inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACE-2181 : Reverse Merge HEAD (5.0)

Browse Source 
<< Implementing another approach for MNT-10946 and ACE-2181 >>
   Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)
      71600: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
         70349: Merged DEV to V4.2-BUG-FIX (4.2.3)
            70294 : MNT-10946 : Admin is no longer able to unlock files
               - Check if node is locked before unlock for non-admin or System users. Fix related test


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85880 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Pavel Yurke
2014-09-29 10:22:06 +00:00
parent 9b40d6977c
commit c77ab4b347
5 changed files with 4 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/core-services-context.xml
View File

@@ -494,7 +494,6 @@
<property name="searchService" ref="admSearchService" /> <property name="searchService" ref="admSearchService" />
<property name="behaviourFilter" ref="policyBehaviourFilter" /> <property name="behaviourFilter" ref="policyBehaviourFilter" />
<property name="nodeIndexer" ref="nodeIndexer"/> <property name="nodeIndexer" ref="nodeIndexer"/>
<property name="authorityService" ref="authorityService"/>
</bean> </bean>
<!-- --> <!-- -->

48
source/java/org/alfresco/repo/lock/LockServiceImpl.java
View File

@@ -66,8 +66,6 @@ import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair; import org.alfresco.util.Pair;
import org.alfresco.util.PropertyCheck; import org.alfresco.util.PropertyCheck;
@@ -96,7 +94,6 @@ public class LockServiceImpl implements LockService,
private TenantService tenantService; private TenantService tenantService;
private AuthenticationService authenticationService; private AuthenticationService authenticationService;
private SearchService searchService; private SearchService searchService;
private AuthorityService authorityService;
private BehaviourFilter behaviourFilter; private BehaviourFilter behaviourFilter;
private LockStore lockStore; private LockStore lockStore;
private PolicyComponent policyComponent; private PolicyComponent policyComponent;
@@ -142,11 +139,6 @@ public class LockServiceImpl implements LockService,
this.searchService = searchService; this.searchService = searchService;
} }
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/** /**
* Initialise methods called by Spring framework * Initialise methods called by Spring framework
*/ */
@@ -158,7 +150,6 @@ public class LockServiceImpl implements LockService,
PropertyCheck.mandatory(this, "searchService", searchService); PropertyCheck.mandatory(this, "searchService", searchService);
PropertyCheck.mandatory(this, "behaviourFilter", behaviourFilter); PropertyCheck.mandatory(this, "behaviourFilter", behaviourFilter);
PropertyCheck.mandatory(this, "policyComponent", policyComponent); PropertyCheck.mandatory(this, "policyComponent", policyComponent);
PropertyCheck.mandatory(this, "authorityService", authorityService);
// Register the policies // Register the policies
beforeLock = policyComponent.registerClassPolicy(LockServicePolicies.BeforeLock.class); beforeLock = policyComponent.registerClassPolicy(LockServicePolicies.BeforeLock.class);
@@ -487,8 +478,6 @@ public class LockServiceImpl implements LockService,
{ {
throw new UnableToReleaseLockException(nodeRef, CAUSE.CHECKED_OUT); throw new UnableToReleaseLockException(nodeRef, CAUSE.CHECKED_OUT);
} }
// check if the user able to unlock the node
checkNodeBeforeUnlock(nodeRef);
// Remove the lock from persistent storage. // Remove the lock from persistent storage.
Lifetime lifetime = lockState.getLifetime(); Lifetime lifetime = lockState.getLifetime();
@@ -514,8 +503,8 @@ public class LockServiceImpl implements LockService,
} }
else if (lifetime == Lifetime.EPHEMERAL) else if (lifetime == Lifetime.EPHEMERAL)
{ {
// force unlock the ephemeral lock. // Remove the ephemeral lock.
lockStore.forceUnlock(nodeRef); lockStore.set(nodeRef, LockState.createUnlocked(nodeRef));
nodeIndexer.indexUpdateNode(nodeRef); nodeIndexer.indexUpdateNode(nodeRef);
} }
else else
@@ -668,39 +657,6 @@ public class LockServiceImpl implements LockService,
} }
} }
private void checkNodeBeforeUnlock(NodeRef nodeRef)
{
String userName = getUserName();
Set<String> userAuthorities = authorityService.getAuthoritiesForUser(userName);
// ignore check for admins and system
if (userAuthorities.contains(PermissionService.ADMINISTRATOR_AUTHORITY) ||
tenantService.getBaseNameUser(userName).equals(AuthenticationUtil.getSystemUserName()))
{
return;
}
nodeRef = tenantService.getName(nodeRef);
// Ensure we have found a node reference
if (nodeRef != null && userName != null)
{
try
{
// Get the current lock status on the node ref
LockStatus currentLockStatus = getLockStatus(nodeRef, userName);
if (LockStatus.LOCKED.equals(currentLockStatus) == true)
{
throw new UnableToReleaseLockException(nodeRef);
}
}
catch (AspectMissingException exception)
{
// Ignore since this indicates that the node does not have the lock aspect applied
}
}
}
/** /**
* Ensures that the parent is not locked. * Ensures that the parent is not locked.
* *

13
source/java/org/alfresco/repo/lock/mem/AbstractLockStore.java
View File

@@ -68,19 +68,8 @@ public abstract class AbstractLockStore<T extends ConcurrentMap<NodeRef, LockSta
return lockState; return lockState;
} }
@Override
public void forceUnlock(NodeRef nodeRef)
{
set(nodeRef, LockState.createUnlocked(nodeRef), true);
}
@Override @Override
public void set(NodeRef nodeRef, LockState lockState) public void set(NodeRef nodeRef, LockState lockState)
{
set(nodeRef, lockState, false);
}
private void set(NodeRef nodeRef, LockState lockState, boolean ignoreOwnerCheck)
{ {
Map<NodeRef, LockState> txMap = getTxMap(); Map<NodeRef, LockState> txMap = getTxMap();
LockState previousLockState = null; LockState previousLockState = null;
@@ -113,7 +102,7 @@ public abstract class AbstractLockStore<T extends ConcurrentMap<NodeRef, LockSta
String userName = AuthenticationUtil.getFullyAuthenticatedUser(); String userName = AuthenticationUtil.getFullyAuthenticatedUser();
String owner = previousLockState.getOwner(); String owner = previousLockState.getOwner();
Date expires = previousLockState.getExpires(); Date expires = previousLockState.getExpires();
if (!ignoreOwnerCheck && LockUtils.lockStatus(userName, owner, expires) == LockStatus.LOCKED) if (LockUtils.lockStatus(userName, owner, expires) == LockStatus.LOCKED)
{ {
throw new UnableToAquireLockException(nodeRef); throw new UnableToAquireLockException(nodeRef);
} }

7
source/java/org/alfresco/repo/lock/mem/LockStore.java
View File

@@ -35,13 +35,6 @@ public interface LockStore
void set(NodeRef nodeRef, LockState lockState); void set(NodeRef nodeRef, LockState lockState);
public Set<NodeRef> getNodes(); public Set<NodeRef> getNodes();
/**
* WARNING: only use in lockService - unlocks node ignoring lockOwner
*
* @param nodeRef
*/
void forceUnlock(NodeRef nodeRef);
/** /**
* WARNING: only use in test code - unsafe method for production use. * WARNING: only use in test code - unsafe method for production use.
* *

37
source/test-java/org/alfresco/repo/lock/LockServiceImplTest.java
View File

@@ -33,7 +33,6 @@ import org.alfresco.repo.lock.mem.LockStore;
import org.alfresco.repo.search.IndexerAndSearcher; import org.alfresco.repo.search.IndexerAndSearcher;
import org.alfresco.repo.search.SearcherComponent; import org.alfresco.repo.search.SearcherComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.coci.CheckOutCheckInService; import org.alfresco.service.cmr.coci.CheckOutCheckInService;
import org.alfresco.service.cmr.lock.LockService; import org.alfresco.service.cmr.lock.LockService;
import org.alfresco.service.cmr.lock.LockStatus; import org.alfresco.service.cmr.lock.LockStatus;
@@ -905,40 +904,4 @@ public class LockServiceImplTest extends BaseSpringTest
} }
} }
public void testUnlockEphemeralNodeWithAdminUser()
{
for (Lifetime lt : new Lifetime[]{Lifetime.EPHEMERAL, Lifetime.PERSISTENT})
{
TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
/* create node */
final NodeRef testNode =
this.nodeService.createNode(parentNode, ContentModel.ASSOC_CONTAINS, QName.createQName("{}testNode"), ContentModel.TYPE_CONTAINER).getChildRef();
// lock it as GOOD user
this.lockService.lock(testNode, LockType.WRITE_LOCK, 2 * 86400, lt, null);
TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
try
{
// try to unlock as bad user
this.lockService.unlock(testNode);
fail("BAD user shouldn't be able to unlock " + lt + " lock");
}
catch(UnableToReleaseLockException e)
{
// it's expected
}
TestWithUserUtils.authenticateUser(AuthenticationUtil.getAdminUserName(), "admin", rootNodeRef, this.authenticationService);
// try to unlock as ADMIN user
this.lockService.unlock(testNode);
TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
this.nodeService.deleteNode(testNode);
}
}
} }