inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-08 14:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
125767 rmunteanu: Merged 5.1.N (5.1.2) to 5.2.N (5.2.1)
      125473 amorarasu: Merged 5.0.N (5.0.4) to 5.1.N (5.1.2)
         125055 cturlica: Merged V4.2-BUG-FIX (4.2.7) to 5.0.N (5.0.4) (PARTIAL MERGE)
            124999 adragoi: Merged DEV to V4.2-BUG-FIX (4.2.7)
               124402 adragoi: MNT-15368 : Time Consumed for Updating Folder Permission
                  - implemented an approach that uses a separate, asynchronous processes that sets fixed ACL's


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@127794 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-06-03 16:11:08 +00:00
parent b6688d5103
commit c952c8d8b9
14 changed files with 1015 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java
View File

@@ -18,10 +18,13 @@
*/
package org.alfresco.repo.domain.permissions;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.domain.node.NodeDAO;
@@ -32,11 +35,15 @@ import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.AccessControlListProperties;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.ConcurrencyFailureException;
/**
@@ -47,6 +54,7 @@ import org.springframework.dao.ConcurrencyFailureException;
*/
public class ADMAccessControlListDAO implements AccessControlListDAO
{
private static final Log log = LogFactory.getLog(ADMAccessControlListDAO.class);
/**
* The DAO for Nodes.
*/
@@ -56,6 +64,9 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
private BehaviourFilter behaviourFilter;
private boolean preserveAuditableData = true;
/**maxim transaction time allowed for {@link #setFixedAcls(Long, Long, Long, Long, List, boolean, AsyncCallParameters, boolean)} */
private long fixedAclMaxTransactionTime = 10 * 1000;
public void setNodeDAO(NodeDAO nodeDAO)
{
@@ -67,6 +78,11 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
this.aclDaoComponent = aclDaoComponent;
}
public void setFixedAclMaxTransactionTime(long fixedAclMaxTransactionTime)
{
this.fixedAclMaxTransactionTime = fixedAclMaxTransactionTime;
}
public void setBehaviourFilter(BehaviourFilter behaviourFilter)
{
this.behaviourFilter = behaviourFilter;
@@ -295,16 +311,23 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
}
setAccessControlList(nodeRef, aclId);
}
public void setAccessControlList(StoreRef storeRef, Acl acl)
{
throw new UnsupportedOperationException();
}
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom, Long sharedAclToReplace)
{
//check transaction resource to determine if async call may be required
boolean asyncCall = AlfrescoTransactionSupport.getResource(FixedAclUpdater.FIXED_ACL_ASYNC_CALL_KEY) == null ? false : true;
return setInheritanceForChildren(parent, inheritFrom, sharedAclToReplace, asyncCall);
}
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom, Long sharedAclToReplace, boolean asyncCall)
{
List<AclChange> changes = new ArrayList<AclChange>();
setFixedAcls(getNodeIdNotNull(parent), inheritFrom, null, sharedAclToReplace, changes, false);
setFixedAcls(getNodeIdNotNull(parent), inheritFrom, null, sharedAclToReplace, changes, false, asyncCall, true);
return changes;
}
@@ -329,29 +352,51 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
*/
public void setFixedAcls(Long nodeId, Long inheritFrom, Long mergeFrom, Long sharedAclToReplace, List<AclChange> changes, boolean set)
{
setFixedAcls(nodeId, inheritFrom, mergeFrom, sharedAclToReplace, changes, set, false, true);
}
/**
* Support to set a shared ACL on a node and all of its children
*
* @param nodeId
* the parent node
* @param inheritFrom
* the parent node's ACL
* @param mergeFrom
* the shared ACL, if already known. If <code>null</code>, will be retrieved / created lazily
* @param changes
* the list in which to record changes
* @param set
* set the shared ACL on the parent ?
* @param asyncCall
* function may require asynchronous call depending the execution time; if time exceeds configured <code>fixedAclMaxTransactionTime</code> value,
* recursion is stopped using propagateOnChildren parameter(set on false) and those nodes for which the method execution was not finished
* in the classical way, will have ASPECT_PENDING_FIX_ACL, which will be used in {@link FixedAclUpdater} for later processing
*/
public void setFixedAcls(Long nodeId, Long inheritFrom, Long mergeFrom, Long sharedAclToReplace, List<AclChange> changes, boolean set, boolean asyncCall, boolean propagateOnChildren)
{
if (log.isDebugEnabled())
{
log.debug(" Set fixed acl for nodeId=" + nodeId + " inheritFrom=" + inheritFrom + " sharedAclToReplace=" + sharedAclToReplace
+ " mergefrom= " + mergeFrom);
}
if (nodeId == null)
{
return;
}
else
{
if (set)
{
// Lazily retrieve/create the shared ACL
if (mergeFrom == null)
{
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
}
nodeDAO.setNodeAclId(nodeId, mergeFrom);
}
// update all shared in one shot - recurse later
// Lazily retrieve/create the shared ACL
if (mergeFrom == null)
{
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
}
if (set)
{
nodeDAO.setNodeAclId(nodeId, mergeFrom);
}
List<NodeIdAndAclId> children = nodeDAO.getPrimaryChildrenAcls(nodeId);
@@ -359,20 +404,18 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
{
nodeDAO.setPrimaryChildrenSharedAclId(nodeId, sharedAclToReplace, mergeFrom);
}
if (!propagateOnChildren)
{
return;
}
for (NodeIdAndAclId child : children)
{
// Lazily retrieve/create the shared ACL
if (mergeFrom == null)
{
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
}
Long acl = child.getAclId();
if (acl == null)
{
setFixedAcls(child.getId(), inheritFrom, mergeFrom, sharedAclToReplace, changes, false);
propagateOnChildren = setFixAclPending(child.getId(), inheritFrom, mergeFrom, sharedAclToReplace, changes, false, asyncCall, propagateOnChildren);
}
else
{
@@ -383,7 +426,7 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
// Already replaced
if(acl.equals(sharedAclToReplace))
{
setFixedAcls(child.getId(), inheritFrom, mergeFrom, sharedAclToReplace, changes, false);
propagateOnChildren = setFixAclPending(child.getId(), inheritFrom, mergeFrom, sharedAclToReplace, changes, false, asyncCall, propagateOnChildren);
}
else
{
@@ -409,7 +452,67 @@ public class ADMAccessControlListDAO implements AccessControlListDAO
}
}
}
/**
* If async call required adds ASPECT_PENDING_FIX_ACL aspect to nodes when transactionTime reaches max admitted time
*/
private boolean setFixAclPending(Long nodeId, Long inheritFrom, Long mergeFrom, Long sharedAclToReplace, List<AclChange> changes,
boolean set, boolean asyncCall, boolean propagateOnChildren)
{
// check if async call is required
if (!asyncCall)
{
// make regular method call
setFixedAcls(nodeId, inheritFrom, mergeFrom, sharedAclToReplace, changes, set, asyncCall, propagateOnChildren);
return true;
}
else
{
// check transaction time
long transactionStartTime = AlfrescoTransactionSupport.getTransactionStartTime();
long transactionTime = System.currentTimeMillis() - transactionStartTime;
if (transactionTime < fixedAclMaxTransactionTime)
{
// make regular method call if time is under max transaction configured time
setFixedAcls(nodeId, inheritFrom, mergeFrom, sharedAclToReplace, changes, set, asyncCall, propagateOnChildren);
return true;
}
else
{
// time exceeded;
if (nodeDAO.getPrimaryChildrenAcls(nodeId).size() == 0)
{
// if node is leaf in tree hierarchy call setFixedAcls now as processing with FixedAclUpdater would be more time consuming
setFixedAcls(nodeId, inheritFrom, mergeFrom, sharedAclToReplace, changes, set, asyncCall, false);
}
else
{
// set ASPECT_PENDING_FIX_ACL aspect on node to be later on processed with FixedAclUpdater
addFixedAclPendingAspect(nodeId, sharedAclToReplace, inheritFrom);
AlfrescoTransactionSupport.bindResource(FixedAclUpdater.FIXED_ACL_ASYNC_REQUIRED_KEY, true);
}
// stop propagating on children nodes
return false;
}
}
}
private void addFixedAclPendingAspect(Long nodeId, Long sharedAclToReplace, Long inheritFrom)
{
Set<QName> aspect = new HashSet<>();
aspect.add(ContentModel.ASPECT_PENDING_FIX_ACL);
nodeDAO.addNodeAspects(nodeId, aspect);
Map<QName, Serializable> pendingAclProperties = new HashMap<>();
pendingAclProperties.put(ContentModel.PROP_SHARED_ACL_TO_REPLACE, sharedAclToReplace);
pendingAclProperties.put(ContentModel.PROP_INHERIT_FROM_ACL, inheritFrom);
nodeDAO.addNodeProperties(nodeId, pendingAclProperties);
if (log.isDebugEnabled())
{
log.debug("Set Fixed Acl Pending : " + nodeId + " " + nodeDAO.getNodePair(nodeId).getSecond());
}
}
/**
* {@inheritDoc}
*/

6
source/java/org/alfresco/repo/domain/permissions/AccessControlListDAO.java
View File

@@ -76,6 +76,12 @@ public interface AccessControlListDAO
* Update inheritance
*/
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom, Long sharedAclToReplace);
/**
* Set the inheritance on a given node and it's children. If the operation takes
* too long and asyncCall parameter set accordingly, fixed ACLs method will be synchronously called.
*/
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom, Long sharedAclToReplace, boolean asyncCall);
public Long getIndirectAcl(NodeRef nodeRef);

303
source/java/org/alfresco/repo/domain/permissions/FixedAclUpdater.java Normal file
View File

@@ -0,0 +1,303 @@
/*
* Copyright (C) 2005-2016 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.domain.permissions;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.node.NodeDAO.NodeRefQueryCallback;
import org.alfresco.repo.lock.JobLockService;
import org.alfresco.repo.lock.LockAcquisitionException;
import org.alfresco.repo.lock.JobLockService.JobLockRefreshCallback;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.transaction.TransactionListenerAdapter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.Pair;
import org.alfresco.util.VmShutdownListener.VmShutdownException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Finds nodes with ASPECT_PENDING_FIX_ACL aspect and sets fixed ACLs for them
*
* @author Andreea Dragoi
* @since 4.2.7
*/
public class FixedAclUpdater extends TransactionListenerAdapter
{
private static final Log log = LogFactory.getLog(FixedAclUpdater.class);
private static final Set<QName> PENDING_FIX_ACL_ASPECT_PROPS = pendingFixAclAspectProps();
public static final String FIXED_ACL_ASYNC_REQUIRED_KEY = "FIXED_ACL_ASYNC_REQUIRED";
public static final String FIXED_ACL_ASYNC_CALL_KEY = "FIXED_ACL_ASYNC_CALL";
private JobLockService jobLockService;
private TransactionService transactionService;
private AccessControlListDAO accessControlListDAO;
private NodeDAO nodeDAO;
private QName lockQName = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "FixedAclUpdater");
private long lockTimeToLive = 10000;
private long lockRefreshTime = lockTimeToLive / 2;
private int maxItemBatchSize = 100;
public void setJobLockService(JobLockService jobLockService)
{
this.jobLockService = jobLockService;
}
public void setNodeDAO(NodeDAO nodeDAO)
{
this.nodeDAO = nodeDAO;
}
public void setTransactionService(TransactionService transactionService)
{
this.transactionService = transactionService;
}
public void setAccessControlListDAO(AccessControlListDAO accessControlListDAO)
{
this.accessControlListDAO = accessControlListDAO;
}
public void setMaxItemBatchSize(int maxItemBatchSize)
{
this.maxItemBatchSize = maxItemBatchSize;
}
public void setLockTimeToLive(long lockTimeToLive)
{
this.lockTimeToLive = lockTimeToLive;
this.lockRefreshTime = lockTimeToLive / 2;
}
private static Set<QName> pendingFixAclAspectProps()
{
Set<QName> props = new HashSet<>();
props.add(ContentModel.PROP_SHARED_ACL_TO_REPLACE);
props.add(ContentModel.PROP_INHERIT_FROM_ACL);
return props;
}
private int findAndUpdateAcl(FixedAclUpdaterJobLockRefreshCallback jobCallback)
{
final Set<QName> aspects = new HashSet<>(1);
aspects.add(ContentModel.ASPECT_PENDING_FIX_ACL);
List<NodeRef> nodesToUpdate = getNodesWithAspects(aspects);
int processedNodes = 0;
// loop over results
for (final NodeRef nodeRef : nodesToUpdate)
{
// Check if we have been terminated
if (!jobCallback.isActive.get())
{
if (log.isDebugEnabled())
{
log.debug(String.format("Processing node failed %s. Job not active", nodeRef));
}
// terminate
break;
}
if (log.isDebugEnabled())
{
log.debug(String.format("Processing node %s", nodeRef));
}
final Long nodeId = nodeDAO.getNodePair(nodeRef).getFirst();
try
{
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Void>()
{
public Void execute() throws Throwable
{
// retrieve acl properties from node
Long inheritFrom = (Long) nodeDAO.getNodeProperty(nodeId, ContentModel.PROP_INHERIT_FROM_ACL);
Long sharedAclToReplace = (Long) nodeDAO.getNodeProperty(nodeId, ContentModel.PROP_SHARED_ACL_TO_REPLACE);
// set inheritance using retrieved prop
accessControlListDAO.setInheritanceForChildren(nodeRef, inheritFrom, sharedAclToReplace, true);
nodeDAO.removeNodeAspects(nodeId, aspects);
nodeDAO.removeNodeProperties(nodeId, PENDING_FIX_ACL_ASPECT_PROPS);
if (log.isDebugEnabled())
{
log.debug(String.format("Node processed ", nodeRef));
}
return null;
}
}, false, true);
}
catch (Exception e)
{
if (log.isDebugEnabled())
{
log.debug(String.format("Could not process node ", nodeRef), e);
}
}
processedNodes++;
}
if (log.isDebugEnabled())
{
log.debug(String.format("Nodes found %s; nodes processed %s", nodesToUpdate.size(), processedNodes));
}
return processedNodes;
}
public void execute()
{
String lockToken = null;
FixedAclUpdaterJobLockRefreshCallback callback = new FixedAclUpdaterJobLockRefreshCallback();
try
{
RunAsWork<Integer> findAndUpdateAclRunAsWork = findAndUpdateAclRunAsWork(callback);
lockToken = jobLockService.getLock(lockQName, lockTimeToLive, 0, 1);
while (true)
{
jobLockService.refreshLock(lockToken, lockQName, lockRefreshTime, callback);
Integer processed = AuthenticationUtil.runAs(findAndUpdateAclRunAsWork, AuthenticationUtil.getSystemUserName());
if (processed.intValue() == 0)
{
// There is no more to process
break;
}
// There is still more to process, so continue
}
}
catch (LockAcquisitionException e)
{
// already running
}
catch (VmShutdownException e)
{
if (log.isDebugEnabled())
{
log.debug("FixedAclUpdater aborted");
}
}
finally
{
callback.isActive.set(false);
jobLockService.releaseLock(lockToken, lockQName);
}
}
private RunAsWork<Integer> findAndUpdateAclRunAsWork(final FixedAclUpdaterJobLockRefreshCallback callback)
{
final RetryingTransactionCallback<Integer> findAndUpdateAclWork = new RetryingTransactionCallback<Integer>()
{
public Integer execute() throws Exception
{
return findAndUpdateAcl(callback);
}
};
// execute as system user to ensure fast, accurate results
RunAsWork<Integer> findAndUpdateAclRunAsWork = new RunAsWork<Integer>()
{
@Override
public Integer doWork() throws Exception
{
return transactionService.getRetryingTransactionHelper().doInTransaction(findAndUpdateAclWork, false, true);
}
};
return findAndUpdateAclRunAsWork;
}
private List<NodeRef> getNodesWithAspects(final Set<QName> aspects)
{
return transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<List<NodeRef>>()
{
@Override
public List<NodeRef> execute() throws Throwable
{
GetNodesWithAspectCallback callback = new GetNodesWithAspectCallback();
nodeDAO.getNodesWithAspects(aspects, 1L, null, callback);
return callback.getNodes();
}
}, false, true);
}
private class GetNodesWithAspectCallback implements NodeRefQueryCallback
{
private List<NodeRef> nodes = new ArrayList<>();
@Override
public boolean handle(Pair<Long, NodeRef> nodePair)
{
if (nodes.size() < maxItemBatchSize)
{
nodes.add(nodePair.getSecond());
return true;
}
return false;
}
public List<NodeRef> getNodes()
{
return nodes;
}
}
private static class FixedAclUpdaterJobLockRefreshCallback implements JobLockRefreshCallback
{
public AtomicBoolean isActive = new AtomicBoolean(true);
@Override
public boolean isActive()
{
return isActive.get();
}
@Override
public void lockReleased()
{
isActive.set(false);
}
}
@Override
public void afterCommit()
{
Thread t = new Thread(new Runnable()
{
@Override
public void run()
{
execute();
}
});
t.start();
}
}

52
source/java/org/alfresco/repo/domain/permissions/FixedAclUpdaterJob.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright (C) 2005-2016 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.domain.permissions;
import org.alfresco.error.AlfrescoRuntimeException;
import org.quartz.Job;
import org.quartz.JobDataMap;
import org.quartz.JobExecutionContext;
import org.quartz.JobExecutionException;
/**
* Triggers setFixedAcl for those nodes with ASPECT_PENDING_FIX_ACL
*
* @author Andreea Dragoi
* @since 4.2.7
*
*/
public class FixedAclUpdaterJob implements Job
{
/**
* Calls {@link FixedAclUpdater} to do it's work
*/
@Override
public void execute(JobExecutionContext context) throws JobExecutionException
{
JobDataMap jobDataMap = context.getJobDetail().getJobDataMap();
Object fixedAclUpdaterObject = jobDataMap.get("fixedAclUpdater");
if (fixedAclUpdaterObject == null || !(fixedAclUpdaterObject instanceof FixedAclUpdater))
{
throw new AlfrescoRuntimeException("FixedAclUpdaterJob must contain a valid 'fixedAclUpdater'");
}
FixedAclUpdater fixedAclUpdater = (FixedAclUpdater)fixedAclUpdaterObject;
fixedAclUpdater.execute();
}
}

12
source/java/org/alfresco/repo/jscript/ScriptNode.java
View File

@@ -1628,6 +1628,18 @@ public class ScriptNode implements Scopeable, NamespacePrefixResolverProvider
this.services.getPermissionService().setInheritParentPermissions(this.nodeRef, inherit);
}
/**
* Set whether this node should inherit permissions from the parent node. If the operation takes
* too long and asyncCall parameter set accordingly, fixed ACLs method will be asynchronously called.
*
* @param inherit True to inherit parent permissions, false otherwise.
* @param asyncCall True if fixed ACLs should be asynchronously set when operation execution takes too long, false otherwise.
*/
public void setInheritsPermissions(boolean inherit, boolean asyncCall)
{
this.services.getPermissionService().setInheritParentPermissions(this.nodeRef, inherit, asyncCall);
}
/**
* Apply a permission for ALL users to the node.
*

35
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -34,6 +34,7 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.domain.permissions.AclDAO;
import org.alfresco.repo.node.db.traitextender.NodeServiceTrait;
import org.alfresco.repo.domain.permissions.FixedAclUpdater;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
@@ -148,6 +149,8 @@ public class PermissionServiceImpl extends AbstractLifecycleBean implements Perm
protected AclDAO aclDaoComponent;
protected PermissionReference allPermissionReference;
protected FixedAclUpdater fixedAclUpdater;
protected boolean anyDenyDenies = false;
@@ -271,7 +274,12 @@ public class PermissionServiceImpl extends AbstractLifecycleBean implements Perm
{
this.aclDaoComponent = aclDaoComponent;
}
public void setFixedAclUpdater(FixedAclUpdater fixedAclUpdater)
{
this.fixedAclUpdater = fixedAclUpdater;
}
/**
* Set the permissions access cache.
*
@@ -1034,6 +1042,31 @@ public class PermissionServiceImpl extends AbstractLifecycleBean implements Perm
permissionsDaoComponent.setInheritParentPermissions(actualRef, inheritParentPermissions);
accessCache.clear();
}
public void setInheritParentPermissions(NodeRef nodeRef, final boolean inheritParentPermissions, boolean asyncCall)
{
final NodeRef actualRef = tenantService.getName(nodeRef);
if (asyncCall)
{
//use transaction resource to determine later on in ADMAccessControlListDAO.setFixedAcl if asynchronous call may be required
AlfrescoTransactionSupport.bindResource(FixedAclUpdater.FIXED_ACL_ASYNC_CALL_KEY, true);
permissionsDaoComponent.setInheritParentPermissions(actualRef, inheritParentPermissions);
//check if asynchronous call was required
Boolean asyncCallRequired = (Boolean) AlfrescoTransactionSupport.getResource(FixedAclUpdater.FIXED_ACL_ASYNC_REQUIRED_KEY);
if (asyncCallRequired != null && asyncCallRequired)
{
//after transaction is committed FixedAclUpdater will be started in a new thread to process pending nodes
AlfrescoTransactionSupport.bindListener(fixedAclUpdater);
}
}
else
{
//regular method call
permissionsDaoComponent.setInheritParentPermissions(actualRef, inheritParentPermissions);
}
accessCache.clear();
}
/**
* @see org.alfresco.service.cmr.security.PermissionService#getInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef)

6
source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
View File

@@ -114,6 +114,12 @@ public class PermissionServiceNOOPImpl implements PermissionServiceSPI
// Do Nothing.
}
@Override
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall)
{
// Do Nothing.
}
@Override
public boolean getInheritParentPermissions(NodeRef nodeRef)
{