo.virtual.store.VirtualUserPermissions;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.Path;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.junit.Test;
public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegrationTest
@@ -62,6 +61,16 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
/** original user permissions to be restored on tear down */
private VirtualUserPermissions savedUserPermissions;
private NodeRef testSiteFolder = null, smartFolder = null, contributionDocsFolder = null;
private SiteService siteService;
private String sName = "mytestsite_ace_5162";
private NodeRef myContentSMF;
private NodeRef contributionsSMF;
@Override
protected void setUp() throws Exception
{
@@ -73,6 +82,8 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
permissionService = VirtualPermissionServiceExtensionTest.ctx.getBean("permissionServiceImpl",
PermissionServiceSPI.class);
siteService = VirtualPermissionServiceExtensionTest.ctx.getBean("siteService",
SiteService.class);
user1 = "user1";
@@ -95,6 +106,15 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
PermissionService.DELETE_CHILDREN,
false);
this.permissionService.setPermission(this.virtualFolder1NodeRef,
user1,
PermissionService.READ_PERMISSIONS,
true);
this.permissionService.setPermission(this.virtualFolder1NodeRef,
user2,
PermissionService.READ_PERMISSIONS,
true);
this.permissionService.setPermission(this.virtualFolder1NodeRef,
user1,
PermissionService.READ_PROPERTIES,
@@ -225,9 +245,6 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
ContentModel.ASSOC_CONTAINS,
"FilingFolder_filing_path");
assertEquals(AccessStatus.DENIED,
hasPermissionAs(filingFolderVirtualNodeRef,
PermissionService.DELETE,
@@ -271,6 +288,10 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
NodeRef filingFolderNodeRef = filingFolderChildAssoc.getChildRef();
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.READ_PERMISSIONS,
true);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.CREATE_CHILDREN,
@@ -615,6 +636,243 @@ public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegra
}
@Test
public void testNodes_WithfilingPath_withNoReadPermissions_hasReadonlyPermission() throws Exception
{
final String[] deniedReadOnly = new String[] { PermissionService.UNLOCK, PermissionService.CANCEL_CHECK_OUT,
PermissionService.CHANGE_PERMISSIONS, PermissionService.CREATE_CHILDREN, PermissionService.DELETE,
PermissionService.WRITE, PermissionService.DELETE_NODE, PermissionService.WRITE_PROPERTIES,
PermissionService.WRITE_CONTENT, PermissionService.CREATE_ASSOCIATIONS };
NodeRef virtualFolderT5 = createVirtualizedFolder(testRootFolder.getNodeRef(),
"VirtualFolderT5",
TEST_TEMPLATE_5_JSON_SYS_PATH);
NodeRef filingFolderVirtualNodeRef = nodeService.getChildByName(virtualFolderT5,
ContentModel.ASSOC_CONTAINS,
"FilingFolder_filing_path");
ChildAssociationRef filingFolderChildAssoc = createFolder(rootNodeRef,
"FilingFolder");
NodeRef filingFolderNodeRef = filingFolderChildAssoc.getChildRef();
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.READ_PERMISSIONS,
false);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.CREATE_CHILDREN,
true);
this.permissionService.setPermission(filingFolderNodeRef,
user2,
PermissionService.CREATE_CHILDREN,
false);
assertEquals(AccessStatus.DENIED,
hasPermissionAs(filingFolderNodeRef,
PermissionService.DELETE,
user1));
assertEquals(AccessStatus.ALLOWED,
hasPermissionAs(filingFolderNodeRef,
PermissionService.CREATE_CHILDREN,
user1));
assertEquals(AccessStatus.DENIED,
hasPermissionAs(filingFolderNodeRef,
PermissionService.CREATE_CHILDREN,
user2));
// for virtual folder
StringBuilder nonDeniedTrace = new StringBuilder();
for (int i = 0; i < deniedReadOnly.length; i++)
{
AccessStatus accessStatus = hasPermissionAs(filingFolderVirtualNodeRef,
deniedReadOnly[i],
user1);
if (!AccessStatus.DENIED.equals(accessStatus))
{
if (nonDeniedTrace.length() > 0)
{
nonDeniedTrace.append(",");
}
nonDeniedTrace.append(deniedReadOnly[i]);
}
}
assertTrue("Non-denied permissions on RO virtual nodes : " + nonDeniedTrace,
nonDeniedTrace.length() == 0);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.DELETE_CHILDREN,
true);
this.permissionService.setPermission(filingFolderNodeRef,
user2,
PermissionService.DELETE_CHILDREN,
false);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.READ_PROPERTIES,
true);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.CREATE_CHILDREN,
false);
this.permissionService.setPermission(filingFolderNodeRef,
user1,
PermissionService.DELETE,
true);
assertEquals(AccessStatus.ALLOWED,
hasPermissionAs(filingFolderNodeRef,
PermissionService.DELETE,
user1));
assertEquals(AccessStatus.DENIED,
hasPermissionAs(filingFolderNodeRef,
PermissionService.CREATE_CHILDREN,
user1));
StringBuilder nonDeniedTrace1 = new StringBuilder();
for (int i = 0; i < deniedReadOnly.length; i++)
{
AccessStatus accessStatus = hasPermissionAs(filingFolderVirtualNodeRef,
deniedReadOnly[i],
user1);
if (!AccessStatus.DENIED.equals(accessStatus))
{
if (nonDeniedTrace1.length() > 0)
{
nonDeniedTrace1.append(",");
}
nonDeniedTrace1.append(deniedReadOnly[i]);
}
}
assertTrue("Non-denied permissions on RO virtual nodes : " + nonDeniedTrace1,
nonDeniedTrace1.length() == 0);
}
@Test
public void testPerm_ace_5162() throws Exception
{
final String[] deniedReadOnly = new String[] { PermissionService.UNLOCK, PermissionService.CANCEL_CHECK_OUT,
PermissionService.CHANGE_PERMISSIONS, PermissionService.CREATE_CHILDREN, PermissionService.DELETE,
PermissionService.WRITE, PermissionService.DELETE_NODE, PermissionService.WRITE_PROPERTIES,
PermissionService.WRITE_CONTENT, PermissionService.CREATE_ASSOCIATIONS };
try
{
// Create a public site
siteService.createSite("testSitePreset",
sName,
sName,
sName,
SiteVisibility.PUBLIC);
testSiteFolder = siteService.createContainer(sName,
"TestSiteFolder",
ContentModel.TYPE_FOLDER,
null);
smartFolder = createVirtualizedFolder(testSiteFolder,
"SmartFolder",
"C" + TEST_TEMPLATE_CLASSPATH + "testTemplate7.json");
contributionDocsFolder = createFolder(testSiteFolder,
"Contribution Docs").getChildRef();
permissionService.setInheritParentPermissions(contributionDocsFolder,
false);
myContentSMF = nodeService.getChildByName(smartFolder,
ContentModel.ASSOC_CONTAINS,
"My content");
assertNotNull(myContentSMF);
contributionsSMF = nodeService.getChildByName(myContentSMF,
ContentModel.ASSOC_CONTAINS,
"Contributions");
assertNotNull(contributionsSMF);
// test that the all denied permissions for read only virtual nodes
// apply for virtual nodes with filing path with no READ_PERMISSONS
// for authenticated user
StringBuilder nonDeniedTrace = new StringBuilder();
for (int i = 0; i < deniedReadOnly.length; i++)
{
AccessStatus accessStatus = hasPermissionAs(contributionsSMF,
deniedReadOnly[i],
user1);
if (!AccessStatus.DENIED.equals(accessStatus))
{
if (nonDeniedTrace.length() > 0)
{
nonDeniedTrace.append(",");
}
nonDeniedTrace.append(deniedReadOnly[i]);
}
}
assertTrue("Non-denied permissions on RO virtual nodes : " + nonDeniedTrace,
nonDeniedTrace.length() == 0);
// test that the admin user can see documents from virtual nodes
// with filing path with no inherited parent permissions
fileAndFolderService.create(contributionsSMF,
"T1",
ContentModel.TYPE_CONTENT);
NodeRef childContet = nodeService.getChildByName(contributionsSMF,
ContentModel.ASSOC_CONTAINS,
"T1");
assertNotNull(childContet);
assertTrue(nodeService.getChildAssocs(contributionsSMF).size() > 0);
// test that the user1 can't see documents from virtual nodes with
// filing path with no inherited parent permissions
RunAsWork<Boolean> hasChildAssocs = new RunAsWork<Boolean>()
{
@Override
public Boolean doWork() throws Exception
{
return nodeService.getChildAssocs(contributionsSMF).size() > 0;
}
};
boolean value = AuthenticationUtil.runAs(hasChildAssocs,
user1);
assertFalse(value);
}
finally
{
if (contributionDocsFolder != null)
{
nodeService.deleteNode(contributionDocsFolder);
}
if (smartFolder != null)
{
nodeService.deleteNode(smartFolder);
}
if (testSiteFolder != null)
{
nodeService.deleteNode(testSiteFolder);
}
siteService.deleteSite(sName);
}
}
private String asTypedPermission(String perm)
{
return smartStore.getUserPermissions().getPermissionTypeQName() + "." + perm;

35
source/test-resources/org/alfresco/repo/virtual/template/testTemplate7.json Normal file
View File

@@ -0,0 +1,35 @@
{
"name":"Smart Folders Example",
"nodes":[
{
"id":"1",
"name":"My content",
"description":"My files in this repository",
"nodes":[
{
"id":"13",
"name":"Contributions",
"description":"My 'dublin core' contributions - add new documents here to contribute",
"search":{
"language":"fts-alfresco",
"query":"+ASPECT:'cm:dublincore' AND (PATH:'/app:company_home/st:sites/cm:mytestsite_ace_5162/cm:TestSiteFolder/cm:Contribution_x0020_Docs/*')"
},
"filing":{
"path":"/app:company_home/st:sites/cm:mytestsite_ace_5162/cm:TestSiteFolder/cm:Contribution_x0020_Docs",
"classification":{
"type":"cm:content",
"aspects":[
"cm:dublincore"
]
},
"properties":{
"cm:contributor":"%CURRENT_USER%",
"cm:rights":"Alfresco",
"cm:publisher":"Alfresco"
}
}
}
]
}
]
}