From c77ab4b3471472639e0fb31b626dc2444929bac6 Mon Sep 17 00:00:00 2001 From: Pavel Yurke Date: Mon, 29 Sep 2014 10:22:06 +0000 Subject: [PATCH] ACE-2181 : Reverse Merge HEAD (5.0) << Implementing another approach for MNT-10946 and ACE-2181 >> Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud) 71600: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 70349: Merged DEV to V4.2-BUG-FIX (4.2.3) 70294 : MNT-10946 : Admin is no longer able to unlock files - Check if node is locked before unlock for non-admin or System users. Fix related test git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85880 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- config/alfresco/core-services-context.xml | 1 - .../alfresco/repo/lock/LockServiceImpl.java | 48 +------------------ .../repo/lock/mem/AbstractLockStore.java | 13 +---- .../org/alfresco/repo/lock/mem/LockStore.java | 7 --- .../repo/lock/LockServiceImplTest.java | 39 +-------------- 5 files changed, 4 insertions(+), 104 deletions(-) diff --git a/config/alfresco/core-services-context.xml b/config/alfresco/core-services-context.xml index 502965a418..9d6a04eec0 100644 --- a/config/alfresco/core-services-context.xml +++ b/config/alfresco/core-services-context.xml @@ -494,7 +494,6 @@ - diff --git a/source/java/org/alfresco/repo/lock/LockServiceImpl.java b/source/java/org/alfresco/repo/lock/LockServiceImpl.java index 87d246b6ce..66094d8585 100644 --- a/source/java/org/alfresco/repo/lock/LockServiceImpl.java +++ b/source/java/org/alfresco/repo/lock/LockServiceImpl.java @@ -66,8 +66,6 @@ import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.QName; import org.alfresco.util.Pair; import org.alfresco.util.PropertyCheck; @@ -96,7 +94,6 @@ public class LockServiceImpl implements LockService, private TenantService tenantService; private AuthenticationService authenticationService; private SearchService searchService; - private AuthorityService authorityService; private BehaviourFilter behaviourFilter; private LockStore lockStore; private PolicyComponent policyComponent; @@ -142,11 +139,6 @@ public class LockServiceImpl implements LockService, this.searchService = searchService; } - public void setAuthorityService(AuthorityService authorityService) - { - this.authorityService = authorityService; - } - /** * Initialise methods called by Spring framework */ @@ -158,7 +150,6 @@ public class LockServiceImpl implements LockService, PropertyCheck.mandatory(this, "searchService", searchService); PropertyCheck.mandatory(this, "behaviourFilter", behaviourFilter); PropertyCheck.mandatory(this, "policyComponent", policyComponent); - PropertyCheck.mandatory(this, "authorityService", authorityService); // Register the policies beforeLock = policyComponent.registerClassPolicy(LockServicePolicies.BeforeLock.class); @@ -487,8 +478,6 @@ public class LockServiceImpl implements LockService, { throw new UnableToReleaseLockException(nodeRef, CAUSE.CHECKED_OUT); } - // check if the user able to unlock the node - checkNodeBeforeUnlock(nodeRef); // Remove the lock from persistent storage. Lifetime lifetime = lockState.getLifetime(); @@ -514,8 +503,8 @@ public class LockServiceImpl implements LockService, } else if (lifetime == Lifetime.EPHEMERAL) { - // force unlock the ephemeral lock. - lockStore.forceUnlock(nodeRef); + // Remove the ephemeral lock. + lockStore.set(nodeRef, LockState.createUnlocked(nodeRef)); nodeIndexer.indexUpdateNode(nodeRef); } else @@ -667,39 +656,6 @@ public class LockServiceImpl implements LockService, } } } - - private void checkNodeBeforeUnlock(NodeRef nodeRef) - { - String userName = getUserName(); - Set userAuthorities = authorityService.getAuthoritiesForUser(userName); - // ignore check for admins and system - if (userAuthorities.contains(PermissionService.ADMINISTRATOR_AUTHORITY) || - tenantService.getBaseNameUser(userName).equals(AuthenticationUtil.getSystemUserName())) - { - return; - } - - nodeRef = tenantService.getName(nodeRef); - - // Ensure we have found a node reference - if (nodeRef != null && userName != null) - { - try - { - // Get the current lock status on the node ref - LockStatus currentLockStatus = getLockStatus(nodeRef, userName); - - if (LockStatus.LOCKED.equals(currentLockStatus) == true) - { - throw new UnableToReleaseLockException(nodeRef); - } - } - catch (AspectMissingException exception) - { - // Ignore since this indicates that the node does not have the lock aspect applied - } - } - } /** * Ensures that the parent is not locked. diff --git a/source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java b/source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java index 894b0f3d39..e842cdf19d 100644 --- a/source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java +++ b/source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java @@ -67,20 +67,9 @@ public abstract class AbstractLockStore txMap = getTxMap(); LockState previousLockState = null; @@ -113,7 +102,7 @@ public abstract class AbstractLockStore getNodes(); - /** - * WARNING: only use in lockService - unlocks node ignoring lockOwner - * - * @param nodeRef - */ - void forceUnlock(NodeRef nodeRef); - /** * WARNING: only use in test code - unsafe method for production use. * diff --git a/source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java b/source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java index ae35dda2c6..59eccc7fec 100644 --- a/source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java +++ b/source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java @@ -33,7 +33,6 @@ import org.alfresco.repo.lock.mem.LockStore; import org.alfresco.repo.search.IndexerAndSearcher; import org.alfresco.repo.search.SearcherComponent; import org.alfresco.repo.security.authentication.AuthenticationComponent; -import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.coci.CheckOutCheckInService; import org.alfresco.service.cmr.lock.LockService; import org.alfresco.service.cmr.lock.LockStatus; @@ -904,41 +903,5 @@ public class LockServiceImplTest extends BaseSpringTest logger.debug("exception while trying to unlock a checked out node", e); } } - - public void testUnlockEphemeralNodeWithAdminUser() - { - for (Lifetime lt : new Lifetime[]{Lifetime.EPHEMERAL, Lifetime.PERSISTENT}) - { - TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService); - - /* create node */ - final NodeRef testNode = - this.nodeService.createNode(parentNode, ContentModel.ASSOC_CONTAINS, QName.createQName("{}testNode"), ContentModel.TYPE_CONTAINER).getChildRef(); - - // lock it as GOOD user - this.lockService.lock(testNode, LockType.WRITE_LOCK, 2 * 86400, lt, null); - - TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService); - - try - { - // try to unlock as bad user - this.lockService.unlock(testNode); - fail("BAD user shouldn't be able to unlock " + lt + " lock"); - } - catch(UnableToReleaseLockException e) - { - // it's expected - } - - TestWithUserUtils.authenticateUser(AuthenticationUtil.getAdminUserName(), "admin", rootNodeRef, this.authenticationService); - - // try to unlock as ADMIN user - this.lockService.unlock(testNode); - - TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService); - - this.nodeService.deleteNode(testNode); - } - } + }